Analysis Overview
SHA256
9d1131eb127a57898c7fe2a66e2fe0533b5c15ce295d999548b2289cfcedf906
Threat Level: Known bad
The file 21212990704.zip was found to be: Known bad.
Malicious Activity Summary
Raccoon Stealer V2 payload
Raccoon family
Raccoon
Downloads MZ/PE file
Suspicious use of NtSetInformationThreadHideFromDebugger
Browser Information Discovery
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-02-07 20:31
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-02-07 20:31
Reported
2025-02-07 20:38
Platform
win7-20241010-en
Max time kernel
55s
Max time network
162s
Command Line
Signatures
Raccoon
Raccoon Stealer V2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Raccoon family
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e609ca20cb8545f35487d65a164a40d3bcde12cf0928da55f21fd612d669df4e.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e609ca20cb8545f35487d65a164a40d3bcde12cf0928da55f21fd612d669df4e.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\e609ca20cb8545f35487d65a164a40d3bcde12cf0928da55f21fd612d669df4e.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e609ca20cb8545f35487d65a164a40d3bcde12cf0928da55f21fd612d669df4e.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\e609ca20cb8545f35487d65a164a40d3bcde12cf0928da55f21fd612d669df4e.exe
"C:\Users\Admin\AppData\Local\Temp\e609ca20cb8545f35487d65a164a40d3bcde12cf0928da55f21fd612d669df4e.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb459758,0x7fefb459768,0x7fefb459778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1224 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3208 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3300 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3552 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3540 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3636 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3640 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3560 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2356 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3616 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3952 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3232 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4072 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3700 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2396 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4212 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3792 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x46c
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4448 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3192 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4160 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4796 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4836 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4832 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1168,i,18052658330512068229,2664239837004830255,131072 /prefetch:8
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe"
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe" --local-service
C:\Users\Admin\Downloads\AnyDesk.exe
"C:\Users\Admin\Downloads\AnyDesk.exe" --local-control
Network
| Country | Destination | Domain | Proto |
| RU | 37.220.87.93:80 | tcp | |
| RU | 37.220.87.93:80 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 172.217.169.74:443 | ogads-pa.googleapis.com | tcp |
| GB | 172.217.169.74:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | anydesk.com | udp |
| GB | 18.244.124.82:443 | anydesk.com | tcp |
| GB | 18.244.124.82:443 | anydesk.com | tcp |
