File name:

360hb_inst.exe.7z

Full analysis: https://app.any.run/tasks/ecf3e275-972a-4722-b688-e57d8f71f07b
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: February 12, 2025, 09:34:43
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-html
arch-scr
stealer
qrcode
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

75369E366A95554C1A669E40E3C8ACF6

SHA1:

C63C5B69C70C65CFBD7DDD639D658860E763E64D

SHA256:

902C0FA316864BB3331DC9359B2535F8BEA36C458BB1C90E19FD6BC571648F5B

SSDEEP:

98304:aL0V/wlQ/EeYPdaWxLKhBWhbNzp5Z5OSdU4Pn6MwtgfD2diJk0qDlmAK+etgk1mk:d20BZlRy2Z7W41v6Dr9iMhzXI8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6560)

    • Changes the autorun value in the registry

      • 360huabaosetup.exe (PID: 7064)

    • Actions looks like stealing of personal data

      • 360huabao.exe (PID: 4980)
      • 360secore.exe (PID: 6464)

    • Steals credentials from Web Browsers

      • 360huabao.exe (PID: 4980)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 6560)
      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360huabaosetup.exe (PID: 4444)
      • 360secore.exe (PID: 6464)
      • 360huabao.exe (PID: 3928)

    • Executable content was dropped or overwritten

      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • 360se15.0.1376.0.exe (PID: 2216)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 3928)

    • There is functionality for taking screenshot (YARA)

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 6980)

    • The process verifies whether the antivirus software is installed

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360secore.exe (PID: 6464)
      • 360huabaosetup.exe (PID: 4444)

    • Creates a software uninstall entry

      • 360huabaosetup.exe (PID: 7064)

    • Searches for installed software

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)

    • Checks Windows Trust Settings

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)

    • Process drops legitimate windows executable

      • setup.exe (PID: 5128)

    • The process creates files with name similar to system file names

      • setup.exe (PID: 5128)

    • The process drops C-runtime libraries

      • setup.exe (PID: 5128)

    • Application launched itself

      • 360huabao.exe (PID: 4980)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6560)

    • Checks supported languages

      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • 360se15.0.1376.0.exe (PID: 2216)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 3928)
      • 360huabao.exe (PID: 6964)
      • 360huabao.exe (PID: 6788)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 4576)
      • 360huabao.exe (PID: 6380)
      • 360secore.exe (PID: 6464)
      • 360huabao.exe (PID: 6980)
      • 360huabao.exe (PID: 4300)
      • 360huabaosetup.exe (PID: 4444)
      • 360huabao.exe (PID: 1852)

    • The sample compiled with chinese language support

      • WinRAR.exe (PID: 6560)
      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 3928)

    • Reads the computer name

      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • 360se15.0.1376.0.exe (PID: 2216)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 3928)
      • 360huabao.exe (PID: 6788)
      • 360secore.exe (PID: 6464)
      • 360huabao.exe (PID: 4300)
      • 360huabaosetup.exe (PID: 4444)
      • 360huabao.exe (PID: 1852)

    • Create files in a temporary directory

      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • 360se15.0.1376.0.exe (PID: 2216)
      • 360huabao.exe (PID: 4980)
      • setup.exe (PID: 5128)
      • 360secore.exe (PID: 6464)
      • 360huabao.exe (PID: 3928)

    • Process checks computer location settings

      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 4576)
      • 360huabao.exe (PID: 6380)
      • 360huabao.exe (PID: 3928)

    • Creates files or folders in the user directory

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 6788)
      • 360secore.exe (PID: 6464)
      • 360huabaosetup.exe (PID: 4444)
      • 360huabao.exe (PID: 3928)

    • Checks proxy server information

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 3928)
      • 360huabao.exe (PID: 4980)
      • 360secore.exe (PID: 6464)
      • 360huabaosetup.exe (PID: 4444)

    • Reads the software policy settings

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)

    • Reads the machine GUID from the registry

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360secore.exe (PID: 6464)

    • The sample compiled with english language support

      • 360se15.0.1376.0.exe (PID: 2216)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)

    • Reads CPU info

      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 3928)

    • Disables trace logs

      • 360secore.exe (PID: 6464)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)

