Malware Analysis Report

2025-01-18 11:59

Sample ID 241214-nkeveazpex
Target Raccoon.Stealer.v2.sha.zip
SHA256 2b574142c27e20f6fd8a1285772104c9e13774631d3173f2eb825dae4a6ffe65
Tags
403f7b121a3afd9e8d27f945140b8a92 59c9737264c0b3209d9193b8ded6c127 e2586fb50f7434bfb05d10accaefc49b 3ed895c4ff5dc5ec85caa2a9d1bed0f2 5f3e2ed386ddeccffbb4e34c56fc2efd e585741d6b0b8a4e8192f16d8039618c 493cd800ef7e79f58f8ff5358ddf39e3 b695af1820665d4dec830ca4a9dcca08 501a1e4179cf717ac47928b0babb659b e659c40e6a0038a59a752ff4d0ceb719 251130064569c4e8c0c5b31929396cc7 fb389acc0c06486bd2eaf61e0a781e10 918c80e5f68acd2d6e7bb4b7d37a9190 3ae13dbd91e0fa85463715dc48979fb2 8dfaf19d5f208c09ef40073e938545f5 b9418e8977fce1050745c6371e5d9b89 0d78fe0763f83f0ac733762de262c556 77975b9923aa5e257840086ae38f4f7c e2ae951b7762cdae39d49918c5b3283d raccoon discovery stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2b574142c27e20f6fd8a1285772104c9e13774631d3173f2eb825dae4a6ffe65

Threat Level: Known bad

The file Raccoon.Stealer.v2.sha.zip was found to be: Known bad.

Malicious Activity Summary

403f7b121a3afd9e8d27f945140b8a92 59c9737264c0b3209d9193b8ded6c127 e2586fb50f7434bfb05d10accaefc49b 3ed895c4ff5dc5ec85caa2a9d1bed0f2 5f3e2ed386ddeccffbb4e34c56fc2efd e585741d6b0b8a4e8192f16d8039618c 493cd800ef7e79f58f8ff5358ddf39e3 b695af1820665d4dec830ca4a9dcca08 501a1e4179cf717ac47928b0babb659b e659c40e6a0038a59a752ff4d0ceb719 251130064569c4e8c0c5b31929396cc7 fb389acc0c06486bd2eaf61e0a781e10 918c80e5f68acd2d6e7bb4b7d37a9190 3ae13dbd91e0fa85463715dc48979fb2 8dfaf19d5f208c09ef40073e938545f5 b9418e8977fce1050745c6371e5d9b89 0d78fe0763f83f0ac733762de262c556 77975b9923aa5e257840086ae38f4f7c e2ae951b7762cdae39d49918c5b3283d raccoon discovery stealer

Raccoon family

Raccoon

Executes dropped EXE

Enumerates physical storage devices

Unsigned PE

System Location Discovery: System Language Discovery

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-12-14 11:27

Signatures

Raccoon family

raccoon

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-12-14 11:27

Reported

2024-12-14 11:29

Platform

win11-20241007-en

Max time kernel

114s

Max time network

117s

Command Line

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Raccoon.Stealer.v2.sha.zip"

