URL:

https://www.360.cn/

Full analysis: https://app.any.run/tasks/bcb666a3-8aa8-45c9-85f5-e29a73cc838f
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: May 09, 2020, 08:56:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
Indicators:
MD5:

42964ED5BFAFAC82B1FEF664A638DE18

SHA1:

6764D2FCE34FB340EE510FB9810C0A76A71F0FAD

SHA256:

9A583EC2EF9DD537F35B2636B3EAF4C766F2E19550C31FA575513969119A059B

SSDEEP:

3:N8DSLK7:2OLE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • inst.exe (PID: 956)
      • inst.exe (PID: 1536)
      • 360SecLogonHelper.exe (PID: 2976)
      • 360tray.exe (PID: 988)
      • 360safe.exe (PID: 2124)
      • 360entcall.exe (PID: 1460)
      • PowerSaver.exe (PID: 1348)
      • PowerSaver.exe (PID: 2672)
      • PopWndTracker.exe (PID: 3624)
      • SDIS.exe (PID: 2816)
      • 360leakfixer.exe (PID: 552)
      • 360UHelper.exe (PID: 312)
      • LiveUpdate360.exe (PID: 856)
      • SoftupNotify.exe (PID: 2012)
      • SoftupNotify.exe (PID: 3272)
      • LiveUpdate360.exe (PID: 1836)
      • zhudongfangyu.exe (PID: 2232)
      • zhudongfangyu.exe (PID: 2368)
      • zhudongfangyu.exe (PID: 3724)
      • 360IA.exe (PID: 3468)
      • SoftMgrLite.exe (PID: 1348)
      • SoftupNotify.exe (PID: 3424)
      • 360AdvToolExecutor.exe (PID: 3892)
      • WscReg.exe (PID: 3172)
      • SuperKiller.exe (PID: 2388)
      • setup.exe (PID: 2756)
      • SuperKiller.exe (PID: 3108)
      • svchost.exe (PID: 860)
      • 360DayPop.exe (PID: 3844)

    • Loads dropped or rewritten executable

      • inst.exe (PID: 1536)
      • setup_12.0.0.2002s.exe (PID: 2468)
      • PopWndTracker.exe (PID: 3624)
      • SDIS.exe (PID: 2816)
      • 360entcall.exe (PID: 1460)
      • SoftupNotify.exe (PID: 2012)
      • 360safe.exe (PID: 2124)
      • 360tray.exe (PID: 988)
      • zhudongfangyu.exe (PID: 3724)
      • SoftupNotify.exe (PID: 3272)
      • regsvr32.exe (PID: 3092)
      • explorer.exe (PID: 372)
      • 360leakfixer.exe (PID: 552)
      • zhudongfangyu.exe (PID: 2368)
      • PowerSaver.exe (PID: 1348)
      • zhudongfangyu.exe (PID: 2232)
      • LiveUpdate360.exe (PID: 856)
      • 360SecLogonHelper.exe (PID: 2976)
      • LiveUpdate360.exe (PID: 1836)
      • 360UHelper.exe (PID: 312)
      • 360IA.exe (PID: 3468)
      • explorer.exe (PID: 924)
      • SoftupNotify.exe (PID: 3424)
      • svchost.exe (PID: 860)
      • regsvr32.exe (PID: 3980)
      • 360AdvToolExecutor.exe (PID: 3892)
      • SoftMgrLite.exe (PID: 1348)
      • services.exe (PID: 472)
      • SuperKiller.exe (PID: 2388)
      • SuperKiller.exe (PID: 3108)
      • 360DayPop.exe (PID: 3844)
      • setup.exe (PID: 2756)

    • Actions looks like stealing of personal data

      • inst.exe (PID: 1536)
      • setup_12.0.0.2002s.exe (PID: 2468)
      • explorer.exe (PID: 372)
      • SDIS.exe (PID: 2816)
      • SoftupNotify.exe (PID: 3272)
      • 360tray.exe (PID: 988)
      • explorer.exe (PID: 924)
      • 360安全浏览器_12.1.2633.0.exe (PID: 3164)

    • Changes the autorun value in the registry

      • setup_12.0.0.2002s.exe (PID: 2468)

    • Changes settings of System certificates

      • PowerSaver.exe (PID: 1348)
      • inst.exe (PID: 1536)
      • 360UHelper.exe (PID: 312)
      • 360tray.exe (PID: 988)

