File name:

discord-1-0-9034.exe

Full analysis: https://app.any.run/tasks/72510ce2-4c51-42b2-a93a-7a406df9f4cc
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: November 30, 2024, 20:28:11
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
discord
stealer
nodejs
rust
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 7 sections
MD5:

4284989E0E4855F3192787E17D052559

SHA1:

F44CE02D81B0C7FF01E6E103C9601F9A4AF3C7E2

SHA256:

4F00E52B67DF81EAE3AF2DE34C38A6D02CB215341C02B7C4C9427A3F3F044758

SSDEEP:

786432:dQVCOPgYHpbNahBRH+iS2x49YzKs95y+bevR312vlvvvM:dQEOvpZahf9Px49QKs95yIevR3121vv

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • Discord.exe (PID: 3420)
      • Discord.exe (PID: 2076)
      • Discord.exe (PID: 3936)

    • Changes the autorun value in the registry

      • reg.exe (PID: 6072)
      • reg.exe (PID: 5568)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • discord-1-0-9034.exe (PID: 2676)
      • Update.exe (PID: 5728)
      • Discord.exe (PID: 2076)
      • Discord.exe (PID: 5572)

    • Process drops legitimate windows executable

      • Update.exe (PID: 5728)
      • Discord.exe (PID: 2076)

    • Application launched itself

      • Discord.exe (PID: 3420)
      • Discord.exe (PID: 2076)
      • Discord.exe (PID: 3936)

    • Uses REG/REGEDIT.EXE to modify registry

      • Discord.exe (PID: 3420)
      • Discord.exe (PID: 2076)
      • Discord.exe (PID: 3936)

    • Reads security settings of Internet Explorer

      • Update.exe (PID: 5728)

    • Creates a software uninstall entry

      • Update.exe (PID: 5728)

    • Searches for installed software

      • Update.exe (PID: 5728)

  • INFO

    • Checks supported languages

      • discord-1-0-9034.exe (PID: 2676)
      • Update.exe (PID: 5728)
      • Discord.exe (PID: 3420)
      • Discord.exe (PID: 4840)
      • Update.exe (PID: 932)
      • Discord.exe (PID: 1512)
      • Discord.exe (PID: 5400)
      • Discord.exe (PID: 2076)
      • Discord.exe (PID: 4056)
      • Discord.exe (PID: 3532)
      • Discord.exe (PID: 244)
      • Discord.exe (PID: 3692)
      • Discord.exe (PID: 3936)
      • Discord.exe (PID: 4012)
      • Discord.exe (PID: 5256)
      • Discord.exe (PID: 3796)
      • Discord.exe (PID: 5464)
      • Discord.exe (PID: 5572)
      • Discord.exe (PID: 4724)

    • Create files in a temporary directory

      • discord-1-0-9034.exe (PID: 2676)
      • Update.exe (PID: 5728)
      • Discord.exe (PID: 2076)
      • Discord.exe (PID: 3936)

    • Sends debugging messages

      • discord-1-0-9034.exe (PID: 2676)

    • Creates files or folders in the user directory

      • discord-1-0-9034.exe (PID: 2676)
      • Update.exe (PID: 5728)
      • Discord.exe (PID: 4840)
      • Discord.exe (PID: 3420)
      • Update.exe (PID: 932)
      • Discord.exe (PID: 5400)
      • Discord.exe (PID: 2076)
      • Discord.exe (PID: 4056)
      • Discord.exe (PID: 4012)
      • Discord.exe (PID: 3936)
      • Discord.exe (PID: 4724)
      • Discord.exe (PID: 3796)

    • Reads the machine GUID from the registry

      • Update.exe (PID: 5728)
      • Update.exe (PID: 932)
      • Discord.exe (PID: 2076)
      • Discord.exe (PID: 3936)
      • Discord.exe (PID: 4724)
      • Discord.exe (PID: 5256)

