File name:

360hb_inst.exe.7z

Full analysis: https://app.any.run/tasks/ecf3e275-972a-4722-b688-e57d8f71f07b
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: February 12, 2025, 09:34:43
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-html
arch-scr
stealer
qrcode
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

75369E366A95554C1A669E40E3C8ACF6

SHA1:

C63C5B69C70C65CFBD7DDD639D658860E763E64D

SHA256:

902C0FA316864BB3331DC9359B2535F8BEA36C458BB1C90E19FD6BC571648F5B

SSDEEP:

98304:aL0V/wlQ/EeYPdaWxLKhBWhbNzp5Z5OSdU4Pn6MwtgfD2diJk0qDlmAK+etgk1mk:d20BZlRy2Z7W41v6Dr9iMhzXI8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6560)

    • Changes the autorun value in the registry

      • 360huabaosetup.exe (PID: 7064)

    • Steals credentials from Web Browsers

      • 360huabao.exe (PID: 4980)

    • Actions looks like stealing of personal data

      • 360huabao.exe (PID: 4980)
      • 360secore.exe (PID: 6464)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 6560)
      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360secore.exe (PID: 6464)
      • 360huabao.exe (PID: 3928)
      • 360huabaosetup.exe (PID: 4444)

    • Executable content was dropped or overwritten

      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • 360se15.0.1376.0.exe (PID: 2216)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 3928)

    • There is functionality for taking screenshot (YARA)

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 6980)

    • The process verifies whether the antivirus software is installed

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360huabaosetup.exe (PID: 4444)
      • 360secore.exe (PID: 6464)

    • Creates a software uninstall entry

      • 360huabaosetup.exe (PID: 7064)

    • Searches for installed software

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)

    • Checks Windows Trust Settings

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)

    • Process drops legitimate windows executable

      • setup.exe (PID: 5128)

    • The process creates files with name similar to system file names

      • setup.exe (PID: 5128)

    • The process drops C-runtime libraries

      • setup.exe (PID: 5128)

    • Application launched itself

      • 360huabao.exe (PID: 4980)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6560)

    • The sample compiled with chinese language support

      • WinRAR.exe (PID: 6560)
      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 3928)

    • Checks supported languages

      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • 360se15.0.1376.0.exe (PID: 2216)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 3928)
      • 360huabao.exe (PID: 6980)
      • 360huabao.exe (PID: 6964)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 6788)
      • 360huabao.exe (PID: 6380)
      • 360secore.exe (PID: 6464)
      • 360huabao.exe (PID: 4576)
      • 360huabao.exe (PID: 4300)
      • 360huabaosetup.exe (PID: 4444)
      • 360huabao.exe (PID: 1852)

    • Reads the computer name

      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • 360se15.0.1376.0.exe (PID: 2216)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 3928)
      • 360huabao.exe (PID: 6788)
      • 360secore.exe (PID: 6464)
      • 360huabao.exe (PID: 4300)
      • 360huabaosetup.exe (PID: 4444)
      • 360huabao.exe (PID: 1852)

    • Create files in a temporary directory

      • 360hb_inst.exe (PID: 7016)
      • 360se15.0.1376.0.exe (PID: 2216)
      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360secore.exe (PID: 6464)
      • 360huabao.exe (PID: 3928)

    • Process checks computer location settings

      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 4576)
      • 360huabao.exe (PID: 6380)
      • 360huabao.exe (PID: 3928)

    • Creates files or folders in the user directory

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 6788)
      • 360secore.exe (PID: 6464)
      • 360huabao.exe (PID: 3928)
      • 360huabaosetup.exe (PID: 4444)

    • Checks proxy server information

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 3928)
      • 360huabao.exe (PID: 4980)
      • 360huabaosetup.exe (PID: 4444)
      • 360secore.exe (PID: 6464)

    • The sample compiled with english language support

      • setup.exe (PID: 5128)
      • 360se15.0.1376.0.exe (PID: 2216)
      • 360huabao.exe (PID: 4980)

    • Reads the software policy settings

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)

    • Reads the machine GUID from the registry

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360secore.exe (PID: 6464)

    • Reads CPU info

      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 3928)

    • Disables trace logs

      • 360secore.exe (PID: 6464)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)

