File name:

2345SafeDownLoader.exe

Full analysis: https://app.any.run/tasks/87cad075-609f-45a0-b51d-e42fa77cfef7
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: June 21, 2020, 05:38:20
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

4D7AA315DA8166C0F14566D821E7CE4F

SHA1:

FAE64E385E58560C9A15A451F88BD28BDD775390

SHA256:

D2B414F0CF0C8D6D78C693309E417A9321A251837DE37F24A7E8AF29E15C0146

SSDEEP:

98304:awM/frnMJMkEzMjiWQcC6v6INe/WPNGEhpyq:72kEzobQt6bNhpt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • 2345SafeCenterSvc.exe (PID: 3420)
      • 2345pcsafe_v6.1.2.12448.exe (PID: 2500)
      • 2345RTProtect.exe (PID: 2296)
      • 2345SafeCenterCrashReport.exe (PID: 956)
      • 2345ShellPro.exe (PID: 2436)
      • 2345ShellPro.exe (PID: 2812)
      • 2345SafeSvc.exe (PID: 3588)
      • 2345SafeCenterInstaller.exe (PID: 2628)
      • 2345RTProtect.exe (PID: 3040)

    • Application was dropped or rewritten from another process

      • 2345ShellPro.exe (PID: 2812)
      • 2345ShellPro.exe (PID: 2436)
      • 2345SafeSvc.exe (PID: 3588)
      • 2345ExtShell.exe (PID: 3052)
      • 2345SoftMgr.exe (PID: 180)
      • 2345SafeTray.exe (PID: 3456)

    • Actions looks like stealing of personal data

      • 2345RTProtect.exe (PID: 2296)

    • Changes settings of System certificates

      • 2345ShellPro.exe (PID: 2812)

  • SUSPICIOUS

    • Creates files in the user directory

      • 2345SafeDownLoader.exe (PID: 2152)
      • 2345SafeCenterInstaller.exe (PID: 2628)
      • 2345RTProtect.exe (PID: 2296)
      • 2345SoftMgr.exe (PID: 180)
      • 2345ShellPro.exe (PID: 2812)

    • Executable content was dropped or overwritten

      • 2345SafeCenterInstaller.exe (PID: 2628)
      • 2345pcsafe_v6.1.2.12448.exe (PID: 2500)
      • 2345ShellPro.exe (PID: 2812)

    • Executed as Windows Service

      • 2345SafeCenterSvc.exe (PID: 3420)
      • 2345SafeSvc.exe (PID: 3588)

    • Creates or modifies windows services

      • 2345SafeCenterInstaller.exe (PID: 2628)
      • 2345ShellPro.exe (PID: 2436)

    • Creates files in the driver directory

      • 2345SafeCenterInstaller.exe (PID: 2628)

    • Reads Internet Cache Settings

      • 2345SafeDownLoader.exe (PID: 2152)
      • 2345RTProtect.exe (PID: 2296)
      • 2345SafeCenterInstaller.exe (PID: 2628)

    • Creates a software uninstall entry

      • 2345pcsafe_v6.1.2.12448.exe (PID: 2500)
      • 2345RTProtect.exe (PID: 2296)
      • 2345ShellPro.exe (PID: 2436)

    • Creates files in the Windows directory

      • 2345SafeCenterSvc.exe (PID: 3420)
      • 2345SafeCenterInstaller.exe (PID: 2628)
      • 2345SafeSvc.exe (PID: 3588)

    • Creates files in the program directory

      • 2345RTProtect.exe (PID: 2296)
      • 2345pcsafe_v6.1.2.12448.exe (PID: 2500)
      • 2345SafeCenterInstaller.exe (PID: 2628)

    • Searches for installed software

      • 2345RTProtect.exe (PID: 2296)

    • Removes files from Windows directory

      • 2345SafeSvc.exe (PID: 3588)

