File name:

360hb_inst.exe.7z

Full analysis: https://app.any.run/tasks/ecf3e275-972a-4722-b688-e57d8f71f07b
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: February 12, 2025, 09:34:43
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-html
arch-scr
stealer
qrcode
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

75369E366A95554C1A669E40E3C8ACF6

SHA1:

C63C5B69C70C65CFBD7DDD639D658860E763E64D

SHA256:

902C0FA316864BB3331DC9359B2535F8BEA36C458BB1C90E19FD6BC571648F5B

SSDEEP:

98304:aL0V/wlQ/EeYPdaWxLKhBWhbNzp5Z5OSdU4Pn6MwtgfD2diJk0qDlmAK+etgk1mk:d20BZlRy2Z7W41v6Dr9iMhzXI8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 6560)

    • Changes the autorun value in the registry

      • 360huabaosetup.exe (PID: 7064)

    • Actions looks like stealing of personal data

      • 360huabao.exe (PID: 4980)
      • 360secore.exe (PID: 6464)

    • Steals credentials from Web Browsers

      • 360huabao.exe (PID: 4980)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 6560)
      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360secore.exe (PID: 6464)
      • 360huabaosetup.exe (PID: 4444)
      • 360huabao.exe (PID: 3928)

    • Executable content was dropped or overwritten

      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • 360se15.0.1376.0.exe (PID: 2216)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 3928)

    • There is functionality for taking screenshot (YARA)

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 6980)

    • The process verifies whether the antivirus software is installed

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360secore.exe (PID: 6464)
      • 360huabao.exe (PID: 4980)
      • 360huabaosetup.exe (PID: 4444)

    • Creates a software uninstall entry

      • 360huabaosetup.exe (PID: 7064)

    • Searches for installed software

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)

    • Checks Windows Trust Settings

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)

    • Process drops legitimate windows executable

      • setup.exe (PID: 5128)

    • The process creates files with name similar to system file names

      • setup.exe (PID: 5128)

    • The process drops C-runtime libraries

      • setup.exe (PID: 5128)

    • Application launched itself

      • 360huabao.exe (PID: 4980)

  • INFO

    • Checks supported languages

      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • 360se15.0.1376.0.exe (PID: 2216)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 3928)
      • 360huabao.exe (PID: 6980)
      • 360huabao.exe (PID: 6964)
      • 360huabao.exe (PID: 6788)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 4576)
      • 360huabao.exe (PID: 6380)
      • 360secore.exe (PID: 6464)
      • 360huabao.exe (PID: 4300)
      • 360huabaosetup.exe (PID: 4444)
      • 360huabao.exe (PID: 1852)

    • The sample compiled with chinese language support

      • WinRAR.exe (PID: 6560)
      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 3928)

    • Reads the computer name

      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • 360se15.0.1376.0.exe (PID: 2216)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 3928)
      • 360huabao.exe (PID: 6788)
      • 360secore.exe (PID: 6464)
      • 360huabao.exe (PID: 4300)
      • 360huabaosetup.exe (PID: 4444)
      • 360huabao.exe (PID: 1852)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6560)

    • Create files in a temporary directory

      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • 360se15.0.1376.0.exe (PID: 2216)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360secore.exe (PID: 6464)
      • 360huabao.exe (PID: 3928)

    • Process checks computer location settings

      • 360hb_inst.exe (PID: 7016)
      • 360huabaosetup.exe (PID: 7064)
      • 360huabao.exe (PID: 6380)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 4576)
      • 360huabao.exe (PID: 3928)

    • Creates files or folders in the user directory

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 6788)
      • 360secore.exe (PID: 6464)
      • 360huabaosetup.exe (PID: 4444)
      • 360huabao.exe (PID: 3928)

    • Checks proxy server information

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 3928)
      • 360huabao.exe (PID: 4980)
      • 360secore.exe (PID: 6464)
      • 360huabaosetup.exe (PID: 4444)

    • Reads the machine GUID from the registry

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)
      • 360secore.exe (PID: 6464)

    • Reads the software policy settings

      • 360huabaosetup.exe (PID: 7064)
      • setup.exe (PID: 5128)

    • The sample compiled with english language support

      • 360se15.0.1376.0.exe (PID: 2216)
      • setup.exe (PID: 5128)
      • 360huabao.exe (PID: 4980)

    • Reads CPU info

      • 360huabao.exe (PID: 4980)
      • 360huabao.exe (PID: 3928)

    • Disables trace logs

      • 360secore.exe (PID: 6464)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)