EXIF

ZIP

FileVersion: 7z v0.04
ModifyDate: 2025:02:10 07:24:23+00:00
ArchivedFileName: 360hb_inst.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
16
Malicious processes
7
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe 360hb_inst.exe 360huabaosetup.exe 360se15.0.1376.0.exe setup.exe 360huabao.exe 360huabao.exe 360huabao.exe no specs 360huabao.exe 360huabao.exe no specs 360huabao.exe no specs 360huabao.exe no specs 360secore.exe 360huabao.exe no specs 360huabaosetup.exe 360huabao.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1852"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\admin\AppData\Roaming\360huabao\\user_data\\chromeshellmain" --main-ver=15.0.1376.0 --mainprocess-ver=15.0.1376.0 --mojo-platform-channel-handle=2316 --field-trial-handle=3004,i,7294680749255968905,14369755837218450122,262144 --disable-features=HardwareMediaKeyHandling /prefetch:8C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Version:
4.0.398.0
2216C:\Users\admin\AppData\Local\Temp\360se15.0.1376.0.exe --secore-install --secore-forsdk --silent-installC:\Users\admin\AppData\Local\Temp\360se15.0.1376.0.exe
360huabaosetup.exe
User:
admin
Company:
360.cn
Integrity Level:
MEDIUM
Description:
360安全浏览器
Exit code:
0
Version:
15.0.1376.0
Modules
Images
c:\users\admin\appdata\local\temp\360se15.0.1376.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
3928"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" /hb:1C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe
360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Version:
4.0.398.0
Modules
Images
c:\users\admin\appdata\roaming\360huabao\360huabao.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
4300"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\admin\AppData\Roaming\360huabao\\user_data\\chromeshellmain" --main-ver=15.0.1376.0 --mainprocess-ver=15.0.1376.0 --mojo-platform-channel-handle=4800 --field-trial-handle=3004,i,7294680749255968905,14369755837218450122,262144 --disable-features=HardwareMediaKeyHandling /prefetch:8C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Exit code:
0
Version:
4.0.398.0
4444"C:\Users\admin\AppData\Roaming\360huabao\4.0.398.0\360huabaosetup.exe" --updateC:\Users\admin\AppData\Roaming\360huabao\4.0.398.0\360huabaosetup.exe
360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸 服务组件
Exit code:
0
Version:
4.0.398.0
4576"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\360huabao\\user_data\\chromeshellmain" --main-ver=15.0.1376.0 --mainprocess-ver=15.0.1376.0 --first-renderer-process --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3704 --field-trial-handle=3004,i,7294680749255968905,14369755837218450122,262144 --disable-features=HardwareMediaKeyHandling /prefetch:1C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Version:
4.0.398.0
Modules
Images
c:\users\admin\appdata\roaming\360huabao\360huabao.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
4980"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" /deskC:\Users\admin\AppData\Roaming\360huabao\360huabao.exe
360huabaosetup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Version:
4.0.398.0
Modules
Images
c:\users\admin\appdata\roaming\360huabao\360huabao.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
5128"C:\Users\admin\AppData\Local\Temp\CR_D6CF5.tmp\setup.exe" --exe-path="C:\Users\admin\AppData\Local\Temp\360se15.0.1376.0.exe" --secore-install --secore-forsdk --silent-installC:\Users\admin\AppData\Local\Temp\CR_D6CF5.tmp\setup.exe
360se15.0.1376.0.exe
User:
admin
Company:
360.cn
Integrity Level:
MEDIUM
Description:
360安全浏览器
Exit code:
0
Version:
15.0.1376.0
Modules
Images
c:\users\admin\appdata\local\temp\cr_d6cf5.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
6380"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\360huabao\\user_data\\chromeshellmain" --main-ver=15.0.1376.0 --mainprocess-ver=15.0.1376.0 --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4572 --field-trial-handle=3004,i,7294680749255968905,14369755837218450122,262144 --disable-features=HardwareMediaKeyHandling /prefetch:1C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Version:
4.0.398.0
Modules
Images
c:\users\admin\appdata\roaming\360huabao\360huabao.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
6464"C:\Users\admin\AppData\Roaming\360se6\Application\360secore.exe" --type=seupdate -360seautoupdate --v3Wnd=0 --v3seProcId=4980 --secore-update /prefetch:8 --flag=0C:\Users\admin\AppData\Roaming\360se6\Application\360secore.exe
360huabao.exe
User:
admin
Company:
360.cn
Integrity Level:
MEDIUM
Description:
360网页内核
Exit code:
3221225547
Version:
15.0.1376.0
Total events
12 746
Read events
12 433
Write events
304
Delete events
9

Modification events

(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\360hb_inst.exe.7z
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(7064) 360huabaosetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
Executable files
93
Suspicious files
209
Text files
170
Unknown types
0

Dropped files

PID
Process
Filename
Type
7064360huabaosetup.exeC:\Users\admin\AppData\Roaming\360huabao\4.0.398.0\360huabao_uninstall.zipcompressed
MD5:7B646D769438C52F67508E510B4A7712
SHA256:391ABDBAA83A13B2BF7C77CEEE2FD4375EEA2C44ECDE0921FACBFA91C6F9788F
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\360Huabao_shell.zipcompressed
MD5:01279B7A7A030EA6CC5E6AAB93228BA0
SHA256:7BDAF35ED8555342895BAA1D3FC85623EC59E9A808C7EEB3D8A3E520D538971B
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\baseutil.dllexecutable
MD5:297F8E05D26092FEB32FBE3D7CC8A0A0
SHA256:A737E962E77C3F08B25621B959E4C3AFD4E401504FDF53C17EBF6704829A69E9
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\360huabaosetup.exeexecutable
MD5:306D8DC0E83423AAAF661C63D4BE6FD6
SHA256:4A2476CF8798174B8CB7B07C6DCD772E21A977465566D4DD6AE6A65606CFE609
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\360huabao.exeexecutable
MD5:075A230E1ECF16738FBB68E76FBE29A2
SHA256:41303E7ACDFB0802C45AE226D6BD2F1AF4CB8A6B7507AC26D62998D66F9EBFF4
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\DropDown.zipcompressed
MD5:B7EC75EBCA71DAC4AB39E8ECA5F82DA2
SHA256:B9C9D916E0E1C6E4F073B49582240209B2938F7E7DE51C66127D275CA4BD5CA0
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\HuabaoUtil.dllexecutable
MD5:DBB503D62F77B9E3D36318B17C98E5F4
SHA256:27E6FB1785E02EB6797A3654AB7A56A93F25A13452DCAAB97579CAA260C923E5
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\components.zipcompressed
MD5:CA6D19C7893869725D4E82E242343D8B
SHA256:B4CF6547F00FC6648F5E7CEF9B02A09CD045FAB6822E37F3B355BDEF838700A6
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\wallpaper_exception.zipcompressed
MD5:9FE2BC0205B508D569644C4CE51197C3
SHA256:AE551CA9105E2D78277C5CE7231435423AABAE6D3D49A2CE4B0876AFAF9C6F5D
7064360huabaosetup.exeC:\Users\admin\AppData\Roaming\360huabao\4.0.398.0\360huabaosetup.exeexecutable
MD5:306D8DC0E83423AAAF661C63D4BE6FD6
SHA256:4A2476CF8798174B8CB7B07C6DCD772E21A977465566D4DD6AE6A65606CFE609
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
28
TCP/UDP connections
320
DNS requests
130
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
2144
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
7160
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7160
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7064
360huabaosetup.exe
GET
200
180.163.251.231:80
http://s.360.cn/360huabao/inst.htm?ver=4.0.398.0&pid=360hb&type=install&mid=c3375a2e510ecaee01a0a4820a727e6e&m2=&ccsrc=&ss=0&os=4&w64=1&sf=0&wb=0&im=1&ach=0_0_0
unknown
whitelisted
7064
360huabaosetup.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
whitelisted
7064
360huabaosetup.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEQDVbiRslO1jq7FG78GWtk%2Bw
unknown
whitelisted
7064
360huabaosetup.exe
GET
200
101.198.193.5:80
http://ocsp.crlocsp.cn/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRgH%2FPN%2F2KBN5Fec0GB96MNB1kxHgQUmZst9ovwo9uJ1J775XQvaNKQT%2BQCEHg1IP43GWZ%2FbqXWx%2B%2FXujw%3D
unknown
unknown
7064
360huabaosetup.exe
GET
123.138.255.8:80
http://sedl-360self.tliveapp.com/sev3/360se15.0.1376.0.cab?nopcdn=1
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
20.190.159.130:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
92.123.104.10:443
www.bing.com
Akamai International B.V.
DE
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1076
svchost.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:137
whitelisted
3996
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2144
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
login.live.com
  • 20.190.159.130
  • 20.190.159.23
  • 40.126.31.131
  • 20.190.159.129
  • 20.190.159.0
  • 20.190.159.4
  • 20.190.159.64
  • 20.190.159.128
whitelisted
www.bing.com
  • 92.123.104.10
  • 92.123.104.4
  • 92.123.104.66
  • 92.123.104.6
  • 92.123.104.5
  • 92.123.104.8
  • 92.123.104.11
  • 92.123.104.12
  • 92.123.104.9
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted
s.360.cn
  • 180.163.251.231
  • 101.198.2.147
  • 171.13.14.66
  • 171.8.167.89
  • 180.163.251.230
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted

Threats

No threats detected
Process
Message
360huabao.exe
C:\Windows\web\wallpaper\Windows\img0.jpg
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
360hb_inst.exe.7z