    • Reads the computer name

      • Update.exe (PID: 5728)
      • Discord.exe (PID: 3420)
      • Update.exe (PID: 932)
      • Discord.exe (PID: 2076)
      • Discord.exe (PID: 5400)
      • Discord.exe (PID: 1512)
      • Discord.exe (PID: 3532)
      • Discord.exe (PID: 3692)
      • Discord.exe (PID: 3936)
      • Discord.exe (PID: 4724)
      • Discord.exe (PID: 3796)
      • Discord.exe (PID: 5256)

    • Process checks computer location settings

      • Discord.exe (PID: 3420)
      • Update.exe (PID: 5728)
      • Discord.exe (PID: 2076)
      • Discord.exe (PID: 244)
      • Discord.exe (PID: 3936)
      • Discord.exe (PID: 5464)

    • Checks proxy server information

      • Discord.exe (PID: 3420)
      • Discord.exe (PID: 2076)
      • Discord.exe (PID: 3936)

    • Reads CPU info

      • Discord.exe (PID: 3420)
      • Discord.exe (PID: 2076)

    • The process uses the downloaded file

      • Update.exe (PID: 5728)

    • Node.js compiler has been detected

      • Discord.exe (PID: 3532)
      • Discord.exe (PID: 4056)
      • Discord.exe (PID: 3692)
      • Discord.exe (PID: 2076)

    • Reads the software policy settings

      • Discord.exe (PID: 2076)
      • Discord.exe (PID: 3936)

    • Application based on Rust

      • Discord.exe (PID: 2076)

    • Attempting to use instant messaging service

      • Discord.exe (PID: 2076)
      • Discord.exe (PID: 3936)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (52.9)
.exe | Generic Win/DOS Executable (23.5)
.exe | DOS Executable Generic (23.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:08:07 00:35:47+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 131584
InitializedDataSize: 96043520
UninitializedDataSize: -
EntryPoint: 0xb61e
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.74.0
ProductVersionNumber: 1.0.74.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Discord - https://discord.com/
FileVersion: 1.0.9034
InternalName: Setup.exe
LegalCopyright: Copyright (c) 2024 Discord Inc. All rights reserved.
OriginalFileName: Setup.exe
ProductName: Discord - https://discord.com/
ProductVersion: 1.0.9034
SquirrelAwareVersion: 1
CompanyName: Discord Inc.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
159
Monitored processes
49
Malicious processes
5
Suspicious processes
2

Behavior graph

Click at the process to see the details
start discord-1-0-9034.exe update.exe discord.exe discord.exe no specs update.exe no specs discord.exe no specs discord.exe no specs reg.exe conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs discord.exe discord.exe no specs discord.exe no specs discord.exe no specs reg.exe no specs conhost.exe no specs discord.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe conhost.exe no specs discord.exe discord.exe no specs discord.exe no specs discord.exe discord.exe no specs reg.exe no specs conhost.exe no specs discord.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs discord.exe