    • Adds / modifies Windows certificates

      • 2345ShellPro.exe (PID: 2812)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (19.9)
.exe | Win32 Executable (generic) (2.8)
.exe | Generic Win/DOS Executable (1.2)
.exe | DOS Executable Generic (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2020:04:20 10:41:24+02:00
PEType: PE32
LinkerVersion: 12
CodeSize: 2838016
InitializedDataSize: 989696
UninitializedDataSize: -
EntryPoint: 0x147e4c
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 1.0.2.47
ProductVersionNumber: 1.0.2.47
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Unicode
CompanyName: 2345移动科技
FileDescription: 2345安全卫士下载器
FileVersion: 1.0.2.47
LegalCopyright: 版权所有 (C) 2020, 2345移动科技
PrivateBuild: 1 1 1 0 1 1 000000 0 28CA5B1E
ProductName: 2345安全卫士下载器
ProductVersion: 1.0.2.47
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
54
Monitored processes
15
Malicious processes
10
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start 2345safedownloader.exe 2345pcsafe_v6.1.2.12448.exe 2345shellpro.exe 2345safecenterinstaller.exe 2345safecentersvc.exe 2345rtprotect.exe 2345safecenterinstaller.exe no specs 2345safecentercrashreport.exe no specs 2345shellpro.exe no specs 2345safesvc.exe 2345softmgr.exe no specs 2345extshell.exe no specs 2345rtprotect.exe no specs 2345safetray.exe no specs 2345safedownloader.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
180"C:\Users\admin\AppData\Roaming\SoftMgr_2345\2345SoftMgr.exe" --shortcut=notify --from=s --entry=12 --package="C:\Users\admin\AppData\Roaming\SoftMgr_2345\2345softmgr_v5.3.0.11631.7z" --nwinst=1C:\Users\admin\AppData\Roaming\SoftMgr_2345\2345SoftMgr.exe2345ShellPro.exe
User:
admin
Company:
2345.cc
Integrity Level:
HIGH
Description:
2345软件管家-主模块
Exit code:
0
Version:
5.3.0.11631
Modules
Images
c:\users\admin\appdata\roaming\softmgr_2345\2345softmgr.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
956"C:\Program Files\2345Soft\2345SafeCenter\6.1.4.8975\2345SafeCenterCrashReport.exe" --crashtype=DriverC:\Program Files\2345Soft\2345SafeCenter\6.1.4.8975\2345SafeCenterCrashReport.exe2345RTProtect.exe
User:
admin
Company:
2345.cc
Integrity Level:
HIGH
Description:
2345安全中心-错误报告
Exit code:
1
Version:
6.1.4.8975
Modules
Images
c:\program files\2345soft\2345safecenter\6.1.4.8975\2345safecentercrashreport.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\program files\2345soft\2345safecenter\6.1.4.8975\msvcp140.dll
c:\program files\2345soft\2345safecenter\6.1.4.8975\vcruntime140.dll
c:\program files\2345soft\2345safecenter\6.1.4.8975\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\2345soft\2345safecenter\6.1.4.8975\ucrtbase.dll
2152"C:\Users\admin\AppData\Local\Temp\2345SafeDownLoader.exe" C:\Users\admin\AppData\Local\Temp\2345SafeDownLoader.exe
explorer.exe
User:
admin
Company:
2345移动科技
Integrity Level:
HIGH
Description:
2345安全卫士下载器
Exit code:
0
Version:
1.0.2.47
Modules
Images
c:\users\admin\appdata\local\temp\2345safedownloader.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
2296"C:\Program Files\2345Soft\2345SafeCenter\6.1.4.8975\2345RTProtect.exe"C:\Program Files\2345Soft\2345SafeCenter\6.1.4.8975\2345RTProtect.exe
2345SafeCenterSvc.exe