    • Registers / Runs the DLL via REGSVR32.EXE

      • SoftupNotify.exe (PID: 2012)

    • Runs injected code in another process

      • SoftupNotify.exe (PID: 2012)

    • Application was injected by another process

      • explorer.exe (PID: 372)

    • Loads the Task Scheduler COM API

      • 360tray.exe (PID: 988)
      • explorer.exe (PID: 924)
      • SuperKiller.exe (PID: 2388)

    • Loads the Task Scheduler DLL interface

      • 360tray.exe (PID: 988)

  • SUSPICIOUS

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2308)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 3240)
      • chrome.exe (PID: 2308)
      • inst.exe (PID: 1536)
      • setup_12.0.0.2002s.exe (PID: 2468)
      • 360safe.exe (PID: 2124)
      • 360tray.exe (PID: 988)
      • 360AdvToolExecutor.exe (PID: 3892)
      • 360安全浏览器_12.1.2633.0.exe (PID: 3164)
      • SuperKiller.exe (PID: 2388)
      • setup.exe (PID: 2756)

    • Low-level read access rights to disk partition

      • inst.exe (PID: 1536)
      • setup_12.0.0.2002s.exe (PID: 2468)
      • 360SecLogonHelper.exe (PID: 2976)
      • 360tray.exe (PID: 988)
      • 360safe.exe (PID: 2124)
      • SDIS.exe (PID: 2816)
      • SoftupNotify.exe (PID: 3272)
      • 360leakfixer.exe (PID: 552)
      • SoftMgrLite.exe (PID: 1348)
      • SoftupNotify.exe (PID: 3424)
      • bcdedit.exe (PID: 2280)
      • bcdedit.exe (PID: 1444)
      • SuperKiller.exe (PID: 3108)
      • bcdedit.exe (PID: 3752)

    • Reads Internet Cache Settings

      • inst.exe (PID: 1536)
      • setup_12.0.0.2002s.exe (PID: 2468)
      • 360safe.exe (PID: 2124)
      • SDIS.exe (PID: 2816)
      • SoftupNotify.exe (PID: 3272)
      • 360tray.exe (PID: 988)

    • Creates files in the program directory

      • inst.exe (PID: 1536)
      • PopWndTracker.exe (PID: 3624)
      • 360entcall.exe (PID: 1460)
      • SDIS.exe (PID: 2816)
      • SoftupNotify.exe (PID: 2012)
      • zhudongfangyu.exe (PID: 3724)
      • 360safe.exe (PID: 2124)
      • 360UHelper.exe (PID: 312)
      • LiveUpdate360.exe (PID: 856)
      • 360tray.exe (PID: 988)
      • setup_12.0.0.2002s.exe (PID: 2468)
      • SoftMgrLite.exe (PID: 1348)
      • 360AdvToolExecutor.exe (PID: 3892)
      • SuperKiller.exe (PID: 2388)

    • Writes to a desktop.ini file (may be used to cloak folders)

      • setup_12.0.0.2002s.exe (PID: 2468)

    • Creates files in the user directory

      • setup_12.0.0.2002s.exe (PID: 2468)
      • 360safe.exe (PID: 2124)
      • SDIS.exe (PID: 2816)
      • explorer.exe (PID: 372)
      • LiveUpdate360.exe (PID: 856)
      • 360tray.exe (PID: 988)
      • SoftupNotify.exe (PID: 2012)
      • SoftupNotify.exe (PID: 3272)
      • SoftMgrLite.exe (PID: 1348)
      • SuperKiller.exe (PID: 2388)
      • setup.exe (PID: 2756)

    • Creates files in the Windows directory

      • setup_12.0.0.2002s.exe (PID: 2468)
      • 360tray.exe (PID: 988)

    • Creates files in the driver directory

      • setup_12.0.0.2002s.exe (PID: 2468)
      • 360tray.exe (PID: 988)

    • Creates a software uninstall entry

      • setup_12.0.0.2002s.exe (PID: 2468)
      • setup.exe (PID: 2756)

    • Creates or modifies windows services

      • services.exe (PID: 472)
      • setup_12.0.0.2002s.exe (PID: 2468)
      • zhudongfangyu.exe (PID: 2232)
      • zhudongfangyu.exe (PID: 3724)
      • 360tray.exe (PID: 988)

    • Creates COM task schedule object

      • setup_12.0.0.2002s.exe (PID: 2468)
      • 360tray.exe (PID: 988)
      • regsvr32.exe (PID: 3092)
      • regsvr32.exe (PID: 3980)

