General Info

URL

http://download.2345.com/2345pcsafe/SafePolicy/SafeSetup/47508d/2345pcsafe_100131_hzpp_BgG.exe

Full analysis
https://app.any.run/tasks/f7d3f77f-771a-43bb-aa06-dcf24f392e33
Verdict
Malicious activity
Analysis date
6/12/2019, 11:50:28
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

adware

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • 2345pcsafe_100131_hzpp_BgG.exe (PID: 1940)
  • 2345pcsafe_100131_hzpp_BgG.exe (PID: 3120)
Loads dropped or rewritten executable
  • 2345pcsafe_100131_hzpp_BgG.exe (PID: 3120)
Downloads executable files from the Internet
  • chrome.exe (PID: 2964)
Changes settings of System certificates
  • 2345SoftMgr.exe (PID: 3116)
Executable content was dropped or overwritten
  • 2345pcsafe_100131_hzpp_BgG.exe (PID: 3120)
Executed as Windows Service
  • 2345SoftSvc.exe (PID: 1472)
Creates a software uninstall entry
  • 2345pcsafe_100131_hzpp_BgG.exe (PID: 3120)
Adds / modifies Windows certificates
  • 2345SoftMgr.exe (PID: 3116)
Creates files in the program directory
  • 2345pcsafe_100131_hzpp_BgG.exe (PID: 3120)
Reads Internet Cache Settings
  • chrome.exe (PID: 2964)
Application launched itself
  • chrome.exe (PID: 2964)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
55
Monitored processes
17
Malicious processes
2
Suspicious processes
1

Behavior graph

+
download and start download and start start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs 2345pcsafe_100131_hzpp_bgg.exe no specs 2345pcsafe_100131_hzpp_bgg.exe 2345softmgr.exe no specs 2345softsvc.exe no specs 2345softsvc.exe no specs 2345softsvc.exe no specs 2345softmgr.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
2964
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://download.2345.com/2345pcsafe/SafePolicy/SafeSetup/47508d/2345pcsafe_100131_hzpp_BgG.exe
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\users\admin\downloads\2345pcsafe_100131_hzpp_bgg.exe
c:\windows\system32\mpr.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll

PID
3588
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6ebb0f18,0x6ebb0f28,0x6ebb0f34
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2772
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2968 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_watcher.dll

PID
3872
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=944,10658757632699496643,17954541270075751283,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=14898389690031520514 --mojo-platform-channel-handle=968 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\73.0.3683.75\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libegl.dll

PID
2640
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=944,10658757632699496643,17954541270075751283,131072 --enable-features=PasswordImport --service-pipe-token=4813355302925983638 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4813355302925983638 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2928
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=944,10658757632699496643,17954541270075751283,131072 --enable-features=PasswordImport --service-pipe-token=12735527877377163818 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12735527877377163818 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3540
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=944,10658757632699496643,17954541270075751283,131072 --enable-features=PasswordImport --service-pipe-token=12823147836293264646 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=12823147836293264646 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3968
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=944,10658757632699496643,17954541270075751283,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12200599328793256362 --mojo-platform-channel-handle=3652 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
2084
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=944,10658757632699496643,17954541270075751283,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=12702548251412205903 --mojo-platform-channel-handle=1040 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\fxsresm.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
3108
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=944,10658757632699496643,17954541270075751283,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=17824409427112457635 --mojo-platform-channel-handle=3764 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1940
CMD
"C:\Users\admin\Downloads\2345pcsafe_100131_hzpp_BgG.exe"
Path
C:\Users\admin\Downloads\2345pcsafe_100131_hzpp_BgG.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
2345.cc
Description
2345安全卫士 v4.0 安装程序
Version
4.0.2.11528
Modules
Image
c:\users\admin\downloads\2345pcsafe_100131_hzpp_bgg.exe
c:\systemroot\system32\ntdll.dll

PID
3120
CMD
"C:\Users\admin\Downloads\2345pcsafe_100131_hzpp_BgG.exe"
Path
C:\Users\admin\Downloads\2345pcsafe_100131_hzpp_BgG.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
HIGH
Version:
Company
2345.cc
Description
2345安全卫士 v4.0 安装程序
Version
4.0.2.11528
Modules
Image
c:\users\admin\downloads\2345pcsafe_100131_hzpp_bgg.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\nsha09.tmp\fileinfo.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\riched20.dll
c:\users\admin\appdata\local\temp\nsha09.tmp\rcwidgetplugin.dll
c:\windows\system32\msimg32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\winmm.dll
c:\windows\system32\windowscodecs.dll
c:\users\admin\appdata\local\temp\nsha09.tmp\system.dll
c:\program files\2345soft\2345pcsafe\4.0.2.11528\softmgr\2345softmgr.exe