Signatures

Raccoon

stealer raccoon

Raccoon family

raccoon

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\raccoon v2\0123b26df3c79bac0a3fda79072e36c159cfd1824ae3fd4b7f9dea9bda9c7909.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\2911be45ad496dd1945f95c47b7f7738ad03849329fcec9c464dfaeb5081f67e.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\47f3c8bf3329c2ef862cf12567849555b17b930c8d7c0d571f4e112dae1453b1.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\5d66919291b68ab8563deedf8d5575fd91460d1adfbd12dba292262a764a5c99.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\62049575053b432e93b176da7afcbe49387111b3a3d927b06c5b251ea82e5975.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\7299026b22e61b0f9765eb63e42253f7e5d6ec4657008ea60aad220bbc7e2269.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\960ce3cc26c8313b0fe41197e2aff5533f5f3efb1ba2970190779bc9a07bea63.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\99f510990f240215e24ef4dd1d22d485bf8c79f8ef3e963c4787a8eb6bf0b9ac.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\bd8c1068561d366831e5712c2d58aecb21e2dbc2ae7c76102da6b00ea15e259e.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\c6e669806594be6ab9b46434f196a61418484ba1eda3496789840bec0dff119a.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\e309a7a942d390801e8fedc129c6e3c34e44aae3d1aced1d723bc531730b08f5.exe N/A
N/A N/A C:\Users\Admin\Desktop\raccoon v2\f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\0123b26df3c79bac0a3fda79072e36c159cfd1824ae3fd4b7f9dea9bda9c7909.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\62049575053b432e93b176da7afcbe49387111b3a3d927b06c5b251ea82e5975.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\c6e669806594be6ab9b46434f196a61418484ba1eda3496789840bec0dff119a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\2911be45ad496dd1945f95c47b7f7738ad03849329fcec9c464dfaeb5081f67e.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\47f3c8bf3329c2ef862cf12567849555b17b930c8d7c0d571f4e112dae1453b1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\e309a7a942d390801e8fedc129c6e3c34e44aae3d1aced1d723bc531730b08f5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\7299026b22e61b0f9765eb63e42253f7e5d6ec4657008ea60aad220bbc7e2269.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\960ce3cc26c8313b0fe41197e2aff5533f5f3efb1ba2970190779bc9a07bea63.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\5d66919291b68ab8563deedf8d5575fd91460d1adfbd12dba292262a764a5c99.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\99f510990f240215e24ef4dd1d22d485bf8c79f8ef3e963c4787a8eb6bf0b9ac.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\raccoon v2\bd8c1068561d366831e5712c2d58aecb21e2dbc2ae7c76102da6b00ea15e259e.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\Taskmgr.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\System32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\Taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\Taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\Taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\Taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\Taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A
N/A N/A C:\Windows\system32\Taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3592 wrote to memory of 2380 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\Taskmgr.exe
PID 3592 wrote to memory of 2380 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\Taskmgr.exe
PID 3592 wrote to memory of 4796 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\0123b26df3c79bac0a3fda79072e36c159cfd1824ae3fd4b7f9dea9bda9c7909.exe
PID 3592 wrote to memory of 4796 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\0123b26df3c79bac0a3fda79072e36c159cfd1824ae3fd4b7f9dea9bda9c7909.exe
PID 3592 wrote to memory of 4796 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\0123b26df3c79bac0a3fda79072e36c159cfd1824ae3fd4b7f9dea9bda9c7909.exe
PID 3592 wrote to memory of 1112 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03.exe
PID 3592 wrote to memory of 1112 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03.exe
PID 3592 wrote to memory of 1112 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03.exe
PID 3592 wrote to memory of 2944 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059.exe
PID 3592 wrote to memory of 2944 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059.exe
PID 3592 wrote to memory of 2944 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059.exe
PID 3592 wrote to memory of 3496 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256.exe
PID 3592 wrote to memory of 3496 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256.exe
PID 3592 wrote to memory of 3496 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256.exe
PID 3592 wrote to memory of 4252 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc.exe
PID 3592 wrote to memory of 4252 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc.exe
PID 3592 wrote to memory of 4252 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc.exe
PID 3592 wrote to memory of 1148 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693.exe
PID 3592 wrote to memory of 1148 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693.exe
PID 3592 wrote to memory of 1148 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693.exe
PID 3592 wrote to memory of 4640 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577.exe
PID 3592 wrote to memory of 4640 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577.exe
PID 3592 wrote to memory of 4640 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577.exe