| GB | 18.244.124.82:443 | anydesk.com | tcp |
| LV | 77.73.134.75:80 | tcp | |
| GB | 18.244.124.82:80 | anydesk.com | tcp |
| GB | 18.244.124.82:80 | anydesk.com | tcp |
| GB | 18.244.124.82:443 | anydesk.com | tcp |
| GB | 142.250.200.35:80 | www.gstatic.com | tcp |
| LV | 77.73.134.75:80 | tcp | |
| DE | 83.217.11.38:80 | tcp | |
| DE | 83.217.11.38:80 | tcp | |
| GB | 18.244.124.82:443 | anydesk.com | tcp |
| GB | 18.244.124.82:443 | anydesk.com | tcp |
| GB | 18.244.124.82:443 | anydesk.com | tcp |
| US | 8.8.8.8:53 | js.hs-scripts.com | udp |
| US | 104.16.138.209:443 | js.hs-scripts.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | ad-wa.anydesk.com | udp |
| DE | 167.235.224.171:443 | ad-wa.anydesk.com | tcp |
| DE | 167.235.224.171:443 | ad-wa.anydesk.com | tcp |
| DE | 167.235.224.171:443 | ad-wa.anydesk.com | tcp |
| GB | 216.58.204.67:443 | www.recaptcha.net | tcp |
| GB | 216.58.204.67:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | js.hs-banner.com | udp |
| US | 8.8.8.8:53 | js.hubspot.com | udp |
| US | 8.8.8.8:53 | js.hs-analytics.net | udp |
| GB | 2.19.252.133:443 | snap.licdn.com | tcp |
| US | 8.8.8.8:53 | js.usemessages.com | udp |
| US | 104.16.117.116:443 | js.hubspot.com | tcp |
| US | 172.64.147.16:443 | js.hs-banner.com | tcp |
| US | 104.16.160.168:443 | js.hs-analytics.net | tcp |
| US | 104.16.75.142:443 | js.usemessages.com | tcp |
| US | 172.64.147.16:443 | js.hs-banner.com | tcp |
| US | 104.16.117.116:443 | js.hubspot.com | tcp |
| US | 104.16.75.142:443 | js.usemessages.com | tcp |
| US | 104.16.160.168:443 | js.hs-analytics.net | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | tracking.g2crowd.com | udp |
| US | 104.18.87.42:443 | cdn.cookielaw.org | tcp |
| US | 104.18.30.176:443 | tracking.g2crowd.com | tcp |
| GB | 216.58.212.202:443 | content-autofill.googleapis.com | udp |
| US | 172.64.147.16:443 | js.hs-banner.com | tcp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | api.hubspot.com | udp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| GB | 216.58.204.67:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | cta-service-cms2.hubspot.com | udp |
| US | 104.18.87.42:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | tracking-api.g2.com | udp |
| US | 8.8.8.8:53 | perf-na1.hsforms.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 104.19.175.188:443 | perf-na1.hsforms.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | app.hubspot.com | udp |
| US | 104.16.189.41:443 | tracking-api.g2.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 104.16.117.116:443 | app.hubspot.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| DE | 167.235.224.171:443 | ad-wa.anydesk.com | tcp |
| DE | 167.235.224.171:443 | ad-wa.anydesk.com | tcp |
| US | 8.8.8.8:53 | www.anydesk.com | udp |
| GB | 18.244.124.20:443 | www.anydesk.com | tcp |
| US | 104.19.175.188:443 | perf-na1.hsforms.com | udp |
| DE | 167.235.224.171:443 | ad-wa.anydesk.com | tcp |
| DE | 167.235.224.171:443 | ad-wa.anydesk.com | tcp |
| GB | 18.244.124.20:443 | www.anydesk.com | tcp |
| GB | 18.244.124.20:443 | www.anydesk.com | tcp |
| US | 8.8.8.8:53 | download.anydesk.com | udp |
| DE | 141.95.74.34:443 | download.anydesk.com | tcp |
| DE | 141.95.74.34:443 | download.anydesk.com | tcp |
| GB | 18.244.124.20:443 | www.anydesk.com | tcp |
| US | 8.8.8.8:53 | static.hsappstatic.net | udp |
| US | 104.17.173.91:443 | static.hsappstatic.net | tcp |
| US | 104.17.173.91:443 | static.hsappstatic.net | tcp |
| US | 104.17.173.91:443 | static.hsappstatic.net | tcp |
| US | 104.17.173.91:443 | static.hsappstatic.net | tcp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.dwin1.com | udp |