EXIF

ZIP

FileVersion: 7z v0.04
ModifyDate: 2025:02:10 07:24:23+00:00
ArchivedFileName: 360hb_inst.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
142
Monitored processes
16
Malicious processes
7
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe 360hb_inst.exe 360huabaosetup.exe 360se15.0.1376.0.exe setup.exe 360huabao.exe 360huabao.exe 360huabao.exe no specs 360huabao.exe 360huabao.exe no specs 360huabao.exe no specs 360huabao.exe no specs 360secore.exe 360huabao.exe no specs 360huabaosetup.exe 360huabao.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1852"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\admin\AppData\Roaming\360huabao\\user_data\\chromeshellmain" --main-ver=15.0.1376.0 --mainprocess-ver=15.0.1376.0 --mojo-platform-channel-handle=2316 --field-trial-handle=3004,i,7294680749255968905,14369755837218450122,262144 --disable-features=HardwareMediaKeyHandling /prefetch:8C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Version:
4.0.398.0
2216C:\Users\admin\AppData\Local\Temp\360se15.0.1376.0.exe --secore-install --secore-forsdk --silent-installC:\Users\admin\AppData\Local\Temp\360se15.0.1376.0.exe
360huabaosetup.exe
User:
admin
Company:
360.cn
Integrity Level:
MEDIUM
Description:
360安全浏览器
Exit code:
0
Version:
15.0.1376.0
Modules
Images
c:\users\admin\appdata\local\temp\360se15.0.1376.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
3928"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" /hb:1C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe
360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Version:
4.0.398.0
Modules
Images
c:\users\admin\appdata\roaming\360huabao\360huabao.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
4300"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\admin\AppData\Roaming\360huabao\\user_data\\chromeshellmain" --main-ver=15.0.1376.0 --mainprocess-ver=15.0.1376.0 --mojo-platform-channel-handle=4800 --field-trial-handle=3004,i,7294680749255968905,14369755837218450122,262144 --disable-features=HardwareMediaKeyHandling /prefetch:8C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Exit code:
0
Version:
4.0.398.0
4444"C:\Users\admin\AppData\Roaming\360huabao\4.0.398.0\360huabaosetup.exe" --updateC:\Users\admin\AppData\Roaming\360huabao\4.0.398.0\360huabaosetup.exe
360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸 服务组件
Exit code:
0
Version:
4.0.398.0
4576"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\360huabao\\user_data\\chromeshellmain" --main-ver=15.0.1376.0 --mainprocess-ver=15.0.1376.0 --first-renderer-process --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3704 --field-trial-handle=3004,i,7294680749255968905,14369755837218450122,262144 --disable-features=HardwareMediaKeyHandling /prefetch:1C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Version:
4.0.398.0
Modules
Images
c:\users\admin\appdata\roaming\360huabao\360huabao.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
4980"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" /deskC:\Users\admin\AppData\Roaming\360huabao\360huabao.exe
360huabaosetup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Version:
4.0.398.0
Modules
Images
c:\users\admin\appdata\roaming\360huabao\360huabao.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
5128"C:\Users\admin\AppData\Local\Temp\CR_D6CF5.tmp\setup.exe" --exe-path="C:\Users\admin\AppData\Local\Temp\360se15.0.1376.0.exe" --secore-install --secore-forsdk --silent-installC:\Users\admin\AppData\Local\Temp\CR_D6CF5.tmp\setup.exe
360se15.0.1376.0.exe
User:
admin
Company:
360.cn
Integrity Level:
MEDIUM
Description:
360安全浏览器
Exit code:
0
Version:
15.0.1376.0
Modules
Images
c:\users\admin\appdata\local\temp\cr_d6cf5.tmp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
6380"C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\360huabao\\user_data\\chromeshellmain" --main-ver=15.0.1376.0 --mainprocess-ver=15.0.1376.0 --no-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4572 --field-trial-handle=3004,i,7294680749255968905,14369755837218450122,262144 --disable-features=HardwareMediaKeyHandling /prefetch:1C:\Users\admin\AppData\Roaming\360huabao\360huabao.exe360huabao.exe
User:
admin
Integrity Level:
MEDIUM
Description:
360壁纸
Version:
4.0.398.0
Modules
Images
c:\users\admin\appdata\roaming\360huabao\360huabao.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
6464"C:\Users\admin\AppData\Roaming\360se6\Application\360secore.exe" --type=seupdate -360seautoupdate --v3Wnd=0 --v3seProcId=4980 --secore-update /prefetch:8 --flag=0C:\Users\admin\AppData\Roaming\360se6\Application\360secore.exe
360huabao.exe
User:
admin
Company:
360.cn
Integrity Level:
MEDIUM
Description:
360网页内核
Exit code:
3221225547
Version:
15.0.1376.0
Total events
12 746
Read events
12 433
Write events
304
Delete events
9

Modification events

(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\360hb_inst.exe.7z
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6560) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(7064) 360huabaosetup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
Executable files
93
Suspicious files
209
Text files
170
Unknown types
0