    • Modifies the open verb of a shell class

      • setup_12.0.0.2002s.exe (PID: 2468)
      • SoftupNotify.exe (PID: 2012)
      • setup.exe (PID: 2756)

    • Reads the cookies of Google Chrome

      • setup_12.0.0.2002s.exe (PID: 2468)

    • Executed as Windows Service

      • zhudongfangyu.exe (PID: 3724)

    • Adds / modifies Windows certificates

      • inst.exe (PID: 1536)
      • 360UHelper.exe (PID: 312)
      • 360tray.exe (PID: 988)

    • Reads the BIOS version

      • 360tray.exe (PID: 988)

    • Searches for installed software

      • 360tray.exe (PID: 988)

    • Application launched itself

      • SuperKiller.exe (PID: 2388)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 2308)

    • Reads the hosts file

      • chrome.exe (PID: 3240)
      • chrome.exe (PID: 2308)
      • SuperKiller.exe (PID: 2388)
      • SuperKiller.exe (PID: 3108)

    • Reads Internet Cache Settings

      • chrome.exe (PID: 2308)

    • Reads settings of System Certificates

      • chrome.exe (PID: 2308)
      • inst.exe (PID: 1536)
      • chrome.exe (PID: 3240)
      • setup_12.0.0.2002s.exe (PID: 2468)
      • 360tray.exe (PID: 988)
      • SuperKiller.exe (PID: 2388)

    • Dropped object may contain Bitcoin addresses

      • chrome.exe (PID: 2308)
      • setup_12.0.0.2002s.exe (PID: 2468)
      • 360tray.exe (PID: 988)
      • 360AdvToolExecutor.exe (PID: 3892)
      • setup.exe (PID: 2756)

    • Dropped object may contain TOR URL's

      • setup_12.0.0.2002s.exe (PID: 2468)
      • setup.exe (PID: 2756)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
116
Monitored processes
66
Malicious processes
32
Suspicious processes
4

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start inject drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs inst.exe no specs inst.exe setup_12.0.0.2002s.exe 360seclogonhelper.exe popwndtracker.exe no specs zhudongfangyu.exe no specs powersaver.exe no specs powersaver.exe no specs 360tray.exe sdis.exe 360entcall.exe no specs 360safe.exe softupnotify.exe zhudongfangyu.exe no specs zhudongfangyu.exe no specs 360leakfixer.exe softupnotify.exe 360uhelper.exe no specs regsvr32.exe explorer.exe liveupdate360.exe liveupdate360.exe no specs regsvr32.exe no specs 360ia.exe no specs softmgrlite.exe wscreg.exe no specs 360advtoolexecutor.exe explorer.exe softupnotify.exe 360安全浏览器_12.1.2633.0.exe svchost.exe superkiller.exe services.exe no specs setup.exe bcdedit.exe no specs bcdedit.exe no specs superkiller.exe no specs bcdedit.exe no specs 360daypop.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
312"C:\Program Files\360\360Safe\utils\360UHelper.exe" \from=safe \page=download \url=http://static.360.cn/qucexp/safe/SafeTabTip.cab \param=-d C:\Program Files\360\360Safe\Config\newui\themes\default\advisetip\ -t=35001 -s=10000 -n=786856C:\Program Files\360\360Safe\utils\360UHelper.exe360safe.exe
User:
admin
Company:
360.cn
Integrity Level:
HIGH
Description:
360安全卫士 会员中心模块
Exit code:
0
Version:
12, 0, 0, 1031
Modules
Images
c:\program files\360\360safe\utils\360uhelper.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
332"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,12698439089718446621,15970825315931523521,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=3937981478327480282 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2280 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
372C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\winanr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
404"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1004,12698439089718446621,15970825315931523521,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=7885093183984864580 --mojo-platform-channel-handle=4484 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
440"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1004,12698439089718446621,15970825315931523521,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=5085365533294620950 --mojo-platform-channel-handle=3996 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
472C:\Windows\system32\services.exeC:\Windows\System32\services.exewininit.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Services and Controller app
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\services.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\cryptbase.dll
552"C:\Program Files\360\360Safe\360leakfixer.exe" /safeinit /pid=2124C:\Program Files\360\360Safe\360leakfixer.exe
360safe.exe
User:
admin
Company:
360.cn
Integrity Level:
HIGH
Description:
360安全卫士 漏洞补丁检测模块
Exit code:
0
Version:
11.0.0.1145
Modules
Images
c:\program files\360\360safe\360leakfixer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
604"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1004,12698439089718446621,15970825315931523521,131072 --enable-features=PasswordImport --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7877872642583269041 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2584 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
856"C:\Program Files\360\360Safe\LiveUpdate360.exe" /sC:\Program Files\360\360Safe\LiveUpdate360.exe
SDIS.exe
User:
admin
Company:
360.cn
Integrity Level:
HIGH
Description:
360 升級管理
Exit code:
0
Version:
1, 3, 0, 1550
Modules
Images
c:\program files\360\360safe\liveupdate360.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
860C:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\windanr.exe
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
Total events
19 195
Read events
10 724
Write events
8 371
Delete events
100

