URL:

https://dl.360safe.com/software_installer_download/%E6%90%9C%E7%8B%97%E6%8B%BC%E9%9F%B3%E8%BE%93%E5%85%A5%E6%B3%95_1043_90412.exe

Full analysis: https://app.any.run/tasks/b48fad70-c45c-4fc4-a590-d3da72aacea6
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: July 25, 2025, 14:27:06
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
xor-url
generic
stealer
greyware
qihoo360
adware
Indicators:
MD5:

4F68C48605001C437653CA11A4A92304

SHA1:

E7D606647DA176D4418D043C77F98E01BEB87FF8

SHA256:

91FE456524FCF6D343B55B0BA22DC8F2B4C56A59CB51E1E88DB6F0B1D7AB45AF

SSDEEP:

3:N8RwVoLwKdMXJOXxSCA83QlBgMl9LWnjAnAqz7qsD3I:2muMZOXx0jgMl9L4pGvD3I

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • XORed URL has been found (YARA)

      • 搜狗拼音输入法_1043_90412.exe (PID: 8096)
      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7932)
      • 搜狗拼音输入法_1043_90412.exe (PID: 4216)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7736)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6292)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6140)

    • Actions looks like stealing of personal data

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • csrss.exe (PID: 608)
      • regsvr32.exe (PID: 7000)
      • 360SecLogonHelper.exe (PID: 424)
      • EaInstHelper.exe (PID: 7472)
      • PopWndTracker.exe (PID: 5132)
      • EaInstHelper64.exe (PID: 4040)
      • ZhuDongFangYu.exe (PID: 3576)
      • PowerSaver.exe (PID: 4796)
      • 360CleanHelper.exe (PID: 864)
      • 360Tray.exe (PID: 7052)
      • ZhuDongFangYu.exe (PID: 72)
      • ZhuDongFangYu.exe (PID: 5776)
      • regsvr32.exe (PID: 3880)
      • AdvUtils.exe (PID: 6756)
      • WscReg.exe (PID: 3908)
      • 360EntHelper.exe (PID: 8188)
      • SoftupNotify.exe (PID: 5292)
      • regsvr32.exe (PID: 6036)

    • GENERIC has been found (auto)

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)

    • Changes the autorun value in the registry

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)

    • Registers / Runs the DLL via REGSVR32.EXE

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • SoftupNotify.exe (PID: 5292)
      • 360Tray.exe (PID: 7052)

    • QIHOO360 mutex has been found

      • PopWndTracker.exe (PID: 5132)
      • ZhuDongFangYu.exe (PID: 3576)
      • 360CleanHelper.exe (PID: 864)
      • ZhuDongFangYu.exe (PID: 72)
      • ZhuDongFangYu.exe (PID: 5776)
      • 360Tray.exe (PID: 7052)
      • SoftupNotify.exe (PID: 5292)

    • Application was injected by another process

      • spoolsv.exe (PID: 2560)

    • Runs injected code in another process

      • 360Tray.exe (PID: 7052)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • 搜狗拼音输入法_1043_90412.exe (PID: 8096)
      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7932)
      • 搜狗拼音输入法_1043_90412.exe (PID: 4216)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6292)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7736)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6140)
      • 360Tray.exe (PID: 7052)
      • SoftupNotify.exe (PID: 5292)

    • The process verifies whether the antivirus software is installed

      • 搜狗拼音输入法_1043_90412.exe (PID: 8096)
      • 搜狗拼音输入法_1043_90412.exe (PID: 4216)
      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7932)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6292)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7736)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6140)
      • csrss.exe (PID: 608)
      • regsvr32.exe (PID: 7000)
      • EaInstHelper.exe (PID: 7472)
      • 360SecLogonHelper.exe (PID: 424)
      • PopWndTracker.exe (PID: 5132)
      • EaInstHelper64.exe (PID: 4040)
      • ZhuDongFangYu.exe (PID: 3576)
      • PowerSaver.exe (PID: 4796)
      • 360CleanHelper.exe (PID: 864)
      • explorer.exe (PID: 4772)
      • 360Tray.exe (PID: 7052)
      • ZhuDongFangYu.exe (PID: 5776)
      • ZhuDongFangYu.exe (PID: 72)
      • regsvr32.exe (PID: 868)
      • regsvr32.exe (PID: 3880)
      • SoftupNotify.exe (PID: 5292)
      • regsvr32.exe (PID: 6036)
      • regsvr32.exe (PID: 4836)
      • AdvUtils.exe (PID: 6756)
      • regsvr32.exe (PID: 4796)
      • msedge.exe (PID: 7988)
      • spoolsv.exe (PID: 2560)
      • WscReg.exe (PID: 3908)
      • 360EntHelper.exe (PID: 8188)

    • Executable content was dropped or overwritten

      • 搜狗拼音输入法_1043_90412.exe (PID: 8096)
      • 搜狗拼音输入法_1043_90412.exe (PID: 4216)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7932)
      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6292)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7736)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6140)
      • EaInstHelper64.exe (PID: 4040)
      • 360Tray.exe (PID: 7052)

    • There is functionality for taking screenshot (YARA)

      • 搜狗拼音输入法_1043_90412.exe (PID: 8096)
      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7932)
      • 搜狗拼音输入法_1043_90412.exe (PID: 4216)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7736)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6292)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6140)

    • Process requests binary or script from the Internet

      • explorer.exe (PID: 4772)
      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 360Tray.exe (PID: 7052)

    • Potential Corporate Privacy Violation

      • explorer.exe (PID: 4772)
      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)

    • Drops 7-zip archiver for unpacking

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)

    • Zapya greyware has been detected

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 360Tray.exe (PID: 7052)

    • Write to the desktop.ini file (may be used to cloak folders)

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)

    • Adds/modifies Windows certificates

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • PowerSaver.exe (PID: 4796)

    • Creates a software uninstall entry

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)

    • Creates files in the driver directory

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • EaInstHelper64.exe (PID: 4040)
      • 360Tray.exe (PID: 7052)

    • Creates or modifies Windows services

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • EaInstHelper64.exe (PID: 4040)
      • ZhuDongFangYu.exe (PID: 3576)
      • 360Tray.exe (PID: 7052)

    • Drops a system driver (possible attempt to evade defenses)

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • EaInstHelper64.exe (PID: 4040)
      • 360Tray.exe (PID: 7052)

    • Creates/Modifies COM task schedule object

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • regsvr32.exe (PID: 7000)
      • 360CleanHelper.exe (PID: 864)
      • 360Tray.exe (PID: 7052)
      • regsvr32.exe (PID: 3880)
      • regsvr32.exe (PID: 6036)
      • regsvr32.exe (PID: 4796)

    • Changes default file association

      • 360Tray.exe (PID: 7052)

    • Executes as Windows Service

      • ZhuDongFangYu.exe (PID: 5776)

    • The process checks if it is being run in the virtual environment

      • 360Tray.exe (PID: 7052)

    • Reads the BIOS version

      • 360Tray.exe (PID: 7052)

    • Read disk information to detect sandboxing environments

      • 360Tray.exe (PID: 7052)

    • Reads Microsoft Outlook installation path

      • 360Tray.exe (PID: 7052)

    • Searches for installed software

      • 360Tray.exe (PID: 7052)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 4188)

    • Reads the computer name

      • identity_helper.exe (PID: 7556)
      • 搜狗拼音输入法_1043_90412.exe (PID: 8096)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7932)
      • 搜狗拼音输入法_1043_90412.exe (PID: 4216)
      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7736)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6292)
      • zoolskAfJgDfU29.exe (PID: 7496)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6140)
      • 360SecLogonHelper.exe (PID: 424)
      • EaInstHelper64.exe (PID: 4040)
      • ZhuDongFangYu.exe (PID: 3576)
      • 360Tray.exe (PID: 7052)
      • ZhuDongFangYu.exe (PID: 5776)
      • ZhuDongFangYu.exe (PID: 72)
      • SoftupNotify.exe (PID: 5292)
      • WscReg.exe (PID: 3908)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 4188)
      • msedge.exe (PID: 6388)

    • Checks supported languages

      • 搜狗拼音输入法_1043_90412.exe (PID: 8096)
      • 搜狗拼音输入法_1043_90412.exe (PID: 4216)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7932)
      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • identity_helper.exe (PID: 7556)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6292)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7736)
      • zoolskAfJgDfU29.exe (PID: 7496)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6140)
      • 360SecLogonHelper.exe (PID: 424)
      • EaInstHelper.exe (PID: 7472)
      • PopWndTracker.exe (PID: 5132)
      • EaInstHelper64.exe (PID: 4040)
      • ZhuDongFangYu.exe (PID: 3576)
      • PowerSaver.exe (PID: 4796)
      • 360Tray.exe (PID: 7052)
      • 360CleanHelper.exe (PID: 864)
      • SoftupNotify.exe (PID: 5292)
      • ZhuDongFangYu.exe (PID: 72)
      • ZhuDongFangYu.exe (PID: 5776)
      • AdvUtils.exe (PID: 6756)
      • WscReg.exe (PID: 3908)
      • 360EntHelper.exe (PID: 8188)

    • Creates files or folders in the user directory

      • 搜狗拼音输入法_1043_90412.exe (PID: 8096)
      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7932)
      • 搜狗拼音输入法_1043_90412.exe (PID: 4216)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6292)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7736)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6140)
      • 360Tray.exe (PID: 7052)

    • Reads Environment values

      • identity_helper.exe (PID: 7556)
      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 360Tray.exe (PID: 7052)

    • Checks proxy server information

      • 搜狗拼音输入法_1043_90412.exe (PID: 8096)
      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7932)
      • 搜狗拼音输入法_1043_90412.exe (PID: 4216)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7736)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6292)
      • explorer.exe (PID: 4772)
      • slui.exe (PID: 6736)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6140)
      • 360Tray.exe (PID: 7052)

    • Create files in a temporary directory

      • 搜狗拼音输入法_1043_90412.exe (PID: 8096)
      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 搜狗拼音输入法_1043_90412.exe (PID: 4216)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7932)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6292)
      • explorer.exe (PID: 4772)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7736)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6140)
      • 360Tray.exe (PID: 7052)

    • The sample compiled with chinese language support

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 搜狗拼音输入法_1043_90412.exe (PID: 8096)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7932)
      • 搜狗拼音输入法_1043_90412.exe (PID: 4216)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6292)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7736)
      • explorer.exe (PID: 4772)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6140)
      • EaInstHelper64.exe (PID: 4040)
      • 360Tray.exe (PID: 7052)

    • Reads the machine GUID from the registry

      • 搜狗拼音输入法_1043_90412.exe (PID: 8096)
      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 搜狗拼音输入法_1043_90412.exe (PID: 4216)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7932)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6292)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7736)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6140)
      • 360SecLogonHelper.exe (PID: 424)
      • 360Tray.exe (PID: 7052)
      • ZhuDongFangYu.exe (PID: 5776)

    • Reads security settings of Internet Explorer

      • explorer.exe (PID: 4772)

    • The sample compiled with english language support

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)

    • Reads the software policy settings

      • slui.exe (PID: 6736)
      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 360Tray.exe (PID: 7052)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7932)
      • 搜狗拼音输入法_1043_90412.exe (PID: 8096)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6292)
      • 搜狗拼音输入法_1043_90412.exe (PID: 6140)
      • 搜狗拼音输入法_1043_90412.exe (PID: 4216)
      • 搜狗拼音输入法_1043_90412.exe (PID: 7736)

    • Creates files in the program directory

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • PopWndTracker.exe (PID: 5132)
      • 360Tray.exe (PID: 7052)
      • WscReg.exe (PID: 3908)
      • SoftupNotify.exe (PID: 5292)

    • Launching a file from a Registry key

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)

    • Process checks computer location settings

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • SoftupNotify.exe (PID: 5292)
      • 360Tray.exe (PID: 7052)

    • Disables trace logs

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 360Tray.exe (PID: 7052)
      • ZhuDongFangYu.exe (PID: 5776)
      • SoftupNotify.exe (PID: 5292)
      • 360SecLogonHelper.exe (PID: 424)

    • Process checks whether UAC notifications are on

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 360Tray.exe (PID: 7052)

    • Reads CPU info

      • 搜狗拼音输入法_1043_90412.exe (PID: 1944)
      • 360Tray.exe (PID: 7052)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

xor-url

(PID) Process(8096) 搜狗拼音输入法_1043_90412.exe
Decrypted-URLs (82)http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://chp.f.360.cn/wdcquery
http://cp.uidf.f.360.cn/wpeinfo
http://crl.globalsign.com/ca/gstsacasha384g4.crl0
http://crl.globalsign.com/codesigningrootr45.crl0U
http://crl.globalsign.com/gs/gstimestampingg2.crl0T
http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
http://crl.globalsign.com/root-r6.crl0G
http://crl.globalsign.net/root-r3.crl0
http://crl.globalsign.net/root.crl0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://crl.verisign.com/pca3-g5.crl04
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://dl.360safe.com/gf/%u.cab
http://dl.360safe.com/gf/def.cab
http://down.360safe.com/setup.exe
http://down.360safe.com/setupbeta.exe
http://hao.360.cn/?ln=360ini
http://logo.verisign.com/vslogo.gif04
http://my.360.com
http://my.360safe.com
http://ocsp.digicert.com0A
http://ocsp.digicert.com0C
http://ocsp.digicert.com0X
http://ocsp.globalsign.com/ca/gstsacasha384g40C
http://ocsp.globalsign.com/codesigningrootr450F
http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
http://ocsp.thawte.com0
http://ocsp.verisign.com0
http://ocsp2.globalsign.com/gstimestampingsha2g20
http://ocsp2.globalsign.com/rootr606
http://pinst.360.cn/360safebeta/safebeta_home.cab
http://pinst.360.cn/360sd/360sd_min.cab
http://s.360.cn/hips/update/inst.htm?m=%s&v=%s&s=%d&r=%d&d=%s&oav=%d
http://s.360.cn/safe/install.html?mid=%s&
http://s.360.cn/safe/setupsperr.htm?mid=%s
http://s1.symcb.com/pca3-g5.crl0
http://s2.symcb.com0
http://sd.360.cn
http://sd.360.cn/downloadbeta.html
http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
http://secure.globalsign.com/cacert/gstimestampingg2.crt0
http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
http://sf.symcb.com/sf.crl0a
http://sf.symcb.com/sf.crl0f
http://sf.symcb.com/sf.crt0
http://sfdl.360safe.com/inst_gf_popup.exe
http://sfdl.360safe.com/inst_gf_popup_ev.exe
http://sfdl.360safe.com/inst_js_popup.exe
http://sfdl.360safe.com/inst_js_popup_ev.exe
http://stat.sd.360.cn/setupfail.htm?pid=%s&case=%d
http://sv.symcb.com/sv.crl0a
http://sv.symcb.com/sv.crl0f
http://sv.symcb.com/sv.crt0
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ts-ocsp.ws.symantec.com07
http://www.2345.com/?pic360
http://www.360.cn
http://www.360.cn/killer/360compkill.html
http://www.360.cn/userexperienceimprovement.html
http://www.360.cn/xukexieyi.html#shadu
http://www.360safe.com
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
https://hao.360.cn/
https://www.globalsign.com/repository/0
https://www.globalsign.com/repository/03
https://www.globalsign.com/repository/06
https://www.verisign.com/cps0*
https://www.verisign.com/rpa
https://www.verisign.com/rpa0
(PID) Process(1944) 搜狗拼音输入法_1043_90412.exe
Decrypted-URLs (82)http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://chp.f.360.cn/wdcquery
http://cp.uidf.f.360.cn/wpeinfo
http://crl.globalsign.com/ca/gstsacasha384g4.crl0
http://crl.globalsign.com/codesigningrootr45.crl0U
http://crl.globalsign.com/gs/gstimestampingg2.crl0T
http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
http://crl.globalsign.com/root-r6.crl0G
http://crl.globalsign.net/root-r3.crl0
http://crl.globalsign.net/root.crl0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://crl.verisign.com/pca3-g5.crl04
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://dl.360safe.com/gf/%u.cab
http://dl.360safe.com/gf/def.cab
http://down.360safe.com/setup.exe
http://down.360safe.com/setupbeta.exe
http://hao.360.cn/?ln=360ini
http://logo.verisign.com/vslogo.gif04
http://my.360.com
http://my.360safe.com
http://ocsp.digicert.com0A
http://ocsp.digicert.com0C
http://ocsp.digicert.com0X
http://ocsp.globalsign.com/ca/gstsacasha384g40C
http://ocsp.globalsign.com/codesigningrootr450F
http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
http://ocsp.thawte.com0
http://ocsp.verisign.com0
http://ocsp2.globalsign.com/gstimestampingsha2g20
http://ocsp2.globalsign.com/rootr606
http://pinst.360.cn/360safebeta/safebeta_home.cab
http://pinst.360.cn/360sd/360sd_min.cab
http://s.360.cn/hips/update/inst.htm?m=%s&v=%s&s=%d&r=%d&d=%s&oav=%d
http://s.360.cn/safe/install.html?mid=%s&
http://s.360.cn/safe/setupsperr.htm?mid=%s
http://s1.symcb.com/pca3-g5.crl0
http://s2.symcb.com0
http://sd.360.cn
http://sd.360.cn/downloadbeta.html
http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
http://secure.globalsign.com/cacert/gstimestampingg2.crt0
http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
http://sf.symcb.com/sf.crl0a
http://sf.symcb.com/sf.crl0f
http://sf.symcb.com/sf.crt0
http://sfdl.360safe.com/inst_gf_popup.exe
http://sfdl.360safe.com/inst_gf_popup_ev.exe
http://sfdl.360safe.com/inst_js_popup.exe
http://sfdl.360safe.com/inst_js_popup_ev.exe
http://stat.sd.360.cn/setupfail.htm?pid=%s&case=%d
http://sv.symcb.com/sv.crl0a
http://sv.symcb.com/sv.crl0f
http://sv.symcb.com/sv.crt0
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ts-ocsp.ws.symantec.com07
http://www.2345.com/?pic360
http://www.360.cn
http://www.360.cn/killer/360compkill.html
http://www.360.cn/userexperienceimprovement.html
http://www.360.cn/xukexieyi.html#shadu
http://www.360safe.com
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
https://hao.360.cn/
https://www.globalsign.com/repository/0
https://www.globalsign.com/repository/03
https://www.globalsign.com/repository/06
https://www.verisign.com/cps0*
https://www.verisign.com/rpa
https://www.verisign.com/rpa0
(PID) Process(7932) 搜狗拼音输入法_1043_90412.exe
Decrypted-URLs (82)http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://chp.f.360.cn/wdcquery
http://cp.uidf.f.360.cn/wpeinfo
http://crl.globalsign.com/ca/gstsacasha384g4.crl0
http://crl.globalsign.com/codesigningrootr45.crl0U
http://crl.globalsign.com/gs/gstimestampingg2.crl0T
http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
http://crl.globalsign.com/root-r6.crl0G
http://crl.globalsign.net/root-r3.crl0
http://crl.globalsign.net/root.crl0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://crl.verisign.com/pca3-g5.crl04
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://dl.360safe.com/gf/%u.cab
http://dl.360safe.com/gf/def.cab
http://down.360safe.com/setup.exe
http://down.360safe.com/setupbeta.exe
http://hao.360.cn/?ln=360ini
http://logo.verisign.com/vslogo.gif04
http://my.360.com
http://my.360safe.com
http://ocsp.digicert.com0A
http://ocsp.digicert.com0C
http://ocsp.digicert.com0X
http://ocsp.globalsign.com/ca/gstsacasha384g40C
http://ocsp.globalsign.com/codesigningrootr450F
http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
http://ocsp.thawte.com0
http://ocsp.verisign.com0
http://ocsp2.globalsign.com/gstimestampingsha2g20
http://ocsp2.globalsign.com/rootr606
http://pinst.360.cn/360safebeta/safebeta_home.cab
http://pinst.360.cn/360sd/360sd_min.cab
http://s.360.cn/hips/update/inst.htm?m=%s&v=%s&s=%d&r=%d&d=%s&oav=%d
http://s.360.cn/safe/install.html?mid=%s&
http://s.360.cn/safe/setupsperr.htm?mid=%s
http://s1.symcb.com/pca3-g5.crl0
http://s2.symcb.com0
http://sd.360.cn
http://sd.360.cn/downloadbeta.html
http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
http://secure.globalsign.com/cacert/gstimestampingg2.crt0
http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
http://sf.symcb.com/sf.crl0a
http://sf.symcb.com/sf.crl0f
http://sf.symcb.com/sf.crt0
http://sfdl.360safe.com/inst_gf_popup.exe
http://sfdl.360safe.com/inst_gf_popup_ev.exe
http://sfdl.360safe.com/inst_js_popup.exe
http://sfdl.360safe.com/inst_js_popup_ev.exe
http://stat.sd.360.cn/setupfail.htm?pid=%s&case=%d
http://sv.symcb.com/sv.crl0a
http://sv.symcb.com/sv.crl0f
http://sv.symcb.com/sv.crt0
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ts-ocsp.ws.symantec.com07
http://www.2345.com/?pic360
http://www.360.cn
http://www.360.cn/killer/360compkill.html
http://www.360.cn/userexperienceimprovement.html
http://www.360.cn/xukexieyi.html#shadu
http://www.360safe.com
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
https://hao.360.cn/
https://www.globalsign.com/repository/0
https://www.globalsign.com/repository/03
https://www.globalsign.com/repository/06
https://www.verisign.com/cps0*
https://www.verisign.com/rpa
https://www.verisign.com/rpa0
(PID) Process(4216) 搜狗拼音输入法_1043_90412.exe
Decrypted-URLs (82)http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://chp.f.360.cn/wdcquery
http://cp.uidf.f.360.cn/wpeinfo
http://crl.globalsign.com/ca/gstsacasha384g4.crl0
http://crl.globalsign.com/codesigningrootr45.crl0U
http://crl.globalsign.com/gs/gstimestampingg2.crl0T
http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
http://crl.globalsign.com/root-r6.crl0G
http://crl.globalsign.net/root-r3.crl0
http://crl.globalsign.net/root.crl0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://crl.verisign.com/pca3-g5.crl04
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://dl.360safe.com/gf/%u.cab
http://dl.360safe.com/gf/def.cab
http://down.360safe.com/setup.exe
http://down.360safe.com/setupbeta.exe
http://hao.360.cn/?ln=360ini
http://logo.verisign.com/vslogo.gif04
http://my.360.com
http://my.360safe.com
http://ocsp.digicert.com0A
http://ocsp.digicert.com0C
http://ocsp.digicert.com0X
http://ocsp.globalsign.com/ca/gstsacasha384g40C
http://ocsp.globalsign.com/codesigningrootr450F
http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
http://ocsp.thawte.com0
http://ocsp.verisign.com0
http://ocsp2.globalsign.com/gstimestampingsha2g20
http://ocsp2.globalsign.com/rootr606
http://pinst.360.cn/360safebeta/safebeta_home.cab
http://pinst.360.cn/360sd/360sd_min.cab
http://s.360.cn/hips/update/inst.htm?m=%s&v=%s&s=%d&r=%d&d=%s&oav=%d
http://s.360.cn/safe/install.html?mid=%s&
http://s.360.cn/safe/setupsperr.htm?mid=%s
http://s1.symcb.com/pca3-g5.crl0
http://s2.symcb.com0
http://sd.360.cn
http://sd.360.cn/downloadbeta.html
http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
http://secure.globalsign.com/cacert/gstimestampingg2.crt0
http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
http://sf.symcb.com/sf.crl0a
http://sf.symcb.com/sf.crl0f
http://sf.symcb.com/sf.crt0
http://sfdl.360safe.com/inst_gf_popup.exe
http://sfdl.360safe.com/inst_gf_popup_ev.exe
http://sfdl.360safe.com/inst_js_popup.exe
http://sfdl.360safe.com/inst_js_popup_ev.exe
http://stat.sd.360.cn/setupfail.htm?pid=%s&case=%d
http://sv.symcb.com/sv.crl0a
http://sv.symcb.com/sv.crl0f
http://sv.symcb.com/sv.crt0
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ts-ocsp.ws.symantec.com07
http://www.2345.com/?pic360
http://www.360.cn
http://www.360.cn/killer/360compkill.html
http://www.360.cn/userexperienceimprovement.html
http://www.360.cn/xukexieyi.html#shadu
http://www.360safe.com
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
https://hao.360.cn/
https://www.globalsign.com/repository/0
https://www.globalsign.com/repository/03
https://www.globalsign.com/repository/06
https://www.verisign.com/cps0*
https://www.verisign.com/rpa
https://www.verisign.com/rpa0
(PID) Process(7736) 搜狗拼音输入法_1043_90412.exe
Decrypted-URLs (82)http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://chp.f.360.cn/wdcquery
http://cp.uidf.f.360.cn/wpeinfo
http://crl.globalsign.com/ca/gstsacasha384g4.crl0
http://crl.globalsign.com/codesigningrootr45.crl0U
http://crl.globalsign.com/gs/gstimestampingg2.crl0T
http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
http://crl.globalsign.com/root-r6.crl0G
http://crl.globalsign.net/root-r3.crl0
http://crl.globalsign.net/root.crl0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://crl.verisign.com/pca3-g5.crl04
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://dl.360safe.com/gf/%u.cab
http://dl.360safe.com/gf/def.cab
http://down.360safe.com/setup.exe
http://down.360safe.com/setupbeta.exe
http://hao.360.cn/?ln=360ini
http://logo.verisign.com/vslogo.gif04
http://my.360.com
http://my.360safe.com
http://ocsp.digicert.com0A
http://ocsp.digicert.com0C
http://ocsp.digicert.com0X
http://ocsp.globalsign.com/ca/gstsacasha384g40C
http://ocsp.globalsign.com/codesigningrootr450F
http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
http://ocsp.thawte.com0
http://ocsp.verisign.com0
http://ocsp2.globalsign.com/gstimestampingsha2g20
http://ocsp2.globalsign.com/rootr606
http://pinst.360.cn/360safebeta/safebeta_home.cab
http://pinst.360.cn/360sd/360sd_min.cab
http://s.360.cn/hips/update/inst.htm?m=%s&v=%s&s=%d&r=%d&d=%s&oav=%d
http://s.360.cn/safe/install.html?mid=%s&
http://s.360.cn/safe/setupsperr.htm?mid=%s
http://s1.symcb.com/pca3-g5.crl0
http://s2.symcb.com0
http://sd.360.cn
http://sd.360.cn/downloadbeta.html
http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
http://secure.globalsign.com/cacert/gstimestampingg2.crt0