PID 3592 wrote to memory of 720 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\2911be45ad496dd1945f95c47b7f7738ad03849329fcec9c464dfaeb5081f67e.exe
PID 3592 wrote to memory of 720 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\2911be45ad496dd1945f95c47b7f7738ad03849329fcec9c464dfaeb5081f67e.exe
PID 3592 wrote to memory of 720 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\2911be45ad496dd1945f95c47b7f7738ad03849329fcec9c464dfaeb5081f67e.exe
PID 3592 wrote to memory of 1420 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\47f3c8bf3329c2ef862cf12567849555b17b930c8d7c0d571f4e112dae1453b1.exe
PID 3592 wrote to memory of 1420 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\47f3c8bf3329c2ef862cf12567849555b17b930c8d7c0d571f4e112dae1453b1.exe
PID 3592 wrote to memory of 1420 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\47f3c8bf3329c2ef862cf12567849555b17b930c8d7c0d571f4e112dae1453b1.exe
PID 3592 wrote to memory of 2372 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e.exe
PID 3592 wrote to memory of 2372 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e.exe
PID 3592 wrote to memory of 2372 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e.exe
PID 3592 wrote to memory of 2144 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\5d66919291b68ab8563deedf8d5575fd91460d1adfbd12dba292262a764a5c99.exe
PID 3592 wrote to memory of 2144 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\5d66919291b68ab8563deedf8d5575fd91460d1adfbd12dba292262a764a5c99.exe
PID 3592 wrote to memory of 2144 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\5d66919291b68ab8563deedf8d5575fd91460d1adfbd12dba292262a764a5c99.exe
PID 3592 wrote to memory of 4564 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\62049575053b432e93b176da7afcbe49387111b3a3d927b06c5b251ea82e5975.exe
PID 3592 wrote to memory of 4564 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\62049575053b432e93b176da7afcbe49387111b3a3d927b06c5b251ea82e5975.exe
PID 3592 wrote to memory of 4564 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\62049575053b432e93b176da7afcbe49387111b3a3d927b06c5b251ea82e5975.exe
PID 3592 wrote to memory of 2320 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\7299026b22e61b0f9765eb63e42253f7e5d6ec4657008ea60aad220bbc7e2269.exe
PID 3592 wrote to memory of 2320 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\7299026b22e61b0f9765eb63e42253f7e5d6ec4657008ea60aad220bbc7e2269.exe
PID 3592 wrote to memory of 2320 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\7299026b22e61b0f9765eb63e42253f7e5d6ec4657008ea60aad220bbc7e2269.exe
PID 3592 wrote to memory of 1524 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0.exe
PID 3592 wrote to memory of 1524 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0.exe
PID 3592 wrote to memory of 1524 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0.exe
PID 3592 wrote to memory of 3312 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\960ce3cc26c8313b0fe41197e2aff5533f5f3efb1ba2970190779bc9a07bea63.exe
PID 3592 wrote to memory of 3312 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\960ce3cc26c8313b0fe41197e2aff5533f5f3efb1ba2970190779bc9a07bea63.exe
PID 3592 wrote to memory of 3312 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\960ce3cc26c8313b0fe41197e2aff5533f5f3efb1ba2970190779bc9a07bea63.exe
PID 3592 wrote to memory of 5020 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\99f510990f240215e24ef4dd1d22d485bf8c79f8ef3e963c4787a8eb6bf0b9ac.exe
PID 3592 wrote to memory of 5020 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\99f510990f240215e24ef4dd1d22d485bf8c79f8ef3e963c4787a8eb6bf0b9ac.exe
PID 3592 wrote to memory of 5020 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\99f510990f240215e24ef4dd1d22d485bf8c79f8ef3e963c4787a8eb6bf0b9ac.exe
PID 3592 wrote to memory of 408 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\bd8c1068561d366831e5712c2d58aecb21e2dbc2ae7c76102da6b00ea15e259e.exe
PID 3592 wrote to memory of 408 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\bd8c1068561d366831e5712c2d58aecb21e2dbc2ae7c76102da6b00ea15e259e.exe
PID 3592 wrote to memory of 408 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\bd8c1068561d366831e5712c2d58aecb21e2dbc2ae7c76102da6b00ea15e259e.exe
PID 3592 wrote to memory of 2020 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\c6e669806594be6ab9b46434f196a61418484ba1eda3496789840bec0dff119a.exe
PID 3592 wrote to memory of 2020 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\c6e669806594be6ab9b46434f196a61418484ba1eda3496789840bec0dff119a.exe
PID 3592 wrote to memory of 2020 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\c6e669806594be6ab9b46434f196a61418484ba1eda3496789840bec0dff119a.exe
PID 3592 wrote to memory of 2208 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\e309a7a942d390801e8fedc129c6e3c34e44aae3d1aced1d723bc531730b08f5.exe
PID 3592 wrote to memory of 2208 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\e309a7a942d390801e8fedc129c6e3c34e44aae3d1aced1d723bc531730b08f5.exe
PID 3592 wrote to memory of 2208 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\e309a7a942d390801e8fedc129c6e3c34e44aae3d1aced1d723bc531730b08f5.exe
PID 3592 wrote to memory of 1200 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27.exe
PID 3592 wrote to memory of 1200 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27.exe
PID 3592 wrote to memory of 1200 N/A C:\Windows\System32\cmd.exe C:\Users\Admin\Desktop\raccoon v2\f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27.exe

