Malware analysis https://you.dj/desktop/YouDJ_Desktop_Win64.exe Malicious activity

Add for printing

URL:	https://you.dj/desktop/YouDJ_Desktop_Win64.exe
Full analysis:	https://app.any.run/tasks/5674c4b3-e696-4045-b134-72b5b0905ca2
Verdict:	Malicious activity
Analysis date:	July 27, 2024, 09:58:13
OS:	Windows 10 Professional (build: 19045, 64 bit)
Tags:	discord
Indicators:
MD5:	4901A4685AB06C470DA889CC435D4194
SHA1:	A6934A10C84EA78517AF0A5AC3F9902C68515B72
SHA256:	08B0100832F4950490D75BBF4B2952A219BC20B9530C39B9D9B8F06BB3B1DEDC
SSDEEP:	3:N8u1yBZVKIJDjd0C:2uIzT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Application launched itself
  - YOUDJ DESKTOP.exe (PID: 2348)
INFO
- Creates files or folders in the user directory
  - YOUDJ DESKTOP.exe (PID: 2348)
  - YOUDJ DESKTOP.exe (PID: 7656)
- Checks supported languages
  - YOUDJ DESKTOP.exe (PID: 2348)
  - YOUDJ DESKTOP.exe (PID: 7812)
  - YOUDJ DESKTOP.exe (PID: 7656)
  - YOUDJ DESKTOP.exe (PID: 3472)
  - YOUDJ DESKTOP.exe (PID: 8000)
  - YOUDJ DESKTOP.exe (PID: 3188)
- Reads the computer name
  - YOUDJ DESKTOP.exe (PID: 2348)
  - YOUDJ DESKTOP.exe (PID: 7812)
  - YOUDJ DESKTOP.exe (PID: 7656)
  - YOUDJ DESKTOP.exe (PID: 3188)
- Checks proxy server information
  - YOUDJ DESKTOP.exe (PID: 2348)
- Reads the machine GUID from the registry
  - YOUDJ DESKTOP.exe (PID: 2348)
- Process checks computer location settings
  - YOUDJ DESKTOP.exe (PID: 3472)
  - YOUDJ DESKTOP.exe (PID: 8000)
  - YOUDJ DESKTOP.exe (PID: 2348)
- Create files in a temporary directory
  - YOUDJ DESKTOP.exe (PID: 2348)
- Attempting to use instant messaging service
  - YOUDJ DESKTOP.exe (PID: 7656)
- Reads Environment values
  - YOUDJ DESKTOP.exe (PID: 8000)
- Reads product name
  - YOUDJ DESKTOP.exe (PID: 8000)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

228

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

1884

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2424 --field-trial-handle=2344,i,10653875144477300074,7620620038322642547,262144 --variations-seed-version /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

2348

"C:\Users\admin\AppData\Local\Programs\YOUDJ\YOUDJ DESKTOP.exe"

C:\Users\admin\AppData\Local\Programs\YOUDJ\YOUDJ DESKTOP.exe

—

explorer.exe

User:

admin

Company:

YouDJ

Integrity Level:

MEDIUM

Description:

YOUDJ DESKTOP

Version:

19.2.0

Modules

Images
c:\users\admin\appdata\local\programs\youdj\youdj desktop.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

3188

"C:\Users\admin\AppData\Local\Programs\YOUDJ\YOUDJ DESKTOP.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\admin\AppData\Roaming\YOUDJ DESKTOP" --mojo-platform-channel-handle=3272 --field-trial-handle=1692,i,3137145513301497892,16379056138135112462,131072 --disable-features=BlinkSchedulerMicroTaskQueuePerWindowAgent,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\admin\AppData\Local\Programs\YOUDJ\YOUDJ DESKTOP.exe

—

YOUDJ DESKTOP.exe

User:

admin

Company:

YouDJ

Integrity Level:

LOW

Description:

YOUDJ DESKTOP

Version:

19.2.0

Modules

Images
c:\users\admin\appdata\local\programs\youdj\youdj desktop.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

3472

"C:\Users\admin\AppData\Local\Programs\YOUDJ\YOUDJ DESKTOP.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\YOUDJ DESKTOP" --app-path="C:\Users\admin\AppData\Local\Programs\YOUDJ\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2440 --field-trial-handle=1692,i,3137145513301497892,16379056138135112462,131072 --disable-features=BlinkSchedulerMicroTaskQueuePerWindowAgent,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\admin\AppData\Local\Programs\YOUDJ\YOUDJ DESKTOP.exe

—

YOUDJ DESKTOP.exe

User:

admin

Company:

YouDJ

Integrity Level:

LOW

Description:

YOUDJ DESKTOP

Exit code:

Version:

19.2.0

Modules

Images
c:\users\admin\appdata\local\programs\youdj\youdj desktop.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