| US | 8.8.8.8:53 | serve.albacross.com | udp |
| GB | 108.138.233.21:443 | www.dwin1.com | tcp |
| GB | 18.164.68.123:443 | serve.albacross.com | tcp |
| US | 8.8.8.8:53 | scripts.iconnode.com | udp |
| GB | 52.84.90.26:443 | scripts.iconnode.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| BE | 64.233.184.156:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.184.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | exceptions.hubspot.com | udp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| GB | 3.166.49.7:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | metrics-fe-na1.hubspot.com | udp |
| DE | 141.95.74.34:443 | download.anydesk.com | tcp |
| DE | 141.95.74.34:443 | download.anydesk.com | tcp |
| DE | 141.95.74.34:443 | download.anydesk.com | tcp |
| US | 8.8.8.8:53 | boot.net.anydesk.com | udp |
| FR | 57.128.101.74:443 | boot.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | relay-79bdf984.net.anydesk.com | udp |
| GB | 195.181.165.153:443 | relay-79bdf984.net.anydesk.com | tcp |
| US | 8.8.8.8:53 | api.playanext.com | udp |
| GB | 3.166.65.41:80 | api.playanext.com | tcp |
| NL | 45.9.148.136:7070 | tcp |
Files
memory/2092-12-0x0000000000424000-0x0000000000FB5000-memory.dmp
memory/2092-9-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2092-7-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2092-5-0x0000000000240000-0x0000000000241000-memory.dmp
memory/2092-4-0x0000000000230000-0x0000000000231000-memory.dmp
memory/2092-2-0x0000000000230000-0x0000000000231000-memory.dmp
memory/2092-0-0x0000000000230000-0x0000000000231000-memory.dmp
memory/2092-10-0x0000000000400000-0x0000000001E08000-memory.dmp
memory/2092-13-0x0000000000400000-0x0000000001E08000-memory.dmp
memory/2092-14-0x0000000000424000-0x0000000000FB5000-memory.dmp
\??\pipe\crashpad_2068_DLODXSPIXRDSGLMS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Temp\CabF6E.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarF90.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
memory/2092-160-0x0000000000400000-0x0000000001E08000-memory.dmp
memory/2092-161-0x0000000000424000-0x0000000000FB5000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7f62c4badd295dc41798f5981cf25326 |
| SHA1 | 6b720ba2cc1d2501faa57a682ca3ad59de245b41 |
| SHA256 | 671bee7960811117d1eeec013f86e28d704e4788af13fc96bf1c2bd281c6fedb |
| SHA512 | 0f18594776b8896f543f66ae10b2d2074cfdd140aeadd0e9f0a31339702ce828de2717254bc08c7adc5326386ff46938e3a4fde1e980176e38111e42a8cdaedd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
| MD5 | 2ffbc848f8c11b8001782b35f38f045b |
| SHA1 | c3113ed8cd351fe8cac0ef5886c932c5109697cf |
| SHA256 | 1a22ece5cbc8097e6664269cbd2db64329a600f517b646f896f291c0919fbbef |
| SHA512 | e4c037be5075c784fd1f4c64ff6d6cd69737667ec9b1676270e2ed8c0341e14f9d6b92fde332c3d629b53ae38e19b59f05a587c8a86de445e9d65ccfa2bd9c16 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a943ab996d5ea8cc6b0f4550e780cb4 |
| SHA1 | 2729475fc5d034ffb4223053a21d7c52fee23ed6 |
| SHA256 | c7fd985c09d116dd62ad1389413addace64de18257218dc7d69a7f40ff33b405 |
| SHA512 | c10bc8a8e9e6e1c7ef06240b1f68346f713193c3055c623124c2d10b37515a194f93fce764aed643be103a424c1650f5cf374f7b41e7d7f513467d6b0a30a4bf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 586a398a42fc41b99d391be63d565037 |
| SHA1 | 59f35ee4addc70ffe6cd09a836a742aa736ca4e3 |
| SHA256 | 8992f6bfe5d9bdf3c75b6a4da89a89031a8229879c93aef7f3b66c5b6c0d69c9 |
| SHA512 | 83f8a666af4ad561b3bf37db93f9847342b494813574708f5c3c599a8404187fa4fc9faa186f8a5dbb83037e7dc1996134f8d177b0c70872ce799c2fc2fa630f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d2ae75756b02103d7e81164df71e5f9 |