Processes

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Raccoon.Stealer.v2.sha.zip"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\Taskmgr.exe

taskmgr

C:\Users\Admin\Desktop\raccoon v2\0123b26df3c79bac0a3fda79072e36c159cfd1824ae3fd4b7f9dea9bda9c7909.exe

0123b26df3c79bac0a3fda79072e36c159cfd1824ae3fd4b7f9dea9bda9c7909.exe

C:\Users\Admin\Desktop\raccoon v2\022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03.exe

022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03.exe

C:\Users\Admin\Desktop\raccoon v2\048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059.exe

048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059.exe

C:\Users\Admin\Desktop\raccoon v2\0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256.exe

0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256.exe

C:\Users\Admin\Desktop\raccoon v2\2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc.exe

2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc.exe

C:\Users\Admin\Desktop\raccoon v2\263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693.exe

263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693.exe

C:\Users\Admin\Desktop\raccoon v2\27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577.exe

27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577.exe

C:\Users\Admin\Desktop\raccoon v2\2911be45ad496dd1945f95c47b7f7738ad03849329fcec9c464dfaeb5081f67e.exe

2911be45ad496dd1945f95c47b7f7738ad03849329fcec9c464dfaeb5081f67e.exe

C:\Users\Admin\Desktop\raccoon v2\47f3c8bf3329c2ef862cf12567849555b17b930c8d7c0d571f4e112dae1453b1.exe

47f3c8bf3329c2ef862cf12567849555b17b930c8d7c0d571f4e112dae1453b1.exe

C:\Users\Admin\Desktop\raccoon v2\516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e.exe

516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e.exe

C:\Users\Admin\Desktop\raccoon v2\5d66919291b68ab8563deedf8d5575fd91460d1adfbd12dba292262a764a5c99.exe

5d66919291b68ab8563deedf8d5575fd91460d1adfbd12dba292262a764a5c99.exe

C:\Users\Admin\Desktop\raccoon v2\62049575053b432e93b176da7afcbe49387111b3a3d927b06c5b251ea82e5975.exe

62049575053b432e93b176da7afcbe49387111b3a3d927b06c5b251ea82e5975.exe

C:\Users\Admin\Desktop\raccoon v2\7299026b22e61b0f9765eb63e42253f7e5d6ec4657008ea60aad220bbc7e2269.exe

7299026b22e61b0f9765eb63e42253f7e5d6ec4657008ea60aad220bbc7e2269.exe

C:\Users\Admin\Desktop\raccoon v2\7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0.exe