PID
3116
CMD
"C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\SoftMgr\2345SoftMgr.exe" --type=install_service
Path
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\SoftMgr\2345SoftMgr.exe
Indicators
No indicators
Parent process
2345pcsafe_100131_hzpp_BgG.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
2345.cc
Description
2345软件管家-主模块
Version
4.0.2.11312
Modules
Image
c:\program files\2345soft\2345pcsafe\4.0.2.11528\softmgr\2345softmgr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\2345soft\2345pcsafe\4.0.2.11528\softmgr\msvcp120.dll
c:\program files\2345soft\2345pcsafe\4.0.2.11528\softmgr\msvcr120.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\program files\2345soft\2345pcsafe\4.0.2.11528\softmgr\2345miniui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winmm.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\program files\2345soft\2345pcsafe\4.0.2.11528\breakpad.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\program files\2345soft\2345pcsafe\4.0.2.11528\drivercportapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\apphelp.dll
c:\program files\2345soft\2345pcsafe\4.0.2.11528\softmgr\2345softsvc.exe

PID
1680
CMD
"C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\SoftMgr\2345SoftSvc.exe" --uninstall
Path
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\SoftMgr\2345SoftSvc.exe
Indicators
No indicators
Parent process
2345SoftMgr.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
2345.cc
Description
2345软件管家-服务基础模块
Version
4.0.2.11312
Modules
Image
c:\program files\2345soft\2345pcsafe\4.0.2.11528\softmgr\2345softsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
3212
CMD
"C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\SoftMgr\2345SoftSvc.exe" --install
Path
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\SoftMgr\2345SoftSvc.exe
Indicators
No indicators
Parent process
2345SoftMgr.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
2345.cc
Description
2345软件管家-服务基础模块
Version
4.0.2.11312
Modules
Image
c:\program files\2345soft\2345pcsafe\4.0.2.11528\softmgr\2345softsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll

PID
1472
CMD
"C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\SoftMgr\2345SoftSvc.exe"
Path
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\SoftMgr\2345SoftSvc.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
2345.cc
Description
2345软件管家-服务基础模块
Version
4.0.2.11312
Modules
Image
c:\program files\2345soft\2345pcsafe\4.0.2.11528\softmgr\2345softsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

PID
3544
CMD
"C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\SoftMgr\2345SoftMgr.exe" --update=install
Path
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\SoftMgr\2345SoftMgr.exe
Indicators
No indicators
Parent process
2345pcsafe_100131_hzpp_BgG.exe
User
admin
Integrity Level
HIGH
Version:
Company
2345.cc
Description
2345软件管家-主模块
Version
4.0.2.11312
Modules
Image

