download:

Protect_2345Explorer7.4.0.1027.dat

Full analysis: https://app.any.run/tasks/30a2bccb-f184-4f01-a88b-fd28f8cf66dd
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: June 06, 2019, 06:33:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.3
MD5:

7EB8503D9118E12293961D77AFCEBF0A

SHA1:

0D8DBCBF61AD9011A7F3686666A699FFD7162EBF

SHA256:

2D47A6A18DD36184954A2B8F5E23B467575339B3141EC0E3C8B65341E05BD893

SSDEEP:

24576:s+p2G9k7k07Rnzw5owa8qGUOe4Z7mQrg0akzu0daWMgS9x:L8jRU5owjq+dm8qea9v

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • 2345MiniPage.exe (PID: 3528)
      • Helper_2345Explorer.exe (PID: 1120)

    • Application was dropped or rewritten from another process

      • Helper_2345Explorer.exe (PID: 1120)
      • 2345MiniPage.exe (PID: 3528)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2952)
      • 2345MiniPage.exe (PID: 3528)
      • Helper_2345Explorer.exe (PID: 1120)

    • Creates files in the user directory

      • Helper_2345Explorer.exe (PID: 1120)
      • 2345MiniPage.exe (PID: 3528)

    • Reads internet explorer settings

      • 2345MiniPage.exe (PID: 3528)

    • Reads Internet Cache Settings

      • 2345MiniPage.exe (PID: 3528)

    • Changes IE settings (feature browser emulation)

      • 2345MiniPage.exe (PID: 3528)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (gen) (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start drop and start start winrar.exe 2345minipage.exe helper_2345explorer.exe

Process information

PID
CMD
Path
Indicators
Parent process
1120"C:\Users\admin\AppData\Local\Temp\Rar$EXa2952.40665\Helper_2345Explorer.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2952.40665\Helper_2345Explorer.exe
WinRAR.exe
User:
admin
Company:
2345移动科技
Integrity Level:
MEDIUM
Description:
2345辅助模块
Exit code:
50
Version:
3.2.0.763
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2952.40665\helper_2345explorer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2952"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Protect_2345Explorer7.4.0.1027.dat.7z"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3528"C:\Users\admin\AppData\Local\Temp\Rar$EXa2952.38192\2345MiniPage.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2952.38192\2345MiniPage.exe
WinRAR.exe
User:
admin
Company:
2345移动科技
Integrity Level:
MEDIUM
Description:
今日热点
Exit code:
0
Version:
6.3.0.756
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2952.38192\2345minipage.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
829
Read events
703
Write events
123
Delete events
3

Modification events

(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2952) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Protect_2345Explorer7.4.0.1027.dat.7z
(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2952) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
11
Suspicious files
20
Text files
127
Unknown types
9

Dropped files

PID
Process
Filename
Type
35282345MiniPage.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\MinipageMain6.5.0.1023[1].dat
MD5:
SHA256:
35282345MiniPage.exeC:\Users\admin\AppData\Roaming\MiniPage_2345\download\0\MinipageMain6.5.0.1023.dat.tmp
MD5:
SHA256:
35282345MiniPage.exeC:\Users\admin\AppData\Roaming\MiniPage_2345\download\0\MinipageMain6.5.0.1023.dat
MD5:
SHA256:
35282345MiniPage.exeC:\Users\admin\AppData\Roaming\MiniPage_2345\Statistics\MPCursorCode.stat.lock
MD5:
SHA256:
35282345MiniPage.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\titleBar_logo_df[1].png
MD5:
SHA256:
35282345MiniPage.exeC:\Users\admin\AppData\Roaming\MiniPage_2345\download\logo\mainLogo.png.tmp
MD5:
SHA256:
35282345MiniPage.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\A0_v5[1].data
MD5:
SHA256:
35282345MiniPage.exeC:\Users\admin\AppData\Roaming\MiniPage_2345\onlinedata\A0_5.data.tmp
MD5:
SHA256:
2952WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2952.38192\2345MiniPage.exeexecutable
MD5:
SHA256:
2952WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2952.38192\UpdateMain.dllexecutable
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
107
TCP/UDP connections
94
DNS requests
34
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3528
2345MiniPage.exe
GET
163.171.128.148:80
http://hot.eastday.com/Public/Template/css/reset.css
US
malicious
3528
2345MiniPage.exe
POST
200
221.228.75.119:80
http://update.minipage.2345.cc/check_version.php
CN
text
326 b
malicious
3528
2345MiniPage.exe
GET
200
61.147.204.78:80
http://download.2345.com/2345minipagenew/MinipageMain6.5.0.1023.dat
CN
compressed
774 Kb
suspicious
3528
2345MiniPage.exe
GET
200
42.62.30.187:80
http://tianqi.2345.com/api/getCityInfo.php
CN
text
180 b
malicious
3528
2345MiniPage.exe
GET
200
42.62.4.62:80
http://imgwx2.2345.com/2345minipage/ads/5cf7705ad51aa.png
CN
image
113 Kb
malicious
3528
2345MiniPage.exe
GET
200
61.147.204.78:80
http://download.2345.com/listnames/2345minipage/A0/A0_v5.data
CN
mpg
420 b
suspicious
3528
2345MiniPage.exe
GET
200
163.171.128.148:80
http://hot.eastday.com/Public/Template/css/reset.css
US
text
1.18 Kb
malicious
3528
2345MiniPage.exe
GET
200
163.171.128.148:80
http://hot.eastday.com/Public/Template/css/small2_blue.css?0428
US
text
3.48 Kb
malicious
3528
2345MiniPage.exe
GET
200
163.171.128.148:80
http://hot.eastday.com/Public/Template/js/small_firstopen.js
US
text
169 b
malicious
3528
2345MiniPage.exe
GET
200
163.171.128.148:80
http://hot.eastday.com/Public/Template/images/toggle_nav.png
US
image
253 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3528
2345MiniPage.exe
221.228.75.119:80
update.minipage.2345.cc
No.31,Jin-rong Street
CN
malicious
3528
2345MiniPage.exe
61.147.204.78:80
download.2345.com
AS Number for CHINANET jiangsu province backbone
CN
suspicious
3528
2345MiniPage.exe
122.226.166.50:80
t.minipage.2345.cc
No.31,Jin-rong Street
CN
malicious
3528
2345MiniPage.exe
42.62.30.187:80
tianqi.2345.com
China Unicom Beijing Province Network
CN
malicious
3528
2345MiniPage.exe
42.62.4.62:80
imgwx2.2345.com
China Unicom Beijing Province Network
CN
unknown
3528
2345MiniPage.exe
163.171.128.148:80
hot.eastday.com
US
malicious
3528
2345MiniPage.exe
14.215.138.25:80
tajs.qq.com
China Telecom (Group)
CN
suspicious
3528
2345MiniPage.exe
27.221.109.49:80
dup.baidustatic.com
CHINA UNICOM China169 Backbone
CN
unknown
3528
2345MiniPage.exe
222.73.244.32:80
tongji.eastday.com
China Telecom (Group)
CN
unknown
3528
2345MiniPage.exe
106.75.65.227:80
pcminitj.dftoutiao.com
China Unicom Beijing Province Network
CN
unknown