7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0.exe

C:\Users\Admin\Desktop\raccoon v2\960ce3cc26c8313b0fe41197e2aff5533f5f3efb1ba2970190779bc9a07bea63.exe

960ce3cc26c8313b0fe41197e2aff5533f5f3efb1ba2970190779bc9a07bea63.exe

C:\Users\Admin\Desktop\raccoon v2\99f510990f240215e24ef4dd1d22d485bf8c79f8ef3e963c4787a8eb6bf0b9ac.exe

99f510990f240215e24ef4dd1d22d485bf8c79f8ef3e963c4787a8eb6bf0b9ac.exe

C:\Users\Admin\Desktop\raccoon v2\bd8c1068561d366831e5712c2d58aecb21e2dbc2ae7c76102da6b00ea15e259e.exe

bd8c1068561d366831e5712c2d58aecb21e2dbc2ae7c76102da6b00ea15e259e.exe

C:\Users\Admin\Desktop\raccoon v2\c6e669806594be6ab9b46434f196a61418484ba1eda3496789840bec0dff119a.exe

c6e669806594be6ab9b46434f196a61418484ba1eda3496789840bec0dff119a.exe

C:\Users\Admin\Desktop\raccoon v2\e309a7a942d390801e8fedc129c6e3c34e44aae3d1aced1d723bc531730b08f5.exe

e309a7a942d390801e8fedc129c6e3c34e44aae3d1aced1d723bc531730b08f5.exe

C:\Users\Admin\Desktop\raccoon v2\f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27.exe

f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27.exe

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

Network

Country Destination Domain Proto
HK 194.156.98.151:80 tcp

Files

C:\Users\Admin\AppData\Local\Temp\7zE40A89CD7\2911be45ad496dd1945f95c47b7f7738ad03849329fcec9c464dfaeb5081f67e

MD5 c5ce68e5feabffe94ce4309e9e278a91
SHA1 ab272e68f0e09391e3675cf8cda344774ae98769
SHA256 2911be45ad496dd1945f95c47b7f7738ad03849329fcec9c464dfaeb5081f67e
SHA512 d3bf2ba058f75b4ecd2f371771ed516791fdd28a0bf2b7b2f6b4754db5f37aaf8f321d7d7e2319adb3de5ce7b7d64a647f63b1f9990ef4227918f3786a9d0d6b

C:\Users\Admin\Desktop\raccoon v2\0123b26df3c79bac0a3fda79072e36c159cfd1824ae3fd4b7f9dea9bda9c7909

MD5 214add3ebdd5b429fda7c00e7f01b864
SHA1 7cead6f1e4c4b0824365268cdd5d168acf56265c
SHA256 0123b26df3c79bac0a3fda79072e36c159cfd1824ae3fd4b7f9dea9bda9c7909
SHA512 6a3541878c3134d7dedbf9dc182cebf12689aa4b4d3f2b4071981175db79114a66336e6f41e73ede21d8c80ec42fec7fd48b17698df0e28feeb81df4d53b6219

C:\Users\Admin\Desktop\raccoon v2\022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03

MD5 0cfa58846e43dd67b6d9f29e97f6c53e
SHA1 19d9fbfd9b23d4bd435746a524443f1a962d42fa
SHA256 022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03
SHA512 263bb15955a86788d3006f4d3fdeabe6fed1291b6c6e60471ffdb59626755a81d1ffbafc58fe13c0633cb67f3f1d9a3ec92046b6d85eba56e56cd1c252ea4ea0

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 3a0ee6be71a86f755c6f456c509058f0
SHA1 7725e222c613cb588debda0ea92311bc2b78af0e
SHA256 16716ffc31623b6c376241df07be47502176949bafdcaf6b081500cbaafb8bdd
SHA512 23112cbfd8cec173824f4e0b87f87706fb4be084f09793b879c3e08a5d8870a6b9ebff0b1b79d7a3c9b74fd6e6285b4fc6903bcab8fe13b3541297482b19d6aa