Registry activity

Total events
1223
Read events
1127
Write events
95
Delete events
1

Modification events

PID
Process
Operation
Key
Name
Value
2964
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
2964
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
2964
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
2964
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
2964
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
2964
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13204806644353500
2964
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000006E000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307060003000C00090033002900F50000000000
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307060003000C00090033002900F90000000000
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enUA812UA812
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enUA812
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enUA812
2964
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
7D5B31830421D501
2772
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
2964-13204806643369125
259
2084
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2084
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
2084
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
2084
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@sendmail.dll,-4
Mail recipient
2084
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_CURRENT_USER\Software\2345.com\2345PCSafe
InstallBy
chrome.exe;explorer.exe;ctfmon.exe 19674
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_CURRENT_USER\Software\2345.com\2345PCSafe
UpgradeBy
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_CURRENT_USER\Software\2345.com\2345PCSafe
UninstallBy
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\2345PCSafe
Value1
0
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\2345PCSafe
Value2
3
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\2345PCSafe
Value
002066023230314043001481120713
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\2345PCSafe
Value6
100131 17501
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\2345PCSafe
Value7
http://www.2345.com/?hzpp 18726
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\2345PCSafe
Path
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2345PCSafe
DisplayName
安全卫士 - 2345
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2345PCSafe
UninstallString
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\Uninstall.exe
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2345PCSafe
DisplayIcon
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\2345MPCSafe.exe
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2345PCSafe
DisplayVersion
v4.0
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2345PCSafe
URLInfoAbout
http://safe.2345.cc
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2345PCSafe
Publisher
2345.cc
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\2345MPCSafe.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\2345MPCSafe.exe
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\2345MPCSafe.exe
Path
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\2345SoftMgr
Value1
0
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\2345SoftMgr
Value2
3
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\2345SoftMgr
Value
002016023230314043301481680713
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\2345SoftMgr
Value6
100131 17501
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\2345SoftMgr
Value7
http://www.2345.com/?hzpp 18726
3120
2345pcsafe_100131_hzpp_BgG.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\2345SoftMgr
Path
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\SoftMgr
3116
2345SoftMgr.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3116
2345SoftMgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
0F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE09000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B0601050507030353000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C01400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB5748501D00000001000000100000005B3B67000EEB80022E42605B6B3B72400B000000010000000E000000740068006100770074006500000003000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B812000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68
3116
2345SoftMgr.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
Blob
190000000100000010000000DC73F9B71E16D51D26527D32B11A6A3D03000000010000001400000091C6D6EE3E8AC86384E548C299295C756C817B810B000000010000000E00000074006800610077007400650000001D00000001000000100000005B3B67000EEB80022E42605B6B3B72401400000001000000140000007B5B45CFAFCECB7AFD31921A6AB6F346EB57485053000000010000002500000030233021060B6086480186F8450107300130123010060A2B0601040182373C0101030200C009000000010000002A000000302806082B0601050507030106082B0601050507030206082B0601050507030406082B060105050703030F000000010000001400000085FEF11B4F47FE3952F98301C9F98976FEFEE0CE2000000001000000240400003082042030820308A0030201020210344ED55720D5EDEC49F42FCE37DB2B6D300D06092A864886F70D01010505003081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F74204341301E170D3036313131373030303030305A170D3336303731363233353935395A3081A9310B300906035504061302555331153013060355040A130C7468617774652C20496E632E31283026060355040B131F43657274696669636174696F6E205365727669636573204469766973696F6E31383036060355040B132F2863292032303036207468617774652C20496E632E202D20466F7220617574686F72697A656420757365206F6E6C79311F301D06035504031316746861777465205072696D61727920526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100ACA0F0FB8059D49CC7A4CF9DA159730910450C0D2C6E68F16C5B4868495937FC0B3319C2777FCC102D95341CE6EB4D09A71CD2B8C9973602B789D4245F06C0CC4494948D02626FEB5ADD118D289A5C8490107A0DBD74662F6A38A0E2D55444EB1D079F07BA6FEEE9FD4E0B29F53E84A001F19CABF81C7E89A4E8A1D871650DA3517BEEBCD222600DB95B9DDFBAFC515B0BAF98B2E92EE904E86287DE2BC8D74EC14C641EDDCF8758BA4A4FCA68071D1C9D4AC6D52F91CC7C71721CC5C067EB32FDC9925C94DA85C09BBF537D2B09F48C9D911F976A52CBDE0936A477D87B875044D53E6E2969FB3949261E09A5807B402DEBE82785C9FE61FD7EE67C971DD59D0203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020106301D0603551D0E041604147B5B45CFAFCECB7AFD31921A6AB6F346EB574850300D06092A864886F70D010105050003820101007911C04BB391B6FCF0E967D40D6E45BE55E893D2CE033FEDDA25B01D57CB1E3A76A04CEC5076E864720CA4A9F1B88BD6D68784BB32E54111C077D9B3609DEB1BD5D16E4444A9A601EC55621D77B85C8E48497C9C3B5711ACAD73378E2F785C906847D96060E6FC073D222017C4F716E9C4D872F9C8737CDF162F15A93EFD6A27B6A1EB5ABA981FD5E34D640A9D13C861BAF5391C87BAB8BD7B227FF6FEAC4079E5AC106F3D8F1B79768BC437B3211884E53600EB632099B9E9FE3304BB41C8C102F94463209E81CE42D3D63F2C76D3639C59DD8FA6E10EA02E41F72E9547CFBCFD33F3F60B617E7E912B8147C22730EEA7105D378F5C392BE404F07B8D568C68