| SHA1 | c954680f50e56d5eff35a7bfa7b1a2da797cf528 |
| SHA256 | e747048a43debc83066edcee7f41a03e7ed1794aba67ecf56945e102a66bbc9d |
| SHA512 | 4cf72a700efc204a27296e409dd04968cc5c2ea0957e618bc45db40384666b5edb47ceb05995d298a73a275c84de977ce3dce7714bbfe621bee303ac7a207df2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | 4ee62f4d4df3b3c58aeb1a8891d34f22 |
| SHA1 | 567d8a5b9cf2234ddbc011126e551f14603d29d4 |
| SHA256 | cd9e870d2d113c1a75dc3cdbb37541c6216f511f264eba1996f2bdae108dbbb9 |
| SHA512 | 7157aa9e08d746721e2dcf85db997d63cfc85a0d86a221d978fe49da627cd7234a37552489e422d25813f20ae825b67631450c1c69b59c0627ce0de13e8d08b8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 264e1604655dc2b83c0229d589a1b6d3 |
| SHA1 | 6fe6aaf954050ef62bc90160d69536e9758ad45c |
| SHA256 | 3526de41b5374e6de1456b13b2ab6ee840889912fcfefe797477c52d170f8e70 |
| SHA512 | c6fcd420697ce939c12f7cc21a325d63e7ccf3583d4341cc0c78326ff6bfde07539bb73190ca2207bbae2d58c273c34042cd92861a244d33b3d5cbecf77e0570 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | d238c4f5b4568dd2bd63089049cc3f65 |
| SHA1 | 11bbaec5aa37dee57e9879a4b6883df5c886e171 |
| SHA256 | a57ace2150d909fddabac93b23715a6d490014efd0bf7da269ca61a26917d68c |
| SHA512 | 4e2a51b7bf5076aceddb33a3afa32bcd70e952fa2be4d3574d5faeb8d50eeef7df3f2521172cbe7fae2cd630b3d2b501b2f0614565d0a9e9080a8c90fdf8e6bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3e2446f7f6840432a028ec7bfd1caa73 |
| SHA1 | 22e11d7313112b204e47f97d6c3b44090fb5d8c0 |
| SHA256 | cac14443300740a3d3fdfd00edcb6d8c79f7455b2ed0c8502c1cadbef9d62f3c |
| SHA512 | 6d5737b6f63e568d5d6bf3fc99f7476c47df9e3626a80d1c1f29c97c12153a4f4c95f46d45399efdf913b67b6b9d59d7c24f308783a4a6c5589ee5a7c7995bba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 71ba99bd69f803275d6b8a5c3293d37b |
| SHA1 | b52611022029971e8c4cb3e1c7c9ae091fd15a50 |
| SHA256 | 87a23895dac96bcffb0018e394bc78cc1318740da6e254c0b0e05a198174ec05 |
| SHA512 | a4c9f434244db9ea85395dc502aaa33532828a37476c9b0b3c35017f2f3f609a2a2783813c2e28d1876be5fc0c25115a8bd5dc4a9c190ea7a80df29b6259821c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b6d75276be596924bca0b76b8ed066b |
| SHA1 | 2bfdb5b541c7a3241421a729af2f85231fa05360 |
| SHA256 | 06cda6eb15cb3243573de5ce0a873b7551d399af8e95411b57aab40872f1406e |
| SHA512 | 5f89db021e8dd41fda98162414980b51841ec33c2c01285ad92bdc8535fe4745145fad51aae3d740856eada0eaeda9c47fe33b810ca1d8e66f889d51889bf3f3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | dd6502743e362d58304b3308e56b4443 |
| SHA1 | cde912c03a33f2ba71a44caaf36afa0408e1929f |
| SHA256 | e56be4a498a773d1e0b7f23a513cc2bfbc312fbdfb93fdb16e22a7f8e8a58924 |
| SHA512 | 136d2fd3c0fe7d421cfbc9485b1a9c77ff2dd7feb1b1440db3421ca9436e57a5c4621b01f2a2c779ea1c8052d16ba915b3de1f921261b6f3010f90766ae49c47 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 21e1c4231de9d689c72eb486dc0760a9 |
| SHA1 | 7e6b8f67d1942949e69584f6b17334662f72e811 |
| SHA256 | e56ed7e0be2a8cca693ab73ebb87719ed19c4473bf773736d103e56bdc543f1d |
| SHA512 | f6e3ce7e5e0aaf81ae867c4013ea75191a6cd64f9bcf515efed8a21f779224583fc04f14d6316fb391353527c66bd6253d8a6dd0831b77f4664e39ae079ab044 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 146943a14656855cd538a122b3470827 |
| SHA1 | 1d24c6ba69ac93e3ec9e69271c18a703b506796f |
| SHA256 | 63c0865e27edab7fa2a1070c0cedf914eafaccf47d25748732eeb593c0bf2a32 |
| SHA512 | c7dba4355b0536abde35d0edb15a9e84fd37080cc2e246e6439a7245e81871aaed9df75051d0e244a868cafd83734b5c417d1c451ca458f35e9a8b69c9e97ab7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0406c024a39415fc9fed4ea317a38d83 |