7656

"C:\Users\admin\AppData\Local\Programs\YOUDJ\YOUDJ DESKTOP.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\YOUDJ DESKTOP" --mojo-platform-channel-handle=2084 --field-trial-handle=1692,i,3137145513301497892,16379056138135112462,131072 --disable-features=BlinkSchedulerMicroTaskQueuePerWindowAgent,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\admin\AppData\Local\Programs\YOUDJ\YOUDJ DESKTOP.exe

YOUDJ DESKTOP.exe

User:

admin

Company:

YouDJ

Integrity Level:

MEDIUM

Description:

YOUDJ DESKTOP

Version:

19.2.0

Modules

Images
c:\users\admin\appdata\local\programs\youdj\youdj desktop.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

7812

"C:\Users\admin\AppData\Local\Programs\YOUDJ\YOUDJ DESKTOP.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\YOUDJ DESKTOP" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1692,i,3137145513301497892,16379056138135112462,131072 --disable-features=BlinkSchedulerMicroTaskQueuePerWindowAgent,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\admin\AppData\Local\Programs\YOUDJ\YOUDJ DESKTOP.exe

—

YOUDJ DESKTOP.exe

User:

admin

Company:

YouDJ

Integrity Level:

LOW

Description:

YOUDJ DESKTOP

Version:

19.2.0

Modules

Images
c:\users\admin\appdata\local\programs\youdj\youdj desktop.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

8000

"C:\Users\admin\AppData\Local\Programs\YOUDJ\YOUDJ DESKTOP.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\YOUDJ DESKTOP" --app-path="C:\Users\admin\AppData\Local\Programs\YOUDJ\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2728 --field-trial-handle=1692,i,3137145513301497892,16379056138135112462,131072 --disable-features=BlinkSchedulerMicroTaskQueuePerWindowAgent,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\admin\AppData\Local\Programs\YOUDJ\YOUDJ DESKTOP.exe

—

YOUDJ DESKTOP.exe

User:

admin

Company:

YouDJ

Integrity Level:

MEDIUM

Description:

YOUDJ DESKTOP

Version:

19.2.0

Modules

Images
c:\users\admin\appdata\local\programs\youdj\youdj desktop.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

3 162

Read events

3 144

Write events

Delete events

Modification events


(PID) Process:	(2348) YOUDJ DESKTOP.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:	delete value	Name:	en-US
Value:
(PID) Process:	(2348) YOUDJ DESKTOP.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:	delete value	Name:	en
Value:
(PID) Process:	(2348) YOUDJ DESKTOP.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:	delete value	Name:	_Global_
Value:

Add for printing

Executable files

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
1884	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000181		ini
		MD5:23D0CEEDEBB635018B33B9DCFD27A185	SHA256:52BBF497956FEB52EE1DD94EF21E7BB9F411D8301C869003BBC5CC984FFF0C68
1884	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF1eb45a.TMP		ini
		MD5:D751713988987E9331980363E24189CE	SHA256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
1884	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports		ini
		MD5:D751713988987E9331980363E24189CE	SHA256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
1884	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000185		ini
		MD5:1007CBC14F697C22D928B950975609A7	SHA256:F1FB5F6BAB3F1D2771D5752A746C19BB1A574DD8C0A5E61242F07FF342789E5E
1884	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000184		text
		MD5:C9383CF96821455E6E24A111F2BC7367	SHA256:0BEAC9439F7C4A767355BE57C792813102044E0CA8BEC8B2F966E90195CA2429
1884	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000187		compressed
		MD5:A685F624D89F90FAFB6ABF471DE9E60D	SHA256:C545A973B895D641A5141AB4F781700AC4C56C71A0BF85A8AC78A1AFBEC263E4
1884	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000183		binary
		MD5:DEE4C57CBD905399A7027532DECD5A7F	SHA256:246B8E91DCBBE896BAE06646CD37E60384E40160A8A0BB642B889283D997E021
1884	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00018e		compressed
		MD5:9650FEFE2E26DF37EE19A041B5EC8987	SHA256:C59A3B9E8EA12061F52A0B3756F8809AE6AC3EF939C5FBA3775ADCB9B0603833
1884	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000189		ini
		MD5:19EA775467259101C85C85C96B2A48F0	SHA256:EC064EEBAA05DC550DD838BAF89B2D117EDA6DB112355FCA3C748E4612C2FB66
1884	msedge.exe	C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000188		ini
		MD5:793F42DC04D4BC7F273DE14AED7A3A7E	SHA256:90CBCBC493C9E83576195737974A9FAA1EE9FF725E6307E691FEE9468410C32E