DNS requests

Domain
IP
Reputation
update.minipage.2345.cc
  • 221.228.75.119
malicious
download.2345.com
  • 61.147.204.78
  • 61.147.204.73
  • 61.147.204.74
  • 61.147.204.75
  • 61.147.204.76
  • 61.147.204.77
suspicious
t.minipage.2345.cc
  • 122.226.166.50
  • 122.226.166.49
malicious
ts.minipage.2345.cc
  • 221.228.75.119
malicious
hot.eastday.com
  • 163.171.128.148
malicious
tianqi.2345.com
  • 42.62.30.187
unknown
imgwx2.2345.com
  • 42.62.4.62
malicious
dup.baidustatic.com
  • 27.221.109.49
whitelisted
imgwx3.2345.com
  • 42.62.4.62
suspicious
pos.baidu.com
  • 115.239.210.141
whitelisted

Threats

PID
Process
Class
Message
3528
2345MiniPage.exe
Misc activity
ADWARE [PTsecurity] PUA:Win32/Youxun
3528
2345MiniPage.exe
A Network Trojan was detected
MALWARE [PTsecurity] BehavesLike.Win32.Backdoor.vc
3528
2345MiniPage.exe
Misc activity
ADWARE [PTsecurity] PUA:Win32/Youxun
3528
2345MiniPage.exe
Misc activity
ADWARE [PTsecurity] AdWare.Win32.KuaiZip.gen
3528
2345MiniPage.exe
Misc activity
ADWARE [PTsecurity] AdWare.Win32.KuaiZip.gen
3528
2345MiniPage.exe
Misc activity
ADWARE [PTsecurity] AdWare.Win32.KuaiZip.gen
1120
Helper_2345Explorer.exe
Misc activity
ADWARE [PTsecurity] PUA:Win32/Youxun
1120
Helper_2345Explorer.exe
A Network Trojan was detected
MALWARE [PTsecurity] BehavesLike.Win32.Backdoor.vc
Process
Message
2345MiniPage.exe
core libvlc debug: VLC media player - 2.2.6 Umbrella
2345MiniPage.exe
core libvlc debug: revision 2.2.6-0-g1aae789
2345MiniPage.exe
core libvlc debug: revision 2.2.6-0-g1aae789
2345MiniPage.exe
core libvlc debug: configured with ../extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-twolame' '--enable-quicktime' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-x264' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-dvdread' '--enable-shout' '--enable-goom' '--enable-caca' '--disable-sdl' '--enable-qt' '--enable-skins2' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=i686-w64-mingw32' 'host_alias=i686-w64-mingw32'
2345MiniPage.exe
core libvlc debug: using multimedia timers as clock source
2345MiniPage.exe
core libvlc debug: min period: 1 ms, max period: 1000000 ms
2345MiniPage.exe
core libvlc debug: searching plug-in modules
2345MiniPage.exe
core libvlc debug: loading plugins cache file C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
2345MiniPage.exe
core libvlc debug: recursively browsing `C:\Program Files\VideoLAN\VLC\plugins'
2345MiniPage.exe
core libvlc debug: saving plugins cache C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Protect_2345Explorer7.4.0.1027.dat