C:\Users\Admin\Desktop\raccoon v2\048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059

MD5 1d7d285f77ed5460fe9aada4c04dcfcf
SHA1 9c6e393d8b2eac432720518f8991c86ad8fa94b7
SHA256 048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059
SHA512 cfcd38cd8c12a80ad7d26442979bb5ac44541866810951eaf8d2fc709d1e9cb3cbe187065ff547717d3babe8abf9f98c2b04562dca992b63ff54c5465746f5e4

C:\Users\Admin\Desktop\raccoon v2\0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256

MD5 d28ba705f24c9e51564c46aefab26754
SHA1 0c6bb0d8f2611775b495a019c63f95b1377f2054
SHA256 0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256
SHA512 441ea8ded89e2bc7630134e9da3a5cd25835133f2c869ff7f6540041225cf3486e380bc2e001a2359adcca0723fb8b80b349ff4b905dbb686c354783c4c68d4a

C:\Users\Admin\Desktop\raccoon v2\2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc

MD5 6844edfec32e4323ecfedc458f7d3b86
SHA1 465d756d89a18d40a2721e74d99b4df8dc9438a8
SHA256 2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc
SHA512 94b2fea769586a0216466f2474f1a1c61d81f10b2bba79c5e7c3f18c3126302a8cff680ef71421fa91d3a70ac3fb37fea44ceeb6800cb83e0515068647356b95

C:\Users\Admin\Desktop\raccoon v2\263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693

MD5 92d3194f6c3511b40def1b3c8f86e585
SHA1 e9aaee23127a796285e3e227e4d92e3cf572c529
SHA256 263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693
SHA512 b5b8963dcbb9a26c8b6bb013c4f554162fa911dc929649ad62a1631cc1dcbba2ac3be7168f94afd7515ec3561e32ddf3ab9122c13cdd19e37b13f2ade7e2f79f

C:\Users\Admin\Desktop\raccoon v2\27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577

MD5 7a2ef36c5dbf72b92b1adfb52e1e5426
SHA1 abe82a1405471258c72d031191846ea627f1c63c
SHA256 27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577
SHA512 e75cd32ffa838a7258d5804cc48c75174a03b573329ad531c497c2fbf4b42eb9eb5c68cd951a8100cb34a985490c18d572791226e068f8e3a832279d35130931

C:\Users\Admin\Desktop\raccoon v2\47f3c8bf3329c2ef862cf12567849555b17b930c8d7c0d571f4e112dae1453b1

MD5 b35cde0ed02bf71f1a87721d09746f7b
SHA1 0cf266265f77e387a9d396888651240f2b458e0a
SHA256 47f3c8bf3329c2ef862cf12567849555b17b930c8d7c0d571f4e112dae1453b1
SHA512 59aa3d9c0cbcdbb1d08c563ed322517cd5a52c4dbb039f840a911860c46402304ae889217d1832d5d61af6e080d54d9edfcd3334fc7a8bef2f8f921f232b2344

C:\Users\Admin\Desktop\raccoon v2\516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e

MD5 7894ab366f0b984ce78d7ef9724cec0d
SHA1 48ca383575fdc914ed3436d40201eae6bac55007
SHA256 516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e
SHA512 bf2ecf43f4ce7451489aa9d16acfe3c9d528ec0d0b924b864630a058e38147626e4f4815cd540f9da7df507af4242e6623d645a20ed46ec1d1020dfe7cec7155

C:\Users\Admin\Desktop\raccoon v2\5d66919291b68ab8563deedf8d5575fd91460d1adfbd12dba292262a764a5c99