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

120

DNS requests

162

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
5368	SearchApp.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D	unknown	—	—	whitelisted
—	—	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
3676	backgroundTaskHost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D	unknown	—	—	whitelisted
3184	svchost.exe	GET	206	2.19.126.155:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cea6d764-36bf-4144-a357-ec91013ddbf5?P1=1722624441&P2=404&P3=2&P4=l4M%2fcTpzjd7l%2baG8pSLbm2DqajG5jh3uTBGmS2lIEQ3QAv8vmEYuyPpyE52pswBcPZQV4M8mxfTFgez%2f6nCMBg%3d%3d	unknown	—	—	whitelisted
3184	svchost.exe	HEAD	200	2.19.126.155:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/25c40319-aa27-44b6-9802-0043865d0ebf?P1=1722671118&P2=404&P3=2&P4=WD1U4H7ay5VUupQdTOcRCToOD06FdqEjrK0nQHcxC%2fuviFHilPjBMbX2hrOgSniZ%2f2LhJZ3T%2bJc7bHcjFdQFfw%3d%3d	unknown	—	—	whitelisted
3184	svchost.exe	GET	206	2.19.126.155:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cea6d764-36bf-4144-a357-ec91013ddbf5?P1=1722624441&P2=404&P3=2&P4=l4M%2fcTpzjd7l%2baG8pSLbm2DqajG5jh3uTBGmS2lIEQ3QAv8vmEYuyPpyE52pswBcPZQV4M8mxfTFgez%2f6nCMBg%3d%3d	unknown	—	—	whitelisted
3184	svchost.exe	GET	206	2.19.126.155:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/cea6d764-36bf-4144-a357-ec91013ddbf5?P1=1722624441&P2=404&P3=2&P4=l4M%2fcTpzjd7l%2baG8pSLbm2DqajG5jh3uTBGmS2lIEQ3QAv8vmEYuyPpyE52pswBcPZQV4M8mxfTFgez%2f6nCMBg%3d%3d	unknown	—	—	whitelisted
3184	svchost.exe	HEAD	200	2.19.126.155:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/8ee9a644-4296-4fb1-b90f-7c4d7ea948c5?P1=1722624442&P2=404&P3=2&P4=BQxHbeeEkZCvDJmRL8shdY61FQ0NiXgyHDrOePLqIEltQmseCeV0USBIYYwEEt8Rj2VmKTb0i5fKiwVnRaP7RA%3d%3d	unknown	—	—	whitelisted
5368	SearchApp.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D	unknown	—	—	whitelisted
4792	backgroundTaskHost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
—	—	51.124.78.146:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
—	—	2.16.110.168:443	www.bing.com	Akamai International B.V.	DE	unknown
—	—	131.253.33.254:443	a-ring-fallback.msedge.net	MICROSOFT-CORP-MSN-AS-BLOCK	US	unknown
2856	slui.exe	20.83.72.98:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
—	—	20.83.72.98:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
—	—	239.255.255.250:1900	—	—	—	whitelisted
3848	slui.exe	20.83.72.98:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
—	—	13.107.42.16:443	config.edge.skype.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted

DNS requests

Domain	IP	Reputation
settings-win.data.microsoft.com	51.124.78.146 4.231.128.59	whitelisted
t-ring-fdv2.msedge.net	13.107.237.254	unknown
a-ring-fallback.msedge.net	131.253.33.254	unknown
www.bing.com	2.16.110.168 2.16.110.170 2.16.110.171 2.16.110.203 2.16.110.136 2.16.110.123 2.16.110.195 2.23.209.182 2.23.209.176 2.23.209.133 2.23.209.185 2.23.209.148 2.23.209.140 2.23.209.130 2.23.209.149 2.23.209.187 2.23.209.179 2.23.209.189 2.23.209.177 2.23.209.181 2.23.209.183 2.23.209.135	whitelisted
google.com	142.250.185.238	whitelisted
you.dj	51.79.80.223	whitelisted
config.edge.skype.com	13.107.42.16	whitelisted
edge.microsoft.com	204.79.197.239 13.107.21.239	whitelisted
edge-mobile-static.azureedge.net	13.107.246.45	whitelisted
business.bing.com	13.107.6.158	whitelisted

Threats

PID	Process	Class	Message
1884	msedge.exe	Potentially Bad Traffic	ET DNS Query for .cc TLD
1884	msedge.exe	Potentially Bad Traffic	ET DNS Query for .cc TLD
7656	YOUDJ DESKTOP.exe	Misc activity	ET INFO Observed Discord Domain in DNS Lookup (discord .com)
7656	YOUDJ DESKTOP.exe	Misc activity	ET INFO Observed Discord Domain in DNS Lookup (discord .com)

Add for printing

No debug info

General Info

https://you.dj/desktop/YouDJ_Desktop_Win64.exe

4901A4685AB06C470DA889CC435D4194

A6934A10C84EA78517AF0A5AC3F9902C68515B72

08B0100832F4950490D75BBF4B2952A219BC20B9530C39B9D9B8F06BB3B1DEDC

3:N8u1yBZVKIJDjd0C:2uIzT

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Application launched itself

INFO

Creates files or folders in the user directory

Checks supported languages

Reads the computer name

Checks proxy server information

Reads the machine GUID from the registry

Process checks computer location settings

Create files in a temporary directory

Attempting to use instant messaging service

Reads Environment values

Reads product name

Malware configuration

Static information

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings