File name:

360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe

Full analysis: https://app.any.run/tasks/41b23242-11f3-4653-afd3-74bb90b8c1ec
Verdict: Malicious activity
Analysis date: June 29, 2020, 03:13:12
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

E453C1D3E1DB90B19B84DA7E97C2C9D1

SHA1:

3F7662E09134E75BCCF1EE0E8CFCA1D0EF01B9EA

SHA256:

C386358B70294969488D70F88044EEAC1CDCF4ABB97F7268CF0211E435D922F6

SSDEEP:

196608:sMGLE5I57xwc0R6rSTfaoaTbDtWNOyq4XWsvutLQ:QLE5IDEfaoaTPVyq4XI8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • 360DrvMgr.exe (PID: 2268)
      • ComputerZService.exe (PID: 2764)
      • vcredist_x86.EXE (PID: 2860)
      • ScriptExecute.exe (PID: 2444)

    • Loads dropped or rewritten executable

      • ComputerZService.exe (PID: 2764)
      • 360DrvMgr.exe (PID: 2268)

    • Changes the autorun value in the registry

      • vcredist_x86.EXE (PID: 2860)

    • Changes settings of System certificates

      • msiexec.exe (PID: 1900)
      • 360DrvMgr.exe (PID: 2268)
      • ComputerZService.exe (PID: 2764)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • 360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe (PID: 3816)
      • 360DrvMgr.exe (PID: 2268)
      • vcredist_x86.EXE (PID: 2860)

    • Application launched itself

      • 360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe (PID: 3816)

    • Low-level read access rights to disk partition

      • 360DrvMgr.exe (PID: 2268)
      • ComputerZService.exe (PID: 2764)

    • Creates files in the user directory

      • 360DrvMgr.exe (PID: 2268)
      • ComputerZService.exe (PID: 2764)

    • Reads Internet Cache Settings

      • ComputerZService.exe (PID: 2764)
      • 360DrvMgr.exe (PID: 2268)

    • Changes IE settings (feature browser emulation)

      • 360DrvMgr.exe (PID: 2268)

    • Reads internet explorer settings

      • 360DrvMgr.exe (PID: 2268)

    • Reads the BIOS version

      • ComputerZService.exe (PID: 2764)

    • Adds / modifies Windows certificates

      • msiexec.exe (PID: 1900)
      • 360DrvMgr.exe (PID: 2268)
      • ComputerZService.exe (PID: 2764)

    • Executed as Windows Service

      • vssvc.exe (PID: 2316)

  • INFO

    • Reads settings of System Certificates

      • ComputerZService.exe (PID: 2764)
      • 360DrvMgr.exe (PID: 2268)

    • Low-level read access rights to disk partition

      • vssvc.exe (PID: 2316)

    • Searches for installed software

      • msiexec.exe (PID: 2072)

    • Dropped object may contain Bitcoin addresses

      • ComputerZService.exe (PID: 2764)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:12:31 01:38:51+01:00
PEType: PE32
LinkerVersion: 8
CodeSize: 65536
InitializedDataSize: 16384
UninitializedDataSize: 94208
EntryPoint: 0x27920
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2.0.0.1570
ProductVersionNumber: 2.0.0.1570
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Unicode
Comments: 360驱动大师
CompanyName: 360.cn
FileDescription: 360驱动大师
FileVersion: 2.0.0.1570
InternalName: 360DrvMgrInstaller
LegalCopyright: 360.cn
OriginalFileName: 360DrvMgrInstaller.exe
ProductName: 360驱动大师
ProductVersion: 2.0.0.1570

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 31-Dec-2012 00:38:51
Detected languages:
  • Chinese - PRC
Comments: 360驱动大师
CompanyName: 360.cn
FileDescription: 360驱动大师
FileVersion: 2.0.0.1570
InternalName: 360DrvMgrInstaller
LegalCopyright: 360.cn
OriginalFilename: 360DrvMgrInstaller.exe
ProductName: 360驱动大师
ProductVersion: 2.0.0.1570

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0060
Pages in file: 0x0001
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x00000060