http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
http://sf.symcb.com/sf.crl0a
http://sf.symcb.com/sf.crl0f
http://sf.symcb.com/sf.crt0
http://sfdl.360safe.com/inst_gf_popup.exe
http://sfdl.360safe.com/inst_gf_popup_ev.exe
http://sfdl.360safe.com/inst_js_popup.exe
http://sfdl.360safe.com/inst_js_popup_ev.exe
http://stat.sd.360.cn/setupfail.htm?pid=%s&case=%d
http://sv.symcb.com/sv.crl0a
http://sv.symcb.com/sv.crl0f
http://sv.symcb.com/sv.crt0
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ts-ocsp.ws.symantec.com07
http://www.2345.com/?pic360
http://www.360.cn
http://www.360.cn/killer/360compkill.html
http://www.360.cn/userexperienceimprovement.html
http://www.360.cn/xukexieyi.html#shadu
http://www.360safe.com
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
https://hao.360.cn/
https://www.globalsign.com/repository/0
https://www.globalsign.com/repository/03
https://www.globalsign.com/repository/06
https://www.verisign.com/cps0*
https://www.verisign.com/rpa
https://www.verisign.com/rpa0
(PID) Process(6292) 搜狗拼音输入法_1043_90412.exe
Decrypted-URLs (82)http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://chp.f.360.cn/wdcquery
http://cp.uidf.f.360.cn/wpeinfo
http://crl.globalsign.com/ca/gstsacasha384g4.crl0
http://crl.globalsign.com/codesigningrootr45.crl0U
http://crl.globalsign.com/gs/gstimestampingg2.crl0T
http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
http://crl.globalsign.com/root-r6.crl0G
http://crl.globalsign.net/root-r3.crl0
http://crl.globalsign.net/root.crl0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://crl.verisign.com/pca3-g5.crl04
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://dl.360safe.com/gf/%u.cab
http://dl.360safe.com/gf/def.cab
http://down.360safe.com/setup.exe
http://down.360safe.com/setupbeta.exe
http://hao.360.cn/?ln=360ini
http://logo.verisign.com/vslogo.gif04
http://my.360.com
http://my.360safe.com
http://ocsp.digicert.com0A
http://ocsp.digicert.com0C
http://ocsp.digicert.com0X
http://ocsp.globalsign.com/ca/gstsacasha384g40C
http://ocsp.globalsign.com/codesigningrootr450F
http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
http://ocsp.thawte.com0
http://ocsp.verisign.com0
http://ocsp2.globalsign.com/gstimestampingsha2g20
http://ocsp2.globalsign.com/rootr606
http://pinst.360.cn/360safebeta/safebeta_home.cab
http://pinst.360.cn/360sd/360sd_min.cab
http://s.360.cn/hips/update/inst.htm?m=%s&v=%s&s=%d&r=%d&d=%s&oav=%d
http://s.360.cn/safe/install.html?mid=%s&
http://s.360.cn/safe/setupsperr.htm?mid=%s
http://s1.symcb.com/pca3-g5.crl0
http://s2.symcb.com0
http://sd.360.cn
http://sd.360.cn/downloadbeta.html
http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
http://secure.globalsign.com/cacert/gstimestampingg2.crt0
http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
http://sf.symcb.com/sf.crl0a
http://sf.symcb.com/sf.crl0f
http://sf.symcb.com/sf.crt0
http://sfdl.360safe.com/inst_gf_popup.exe
http://sfdl.360safe.com/inst_gf_popup_ev.exe
http://sfdl.360safe.com/inst_js_popup.exe
http://sfdl.360safe.com/inst_js_popup_ev.exe
http://stat.sd.360.cn/setupfail.htm?pid=%s&case=%d
http://sv.symcb.com/sv.crl0a
http://sv.symcb.com/sv.crl0f
http://sv.symcb.com/sv.crt0
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ts-ocsp.ws.symantec.com07
http://www.2345.com/?pic360
http://www.360.cn
http://www.360.cn/killer/360compkill.html
http://www.360.cn/userexperienceimprovement.html
http://www.360.cn/xukexieyi.html#shadu
http://www.360safe.com
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
https://hao.360.cn/
https://www.globalsign.com/repository/0
https://www.globalsign.com/repository/03
https://www.globalsign.com/repository/06
https://www.verisign.com/cps0*
https://www.verisign.com/rpa
https://www.verisign.com/rpa0
(PID) Process(6140) 搜狗拼音输入法_1043_90412.exe
Decrypted-URLs (82)http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://chp.f.360.cn/wdcquery
http://cp.uidf.f.360.cn/wpeinfo
http://crl.globalsign.com/ca/gstsacasha384g4.crl0
http://crl.globalsign.com/codesigningrootr45.crl0U
http://crl.globalsign.com/gs/gstimestampingg2.crl0T
http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
http://crl.globalsign.com/root-r6.crl0G
http://crl.globalsign.net/root-r3.crl0
http://crl.globalsign.net/root.crl0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://crl.verisign.com/pca3-g5.crl04
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://dl.360safe.com/gf/%u.cab
http://dl.360safe.com/gf/def.cab
http://down.360safe.com/setup.exe
http://down.360safe.com/setupbeta.exe
http://hao.360.cn/?ln=360ini
http://logo.verisign.com/vslogo.gif04
http://my.360.com
http://my.360safe.com
http://ocsp.digicert.com0A
http://ocsp.digicert.com0C
http://ocsp.digicert.com0X
http://ocsp.globalsign.com/ca/gstsacasha384g40C
http://ocsp.globalsign.com/codesigningrootr450F
http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
http://ocsp.thawte.com0
http://ocsp.verisign.com0
http://ocsp2.globalsign.com/gstimestampingsha2g20
http://ocsp2.globalsign.com/rootr606
http://pinst.360.cn/360safebeta/safebeta_home.cab
http://pinst.360.cn/360sd/360sd_min.cab
http://s.360.cn/hips/update/inst.htm?m=%s&v=%s&s=%d&r=%d&d=%s&oav=%d
http://s.360.cn/safe/install.html?mid=%s&
http://s.360.cn/safe/setupsperr.htm?mid=%s
http://s1.symcb.com/pca3-g5.crl0
http://s2.symcb.com0
http://sd.360.cn
http://sd.360.cn/downloadbeta.html
http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
http://secure.globalsign.com/cacert/gstimestampingg2.crt0
http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
http://sf.symcb.com/sf.crl0a
http://sf.symcb.com/sf.crl0f
http://sf.symcb.com/sf.crt0
http://sfdl.360safe.com/inst_gf_popup.exe
http://sfdl.360safe.com/inst_gf_popup_ev.exe
http://sfdl.360safe.com/inst_js_popup.exe
http://sfdl.360safe.com/inst_js_popup_ev.exe
http://stat.sd.360.cn/setupfail.htm?pid=%s&case=%d
http://sv.symcb.com/sv.crl0a
http://sv.symcb.com/sv.crl0f
http://sv.symcb.com/sv.crt0
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ts-ocsp.ws.symantec.com07
http://www.2345.com/?pic360
http://www.360.cn
http://www.360.cn/killer/360compkill.html
http://www.360.cn/userexperienceimprovement.html
http://www.360.cn/xukexieyi.html#shadu
http://www.360safe.com
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
https://hao.360.cn/
https://www.globalsign.com/repository/0
https://www.globalsign.com/repository/03
https://www.globalsign.com/repository/06
https://www.verisign.com/cps0*
https://www.verisign.com/rpa
https://www.verisign.com/rpa0
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
223
Monitored processes
71
Malicious processes
28
Suspicious processes
2