User:
admin
Company:
2345.cc
Integrity Level:
HIGH
Description:
2345安全中心-主动防御
Exit code:
0
Version:
6.1.4.8975
Modules
Images
c:\program files\2345soft\2345safecenter\6.1.4.8975\2345rtprotect.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
2436"C:\Program Files\2345Soft\2345PCSafe\6.1.2.12448\2345ShellPro.exe" --type=repairC:\Program Files\2345Soft\2345PCSafe\6.1.2.12448\2345ShellPro.exe2345RTProtect.exe
User:
admin
Company:
2345.cc
Integrity Level:
HIGH
Description:
2345安全卫士-安装辅助程序
Exit code:
0
Version:
6.1.2.12448
Modules
Images
c:\program files\2345soft\2345pcsafe\6.1.2.12448\2345shellpro.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2500"C:\Users\admin\AppData\Roaming\2345PCSafe\Download\2345pcsafe_v6.1.2.12448.exe" /S /LOCKSTATE=1 /AUTOLAUNCH=1 /D=C:\Program Files\2345Soft\2345PCSafeC:\Users\admin\AppData\Roaming\2345PCSafe\Download\2345pcsafe_v6.1.2.12448.exe
2345SafeDownLoader.exe
User:
admin
Company:
2345.cc
Integrity Level:
HIGH
Description:
2345安全卫士 v6.1 安装程序
Exit code:
0
Version:
6.1.2.12448
Modules
Images
c:\users\admin\appdata\roaming\2345pcsafe\download\2345pcsafe_v6.1.2.12448.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2628"C:\Program Files\2345Soft\2345PCSafe\6.1.2.12448\2345SafeCenter\2345SafeCenterInstaller.exe" --type=install --invoke_product=1 --path="C:\Program Files\2345Soft\" --lockExplorerKB=0 --lockIEState=1 --lock3rdState=1 --lockBrowserState=1 --safe_override=0C:\Program Files\2345Soft\2345PCSafe\6.1.2.12448\2345SafeCenter\2345SafeCenterInstaller.exe
2345ShellPro.exe
User:
admin
Company:
2345.cc
Integrity Level:
HIGH
Description:
2345安全中心-组件安装
Exit code:
1
Version:
6.1.4.8975
Modules
Images
c:\program files\2345soft\2345pcsafe\6.1.2.12448\2345safecenter\2345safecenterinstaller.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2812"C:\Program Files\2345Soft\2345PCSafe\6.1.2.12448\2345ShellPro.exe" --type=install --installtype=new --lockCheckState=1 --silent=1C:\Program Files\2345Soft\2345PCSafe\6.1.2.12448\2345ShellPro.exe
2345pcsafe_v6.1.2.12448.exe
User:
admin
Company:
2345.cc
Integrity Level:
HIGH
Description:
2345安全卫士-安装辅助程序
Exit code:
0
Version:
6.1.2.12448
Modules
Images
c:\program files\2345soft\2345pcsafe\6.1.2.12448\2345shellpro.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3040"C:\Program Files\2345Soft\2345SafeCenter\6.1.4.8975\2345RTProtect.exe"C:\Program Files\2345Soft\2345SafeCenter\6.1.4.8975\2345RTProtect.exe2345SafeSvc.exe
User:
admin
Company:
2345.cc
Integrity Level:
HIGH
Description:
2345安全中心-主动防御
Exit code:
0
Version:
6.1.4.8975
Modules
Images
c:\program files\2345soft\2345safecenter\6.1.4.8975\2345rtprotect.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
3052"C:\Program Files\2345Soft\2345PCSafe\6.1.2.12448\2345ExtShell.exe" --install=AvShellExt.dllC:\Program Files\2345Soft\2345PCSafe\6.1.2.12448\2345ExtShell.exe2345pcsafe_v6.1.2.12448.exe
User:
admin
Company:
2345.cc
Integrity Level:
HIGH
Description:
2345安全中心-Shell扩展程序
Exit code:
0
Version:
6.1.2.12448
Modules
Images
c:\program files\2345soft\2345pcsafe\6.1.2.12448\2345extshell.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
Total events
2 066
Read events
747
Write events
1 319
Delete events
0