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 3
Time date stamp: 31-Dec-2012 00:38:51
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
UPX0
0x00001000
0x00017000
0x00000000
IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
0
UPX1
0x00018000
0x00010000
0x0000FC00
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
7.91122
.rsrc
0x00028000
0x00004000
0x00003200
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
4.68419

Resources

Title
Entropy
Size
Codepage
Language
Type
1
5.41855
1528
UNKNOWN
Chinese - PRC
RT_MANIFEST
50
3.82389
9640
UNKNOWN
UNKNOWN
RT_ICON

Imports

ADVAPI32.dll
COMCTL32.dll
GDI32.dll
KERNEL32.DLL
MSVCRT.dll
OLEAUT32.dll
SHELL32.dll
USER32.dll
ole32.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
10
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start drop and start 360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe 360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe no specs 360drvmgr.exe computerzservice.exe scriptexecute.exe no specs vcredist_x86.exe msiexec.exe no specs msiexec.exe no specs vssvc.exe no specs 360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1900msiexec /i vcredist.msiC:\Windows\system32\msiexec.exevcredist_x86.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2072C:\Windows\system32\msiexec.exe /VC:\Windows\system32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2268"C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\360DrvMgr.exe" C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\360DrvMgr.exe
360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe
User:
admin
Company:
360.cn
Integrity Level:
HIGH
Description:
360驱动大师主程序
Exit code:
0
Version:
2.0.0.1490
Modules
Images
c:\users\admin\appdata\local\temp\7zipsfx.000\360drvmgr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2316C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2444"C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ScriptExecute.exe" /tipC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ScriptExecute.exe360DrvMgr.exe
User:
admin
Company:
360.cn
Integrity Level:
HIGH
Description:
360驱动大师模块
Exit code:
0
Version:
2.0.0.1360
Modules
Images
c:\users\admin\appdata\local\temp\7zipsfx.000\scriptexecute.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2764"C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ComputerZService.exe" C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ComputerZService.exe
360DrvMgr.exe
User:
admin
Integrity Level:
HIGH
Description:
鲁大师核心服务模块
Exit code:
0
Version:
5.5019.1005.326
Modules
Images
c:\users\admin\appdata\local\temp\7zipsfx.000\computerzservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2860"C:\Users\admin\AppData\Local\Temp\drvmgr\vcredist_x86.EXE" /qC:\Users\admin\AppData\Local\Temp\drvmgr\vcredist_x86.EXE
360DrvMgr.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Win32 Cabinet Self-Extractor
Exit code:
0
Version:
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Modules
Images
c:\users\admin\appdata\local\temp\drvmgr\vcredist_x86.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3068"C:\Users\admin\AppData\Local\Temp\360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe" -sfxwaitall:0 "360DrvMgr.exe" C:\Users\admin\AppData\Local\Temp\360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe
User:
admin
Company:
360.cn
Integrity Level:
HIGH
Description:
360驱动大师
Exit code:
0
Version:
2.0.0.1570
Modules
Images
c:\users\admin\appdata\local\temp\360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
3144"C:\Users\admin\AppData\Local\Temp\360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe" C:\Users\admin\AppData\Local\Temp\360驱动大师_v2.0.0.1570_纯净版绿色单文件.exeexplorer.exe
User:
admin
Company:
360.cn
Integrity Level:
MEDIUM
Description:
360驱动大师
Exit code:
3221226540
Version:
2.0.0.1570
Modules
Images
c:\users\admin\appdata\local\temp\360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe
c:\systemroot\system32\ntdll.dll
3816"C:\Users\admin\AppData\Local\Temp\360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe" C:\Users\admin\AppData\Local\Temp\360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe
explorer.exe
User:
admin
Company:
360.cn
Integrity Level:
HIGH
Description:
360驱动大师
Exit code:
0
Version:
2.0.0.1570
Modules
Images
c:\users\admin\appdata\local\temp\360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
Total events
4 065
Read events
2 202
Write events
1 863
Delete events
0