Dropped files

PID
Process
Filename
Type
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\360Huabao_chat.zipcompressed
MD5:E57B9B3CBAC00D1241E9AF739BAF9304
SHA256:FCD7B6EFB04A381C8C5C1A0B4CCD3E0247ACA6B118EFAAAC496A86BADEC1F175
6560WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb6560.20651\360hb_inst.exeexecutable
MD5:DC243FE7B1C2FCBA41FF6F44CBCDAAED
SHA256:D170B3B47FA0883378AED865D763E8D6CAB70291F10E8F9AB75854502E7B61AE
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\baseutil.dllexecutable
MD5:297F8E05D26092FEB32FBE3D7CC8A0A0
SHA256:A737E962E77C3F08B25621B959E4C3AFD4E401504FDF53C17EBF6704829A69E9
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\360base.dllexecutable
MD5:A73CF0457DF35FAB74EF3393D2766667
SHA256:DF411EBC1B4A652A3822DE0CEBD5A48151ABB3DD99C8C3D15F858401B27243FD
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\360huabaosetup.exeexecutable
MD5:306D8DC0E83423AAAF661C63D4BE6FD6
SHA256:4A2476CF8798174B8CB7B07C6DCD772E21A977465566D4DD6AE6A65606CFE609
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\DropDown.zipcompressed
MD5:B7EC75EBCA71DAC4AB39E8ECA5F82DA2
SHA256:B9C9D916E0E1C6E4F073B49582240209B2938F7E7DE51C66127D275CA4BD5CA0
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\360huabao.exeexecutable
MD5:075A230E1ECF16738FBB68E76FBE29A2
SHA256:41303E7ACDFB0802C45AE226D6BD2F1AF4CB8A6B7507AC26D62998D66F9EBFF4
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\360huabao_uninstall.zipcompressed
MD5:7B646D769438C52F67508E510B4A7712
SHA256:391ABDBAA83A13B2BF7C77CEEE2FD4375EEA2C44ECDE0921FACBFA91C6F9788F
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\HuabaoUtil.dllexecutable
MD5:DBB503D62F77B9E3D36318B17C98E5F4
SHA256:27E6FB1785E02EB6797A3654AB7A56A93F25A13452DCAAB97579CAA260C923E5
7016360hb_inst.exeC:\Users\admin\AppData\Local\Temp\360hb_tmp\4.0.398.0\wallpaper_exception.zipcompressed
MD5:9FE2BC0205B508D569644C4CE51197C3
SHA256:AE551CA9105E2D78277C5CE7231435423AABAE6D3D49A2CE4B0876AFAF9C6F5D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
28
TCP/UDP connections
320
DNS requests
130
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6788
360huabao.exe
GET
200
180.163.251.137:80
http://tt.browser.360.cn/t.html?p=360secore&data_source=8Ju1cx0BGLZDrtVjQYebRw==&t=470473421&mid=c3375a2e510ecaee01a0a4820a727e6e
unknown
whitelisted
760
lsass.exe
GET
200
101.198.193.5:80
http://ocsp.crlocsp.cn/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRgH%2FPN%2F2KBN5Fec0GB96MNB1kxHgQUmZst9ovwo9uJ1J775XQvaNKQT%2BQCEQCQ2X1qkrVHp7BAWEYdXq7%2B
unknown
unknown
4980
360huabao.exe
POST
200
180.163.251.24:80
http://cloud.browser.360.cn/hp/sea
unknown
whitelisted
2144
backgroundTaskHost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
1176
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7160
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7160
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
7064
360huabaosetup.exe
GET
200
180.163.251.231:80
http://s.360.cn/360huabao/inst.htm?ver=4.0.398.0&pid=360hb&type=install&mid=c3375a2e510ecaee01a0a4820a727e6e&m2=&ccsrc=&ss=0&os=4&w64=1&sf=0&wb=0&im=1&ach=0_0_0
unknown
whitelisted
7064
360huabaosetup.exe
GET
200
172.64.149.23:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
20.190.159.130:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
92.123.104.10:443
www.bing.com
Akamai International B.V.
DE
whitelisted
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
1076
svchost.exe
23.35.238.131:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:137
whitelisted
3996
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2144
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
login.live.com
  • 20.190.159.130
  • 20.190.159.23
  • 40.126.31.131
  • 20.190.159.129
  • 20.190.159.0
  • 20.190.159.4
  • 20.190.159.64
  • 20.190.159.128
whitelisted
www.bing.com
  • 92.123.104.10
  • 92.123.104.4
  • 92.123.104.66
  • 92.123.104.6
  • 92.123.104.5
  • 92.123.104.8
  • 92.123.104.11
  • 92.123.104.12
  • 92.123.104.9
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted
s.360.cn
  • 180.163.251.231
  • 101.198.2.147
  • 171.13.14.66
  • 171.8.167.89
  • 180.163.251.230
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted

Threats

No threats detected
Process
Message
360huabao.exe
C:\Windows\web\wallpaper\Windows\img0.jpg
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
360hb_inst.exe.7z