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs 搜狗拼音输入法_1043_90412.exe no specs #XOR-URL 搜狗拼音输入法_1043_90412.exe 搜狗拼音输入法_1043_90412.exe no specs #XOR-URL 搜狗拼音输入法_1043_90412.exe 搜狗拼音输入法_1043_90412.exe no specs 搜狗拼音输入法_1043_90412.exe no specs #XOR-URL 搜狗拼音输入法_1043_90412.exe #XOR-URL 搜狗拼音输入法_1043_90412.exe 搜狗拼音输入法_1043_90412.exe no specs 搜狗拼音输入法_1043_90412.exe no specs #XOR-URL 搜狗拼音输入法_1043_90412.exe #XOR-URL 搜狗拼音输入法_1043_90412.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs explorer.exe slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs zoolskafjgdfu29.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs 搜狗拼音输入法_1043_90412.exe no specs #XOR-URL 搜狗拼音输入法_1043_90412.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs regsvr32.exe 360seclogonhelper.exe #QIHOO360 popwndtracker.exe eainsthelper.exe eainsthelper64.exe #QIHOO360 zhudongfangyu.exe powersaver.exe #QIHOO360 360cleanhelper.exe #QIHOO360 360tray.exe #QIHOO360 softupnotify.exe #QIHOO360 zhudongfangyu.exe #QIHOO360 zhudongfangyu.exe regsvr32.exe no specs regsvr32.exe regsvr32.exe regsvr32.exe no specs regsvr32.exe no specs advutils.exe msedge.exe no specs wscreg.exe 360enthelper.exe csrss.exe spoolsv.exe

