URL:

https://workupload.com/file/QDbymtZZPy2

Full analysis: https://app.any.run/tasks/cfdb9d20-d159-4149-b4c9-e9844a4e629d
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: February 09, 2024, 22:02:38
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
raccoon
stealer
recordbreaker
loader
Indicators:
MD5:

F312E67BA748B42B4F09F1FF795119E2

SHA1:

6663C43F8A7A58DA84312EC1E59C07EBC599D27E

SHA256:

B0F88E85DFB2838131B0F56A45881224CEBBE0FEC7C3ED9579F38B76E6E0B736

SSDEEP:

3:N8bXOrZXYvFm:2ito9m

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • RACCOON has been detected (YARA)

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • RACCOON has been detected (SURICATA)

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Raccoon mutex has been detected

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Connects to the CnC server

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Drops the executable file immediately after the start

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Steals credentials

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Actions looks like stealing of personal data

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Connects to the server without a host name

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Process requests binary or script from the Internet

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Reads the Internet Settings

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • The process drops Mozilla's DLL files

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Process drops legitimate windows executable

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • The process drops C-runtime libraries

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Searches for installed software

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Process drops SQLite DLL files

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Executable content was dropped or overwritten

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Reads browser cookies

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

  • INFO

    • The process uses the downloaded file

      • WinRAR.exe (PID: 1792)
      • chrome.exe (PID: 492)

    • Application launched itself

      • chrome.exe (PID: 3672)

    • Checks proxy server information

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Checks supported languages

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Manual execution by a user

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Reads the computer name

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Creates files or folders in the user directory

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Reads Environment values

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Reads product name

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)

    • Reads the machine GUID from the registry

      • Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr (PID: 920)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Raccoon

(PID) Process(920) Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
C2 (1)http://195.20.16.226:80
Keys
xorefec76d6f82edc8dc42ac033257ef173
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
53
Monitored processes
15
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs winrar.exe no specs chrome.exe no specs #RACCOON sousou no frieren - s01e22 (2560p) [75429391] [multiple subtitle] [eng][por-br][spa-la][spa][fre][ger][i~0.scr

Process information

PID
CMD
Path
Indicators
Parent process
492"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=3240 --field-trial-handle=1116,i,16821348934265601683,5471089166173920409,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
920"C:\Users\admin\Desktop\Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr" /SC:\Users\admin\Desktop\Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
explorer.exe
User:
admin
Company:
IObit
Integrity Level:
MEDIUM
Description:
Autoupdate
Exit code:
0
Version:
13.0.0.98
Modules
Images
c:\users\admin\desktop\sousou no frieren - s01e22 (2560p) [75429391] [multiple subtitle] [eng][por-br][spa-la][spa][fre][ger][i~0.scr
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
Raccoon
(PID) Process(920) Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
C2 (1)http://195.20.16.226:80
Keys
xorefec76d6f82edc8dc42ac033257ef173
1112"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=3228 --field-trial-handle=1116,i,16821348934265601683,5471089166173920409,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1792"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I_0.zip"C:\Program Files\WinRAR\WinRAR.exechrome.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1836"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2012 --field-trial-handle=1116,i,16821348934265601683,5471089166173920409,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1976"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1360 --field-trial-handle=1116,i,16821348934265601683,5471089166173920409,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2488"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=3268 --field-trial-handle=1116,i,16821348934265601683,5471089166173920409,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2504"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=3320 --field-trial-handle=1116,i,16821348934265601683,5471089166173920409,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2752"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1116,i,16821348934265601683,5471089166173920409,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
3228"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=1308 --field-trial-handle=1116,i,16821348934265601683,5471089166173920409,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
12 736
Read events
12 592
Write events
130
Delete events
14

Modification events

(PID) Process:(3672) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3672) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3672) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(3672) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3672) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(3672) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(3672) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(3672) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(3672) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(3672) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid
Value:
Executable files
7
Suspicious files
65
Text files
44
Unknown types
10

Dropped files

PID
Process
Filename
Type
3672chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF17f1e2.TMP
MD5:
SHA256:
3672chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
3672chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:ECD3386BCC950E73B86EB128A5F57622
SHA256:C9A068EAFBC587EDFC89392F64DDD350EEB96C5CF195CDB030BAB8F6DD33833B
3672chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.oldtext
MD5:4755704EAEB72509F8E78594142D80D6
SHA256:52D45B3A4947B8B5B8C48F83F83BA6758CFB7C4434FC574124378F5B01E15999
3672chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old~RF17f3a7.TMPtext
MD5:F5B58F0B08202C8D6DE12514994A84BF
SHA256:F5BA8809B6A3920A11CF31E7F6A1DEC46EF4F4339D6158967CCB1405409D1241
3672chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF17f1e2.TMPtext
MD5:05CF4C3C5148DA6355D3561A9EAA5E8A
SHA256:8D720243F6876898E4F197C8867C4CEE69F1C7335C55B8A29C120B1028D93E41
3672chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF17f869.TMP
MD5:
SHA256:
3672chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
MD5:
SHA256:
3672chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF17f201.TMPtext
MD5:ADB669AB4CD1C63883C64FB0DBA2C7DA
SHA256:18BFF89047EC5B122573D089B3DC7A7DD14A5A7A515B2D8141584B41E723253F
3672chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old~RF1804cd.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
27
DNS requests
16
Threats
22