EXIF

ZIP

FileVersion: 7z v0.04
ModifyDate: 2025:02:10 07:24:23+00:00
ArchivedFileName: 360hb_inst.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
16
Malicious processes
7
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe 360hb_inst.exe 360huabaosetup.exe 360se15.0.1376.0.exe setup.exe 360huabao.exe 360huabao.exe 360huabao.exe no specs 360huabao.exe 360huabao.exe no specs 360huabao.exe no specs 360huabao.exe no specs 360secore.exe 360huabao.exe no specs 360huabaosetup.exe 360huabao.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1852"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\admin\AppData\Roaming\360huabao\\user_data\\chromeshellmain" --main-ver=15.0.1376.0 --mainprocess-ver=15.0.1376.0 --mojo-platform-channel-handle=2316 --field-trial-handle=3004,i,7294680749255968905,14369755837218450122,262144 --disable-features=HardwareMediaKeyHandling /prefetch:8C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Version:
4.0.398.0
2216C:\Users\admin\AppData\Local\Temp\360se15.0.1376.0.exe --secore-install --secore-forsdk --silent-installC:\Users\admin\AppData\Local\Temp\360se15.0.1376.0.exe
360huabaosetup.exe
User:
admin
Company:
360.cn
Integrity Level:
MEDIUM
Description:
360安全浏览器
Exit code:
0
Version:
15.0.1376.0
Modules
Images
c:\users\admin\appdata\local\temp\360se15.0.1376.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
3928"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" /hb:1C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe
360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Version:
4.0.398.0
Modules
Images
c:\users\admin\appdata\roaming\360huabao\360huabao.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
4300"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\admin\AppData\Roaming\360huabao\\user_data\\chromeshellmain" --main-ver=15.0.1376.0 --mainprocess-ver=15.0.1376.0 --mojo-platform-channel-handle=4800 --field-trial-handle=3004,i,7294680749255968905,14369755837218450122,262144 --disable-features=HardwareMediaKeyHandling /prefetch:8C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Exit code:
0
Version:
4.0.398.0
4444"C:\Users\admin\AppData\Roaming\360huabao\4.0.398.0\360huabaosetup.exe" --updateC:\Users\admin\AppData\Roaming\360huabao\4.0.398.0\360huabaosetup.exe
360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸 服务组件
Exit code:
0
Version:
4.0.398.0
4576"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\360huabao\\user_data\\chromeshellmain" --main-ver=15.0.1376.0 --mainprocess-ver=15.0.1376.0 --first-renderer-process --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3704 --field-trial-handle=3004,i,7294680749255968905,14369755837218450122,262144 --disable-features=HardwareMediaKeyHandling /prefetch:1C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Version:
4.0.398.0
Modules
Images
c:\users\admin\appdata\roaming\360huabao\360huabao.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
4980"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" /deskC:\Users\admin\AppData\Roaming\360huabao\360huabao.exe
360huabaosetup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Version:
4.0.398.0
Modules
Images
c:\users\admin\appdata\roaming\360huabao\360huabao.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
5128"C:\Users\admin\AppData\Local\Temp\CR_D6CF5.tmp\setup.exe" --exe-path="C:\Users\admin\AppData\Local\Temp\360se15.0.1376.0.exe" --secore-install --secore-forsdk --silent-installC:\Users\admin\AppData\Local\Temp\CR_D6CF5.tmp\setup.exe
360se15.0.1376.0.exe
User:
admin
Company:
360.cn
Integrity Level:
MEDIUM
Description:
360安全浏览器
Exit code:
0
Version:
15.0.1376.0
Modules
Images
c:\users\admin\appdata\local\temp\cr_d6cf5.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
6380"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\360huabao\\user_data\\chromeshellmain" --main-ver=15.0.1376.0 --mainprocess-ver=15.0.1376.0 --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4572 --field-trial-handle=3004,i,7294680749255968905,14369755837218450122,262144 --disable-features=HardwareMediaKeyHandling /prefetch:1C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Version:
4.0.398.0
Modules
Images
c:\users\admin\appdata\roaming\360huabao\360huabao.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
6464"C:\Users\admin\AppData\Roaming\360se6\Application\360secore.exe" --type=seupdate -360seautoupdate --v3Wnd=0 --v3seProcId=4980 --secore-update /prefetch:8 --flag=0C:\Users\admin\AppData\Roaming\360se6\Application\360secore.exe
360huabao.exe
User:
admin
Company:
360.cn
Integrity Level:
MEDIUM
Description:
360网页内核
Exit code:
3221225547
Version:
15.0.1376.0
Total events
12 746
Read events
12 433
Write events
304
Delete events
9

Modification events

(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\360hb_inst.exe.7z
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(7064) 360huabaosetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
Executable files
93
Suspicious files
209
Text files
170
Unknown types
0