Modification events

(PID) Process:(2152) 2345SafeDownLoader.exeKey:HKEY_CURRENT_USER\Software\2345.com
Operation:writeName:UUID
Value:
844FBA9552F9B03632826CA060B9FAC1 2409
(PID) Process:(2152) 2345SafeDownLoader.exeKey:HKEY_CURRENT_USER\Software\2345.com\2345PCSafe
Operation:writeName:LADValue
Value:
1592717921 1827
(PID) Process:(2152) 2345SafeDownLoader.exeKey:HKEY_CURRENT_USER\Software\2345.com\2345PCSafe
Operation:writeName:ADValue
Value:
1 17424
(PID) Process:(2152) 2345SafeDownLoader.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2152) 2345SafeDownLoader.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2152) 2345SafeDownLoader.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2152) 2345SafeDownLoader.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2152) 2345SafeDownLoader.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
46000000A1000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
(PID) Process:(2152) 2345SafeDownLoader.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2152) 2345SafeDownLoader.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
137
Suspicious files
72
Text files
6
Unknown types
5

Dropped files

PID
Process
Filename
Type
21522345SafeDownLoader.exeC:\Users\admin\AppData\Roaming\2345PCSafe\Data\SafeDownloader.lock
MD5:
SHA256:
21522345SafeDownLoader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\2345pcsafe_v6.1.2.12448[1].exe
MD5:
SHA256:
21522345SafeDownLoader.exeC:\Users\admin\AppData\Roaming\2345PCSafe\Download\2345pcsafe_v6.1.2.12448.exe.tmp
MD5:
SHA256:
21522345SafeDownLoader.exeC:\Users\admin\AppData\Roaming\2345PCSafe\Download\2345pcsafe_v6.1.2.12448.exe
MD5:
SHA256:
21522345SafeDownLoader.exeC:\Users\admin\AppData\Roaming\2345PCSafe\Data\SafeDownloader.timetext
MD5:
SHA256:
25002345pcsafe_v6.1.2.12448.exeC:\Program Files\2345Soft\2345PCSafe\6.1.2.12448\2345ShellPro.exeexecutable
MD5:
SHA256:
25002345pcsafe_v6.1.2.12448.exeC:\Users\admin\AppData\Local\Temp\nsnB585.tmp\FileInfo.dllexecutable
MD5:
SHA256:
25002345pcsafe_v6.1.2.12448.exeC:\Program Files\2345Soft\2345PCSafe\6.1.2.12448\2345Uninst.exeexecutable
MD5:
SHA256:
25002345pcsafe_v6.1.2.12448.exeC:\Program Files\2345Soft\2345PCSafe\6.1.2.12448\Uninstall.exeexecutable
MD5:
SHA256:
25002345pcsafe_v6.1.2.12448.exeC:\Program Files\2345Soft\2345PCSafe\6.1.2.12448\2345SafeSvc.exeexecutable
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
14
DNS requests
5
Threats
15

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2152
2345SafeDownLoader.exe
GET
120.52.140.45:80
http://download.2345.com/2345pcsafe/downloader/20200619/2345pcsafe_v6.1.2.12448.exe
CN
suspicious
2152
2345SafeDownLoader.exe
POST
200
221.228.75.3:80
http://update.khd.2345.cc/safe/downloader.php
CN
text
340 b
malicious
2628
2345SafeCenterInstaller.exe
POST
200
221.228.75.3:80
http://update.khd.2345.cc/dmdt/dmdt_data.php
CN
text
162 b
malicious
2296
2345RTProtect.exe
POST
200
221.228.75.123:80
http://push.khd.2345.cc/token
CN
text
166 b
unknown
2152
2345SafeDownLoader.exe
POST
200
221.228.75.2:80
http://t.safe.2345.com/safe_realtime/index.php
CN
text
40 b
malicious
2152
2345SafeDownLoader.exe
POST
200
221.228.75.2:80
http://t.safe.2345.com/safe_realtime/index.php
CN
text
40 b
malicious
2152
2345SafeDownLoader.exe
POST
200
221.228.75.2:80
http://t.safe.2345.com/safe_realtime/index.php
CN
text
40 b
malicious
2628
2345SafeCenterInstaller.exe
POST
200
221.228.75.3:80
http://update.khd.2345.cc/safe_center/index.php
CN
binary
1 b
malicious
2628
2345SafeCenterInstaller.exe
POST
200
221.228.75.2:80
http://t.safe.2345.com/safe_realtime/index.php
CN
text
40 b
malicious
2628
2345SafeCenterInstaller.exe
POST
200
221.228.75.2:80
http://t.safe.2345.com/safe_realtime/index.php
CN
text
40 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2152
2345SafeDownLoader.exe
221.228.75.2:80
t.safe.2345.com
No.31,Jin-rong Street
CN
malicious
2152
2345SafeDownLoader.exe
120.52.140.45:80
download.2345.com
China Unicom IP network
CN
malicious
2628
2345SafeCenterInstaller.exe
221.228.75.3:80
update.khd.2345.cc
No.31,Jin-rong Street
CN
malicious
2628
2345SafeCenterInstaller.exe
221.228.75.2:80
t.safe.2345.com
No.31,Jin-rong Street
CN
malicious
2152
2345SafeDownLoader.exe
221.228.75.3:80
update.khd.2345.cc
No.31,Jin-rong Street
CN
malicious
2296
2345RTProtect.exe
221.228.75.2:80
t.safe.2345.com
No.31,Jin-rong Street
CN
malicious
221.228.75.64:9202
No.31,Jin-rong Street
CN
unknown
2296
2345RTProtect.exe
221.228.75.123:80
push.khd.2345.cc
No.31,Jin-rong Street
CN
unknown