| SHA1 | f35a01488c2a811e25b492f4a0a7ce7cc323544b |
| SHA256 | 6de8607606ec1de0f892f90cb6a5e05bc3bac9f875de5b4ddec5e6b650db251d |
| SHA512 | fbe6c5bb3f3c982224da9e5c6e64835cd606d983664f0b1b3a57c31794676b9971a17976d3c4cf7ea11f4e32eef48920d6277887e4d574349f0e20c4b81a921a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f0421f2e11733290aa6e46b7a8c2a135 |
| SHA1 | 4de1c5fe5709e8928d25a271b6ea75f09686ce73 |
| SHA256 | 21581b2bd115e5ba56a7ff115040fa6241cecd0ae864aa4af4b87c057b36411a |
| SHA512 | dcd834535959dd4f3ac46327e2f8991559550b6ec9faa7e8e02b1ff3c413a59a657be52c1107050531f597d7b3cf96f372d1649db80648314d5ae500f87e51e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf789b17.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\Downloads\AnyDesk.exe
| MD5 | 0a269c555e15783351e02629502bf141 |
| SHA1 | 8fefa361e9b5bce4af0090093f51bcd02892b25d |
| SHA256 | fff4b96876b0c78da96e57cf7ca1b0e0cbee4fde52047a9bde52e25b062d69ca |
| SHA512 | b1784109f01d004f2f618e91695fc4ab9e64989cdedc39941cb1a4e7fed9032e096190269f3baefa590cc98552af5824d0f447a03213e4ae07cf55214758725a |
memory/2736-895-0x0000000000110000-0x0000000001752000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bcb33c25b7cec268b6056aaf3a7b2bed |
| SHA1 | 26a6887f271005deff089ac00a496eb8486d5a93 |
| SHA256 | a52172d5b50a1302731a716c1b7fda4fd48c1b155dea39a4fe56ca3bf3a3d48c |
| SHA512 | ee81e8dea9bdf2854bb719932cb7481d73419a997f0d33dd0eb09ea54d8ab9720f1fe52a2808272f6e3775a1bb5cd46bfe5aca718e85365bd401af162226bfe7 |
memory/1572-920-0x0000000000110000-0x0000000001752000-memory.dmp
memory/2712-921-0x0000000000110000-0x0000000001752000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace
| MD5 | c108896e299138b1ab5fb99a043ee141 |
| SHA1 | 7132b2d2c52a9313a699a4a96cf8058311308834 |
| SHA256 | 2334367204877f8716e28646ea36ccf7e5917571ed1fdf9417db185cb1bdebb0 |
| SHA512 | d69fbe490a1539478d795a70f8979615b564a31a62743bda0f2a046ad0e0424231716e69bdcf825c4080804fd3fca54005c6ecca0d1a81d5ec6d67aafbb6d17a |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 2703a9065121f806ed69076b9e93dbed |
| SHA1 | f5d6c14795b1c8c4698cf50cfd49ac8e877dd32a |
| SHA256 | 9f3742f6b5a4854c9629dfa3ce88b5d9fe94532c5c525c0ccf67ae2f7132cd4f |
| SHA512 | de11812258713bcdeb8591ca17b5b3ab20048bb92cc6fb697c966a17a485e92fea88b78cfe4044fdf3c2e219a361edbaceccb8dc894730ca72a83fc92c8ac71c |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 0c04ad1083dc5c7c45e3ee2cd344ae38 |
| SHA1 | f1cf190f8ca93000e56d49732e9e827e2554c46f |
| SHA256 | 6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0 |
| SHA512 | 6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492 |
memory/2736-941-0x0000000000110000-0x0000000001752000-memory.dmp
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | 684eb1b99caa710a010acdc5ec2385c4 |
| SHA1 | 61f7c43fc8e56e06428345ea7cb2fff64177f2b7 |
| SHA256 | 1f4be58e249d5976fe6d218d3b1203ea85be25f83a0ee554a8efdd694ec005de |
| SHA512 | f48a5cc4ae3eeea271e17da41881fa8a5c55c07b5254a119386fe292e7808b24ebf2b9cde96e557dedb26398b4e11217b5c6afa59d074ce579a3ac8d36582343 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | b824cc2fb19e49e8bcbdfbd986698582 |
| SHA1 | 04397dbb4ba08a4dca6c935d844deaa8d6d5a452 |
| SHA256 | e18f24da8f8b32ea6d94dffec39550d622f5c643433cb7b41506fa96be9df747 |
| SHA512 | 861536a626032f50c419c6997540254a822996eb0709c4b1f5c5e6a8448f8f8a80dd4d470c42470647571d83eb04efbf7c646d365f60aa01c972798528fac0f1 |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | 16f1240b6c27767979deabea2602772e |
| SHA1 | d879e9cae271d31b4b0aaa7e51acab0533b2e001 |