MD5 9ea0905f02da6e6ef2e46d5e434ec2e9
SHA1 90acb6ca3f40b72a7ab601b2f781d43ddb5d2bb9
SHA256 5d66919291b68ab8563deedf8d5575fd91460d1adfbd12dba292262a764a5c99
SHA512 243bb29df27ee2d9f4a7974df83f2325ad0b6f1cdab3dd210eb253f0f804bc9a0b56fffacda60ddaac3eec07082d0ca421db6e41eca9cc8d90d91673a899d434

C:\Users\Admin\Desktop\raccoon v2\62049575053b432e93b176da7afcbe49387111b3a3d927b06c5b251ea82e5975

MD5 7be1483472153324066babf71c683045
SHA1 4436a1c572737a82494d4ddfe91929ce4cd836cd
SHA256 62049575053b432e93b176da7afcbe49387111b3a3d927b06c5b251ea82e5975
SHA512 5e0b75f6e3b493d44f29379df4a7b314a266afe7dc121d09eccd801f4a591210b8b0d5b19173c210c9bd89d5abccf82dafe44694cff3596b8f1e2a9398086fd1

C:\Users\Admin\Desktop\raccoon v2\7299026b22e61b0f9765eb63e42253f7e5d6ec4657008ea60aad220bbc7e2269

MD5 6affeba1a78fcedc2d7dd78713a79a00
SHA1 3cd9f5678212e7465af460eb05b9a5c1899842a9
SHA256 7299026b22e61b0f9765eb63e42253f7e5d6ec4657008ea60aad220bbc7e2269
SHA512 3dfeb53bd27853ad5783b73e2173b51fa886b9da5da8fed04b6a6a17acf616b4ea0ee019e44f96066770a74dd000da18f9d97366f66cb66a651d13393e357590

C:\Users\Admin\Desktop\raccoon v2\7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0

MD5 1e682d91b86e5d1059496ef5c9404a83
SHA1 b997c212dee402190a4fe7562fa68f565c084711
SHA256 7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0
SHA512 e00e985da0097f7f743c82ab46b09e5c4b9c6aa03c7f28310a23ecc1167b5c4a21cf4490c6081c201e962ba830acaa04ef11eb40f4e1451a2d0e199e84e2d130

C:\Users\Admin\Desktop\raccoon v2\960ce3cc26c8313b0fe41197e2aff5533f5f3efb1ba2970190779bc9a07bea63

MD5 80b0745106a9a4ed3c18264ba1887bff
SHA1 b97787c5fb625d884b184b16266d58bcec1bdff1
SHA256 960ce3cc26c8313b0fe41197e2aff5533f5f3efb1ba2970190779bc9a07bea63
SHA512 cdb135b66807377db24e31d50b8de80eae3f7c75c8323583a784e8808186e117460be3b4e8f61ec058670eaa045dcfcf279576f83c5dc2a0bf329ef5914c4691

C:\Users\Admin\Desktop\raccoon v2\99f510990f240215e24ef4dd1d22d485bf8c79f8ef3e963c4787a8eb6bf0b9ac

MD5 b71921298c866e9d17fe83becf9a2107
SHA1 7f224b87eeaa85417c2d1e4a254d907c44439dee
SHA256 99f510990f240215e24ef4dd1d22d485bf8c79f8ef3e963c4787a8eb6bf0b9ac
SHA512 0ce2893c05d9562d9a9a828fe9e2a0d5ea2e6d8e0f78e9d25391ca4c83b54df2f773e8ed48a673268072b928246c8247a941a15f470b2e435cbb2a3d316261c7

C:\Users\Admin\Desktop\raccoon v2\9ee50e94a731872a74f47780317850ae2b9fae9d6c53a957ed7187173feb4f42

MD5 88a354d8d051d4dd8c741cdf3e986244
SHA1 b47cc17316ef37a18919eedd0ec16908febac7a1
SHA256 9ee50e94a731872a74f47780317850ae2b9fae9d6c53a957ed7187173feb4f42
SHA512 a9c88168c122c0e18d18d1166724f403c462fa93e0c62094f56160306fd64a564b7569051a17171144f0431a9e1929aed07de3a96c883f1fd7d91a4b6893eace