DNS requests

Domain
IP
Reputation
t.safe.2345.com
  • 221.228.75.2
malicious
update.khd.2345.cc
  • 221.228.75.3
unknown
download.2345.com
  • 120.52.140.45
  • 120.52.140.33
  • 120.52.140.32
  • 120.52.140.31
  • 120.52.140.30
  • 120.52.140.48
  • 120.52.140.47
  • 120.52.140.46
suspicious
push.khd.2345.cc
  • 221.228.75.123
unknown
yb.safe.2345.com
  • 221.228.75.2
malicious

Threats

PID
Process
Class
Message
2152
2345SafeDownLoader.exe
Misc activity
ADWARE [PTsecurity] PUA.Puamson!8.108E8 (CLOUD)
2152
2345SafeDownLoader.exe
Misc activity
ADWARE [PTsecurity] PUA.Puamson!8.108E8 (CLOUD)
1048
svchost.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
2152
2345SafeDownLoader.exe
Misc activity
ADWARE [PTsecurity] PUA.Puamson!8.108E8 (CLOUD)
2152
2345SafeDownLoader.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
2152
2345SafeDownLoader.exe
Misc activity
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
2152
2345SafeDownLoader.exe
Misc activity
ADWARE [PTsecurity] PUA.Puamson!8.108E8 (CLOUD)
2628
2345SafeCenterInstaller.exe
Misc activity
ADWARE [PTsecurity] PUA.Puamson!8.108E8 (CLOUD)
2628
2345SafeCenterInstaller.exe
Misc activity
ADWARE [PTsecurity] PUA:Win32/Youxun
2628
2345SafeCenterInstaller.exe
Misc activity
ADWARE [PTsecurity] PUA.Puamson!8.108E8 (CLOUD)
Process
Message
2345SafeCenterSvc.exe
RpcServerUseProtseqEpW 6cc
2345SafeCenterSvc.exe
[3420:3712:0621/064009:15641021us:INFO:crash_service.cc(467)] pipe name is \\.\pipe\57E60541-1540-4E0A-B505-88F6D4A547C8
2345SafeCenterSvc.exe
[3420:3712:0621/064009:15641021us:INFO:crash_service.cc(486)] dump start successfully
2345SafeCenterSvc.exe
[3420:3712:0621/064009:15641021us:INFO:crash_service.cc(468)] dumps at C:\Windows\TEMP\2345_Crashes
2345SafeCenterSvc.exe
[3420:3712:0621/064009:15641021us:INFO:crash_service_interface.cc(72)] ready to process crash requests
2345SafeCenterSvc.exe
[3420:1008:0621/064013:15641030us:INFO:crash_service.cc(510)] client start. pid = 2296
2345SafeSvc.exe
[3588:2660:0621/064015:15641736us:INFO:crash_service.cc(467)] pipe name is \\.\pipe\FD439895-091C-4492-B2F7-16AA7CB46B87
2345SafeSvc.exe
[3588:2660:0621/064015:15641736us:INFO:crash_service.cc(486)] dump start successfully
2345SafeSvc.exe
[3588:2660:0621/064015:15641736us:INFO:crash_service.cc(468)] dumps at C:\Windows\TEMP\2345_Crashes
2345SafeSvc.exe
[3588:2660:0621/064015:15641736us:INFO:crash_service_interface.cc(72)] ready to process crash requests
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2345SafeDownLoader.exe