| SHA256 | 2575e9f0ff69900bbda3234bdda2267c4170653b1e38d18ee1ce15b8778e699d |
| SHA512 | 505c6f8948f300bffe024a3923515419ed8fc68c886b1deec49bc9a564b5701013c12e96b887f559ff34bf57a33f839c66827a8cf0264f8558b01c94aca3ca07 |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 6755cfb957b6be3acf00b9ecde6ad489 |
| SHA1 | d9fbfebabbd082b0d12c19c88fbb2ae64ed277ab |
| SHA256 | d143f81308941723dd88c817783dc6086d05ce8971d4a4cfc68c34d009670214 |
| SHA512 | 198f97b0f0035300f90f384ddeb7381274a760b7e2a08411ac707eab85e097ed07c55b7add0d22900f68b3846e43ccc21d8979e4b68ece3cac39a528977fa94c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a6bda479-42e7-4416-aba8-4f9773c48e98.tmp
| MD5 | 60e991cc34762dba448c95802df32c7e |
| SHA1 | 4dc7e8434ecf3477352a4caa5c58f0db153bae70 |
| SHA256 | 3ac5baae508d76cf3b086e05189e11d539621ca85f1ad4912a6b691e6189208a |
| SHA512 | e1be50f2c29ba500deb1fc2705359343ee38efa3acec855b6b23bf983aca13af04b4c14bd92469686deb337ac50f35582e908b40eb3fce2c07f3f4a0129f94ea |
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf
| MD5 | d73c6e3754311a875190c9ecfca6dcb5 |
| SHA1 | 57b3cecd018e85e66b000d809ee8ea115c85e5d2 |
| SHA256 | 03ff3cc21972f1d7cf3af12abcd11b2e93d4a8f7b398fb02646d7188d469218a |
| SHA512 | c697d4f2e389d3bdfacea8405cfeb9f8688fe081da2b43ecc368e4aa6169c9c6a2012b16e0f845b12ef671de7b5cefab7007cd81aa971b9a32983ce1148e65db |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 7df64583a863fab7a8e4464c5921b7e3 |
| SHA1 | 738af3019f09067afab2c1f836f8ed78c8098c0e |
| SHA256 | 3bbff7c9a758be18e17bb21038d6365262432692711e8532c486720f09cae7f3 |
| SHA512 | b5ec5b92b06a732c92afb024fc9c91591a36afe4060b5a6e6c9324402227487f9b4d86aab409d517b70812ae3cf2ab47d8699afd4d703d784f8d7a6936ec89a5 |
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf
| MD5 | 73fcbfc603e182596dfe559560decd83 |
| SHA1 | 298e5d6e465c9a2ccff2bbeafaf56d0c854e83c5 |
| SHA256 | 5fdf495a69672aa26d322044f3825b718ba08b69b7f56ca08723a2b4bf1ac34b |
| SHA512 | ff07b89af8eeb9850c19a80393d89f7000a9dcf7ad5623e4a7da453f73634fb006398f503042290f2095e058b62b180fddb4d58b323493e2f9cf808c43a790ce |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 95bdbee4974f875ec05772c1d9457a1b |
| SHA1 | 40fc436432b50606302faf2174aa4ff28735d02b |
| SHA256 | 8be1c83d69bce2f4741e0712e10785f497a26fa933aedfdf6c2831f061d634ab |
| SHA512 | 61b6c5b13fc8079c1001a1603f00e29a931939471c96e9a817c117f8b2b6ee65438e7e60bea9c9724d6dc0c6b886647994b1635c420a807de3c154cf646538a7 |
\Users\Admin\Downloads\gcapi.dll
| MD5 | 1ce7d5a1566c8c449d0f6772a8c27900 |
| SHA1 | 60854185f6338e1bfc7497fd41aa44c5c00d8f85 |
| SHA256 | 73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf |
| SHA512 | 7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753 |
memory/1572-1176-0x0000000000110000-0x0000000001752000-memory.dmp
memory/2712-1177-0x0000000000110000-0x0000000001752000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a1dc53ad2e70433f8e502ff84949ac7f |
| SHA1 | 352ee2abf44f85dd49bb98222a9ef055eb8c4b95 |
| SHA256 | e2ba89e22016193657c7c354dc374b0573b5f87d0dec49ef6ac532fc8c35058a |
| SHA512 | e122910ec5234c18ec4a325177e8e127cfac670683a52b4ccbe4728a43fa38834b11cb382f5c6f1f9d7f23749a9125cb6a437e0c54be6a6e9aa8bd8bedb8fcfe |
memory/2736-1187-0x0000000000110000-0x0000000001752000-memory.dmp
memory/1572-1199-0x0000000000110000-0x0000000001752000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms
| MD5 | 73f09948ad41cb80fe1c7ee9df8ca008 |
| SHA1 | 9300a94713a10dc10e9c3680f10b93f8a16630ec |
| SHA256 | 50177916dbe82ea9587ba6392fccb63bd5e99106f843c0e7858e6c05797c7086 |
| SHA512 | 0b2eae2c636a3287fbe7dbfc7c07b0f14e60b9f696a369b7aea5287316a26d8c347630b5453d0d4c8b363345cca159e33c64b3a19bcb69b73e6111c522956c5b |