Modification events

(PID) Process:(3068) 360驱动大师_v2.0.0.1570_纯净版绿色单文件.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3068) 360驱动大师_v2.0.0.1570_纯净版绿色单文件.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2268) 360DrvMgr.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360DrvMgr_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(2268) 360DrvMgr.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360DrvMgr_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(2268) 360DrvMgr.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360DrvMgr_RASAPI32
Operation:writeName:FileTracingMask
Value:
4294901760
(PID) Process:(2268) 360DrvMgr.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360DrvMgr_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
4294901760
(PID) Process:(2268) 360DrvMgr.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360DrvMgr_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(2268) 360DrvMgr.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\360DrvMgr_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(2268) 360DrvMgr.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2268) 360DrvMgr.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
27
Suspicious files
14
Text files
254
Unknown types
5

Dropped files

PID
Process
Filename
Type
3816360驱动大师_v2.0.0.1570_纯净版绿色单文件.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\!清理残留.battext
MD5:
SHA256:
3816360驱动大师_v2.0.0.1570_纯净版绿色单文件.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\360DrvMgr.exeexecutable
MD5:
SHA256:
3816360驱动大师_v2.0.0.1570_纯净版绿色单文件.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ComputerZ_HardwareDll.dllexecutable
MD5:
SHA256:
3816360驱动大师_v2.0.0.1570_纯净版绿色单文件.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Config\config.xmlxml
MD5:583E167BA709FEC11044409C6B09D04F
SHA256:EA5F4FAF853767718BEEF85023FCD9E13CCA2127EBB3C17331903779DB2916A0
3816360驱动大师_v2.0.0.1570_纯净版绿色单文件.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\DataMgr.dllexecutable
MD5:
SHA256:
3816360驱动大师_v2.0.0.1570_纯净版绿色单文件.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\360LibDrvmgr.datbinary
MD5:5C49C76EAB7F4CB98161B028F56FEF0D
SHA256:D261B133220D0878DE4D2151E71C5ACB1802314B023C751A1E55FE83BFF9D928
3816360驱动大师_v2.0.0.1570_纯净版绿色单文件.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\360net.dllexecutable
MD5:2BCA9E782840C8214DBC3EF6EE64404C
SHA256:1320CE2BF517978D3C65CF9CB8390318F3EA1896EF10A66B53A1832792341C62
3816360驱动大师_v2.0.0.1570_纯净版绿色单文件.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ComputerZ2.dllexecutable
MD5:A75F38215A115F9260B58CDD935D7D81
SHA256:102459B35D0B36F915B2CAFC2E083D95F4E042815C732A2520DFB646EFAE4CD1
3816360驱动大师_v2.0.0.1570_纯净版绿色单文件.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\ComputerZ5.dllexecutable
MD5:D8308AA7CC08C3A56C9187029DB56702
SHA256:850BB1419AB0C93D524284A6C9C15DB69A1E5328E9F84F06BB27BA5EFB8A65B8
3816360驱动大师_v2.0.0.1570_纯净版绿色单文件.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\360NetUL.dllexecutable
MD5:240E9B9B2B3F2A134070B7D5084278D3
SHA256:003E2F8225AE4BFE3487DEA759C6E44176FB96FF89FB162904C7C923E9C78720
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
14
DNS requests
10
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2764
ComputerZService.exe
GET
200
39.103.15.33:80
http://s.ludashi.com/url2?pid=&mid=cfe1ce9b8f5123cc37f394accff90c49&mid2=743a71ec4c42038d257e75948208180cdd9f17ba2bc1&appver=&modver=5.5019.1005.326&type=computerzservice&action=run