Process information

PID
CMD
Path
Indicators
Parent process
72"C:\Users\admin\Downloads\搜狗拼音输入法_1043_90412.exe" C:\Users\admin\Downloads\搜狗拼音输入法_1043_90412.exemsedge.exe
User:
admin
Company:
360.cn
Integrity Level:
MEDIUM
Description:
InstallSoft.exe
Exit code:
3221226540
Version:
2, 0, 0, 1091
Modules
Images
c:\users\admin\downloads\搜狗拼音输入法_1043_90412.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
72"C:\Program Files (x86)\360\360Safe\deepscan\zhudongfangyu.exe" /StartC:\Program Files (x86)\360\360Safe\deepscan\ZhuDongFangYu.exe
搜狗拼音输入法_1043_90412.exe
User:
admin
Company:
360.cn
Integrity Level:
HIGH
Description:
360主动防御服务模块
Exit code:
0
Version:
3, 2, 2, 3105
Modules
Images
c:\program files (x86)\360\360safe\deepscan\zhudongfangyu.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
424"C:\Program Files (x86)\360\360Safe\Utils\360seclogon\360SecLogonHelper.exe" C:\Program Files (x86)\360\360Safe\Utils\360SecLogon\360SecLogonHelper.exe
搜狗拼音输入法_1043_90412.exe
User:
admin
Integrity Level:
HIGH
Description:
360安全卫士 系统安全登录辅助模块
Exit code:
0
Version:
1, 0, 0, 1037
Modules
Images
c:\program files (x86)\360\360safe\utils\360seclogon\360seclogonhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
608%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\System32\csrss.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Client Server Runtime Process
Version:
10.0.19041.1 (WinBuild.160101.0800)
864"C:\Program Files (x86)\360\360Safe\sweeper\360CleanHelper.exe" /inst_cleanpro_shellextC:\Program Files (x86)\360\360Safe\sweeper\360CleanHelper.exe
搜狗拼音输入法_1043_90412.exe
User:
admin
Company:
360.cn
Integrity Level:
HIGH
Description:
360安全卫士 电脑清理
Exit code:
0
Version:
13, 0, 0, 1181
Modules
Images
c:\program files (x86)\360\360safe\sweeper\360cleanhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\psapi.dll
868"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files (x86)\360\360Safe\SoftMgr\SoftMgrExt64.dll"C:\Windows\SysWOW64\regsvr32.exeSoftupNotify.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1204"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3664,i,9451255330063195385,2509126413886580788,262144 --variations-seed-version --mojo-platform-channel-handle=3660 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1440"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=4984,i,9451255330063195385,2509126413886580788,262144 --variations-seed-version --mojo-platform-channel-handle=5992 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1944"C:\Users\admin\Downloads\搜狗拼音输入法_1043_90412.exe" C:\Users\admin\Downloads\搜狗拼音输入法_1043_90412.exe
msedge.exe
User:
admin
Company:
360.cn
Integrity Level:
HIGH
Description:
InstallSoft.exe
Version:
2, 0, 0, 1091
Modules
Images
c:\users\admin\downloads\搜狗拼音输入法_1043_90412.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
xor-url
(PID) Process(1944) 搜狗拼音输入法_1043_90412.exe
Decrypted-URLs (82)http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://chp.f.360.cn/wdcquery
http://cp.uidf.f.360.cn/wpeinfo
http://crl.globalsign.com/ca/gstsacasha384g4.crl0
http://crl.globalsign.com/codesigningrootr45.crl0U
http://crl.globalsign.com/gs/gstimestampingg2.crl0T
http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
http://crl.globalsign.com/root-r6.crl0G
http://crl.globalsign.net/root-r3.crl0
http://crl.globalsign.net/root.crl0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://crl.verisign.com/pca3-g5.crl04
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://dl.360safe.com/gf/%u.cab
http://dl.360safe.com/gf/def.cab
http://down.360safe.com/setup.exe
http://down.360safe.com/setupbeta.exe
http://hao.360.cn/?ln=360ini
http://logo.verisign.com/vslogo.gif04
http://my.360.com
http://my.360safe.com
http://ocsp.digicert.com0A
http://ocsp.digicert.com0C
http://ocsp.digicert.com0X
http://ocsp.globalsign.com/ca/gstsacasha384g40C
http://ocsp.globalsign.com/codesigningrootr450F
http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
http://ocsp.thawte.com0
http://ocsp.verisign.com0
http://ocsp2.globalsign.com/gstimestampingsha2g20
http://ocsp2.globalsign.com/rootr606
http://pinst.360.cn/360safebeta/safebeta_home.cab
http://pinst.360.cn/360sd/360sd_min.cab
http://s.360.cn/hips/update/inst.htm?m=%s&v=%s&s=%d&r=%d&d=%s&oav=%d
http://s.360.cn/safe/install.html?mid=%s&
http://s.360.cn/safe/setupsperr.htm?mid=%s
http://s1.symcb.com/pca3-g5.crl0
http://s2.symcb.com0
http://sd.360.cn
http://sd.360.cn/downloadbeta.html
http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
http://secure.globalsign.com/cacert/gstimestampingg2.crt0
http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
http://sf.symcb.com/sf.crl0a
http://sf.symcb.com/sf.crl0f
http://sf.symcb.com/sf.crt0
http://sfdl.360safe.com/inst_gf_popup.exe
http://sfdl.360safe.com/inst_gf_popup_ev.exe
http://sfdl.360safe.com/inst_js_popup.exe
http://sfdl.360safe.com/inst_js_popup_ev.exe
http://stat.sd.360.cn/setupfail.htm?pid=%s&case=%d
http://sv.symcb.com/sv.crl0a
http://sv.symcb.com/sv.crl0f
http://sv.symcb.com/sv.crt0
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ts-ocsp.ws.symantec.com07
http://www.2345.com/?pic360
http://www.360.cn
http://www.360.cn/killer/360compkill.html
http://www.360.cn/userexperienceimprovement.html
http://www.360.cn/xukexieyi.html#shadu
http://www.360safe.com
http://www.symauth.com/cps0(
http://www.symauth.com/rpa00
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0
https://hao.360.cn/
https://www.globalsign.com/repository/0
https://www.globalsign.com/repository/03
https://www.globalsign.com/repository/06
https://www.verisign.com/cps0*
https://www.verisign.com/rpa
https://www.verisign.com/rpa0
2188"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3668,i,9451255330063195385,2509126413886580788,262144 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
58 470
Read events
48 963
Write events
3 931
Delete events
5 576