C:\Users\Admin\Desktop\raccoon v2\bd8c1068561d366831e5712c2d58aecb21e2dbc2ae7c76102da6b00ea15e259e

MD5 16bae91061e6410ddf2c17b544939d87
SHA1 531b6c546b26eeb9e33560292bb756b47affbeaa
SHA256 bd8c1068561d366831e5712c2d58aecb21e2dbc2ae7c76102da6b00ea15e259e
SHA512 8fa546a1ab78a43f1feebe009d7d578242c3f1a96778588a3086b69a1bd58449a563d99114cbbad94c840f1ca8469d26e9c6e83d240ee0d472bb56b6dad4422d

C:\Users\Admin\Desktop\raccoon v2\c6e669806594be6ab9b46434f196a61418484ba1eda3496789840bec0dff119a

MD5 0b4146abe7ab84bfa66e1bb9b947fee3
SHA1 f88cb9e308c4de39ddbb0d50b71a28f04bc8bd85
SHA256 c6e669806594be6ab9b46434f196a61418484ba1eda3496789840bec0dff119a
SHA512 9a31029310401dc7c09d06754a62b76ee8a9d47b1d4aa694506d70a093625f3cdcbe102e6ecf0f94ad41b8aae00765bd4347334c76f0dc078fbee07994d34803

C:\Users\Admin\Desktop\raccoon v2\e309a7a942d390801e8fedc129c6e3c34e44aae3d1aced1d723bc531730b08f5

MD5 3e8a0b51131b8937ec9d36e96872a581
SHA1 589676a88d04977b651722dd061b158771a6435d
SHA256 e309a7a942d390801e8fedc129c6e3c34e44aae3d1aced1d723bc531730b08f5
SHA512 c3ecdcf4d96ecc1cdcd24fdecd316daa80a23d1e8b3a114c3852ffcaed0eec78f8319d42e32e54d54c737e987d7b838722354dfae6cfc58b77150f731da25d65

C:\Users\Admin\Desktop\raccoon v2\f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27

MD5 eca370e62443218965eb27b1a61bb7a0
SHA1 4e48d0c38e0a4543137cd381abb38e6bd17f17aa
SHA256 f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27
SHA512 6e0554a49c509a3c1c29f042746d18f924417692f3d4c2e8f55676bcc8bb7574ff3a8d4c131634601bd3da28c7c4ef4282c7002bb2a88a69c40e73aa23d58c81

memory/2380-66-0x000001D342340000-0x000001D342341000-memory.dmp

memory/2380-68-0x000001D342340000-0x000001D342341000-memory.dmp

memory/2380-67-0x000001D342340000-0x000001D342341000-memory.dmp

memory/2380-72-0x000001D342340000-0x000001D342341000-memory.dmp

memory/2380-78-0x000001D342340000-0x000001D342341000-memory.dmp

memory/2380-77-0x000001D342340000-0x000001D342341000-memory.dmp

memory/2380-76-0x000001D342340000-0x000001D342341000-memory.dmp

memory/2380-75-0x000001D342340000-0x000001D342341000-memory.dmp

memory/2380-74-0x000001D342340000-0x000001D342341000-memory.dmp

memory/2380-73-0x000001D342340000-0x000001D342341000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 327975ba2c226434c0009085b3702a06
SHA1 b7b8b25656b3caefad9c5a657f101f06e2024bbd
SHA256 6fa9064f304b70d6dcebee643ca017c2417ff325106917058f6e11341678583c
SHA512 150a57c143fc5ff2462f496f5a9451310b8d99e32c4d570641204c8062a78590f14bed438ac981e8b0609a0c87b859a1f8502a78687bc36c3a9529d633a58e51