CN
suspicious
2764
ComputerZService.exe
GET
200
39.103.15.33:80
http://s.ludashi.com/url2?pid=&mid=cfe1ce9b8f5123cc37f394accff90c49&mid2=743a71ec4c42038d257e75948208180cdd9f17ba2bc1&appver=&modver=5.1020.1090.116&type=hardware&action=scan
CN
suspicious
2268
360DrvMgr.exe
GET
200
1.192.137.108:80
http://res.qhsetup.com/drv/inst.htm?type=0&in=1&o=6.1.7601&p=32&i=1507195196&g=0&m=cfe1ce9b8f5123cc37f394accff90c49&ver=&dm=1
CN
malicious
2268
360DrvMgr.exe
GET
200
1.192.137.108:80
http://res.qhsetup.com/drv/inst.htm?type=7&e=5&m=cfe1ce9b8f5123cc37f394accff90c49&dm=1
CN
malicious
2268
360DrvMgr.exe
GET
206
2.18.233.19:80
http://download.microsoft.com/download/8/B/4/8B42259F-5D70-43F4-AC2E-4B208FD8D66A/vcredist_x86.EXE
unknown
binary
1.29 Mb
whitelisted
2268
360DrvMgr.exe
GET
200
151.139.236.246:80
http://wotrus-ovca.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBROB68uPCabixs381BzpJxWVlED2AQUasBJGVKf6gFeRQyx8A9%2BoF9tj%2BUCEE8IlvA0NLcxFDsumxnW8OE%3D
US
der
1.47 Kb
whitelisted
2268
360DrvMgr.exe
POST
104.192.110.254:80
http://conf.wsm.360.cn/client/query2?m=cfe1ce9b8f5123cc37f394accff90c49&t=1353734&s=qingli_cleansoft
US
malicious
2268
360DrvMgr.exe
GET
200
1.192.137.108:80
http://res.qhsetup.com/drv/inst.htm?type=7&e=501&m=cfe1ce9b8f5123cc37f394accff90c49&dm=1
CN
malicious
2268
360DrvMgr.exe
GET
2.18.233.19:80
http://download.microsoft.com/download/8/B/4/8B42259F-5D70-43F4-AC2E-4B208FD8D66A/vcredist_x86.EXE
unknown
whitelisted
2268
360DrvMgr.exe
POST
200
104.192.110.254:80
http://conf.wsm.360.cn/client/query2?m=cfe1ce9b8f5123cc37f394accff90c49&t=1352843&s=qingli_cleansoft
US
text
423 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2268
360DrvMgr.exe
36.110.213.92:443
dm.weishi.360.cn
IDC, China Telecommunications Corporation
CN
unknown
2268
360DrvMgr.exe
1.192.137.108:80
res.qhsetup.com
No.31,Jin-rong Street
CN
malicious
2268
360DrvMgr.exe
151.139.236.246:80
subca.ocsp-certum.com
netDNA
US
unknown
2764
ComputerZService.exe
39.103.15.33:80
s.ludashi.com
Hangzhou Alibaba Advertising Co.,Ltd.
CN
unknown
2268
360DrvMgr.exe
104.192.110.254:80
conf.wsm.360.cn
Beijing Qihu Technology Company Limited
US
malicious
2268
360DrvMgr.exe
2.18.233.19:80
download.microsoft.com
Akamai International B.V.
whitelisted
2268
360DrvMgr.exe
47.254.135.106:443
api.driver.360safe.com
Alibaba (China) Technology Co., Ltd.
US
unknown

DNS requests

Domain
IP
Reputation
s.ludashi.com
  • 39.103.15.33
suspicious
res.qhsetup.com
  • 1.192.137.108
  • 36.110.213.38
  • 180.163.237.138
malicious
dm.weishi.360.cn
  • 36.110.213.92
unknown
subca.ocsp-certum.com
  • 151.139.236.246
whitelisted
wotrus-ovca.ocsp-certum.com
  • 151.139.236.246
whitelisted
conf.wsm.360.cn
  • 104.192.110.254
malicious
api.driver.360safe.com
  • 47.254.135.106
  • 8.209.82.80
  • 47.254.155.75
unknown
download.microsoft.com
  • 2.18.233.19
whitelisted
agd.p.360.cn
  • 119.188.66.33
whitelisted

Threats

PID
Process
Class
Message
2268
360DrvMgr.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
ComputerZService.exe
succeed_write(C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\log\ComputerZ_HardwareDll.log)
ComputerZService.exe
succeed_write(C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\log\ComputerZ_HardwareDll.log)
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
360驱动大师_v2.0.0.1570_纯净版绿色单文件.exe