Modification events

(PID) Process:(860) svchost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\WMI Writer
Operation:writeName:E6
Value:
E600000000000000
(PID) Process:(860) svchost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\WMI Writer
Operation:writeName:AeFileID
Value:
300030003000300037003900370065006500350033006600340039003700330062003400330035003900330032006300350037003300660030003400310033006100660064003500390037003700620061006600300065000000
(PID) Process:(860) svchost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\WMI Writer
Operation:writeName:AeProgramID
Value:
300030003000300064006100330039006100330065006500350065003600620034006200300064003300320035003500620066006500660039003500360030003100380039003000610066006400380030003700300039000000
(PID) Process:(2308) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2308) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3720) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:2308-13233488194978125
Value:
259
(PID) Process:(2308) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(2308) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2308) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2308) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
Executable files
963
Suspicious files
1 037
Text files
1 714
Unknown types
137

Dropped files

PID
Process
Filename
Type
2308chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5EB67043-904.pma
MD5:
SHA256:
2308chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ac1081b8-037f-4048-ae82-08dd937b1723.tmp
MD5:
SHA256:
2308chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000028.dbtmp
MD5:
SHA256:
2308chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old~RFa884de.TMPtext
MD5:
SHA256:
2308chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RFa884bf.TMPtext
MD5:
SHA256:
2308chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old
MD5:
SHA256:
860svchost.exeC:\Windows\appcompat\programs\RecentFileCache.bcftxt
MD5:
SHA256:
2308chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:
SHA256:
2308chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.oldtext
MD5:
SHA256:
2308chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
142
TCP/UDP connections
209
DNS requests
76
Threats
12

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1536
inst.exe
GET
200
171.13.14.66:80
http://s.360.cn/safe/instcomp.htm?soft=1000&status=100&m=cfe1ce9b8f5123cc37f394accff90c49&from=safefinal_new&vv=10&installed=0&ver=12.0.0.1151
CN
whitelisted
1536
inst.exe
GET
200
171.13.14.66:80
http://s.360.cn/safe/instcomp.htm?soft=1000&status=127&m=cfe1ce9b8f5123cc37f394accff90c49&from=safefinal_new&vv=10&installed=0&parent=chrome.exe&ver=12.0.0.1151
CN
whitelisted
1536
inst.exe
GET
200
171.13.14.66:80
http://s.360.cn/safe/instcomp.htm?soft=1000&status=1&m=cfe1ce9b8f5123cc37f394accff90c49&from=safefinal_new&vv=10&ver=12.0.0.1151
CN
whitelisted
1536
inst.exe
GET
200
171.13.14.66:80
http://s.360.cn/safe/instcomp.htm?soft=1000&status=12&m=cfe1ce9b8f5123cc37f394accff90c49&from=safefinal_new&vv=10&ver=12.0.0.1151
CN
whitelisted
1536
inst.exe
GET
200
171.13.14.66:80
http://s.360.cn/safe/instcomp.htm?soft=1000&status=107&m=cfe1ce9b8f5123cc37f394accff90c49&from=safefinal_new&vv=10&installed=0&ver=12.0.0.1151
CN
whitelisted
1536
inst.exe
GET
200
171.13.14.66:80
http://s.360.cn/safe/instcomp.htm?soft=1000&status=109&m=cfe1ce9b8f5123cc37f394accff90c49&from=safefinal_new&vv=10&installed=0&ver=12.0.0.1151
CN
whitelisted
1536
inst.exe
GET
200
171.13.14.66:80
http://s.360.cn/safe/instcomp.htm?soft=425&status=1&mid=cfe1ce9b8f5123cc37f394accff90c49&from=safefinal_new&ver=12.0.0.1151&vv=10&appkey=&usetime=0&downrate=0&downlen=0
CN
whitelisted
1536
inst.exe
GET
200
171.13.14.66:80
http://s.360.cn/safe/instcomp.htm?soft=1000&status=8&m=cfe1ce9b8f5123cc37f394accff90c49&from=safefinal_new&vv=10&ver=12.0.0.1151
CN
whitelisted
1536
inst.exe
GET
200
171.13.14.66:80
http://s.360.cn/safe/instcomp.htm?soft=1000&status=116&m=cfe1ce9b8f5123cc37f394accff90c49&from=safefinal_new&vv=10&installed=0&ver=12.0.0.1151
CN
whitelisted
1536
inst.exe
GET
200
171.13.14.66:80
http://s.360.cn/safe/instcomp.htm?soft=2000&status=11&m=cfe1ce9b8f5123cc37f394accff90c49&from=safefinal_new&vv=10&ver=12.0.0.1151
CN
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3240
chrome.exe
172.217.22.99:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3240
chrome.exe
36.110.213.10:443
IDC, China Telecommunications Corporation
CN
suspicious
3240
chrome.exe
143.204.202.108:443
www.360.cn
US
malicious
3240
chrome.exe
216.58.212.141:443
accounts.google.com
Google Inc.
US
whitelisted
3240
chrome.exe
13.35.254.56:443
s.ssl.qhmsg.com
US
whitelisted
3240
chrome.exe
172.217.18.4:443
www.google.com
Google Inc.
US
whitelisted
3240
chrome.exe
143.204.202.61:443
p5.ssl.qhimgs0.com
US
suspicious
3240
chrome.exe
216.58.205.234:443
translate.googleapis.com
Google Inc.
US
whitelisted
3240
chrome.exe
216.58.205.238:443
clients1.google.com
Google Inc.
US
whitelisted
3240
chrome.exe
13.35.254.3:443
p.ssl.qhmsg.com
US
suspicious