Modification events

(PID) Process:(4188) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(4188) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(4188) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(4188) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(4188) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(4188) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(4188) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
8DF48A0558992F00
(PID) Process:(4772) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000050336
Operation:writeName:VirtualDesktop
Value:
10000000303044563096AFED4A643448A750FA41CFC7F708
(PID) Process:(4188) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328502
Operation:writeName:WindowTabManagerFileMappingId
Value:
{59FF6358-3645-4F53-856E-1F8DBFF31637}
(PID) Process:(4772) explorer.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000080282
Operation:writeName:VirtualDesktop
Value:
10000000303044563096AFED4A643448A750FA41CFC7F708
Executable files
955
Suspicious files
1 200
Text files
1 438
Unknown types
78

Dropped files

PID
Process
Filename
Type
4188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF18da4e.TMP
MD5:
SHA256:
4188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
4188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF18da4e.TMP
MD5:
SHA256:
4188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
4188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF18da5d.TMP
MD5:
SHA256:
4188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF18da5d.TMP
MD5:
SHA256:
4188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
4188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
4188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF18da6d.TMP
MD5:
SHA256:
4188msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
456
TCP/UDP connections
508
DNS requests
104
Threats
15

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6388
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:nVG4rGvU4-T1GIgew_Khjb9iHn6nrdJkCQ5Dgb-VhKw&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
1944
搜狗拼音输入法_1043_90412.exe
GET
200
171.13.14.66:80
http://s.360.cn/hips/update/inst.htm?m=80342cb959da2233832ae840f019ccba&m2=fe9694f777e256d0cc4755a6dd1f6ad7651f60d32bec&v=2001311&s=1200&r=0&d=3112919
unknown
whitelisted
1944
搜狗拼音输入法_1043_90412.exe
GET
200
171.13.14.66:80
http://s.360.cn/hips/update/inst.htm?m=80342cb959da2233832ae840f019ccba&m2=fe9694f777e256d0cc4755a6dd1f6ad7651f60d32bec&v=2001311&s=700&r=0&d=99990001
unknown
whitelisted
1944
搜狗拼音输入法_1043_90412.exe
GET
200
171.13.14.66:80
http://s.360.cn/hips/update/inst.htm?m=80342cb959da2233832ae840f019ccba&m2=fe9694f777e256d0cc4755a6dd1f6ad7651f60d32bec&v=2001311&s=705&r=0&d=99990001
unknown
whitelisted
1268
svchost.exe
GET
200
23.55.110.211:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4892
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
8096
搜狗拼音输入法_1043_90412.exe
GET
200
171.13.14.66:80
http://s.360.cn/safe/instcomp.htm?soft=2023040419&status=1&pid=3112919&mid=80342cb959da2233832ae840f019ccba&m2=fe9694f777e256d0cc4755a6dd1f6ad7651f60d32bec
unknown
whitelisted
8096
搜狗拼音输入法_1043_90412.exe
HEAD
200
168.235.193.210:80
http://sfdl.360safe.com/gf/360ini.cab
unknown
whitelisted
8096
搜狗拼音输入法_1043_90412.exe
GET
200
168.235.193.210:80
http://sfdl.360safe.com/gf/360ini.cab
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4580
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6388
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6388
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6388
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6388
msedge.exe
23.3.89.120:443
copilot.microsoft.com
Akamai International B.V.
DE
whitelisted
6388
msedge.exe
104.192.108.17:443
dl.360safe.com
Beijing Qihu Technology Company Limited
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
  • 51.124.78.146
whitelisted
google.com
  • 172.217.18.14
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
dl.360safe.com
  • 104.192.108.17
  • 104.192.108.20
  • 104.192.108.21
whitelisted
copilot.microsoft.com
  • 23.3.89.120
whitelisted
update.googleapis.com
  • 142.250.186.131
whitelisted
www.bing.com
  • 2.16.241.222
  • 2.16.241.207
  • 2.16.241.218
  • 2.16.241.205
  • 2.16.241.201
  • 92.123.104.18
  • 92.123.104.62
  • 92.123.104.21
  • 92.123.104.61
  • 92.123.104.50
  • 92.123.104.17
  • 92.123.104.65
  • 92.123.104.7
  • 92.123.104.9
whitelisted
clients2.googleusercontent.com
  • 216.58.212.129
whitelisted
edgeassetservice.azureedge.net
  • 13.107.246.64
whitelisted

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET INFO Possible Chrome Plugin install
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO Packed Executable Download
4772
explorer.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
4772
explorer.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
4772
explorer.exe
Misc activity
ET INFO Packed Executable Download
4772
explorer.exe
Misc activity
ET INFO Packed Executable Download
4772
explorer.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
4772
explorer.exe
Misc activity
ET INFO Packed Executable Download
4772
explorer.exe
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://dl.360safe.com/software_installer_download/%E6%90%9C%E7%8B%97%E6%8B%BC%E9%9F%B3%E8%BE%93%E5%85%A5%E6%B3%95_1043_90412.exe