Files activity

Executable files
18
Suspicious files
11
Text files
52
Unknown types
0

Dropped files

PID
Process
Filename
Type
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\SdAntiVBusCore.dll
executable
MD5: 4b0987dac2aef45b734aa7cf784825b7
SHA256: ad2904a5be82e09c1f0383e1c491eb1035a93b12ff2ff860381da320305d1ddf
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\2345LeakFixer.exe
executable
MD5: 186c277a9cac45bfd812e2afe9f57ac3
SHA256: 83e1158f91fa76decbc884461cff74242de4442539c3641b4179030e64f9c22a
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\2345ShellPro.exe
executable
MD5: 2b31cc62fbd42d6339a4767e8d7fa881
SHA256: 20f2ea02393a2c5450a81b0f0ec552b3efef3cb1ce20beb7f008b8f8c09a0028
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\2345Uninst.exe
executable
MD5: 510fa2e64fac8ee241c7cd8f7f116050
SHA256: 67dbf31e420191c4036b2a585f50b9b781c693acc1830328bdbb7a29627ee361
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\Uninstall.exe
executable
MD5: d2e11f79ed1b6a3d20a00f23fd213e14
SHA256: 834bb7da36c690f32bb1bc3c27ca712cf78a390bb39774c082f2611a03928381
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\2345Setting.exe
executable
MD5: 4e210442d79cdce456a61b7e5595c741
SHA256: 1b83e2c3102f5debccb2523bead7b83c419a8ebe5dc649d30f867f224bc12743
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\2345MPCSafe.exe
executable
MD5: 9a37f17b1bc90323dfb7b332e54c71a5
SHA256: bae63287fb1bc11e4e6d21a7aebdfdf0389ad696c176f70e8ccafa28a110141c
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\2345LSPFix.exe
executable
MD5: 2ec195b63920fe4e5b858dd2dc680fee
SHA256: 55c1d5d024055ef3239e674b5e957ae2a17fe9bc9b2381de4bb1fd2e33d897b4
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Users\admin\AppData\Local\Temp\nshA09.tmp\RCWidgetPlugin.dll
executable
MD5: 767c2e58a83e8ab779b86a69a9af2672
SHA256: 1e5a4fb1fc7066ae62685e59a2a58feb22a63611cac5faea5e16bd332719eb1d
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\2345ShortcutArrow.exe
executable
MD5: b5797619ed6b2f2bdfe8bfe584d3f762
SHA256: 22845ee20e0a3bd925a345c1437ad89e21746f68e6fee10a4292278d48c97fc6
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Users\admin\AppData\Local\Temp\nshA09.tmp\FileInfo.dll
executable
MD5: 41b9c86910a3de0424a62544f0927f71
SHA256: a8e0cd56eac259c5463b59d2cdc60d67e3152cf27b2a20c3206b97e85c9a2e15
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\2345Speedup.exe
executable
MD5: 0017d74dfa44fcf6ac6c981e60532250
SHA256: 09eed94c6694b10708c3676ab39b420c01a34730917713e224608e09c5847046
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\2345UsbGuard.exe
executable
MD5: 642f1a3140790c83e82531ab53a48403
SHA256: 6d7e28af85246fc27120f348546fe6c3cc635b887dfac857982a14abd0b5d14c
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\2345NetRepair.exe
executable
MD5: ba17d497e2fff66a31728214f0b8fd04
SHA256: b1db5eadd659b3ccfc4660eb24946e19cb8954239db88c0aa6b90e79957a037c
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\2345SafeLock.exe
executable
MD5: 4acc9a021c55e42d09c81c853dd62419
SHA256: 46591a9db187d11f36a6937ffe7352e6c9616f2fae49eee09f13a2b961186a3d
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\2345NetFlow.exe
executable
MD5: 881513de0ca59c531b92a4b849fd77e4
SHA256: 29ddb23aa87b2ab6a49be893b556dc20ddca9917ddd48b2c248ec118f048ff3c
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\2345SysDoctor.exe
executable
MD5: a03fcb6e969425ae35ae5c7939b05485
SHA256: 6344eb6645d43f79e4bf690b22545158b6423a2b3b82cec45e691ca96489b07f
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\2345ProtectCenter.exe
executable
MD5: 66e9ad6179a3944bd5d85f1c2ed37f70
SHA256: c1f027c2024bc9ed376e723f3128a616a4bd8aed7a3a1a495919ff15fe3a1fe9
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity~RF15167f.TMP
text
MD5: 5892e1b6ca48083b25ccb3211c17769b
SHA256: 452350af3d7dfd9eeb3fc8df39164d2a81dedae4b48efe5c2dd1f72214782a69
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\SafeTrayUI.dll
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: ab77a8dafeb4c8b2e171351b3071335a
SHA256: 46e002f4b72c0c112855253a3c11a8dda6c681cde26b86aeb995c9e020e431b1
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF163175.TMP
text
MD5: ab77a8dafeb4c8b2e171351b3071335a
SHA256: 46e002f4b72c0c112855253a3c11a8dda6c681cde26b86aeb995c9e020e431b1
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ade02981-5d19-4108-932e-1ae08cd69ae5.tmp