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 172.217.22.99
whitelisted
www.360.cn
  • 143.204.202.121
  • 143.204.202.65
  • 143.204.202.36
  • 143.204.202.108
unknown
accounts.google.com
  • 216.58.212.141
shared
s.ssl.qhimg.com
  • 143.204.202.108
  • 143.204.202.101
  • 143.204.202.2
  • 143.204.202.118
whitelisted
p5.ssl.qhimg.com
  • 143.204.202.108
  • 143.204.202.121
  • 143.204.202.36
  • 143.204.202.65
shared
p3.ssl.qhimg.com
shared
s.ssl.qhmsg.com
  • 13.35.254.56
  • 13.35.254.94
  • 13.35.254.11
  • 13.35.254.36
shared
p1.ssl.qhimg.com
  • 143.204.202.108
  • 143.204.202.121
  • 143.204.202.65
  • 143.204.202.36
shared
p0.ssl.qhimg.com
  • 143.204.202.121
  • 143.204.202.36
  • 143.204.202.108
  • 143.204.202.65
malicious
p4.ssl.qhimg.com
  • 143.204.202.65
  • 143.204.202.121
  • 143.204.202.108
  • 143.204.202.36
shared

Threats

PID
Process
Class
Message
1536
inst.exe
Generic Protocol Command Decode
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false)
1536
inst.exe
Generic Protocol Command Decode
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag true change port flag false)
1536
inst.exe
Generic Protocol Command Decode
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag true)
Generic Protocol Command Decode
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false)
Generic Protocol Command Decode
ET INFO Session Traversal Utilities for NAT (STUN Binding Request obsolete rfc 3489 CHANGE-REQUEST attribute change IP flag false change port flag false)
1536
inst.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
856
LiveUpdate360.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
988
360tray.exe
Potential Corporate Privacy Violation
ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set
988
360tray.exe
Potential Corporate Privacy Violation
ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Reserved Bit Set
4
System
Potential Corporate Privacy Violation
ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 6 or 7 set
Process
Message
inst.exe
Begin Check
inst.exe
Get Disk Space
inst.exe
Is360ChromeExist : 0
inst.exe
m_typePromote :1
inst.exe
Is360SeExist : 0
SoftupNotify.exe
/install
regsvr32.exe
360softmgr.shellext.SafeExistThread leave
regsvr32.exe
360softmgr.shellext.SafeExistThread
explorer.exe
360softmgr.shellext.event.wait
explorer.exe
open Global\360SoftMgr.ShellExt.Share
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.360.cn/