Dropped files

PID
Process
Filename
Type
6560WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb6560.20651\360hb_inst.exeexecutable
MD5:DC243FE7B1C2FCBA41FF6F44CBCDAAED
SHA256:D170B3B47FA0883378AED865D763E8D6CAB70291F10E8F9AB75854502E7B61AE
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\HuabaoUtil.dllexecutable
MD5:DBB503D62F77B9E3D36318B17C98E5F4
SHA256:27E6FB1785E02EB6797A3654AB7A56A93F25A13452DCAAB97579CAA260C923E5
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\360Huabao_shell.zipcompressed
MD5:01279B7A7A030EA6CC5E6AAB93228BA0
SHA256:7BDAF35ED8555342895BAA1D3FC85623EC59E9A808C7EEB3D8A3E520D538971B
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\components.zipcompressed
MD5:CA6D19C7893869725D4E82E242343D8B
SHA256:B4CF6547F00FC6648F5E7CEF9B02A09CD045FAB6822E37F3B355BDEF838700A6
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\baseutil.dllexecutable
MD5:297F8E05D26092FEB32FBE3D7CC8A0A0
SHA256:A737E962E77C3F08B25621B959E4C3AFD4E401504FDF53C17EBF6704829A69E9
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\360huabao_uninstall.zipcompressed
MD5:7B646D769438C52F67508E510B4A7712
SHA256:391ABDBAA83A13B2BF7C77CEEE2FD4375EEA2C44ECDE0921FACBFA91C6F9788F
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\DropDown.zipcompressed
MD5:B7EC75EBCA71DAC4AB39E8ECA5F82DA2
SHA256:B9C9D916E0E1C6E4F073B49582240209B2938F7E7DE51C66127D275CA4BD5CA0
7064360huabaosetup.exeC:\Users\admin\AppData\Roaming\360huabao\360base.dllexecutable
MD5:A73CF0457DF35FAB74EF3393D2766667
SHA256:DF411EBC1B4A652A3822DE0CEBD5A48151ABB3DD99C8C3D15F858401B27243FD
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\wallpaper_video.zipcompressed
MD5:7C5C2D669C705173EC7A250CE6B7B866
SHA256:681E618D4549DF4D87723B3C2C89C1874B507DD3D35BC1500D70766BAED99B7B
7064360huabaosetup.exeC:\Users\admin\AppData\Roaming\360huabao\360huabao.exeexecutable
MD5:075A230E1ECF16738FBB68E76FBE29A2
SHA256:41303E7ACDFB0802C45AE226D6BD2F1AF4CB8A6B7507AC26D62998D66F9EBFF4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
28
TCP/UDP connections
320
DNS requests
130
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4980
360huabao.exe
GET
200
104.192.108.17:80
http://sedl.360tpcdn.com/se/theme-64.cab
unknown
unknown
3928
360huabao.exe
GET
200
180.163.246.110:80
http://uapi.mp.360.cn/mp/push?m=c3375a2e510ecaee01a0a4820a727e6e&m2=eeeeeeee77e256d0cc4755a6dd1f6ad7651f60d32b83
unknown
whitelisted
4980
360huabao.exe
GET
200
104.192.108.21:80
http://dl.360tpcdn.com/se/hbenginedll.cab
unknown
unknown
4980
360huabao.exe
POST
200
180.163.251.24:80
http://cloud.browser.360.cn/hp/sea
unknown
whitelisted
760
lsass.exe
GET
200
101.198.193.5:80
http://ocsp.crlocsp.cn/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRgH%2FPN%2F2KBN5Fec0GB96MNB1kxHgQUmZst9ovwo9uJ1J775XQvaNKQT%2BQCEQCQ2X1qkrVHp7BAWEYdXq7%2B
unknown
unknown
6788
360huabao.exe
GET
200
180.163.251.137:80
http://tt.browser.360.cn/t.html?p=360secore&data_source=8Ju1cx0BGLZDrtVjQYebRw==&t=470473421&mid=c3375a2e510ecaee01a0a4820a727e6e
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
2144
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7160
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
20.190.159.130:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
92.123.104.10:443
www.bing.com
Akamai International B.V.
DE
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1076
svchost.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:137
whitelisted
3996
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2144
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
login.live.com
  • 20.190.159.130
  • 20.190.159.23
  • 40.126.31.131
  • 20.190.159.129
  • 20.190.159.0
  • 20.190.159.4
  • 20.190.159.64
  • 20.190.159.128
whitelisted
www.bing.com
  • 92.123.104.10
  • 92.123.104.4
  • 92.123.104.66
  • 92.123.104.6
  • 92.123.104.5
  • 92.123.104.8
  • 92.123.104.11
  • 92.123.104.12
  • 92.123.104.9
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted
s.360.cn
  • 180.163.251.231
  • 101.198.2.147
  • 171.13.14.66
  • 171.8.167.89
  • 180.163.251.230
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted

Threats

No threats detected
Process
Message
360huabao.exe
C:\Windows\web\wallpaper\Windows\img0.jpg
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
360hb_inst.exe.7z