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf
| MD5 | 77b8e110973ac7e092899abd6c3800a3 |
| SHA1 | a99e6342a8ab16ad460a148bd9e14d056271af3f |
| SHA256 | 0b9e7738ef14f9f8555101f669ffd808fdfd00e86b6231b23fec53b1ad612776 |
| SHA512 | e2bd939dfa459d9c1ddf275d5113197d3d7574a6b850d946c9f6635fc5f1b89e039c340a0ccca3550f686899c1457d59eb1881fde93ab91ca16303ef8684d3c9 |
memory/2736-1229-0x0000000000110000-0x0000000001752000-memory.dmp
memory/1572-1240-0x0000000000110000-0x0000000001752000-memory.dmp
memory/2736-1242-0x0000000000110000-0x0000000001752000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2025-02-07 20:31
Reported
2025-02-09 11:53
Platform
win10v2004-20250207-en
Max time kernel
149s
Max time network
305s
Command Line
Signatures
Raccoon
Raccoon Stealer V2 payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Raccoon family
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e609ca20cb8545f35487d65a164a40d3bcde12cf0928da55f21fd612d669df4e.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e609ca20cb8545f35487d65a164a40d3bcde12cf0928da55f21fd612d669df4e.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\e609ca20cb8545f35487d65a164a40d3bcde12cf0928da55f21fd612d669df4e.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e609ca20cb8545f35487d65a164a40d3bcde12cf0928da55f21fd612d669df4e.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\e609ca20cb8545f35487d65a164a40d3bcde12cf0928da55f21fd612d669df4e.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\e609ca20cb8545f35487d65a164a40d3bcde12cf0928da55f21fd612d669df4e.exe
"C:\Users\Admin\AppData\Local\Temp\e609ca20cb8545f35487d65a164a40d3bcde12cf0928da55f21fd612d669df4e.exe"
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjIwNTkwMEUtNzU4OS00NUM1LThCN0UtRjIyOUFBNTAwNDA1fSIgdXNlcmlkPSJ7NUI5OURGNjUtNDc4Mi00ODNBLUI1NzAtOUFENDRGOEQ5MzExfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MzJDNTZCQzUtQzFFRC00QTVCLUFEOEItMDY5MzNCQjQ4Qjc1fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU4NjAiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODIxNjMwOTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDE3MzUyMzcwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
Network
| Country | Destination | Domain | Proto |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| RU | 37.220.87.93:80 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| N/A | 10.127.0.1:12000 | tcp | |
| US | 8.8.8.8:53 | msedge.api.cdp.microsoft.com | udp |
| US | 4.155.164.36:443 | msedge.api.cdp.microsoft.com | tcp |
| LV | 77.73.134.75:80 | tcp | |
| US | 4.155.164.36:443 | msedge.api.cdp.microsoft.com | tcp |
| DE | 83.217.11.38:80 | tcp | |
| US | 4.155.164.36:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 4.155.164.36:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 4.155.164.36:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 4.155.164.36:443 | msedge.api.cdp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.210.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
Files
memory/3432-0-0x0000000000424000-0x0000000000FB5000-memory.dmp
memory/3432-2-0x0000000001F80000-0x0000000001F81000-memory.dmp
memory/3432-1-0x0000000001F70000-0x0000000001F71000-memory.dmp
memory/3432-5-0x0000000000400000-0x0000000001E08000-memory.dmp
memory/3432-6-0x0000000000400000-0x0000000001E08000-memory.dmp
memory/3432-7-0x0000000000424000-0x0000000000FB5000-memory.dmp
memory/3432-8-0x0000000000400000-0x0000000001E08000-memory.dmp
memory/3432-10-0x0000000000400000-0x0000000001E08000-memory.dmp
memory/3432-11-0x0000000000424000-0x0000000000FB5000-memory.dmp