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
GET
200
195.20.16.226:80
http://195.20.16.226/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll
unknown
executable
1.95 Mb
unknown
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
GET
200
195.20.16.226:80
http://195.20.16.226/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll
unknown
executable
438 Kb
unknown
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
GET
200
195.20.16.226:80
http://195.20.16.226/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll
unknown
executable
78.2 Kb
unknown
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
POST
200
195.20.16.226:80
http://195.20.16.226/
unknown
text
7.15 Kb
unknown
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
GET
200
195.20.16.226:80
http://195.20.16.226/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll
unknown
executable
612 Kb
unknown
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
GET
200
195.20.16.226:80
http://195.20.16.226/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll
unknown
executable
1.05 Mb
unknown
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
GET
200
195.20.16.226:80
http://195.20.16.226/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll
unknown
executable
668 Kb
unknown
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
POST
200
195.20.16.226:80
http://195.20.16.226/c7fff281362d4f0773e829a74c84ed74
unknown
text
8 b
unknown
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
POST
200
195.20.16.226:80
http://195.20.16.226/c7fff281362d4f0773e829a74c84ed74
unknown
text
8 b
unknown
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
GET
200
195.20.16.226:80
http://195.20.16.226/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll
unknown
executable
248 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
3228
chrome.exe
74.125.71.84:443
accounts.google.com
GOOGLE
US
unknown
3672
chrome.exe
239.255.255.250:1900
unknown
3228
chrome.exe
144.76.176.119:443
Hetzner Online GmbH
DE
unknown
3228
chrome.exe
213.239.194.3:443
t.workupload.com
Hetzner Online GmbH
DE
unknown
3228
chrome.exe
142.250.186.106:443
content-autofill.googleapis.com
GOOGLE
US
whitelisted
3672
chrome.exe
224.0.0.251:5353
unknown
3228
chrome.exe
167.235.181.6:443
f95.workupload.com
Hetzner Online GmbH
DE
unknown

DNS requests

Domain
IP
Reputation
workupload.com
  • 142.250.186.78
whitelisted
accounts.google.com
  • 74.125.71.84
shared
t.workupload.com
  • 213.239.194.3
unknown
content-autofill.googleapis.com
  • 142.250.186.106
  • 172.217.18.10
  • 142.250.186.42
  • 142.250.186.138
  • 142.250.186.74
  • 142.250.186.170
  • 142.250.181.234
  • 142.250.184.202
  • 142.250.184.234
  • 142.250.185.234
  • 142.250.185.202
  • 142.250.185.170
  • 142.250.185.138
  • 142.250.185.106
  • 142.250.185.74
  • 216.58.212.138
whitelisted
f95.workupload.com
  • 167.235.181.6
unknown
www.googleapis.com
  • 142.250.184.202
  • 142.250.186.170
  • 142.250.181.234
  • 172.217.18.106
  • 216.58.206.42
  • 142.250.186.106
  • 172.217.16.202
  • 172.217.18.10
  • 142.250.185.138
  • 142.250.185.106
  • 142.250.185.202
  • 216.58.212.170
  • 142.250.184.234
  • 142.250.185.170
  • 142.250.185.234
  • 142.250.185.74
whitelisted
sb-ssl.google.com
unknown
safebrowsing.google.com
  • 216.58.206.46
whitelisted

Threats

PID
Process
Class
Message
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
A Network Trojan was detected
ET MALWARE Win32/RecordBreaker CnC Checkin M1
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
A Network Trojan was detected
ET MALWARE Win32/RecordBreaker CnC Checkin - Server Response
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
A suspicious filename was detected
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
Potentially Bad Traffic
ET INFO Dotted Quad Host DLL Request
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
Potentially Bad Traffic
ET INFO Dotted Quad Host DLL Request
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
Potentially Bad Traffic
ET INFO Dotted Quad Host DLL Request
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
A suspicious filename was detected
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
Potentially Bad Traffic
ET INFO Dotted Quad Host DLL Request
920
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
A suspicious filename was detected
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
3 ETPRO signatures available at the full report
Process
Message
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
tw0xu14w8
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
tf9fnyzeu
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
tv8nwi2ye
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
tv8nwi2ye
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
tv8nwi2ye
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
tv8nwi2ye
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
tv8nwi2ye
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
tv8nwi2ye
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
tv8nwi2ye
Sousou no Frieren - S01E22 (2560p) [75429391] [Multiple Subtitle] [ENG][POR-BR][SPA-LA][SPA][FRE][GER][I~0.scr
tv8nwi2ye
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://workupload.com/file/QDbymtZZPy2