––
MD5:  ––
SHA256:  ––
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\SafeUI.dll
––
MD5:  ––
SHA256:  ––
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\FuncAssistant.dll
––
MD5:  ––
SHA256:  ––
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\SafeExpMon.dll
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata~RF1603be.TMP
binary
MD5: 99b00a131373a84bf8b30977e76c0a22
SHA256: 4ea3b70610a60066415ce1c934df372debdd1bb1250f01dbf95cd513122c355d
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: 99b00a131373a84bf8b30977e76c0a22
SHA256: 4ea3b70610a60066415ce1c934df372debdd1bb1250f01dbf95cd513122c355d
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\0650d519-fb16-4859-8b88-4c82de955ee4.tmp
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF15fd84.TMP
text
MD5: e979a62914b50dfa864404261c23a816
SHA256: d326dae4726031e16933f2d4c8cbecb2380d04fbb7a06f29ae2cdc6303ca9ca1
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: e979a62914b50dfa864404261c23a816
SHA256: d326dae4726031e16933f2d4c8cbecb2380d04fbb7a06f29ae2cdc6303ca9ca1
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\031499b2-342b-4ac8-b72f-ae0aecb93666.tmp
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF15fc6b.TMP
text
MD5: 1aaa9b5e089ed4350af15baf48ab7d85
SHA256: 638fb604473dad574a38320f371a4c66be56d97eff1604080f35ef8bcefb75e8
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 1aaa9b5e089ed4350af15baf48ab7d85
SHA256: 638fb604473dad574a38320f371a4c66be56d97eff1604080f35ef8bcefb75e8
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\efda3630-13ae-4c72-85ae-e563f44f9e10.tmp
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000001.dbtmp
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
binary
MD5: a5c71694a43783f4fcf3768f1adfe3c8
SHA256: 1ce962b4d82e0bb9807225b75ad423579d46bdcdebfbfa232ff74ca26ecd9786
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\65c4b31c-4259-4d69-9c28-69d966c6ab79.tmp
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\Downloads\2345pcsafe_100131_hzpp_BgG.exe:Zone.Identifier
text
MD5: fbccf14d504b7b2dbcb5a5bda75bd93b
SHA256: eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
2964
chrome.exe
C:\Users\admin\Downloads\2345pcsafe_100131_hzpp_BgG.exe
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\Downloads\Unconfirmed 926357.crdownload
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: 9161b83ecefb8383950ef98e2d230d9c
SHA256: ac6d3b6d80baa20fa27aebe3780f766505461396fe460250bd73b676f2a00bb7
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF15ae3b.TMP
text
MD5: 9161b83ecefb8383950ef98e2d230d9c
SHA256: ac6d3b6d80baa20fa27aebe3780f766505461396fe460250bd73b676f2a00bb7
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\3affe42d-bcd3-441d-ae58-1c1e54c92071.tmp
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 695d81fc36bad4f080266b07d4b973bc
SHA256: d7cdf9df6fd7a0c67be1e21c7ca5c3a22756070c386881a8c95b49f8691a475e
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF15873b.TMP
text
MD5: 695d81fc36bad4f080266b07d4b973bc
SHA256: d7cdf9df6fd7a0c67be1e21c7ca5c3a22756070c386881a8c95b49f8691a475e
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\4081555a-d5a5-41ec-94ed-5b834c06aa35.tmp
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: d4f5d0ab05ec370f0790353fc0ad1c5c
SHA256: 3501a138c0947bc9476ee01a7d32e340c4741ebee73e2d0815d177fd0ba5f3c0
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF15502d.TMP
text
MD5: d4f5d0ab05ec370f0790353fc0ad1c5c
SHA256: 3501a138c0947bc9476ee01a7d32e340c4741ebee73e2d0815d177fd0ba5f3c0
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\548b436a-9a47-4b5b-ad32-1e9148b47d4d.tmp
––
MD5:  ––
SHA256:  ––
3588
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
binary
MD5: 9543068b6751e1f3e11f91d72ee78d95
SHA256: d060ad21ae6e04cb58668caa52adfca573e018102cc07554d2ed3eae11ab7785
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity
text
MD5: 5892e1b6ca48083b25ccb3211c17769b
SHA256: 452350af3d7dfd9eeb3fc8df39164d2a81dedae4b48efe5c2dd1f72214782a69
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\530e7de8-96fd-4978-b0fb-d7adc0e129e6.tmp
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
text
MD5: 90cdc5ea1ce8791f1fd0b75838145403
SHA256: 934ca5e79052f0258707fc671ae75b1f3dbd25f69892de911513aea7d8ba26e0
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF1511ad.TMP
text
MD5: 90cdc5ea1ce8791f1fd0b75838145403
SHA256: 934ca5e79052f0258707fc671ae75b1f3dbd25f69892de911513aea7d8ba26e0
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bc12577a-efba-4615-afbc-37deed5da58b.tmp
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State
text
MD5: ff5eb45fdea7d0bb4d14f6e6962a4a8d
SHA256: 933d4a61494af60405aeb230a9e7117e8252483bc6e527af6da0925bddc6dffb
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Local State~RF151120.TMP
text
MD5: ff5eb45fdea7d0bb4d14f6e6962a4a8d
SHA256: 933d4a61494af60405aeb230a9e7117e8252483bc6e527af6da0925bddc6dffb
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\0b6912fb-ef47-42a9-9d38-79548531c617.tmp
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT
text
MD5: 46295cac801e5d4857d09837238a6394
SHA256: 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000001.dbtmp
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001
binary
MD5: 5af87dfd673ba2115e2fcf5cfdb727ab
SHA256: f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old
text
MD5: 1c2c4bb805e49e0719deef84894dbb1f
SHA256: 1afb26b8e579f076590e61bb63648bb0230fee4516c08ebe588dfc31efd616da
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old~RF14ef8e.TMP
text
MD5: 1c2c4bb805e49e0719deef84894dbb1f
SHA256: 1afb26b8e579f076590e61bb63648bb0230fee4516c08ebe588dfc31efd616da
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
text
MD5: 1b8036252b09dda7ad0963a5a40e4aba
SHA256: 89e90f5dc88f667b89afa57d04c939a3c7397bb98b9d259766fa452ec297ec06
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF14ef50.TMP
text
MD5: 1b8036252b09dda7ad0963a5a40e4aba
SHA256: 89e90f5dc88f667b89afa57d04c939a3c7397bb98b9d259766fa452ec297ec06
2964
chrome.exe
C:\Users\admin\Downloads\30fb10c5-b7c8-4c6d-9495-9ca303de89d2.tmp
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT~RF14ef02.TMP
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\CURRENT
text
MD5: 206702161f94c5cd39fadd03f4014d98
SHA256: 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
binary
MD5: f50f89a0a91564d0b8a211f8921aa7de
SHA256: b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\index
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT~RF14eb39.TMP
text
MD5: 904754a73eb4f8a75410a92b2b7a920c
SHA256: c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT
text
MD5: 904754a73eb4f8a75410a92b2b7a920c
SHA256: c3225bb8babf9823a2daf2bccae0cafc5d3e0857c5f24187dc004f1b2560b4db
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000018.dbtmp
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old
text
MD5: c5a804a5780cfc948a8db73979de968b
SHA256: 2c6f183b3e9dfa1bdf791091ad09cdcb079307d23864dbc07c81f280aa7d9227
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF14eb1a.TMP
text
MD5: c5a804a5780cfc948a8db73979de968b
SHA256: 2c6f183b3e9dfa1bdf791091ad09cdcb079307d23864dbc07c81f280aa7d9227
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bba3b1ae-e562-4241-8ad6-5251d14aeb71.tmp
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
text
MD5: 70f27bb5ff84782e8065f81ee64e6008
SHA256: fd5dd0c6f1056c6ee6c2d29bd31653abb589e7d528957942e65b3972b7ecb4e9
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RF14eadb.TMP
text
MD5: 768258eee3510091c97ade3bca3dc828
SHA256: 1f00cceba22a3fa7d0fffdebb99b95f0dfe19d2cda162abc09fc0d8a6e8ff21d
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 768258eee3510091c97ade3bca3dc828
SHA256: 1f00cceba22a3fa7d0fffdebb99b95f0dfe19d2cda162abc09fc0d8a6e8ff21d
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
text
MD5: 92be6b127e72365885ad4c3fb6534ee2
SHA256: 54302a2573acc775720e7db0ad85873276713302b4f72596a8dcc44b01c70e51
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old
text
MD5: 007e2c8f160468cc5a8b6c225f0ac40c
SHA256: 7f09cf7ac785c12f0062eb23854505c4ed396c6522eca7109b43ad5cc1a5f74b
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
binary
MD5: 9c016064a1f864c8140915d77cf3389a
SHA256: 0e7265d4a8c16223538edd8cd620b8820611c74538e420a88e333be7f62ac787
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
––
MD5:  ––
SHA256:  ––
2964
chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version
text
MD5: f679598350690f14a2479935d826682b
SHA256: 4e7e1987eaf5ec751eb16b9f7cbae1c55873f1afe8e2b52416ed454f4efbf239
3120
2345pcsafe_100131_hzpp_BgG.exe
C:\Program Files\2345Soft\2345PCSafe\4.0.2.11528\NetRepairUI.dll
––
MD5:  ––
SHA256:  ––

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
35
TCP/UDP connections
49
DNS requests
40
Threats
25

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
2964 chrome.exe GET 200 61.147.204.74:80 http://download.2345.com/2345pcsafe/SafePolicy/SafeSetup/47508d/2345pcsafe_100131_hzpp_BgG.exe CN
executable
malicious
–– –– POST 200 122.226.166.49:80 http://t.safe.2345.com/safe_realtime/index.php CN
text
text
malicious
–– –– POST 200 221.228.75.116:80 http://update.khd.2345.cc/dmdt/dmdt_data.php CN
text
text
malicious
–– –– POST 200 122.226.166.49:80 http://t.safe.2345.com/safe_realtime/index.php CN
text
text
malicious
–– –– POST 200 221.228.75.242:80 http://update.ruanjian.2345.com/index.php CN
text
binary
malicious
–– –– POST 200 221.228.75.242:80 http://update.ruanjian.2345.com/index.php CN
text
binary
malicious
–– –– POST 200 42.62.30.187:80 http://update.pcsafe.2345.com/pcsafe/get_yb.php CN
text
text
malicious
–– –– POST 200 221.228.75.119:80 http://update.minipage.2345.cc/check_cef_version.php CN
text
text
malicious
–– –– POST 200 122.226.166.49:80 http://t.safe.2345.com/safe_realtime/index.php CN
text
text
malicious
–– –– POST 200 42.62.30.187:80 http://update.pcsafe.2345.com/check_new_version.php CN
text
text
malicious
–– –– POST 200 122.226.166.49:80 http://yb.safe.2345.com/tslist.php CN
text
text
malicious
–– –– POST 200 221.228.75.242:80 http://update.ruanjian.2345.com/check_new_version.php CN
text
text
malicious
–– –– GET –– 42.62.30.180:80 http://42.62.30.180/ CN
––
––
whitelisted
–– –– POST 200 42.62.30.187:80 http://update.pcsafe.2345.com/index.php CN
text
binary
malicious
–– –– POST 200 42.62.30.187:80 http://update.pcsafe.2345.com/index.php CN
text
binary
malicious
–– –– POST 200 221.228.75.116:80 http://update.khd.2345.cc/safe/check_mod_data.php CN
text
text
malicious
–– –– POST 200 221.228.75.241:80 http://t.kehuduan.2345.com/stat/safe/index.php CN
text
text
malicious
–– –– POST 200 122.226.166.49:80 http://yb.safe.2345.com/tslist.php CN
text
text
malicious
–– –– POST –– 115.231.185.113:80 http://db.safe.2345.com/query.php CN
text
––
––
malicious
–– –– POST 200 221.228.75.116:80 http://update.khd.2345.cc/abtest/get.php CN
text
text
malicious
–– –– POST 200 42.62.30.187:80 http://update.pcsafe.2345.com/check_new_service.php CN
text
text
malicious
–– –– POST 200 221.228.75.116:80 http://update.khd.2345.cc/dmdt/dmdt_data.php CN
text
text
malicious
–– –– POST 200 122.226.166.50:80 http://t.safe.2345.com/safe_realtime/index.php CN
text
text
malicious
–– –– POST 200 221.228.75.116:80 http://update.khd.2345.cc/dmdt/dmdt_data.php CN
text
text
malicious
–– –– POST 200 115.231.185.113:80 http://help.tower.shanhu99.com/print_data.php CN
text
text
malicious
–– –– POST 200 122.226.166.50:80 http://t.safe.2345.com/safe_realtime/index.php CN
text
text
malicious
–– –– GET 200 61.147.204.77:80 http://download.2345.com/public/Config0611.data CN
binary
malicious
–– –– POST 200 122.226.166.49:80 http://t.safe.2345.com/dmdt/index.php CN
text
text
malicious
–– –– POST 200 115.231.185.113:80 http://db.safe.2345.com/query.php CN
text
text
malicious
–– –– POST 200 115.231.185.113:80 http://db.safe.2345.com/query.php CN
text
text
malicious
–– –– POST 200 221.228.75.235:80 http://task.safe.2345.com/get_task.php CN
text
text
unknown
–– –– POST 200 122.226.166.50:80 http://t.safe.2345.com/safe_realtime/index.php CN
text
text
malicious
–– –– GET 302 172.217.16.142:80 http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx US
html
whitelisted
–– –– GET 200 176.126.58.207:80 http://r4---sn-x2pm-3ufk.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=31.204.154.121&mm=28&mn=sn-x2pm-3ufk&ms=nvh&mt=1560333088&mv=m&pl=23&shardbypass=yes PL
crx
whitelisted
–– –– POST 200 221.228.75.116:80 http://update.khd.2345.cc/dmdt/dmdt_data.php CN
text
text
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
2964 chrome.exe 172.217.18.99:443 Google Inc. US whitelisted
2964 chrome.exe 172.217.16.141:443 Google Inc. US suspicious
2964 chrome.exe 61.147.204.74:80 AS Number for CHINANET jiangsu province backbone CN suspicious
2964 chrome.exe 216.58.210.4:443 Google Inc. US whitelisted
2964 chrome.exe 172.217.23.163:443 Google Inc. US whitelisted
2964 chrome.exe 216.58.208.46:443 Google Inc. US whitelisted
2964 chrome.exe 172.217.22.3:443 Google Inc. US whitelisted
2964 chrome.exe 172.217.16.206:443 Google Inc. US whitelisted
–– –– 122.226.166.49:80 No.31,Jin-rong Street CN malicious
–– –– 221.228.75.116:80 No.31,Jin-rong Street CN malicious
–– –– 221.228.75.242:80 No.31,Jin-rong Street CN malicious
–– –– 42.62.30.187:80 China Unicom Beijing Province Network CN malicious
–– –– 221.228.75.119:80 No.31,Jin-rong Street CN malicious
–– –– 115.231.185.113:80 No.31,Jin-rong Street CN malicious
–– –– 42.62.30.180:80 China Unicom Beijing Province Network CN unknown
–– –– 218.75.155.242:80 No.31,Jin-rong Street CN unknown
–– –– 221.228.75.241:80 No.31,Jin-rong Street CN malicious
–– –– 122.226.166.50:80 No.31,Jin-rong Street CN malicious
–– –– 61.147.204.77:80 AS Number for CHINANET jiangsu province backbone CN suspicious
–– –– 221.228.75.235:80 No.31,Jin-rong Street CN unknown
–– –– 172.217.18.110:443 Google Inc. US whitelisted
–– –– 216.58.205.225:443 Google Inc. US whitelisted
–– –– 172.217.16.142:80 Google Inc. US whitelisted
–– –– 176.126.58.207:80 Stowarzyszenie Na Rzecz Rozwoju Spoleczenstwa Informacyjnego e-Poludnie PL whitelisted
–– –– 172.217.18.170:443 Google Inc. US whitelisted

DNS requests

Domain IP Reputation
download.2345.com 61.147.204.74
61.147.204.75
61.147.204.76
61.147.204.77
61.147.204.78
61.147.204.73
malicious
clientservices.googleapis.com 172.217.18.99
whitelisted
accounts.google.com 172.217.16.141
shared
www.google.com 216.58.210.4
whitelisted
ssl.gstatic.com 172.217.23.163
whitelisted
sb-ssl.google.com 216.58.208.46
whitelisted
www.gstatic.com 172.217.22.3
whitelisted
clients1.google.com 172.217.16.206
whitelisted
t.safe.2345.com 122.226.166.49
122.226.166.50
122.226.166.52
122.226.166.48
malicious
update.khd.2345.cc 221.228.75.116
malicious
update.ruanjian.2345.com 221.228.75.242
malicious
update.pcsafe.2345.com 42.62.30.187
malicious
update.minipage.2345.cc 221.228.75.119
malicious
db.safe.2345.com 115.231.185.113
malicious
yb.safe.2345.com 122.226.166.49
122.226.166.50
122.226.166.52
122.226.166.48
malicious
download.ruanjian.2345.com 218.75.155.242
218.75.155.246
122.226.166.54
unknown
t.kehuduan.2345.com 221.228.75.241
malicious
help.tower.shanhu99.com 115.231.185.113
malicious
task.safe.2345.com 221.228.75.235
unknown
clients2.google.com 172.217.18.110
whitelisted
clients2.googleusercontent.com 216.58.205.225
whitelisted
redirector.gvt1.com 172.217.16.142
whitelisted
r4---sn-x2pm-3ufk.gvt1.com 176.126.58.207
whitelisted
safebrowsing.googleapis.com 172.217.18.170
whitelisted

Threats

PID Process Class Message
2964 chrome.exe Potential Corporate Privacy Violation ET POLICY PE EXE or DLL Windows file download HTTP
2964 chrome.exe Misc activity ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
–– –– A Network Trojan was detected MALWARE [PTsecurity] BehavesLike.Win32.Backdoor.vc
–– –– Misc activity ADWARE [PTsecurity] PUA:Win32/Youxun
–– –– A Network Trojan was detected MALWARE [PTsecurity] BehavesLike.Win32.Backdoor.vc
–– –– Misc activity ADWARE [PTsecurity] Downloader.AgentCRTD PUP (2345.cn)
–– –– Misc activity ADWARE [PTsecurity] PUA:Win32/Youxun
–– –– A Network Trojan was detected MALWARE [PTsecurity] BehavesLike.Win32.Backdoor.vc
–– –– Misc activity ADWARE [PTsecurity] PUA:Win32/Youxun
–– –– Misc activity ADWARE [PTsecurity] PUA:Win32/Youxun
–– –– Misc activity ADWARE [PTsecurity] PUA:Win32/Youxun
–– –– Misc activity ADWARE [PTsecurity] Downloader.AgentCRTD PUP (2345.cn)
–– –– Misc activity ADWARE [PTsecurity] PUA:Win32/Youxun
–– –– A Network Trojan was detected MALWARE [PTsecurity] BehavesLike.Win32.Backdoor.vc
–– –– Misc activity ADWARE [PTsecurity] PUA:Win32/Youxun
–– –– Misc activity ADWARE [PTsecurity] PUA:Win32/Youxun
–– –– Misc activity ADWARE [PTsecurity] PUA:Win32/Youxun
–– –– A Network Trojan was detected MALWARE [PTsecurity] BehavesLike.Win32.Backdoor.vc
–– –– Misc activity ADWARE [PTsecurity] PUA:Win32/Youxun
–– –– Misc activity ADWARE [PTsecurity] PUA:Win32/Youxun
–– –– Misc activity ADWARE [PTsecurity] PUA:Win32/Youxun
–– –– A Network Trojan was detected MALWARE [PTsecurity] BehavesLike.Win32.Backdoor.vc
–– –– A Network Trojan was detected MALWARE [PTsecurity] BehavesLike.Win32.Backdoor.vc
–– –– A Network Trojan was detected MALWARE [PTsecurity] BehavesLike.Win32.Backdoor.vc
–– –– Misc activity ADWARE [PTsecurity] PUA:Win32/Youxun

Debug output strings

No debug info.