Process information

PID
CMD
Path
Indicators
Parent process
244"C:\Users\admin\AppData\Local\Discord\app-1.0.9034\Discord.exe" --type=renderer --user-data-dir="C:\Users\admin\AppData\Roaming\discord" --standard-schemes --secure-schemes=disclip --bypasscsp-schemes --cors-schemes --fetch-schemes=disclip --service-worker-schemes --streaming-schemes --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\admin\AppData\Local\Discord\app-1.0.9034\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2828 --field-trial-handle=1940,i,831576835070111711,9642944442329608144,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1C:\Users\admin\AppData\Local\Discord\app-1.0.9034\Discord.exeDiscord.exe
User:
admin
Company:
Discord Inc.
Integrity Level:
MEDIUM
Description:
Discord
Exit code:
0
Version:
1.0.9034
Modules
Images
c:\users\admin\appdata\local\discord\app-1.0.9034\discord.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
628\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
932C:\Users\admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\admin\AppData\Local\Discord\app.icoC:\Users\admin\AppData\Local\Discord\Update.exeDiscord.exe
User:
admin
Company:
GitHub
Integrity Level:
MEDIUM
Description:
Update
Exit code:
0
Version:
1.1.1.0
Modules
Images
c:\users\admin\appdata\local\discord\update.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
1512"C:\Users\admin\AppData\Local\Discord\app-1.0.9034\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\discord" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 --field-trial-handle=1992,i,12303605737034466827,4862231533361257586,131072 --disable-features=HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2C:\Users\admin\AppData\Local\Discord\app-1.0.9034\Discord.exeDiscord.exe
User:
admin
Company:
Discord Inc.
Integrity Level:
LOW
Description:
Discord
Exit code:
0
Version:
1.0.9034
Modules
Images
c:\users\admin\appdata\local\discord\app-1.0.9034\discord.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
1620C:\WINDOWS\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /fC:\Windows\SysWOW64\reg.exeDiscord.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1796C:\WINDOWS\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\admin\AppData\Local\Discord\app-1.0.9034\Discord.exe\",-1" /fC:\Windows\SysWOW64\reg.exeDiscord.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1804\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1944\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2008\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2076"C:\Users\admin\AppData\Local\Discord\app-1.0.9034\Discord.exe" --squirrel-firstrunC:\Users\admin\AppData\Local\Discord\app-1.0.9034\Discord.exe
Update.exe
User:
admin
Company:
Discord Inc.
Integrity Level:
MEDIUM
Description:
Discord
Exit code:
0
Version:
1.0.9034
Modules
Images
c:\users\admin\appdata\local\discord\app-1.0.9034\discord.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
Total events
13 895
Read events
13 822
Write events
19
Delete events
54

Modification events

(PID) Process:(3420) Discord.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en-US
Value:
(PID) Process:(3420) Discord.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en
Value:
(PID) Process:(3420) Discord.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:_Global_
Value:
(PID) Process:(6072) reg.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Discord
Value:
"C:\Users\admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
(PID) Process:(3532) reg.exeKey:HKEY_CLASSES_ROOT\Discord
Operation:writeName:URL Protocol
Value:
(PID) Process:(5728) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Discord
Operation:writeName:DisplayName
Value:
Discord
(PID) Process:(5728) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Discord
Operation:writeName:DisplayVersion
Value:
1.0.9034
(PID) Process:(5728) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Discord
Operation:writeName:InstallDate
Value:
20242930
(PID) Process:(5728) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Discord
Operation:writeName:InstallLocation
Value:
C:\Users\admin\AppData\Local\Discord
(PID) Process:(5728) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Discord
Operation:writeName:Publisher
Value:
Discord Inc.
Executable files
39
Suspicious files
681
Text files
240
Unknown types
7

Dropped files

PID
Process
Filename
Type
2676discord-1-0-9034.exeC:\Users\admin\AppData\Local\SquirrelTemp\Discord-1.0.9034-full.nupkg
MD5:
SHA256:
5728Update.exeC:\Users\admin\AppData\Local\Discord\packages\Discord-1.0.9034-full.nupkg
MD5:
SHA256:
5728Update.exeC:\Users\admin\AppData\Local\Discord\app-1.0.9034\lib\net45\Discord.exe
MD5:
SHA256:
5728Update.exeC:\Users\admin\AppData\Local\Discord\app-1.0.9034\lib\net45\icudtl.dat
MD5:
SHA256:
5728Update.exeC:\Users\admin\AppData\Local\Discord\app-1.0.9034\lib\net45\resources.pak
MD5:
SHA256:
2676discord-1-0-9034.exeC:\Users\admin\AppData\Local\SquirrelTemp\RELEASEStext
MD5:E9918809775D58624595598E49B57DBD
SHA256:04E4B3BD71DAC9838240C0DDCC37C69024D06D9780F6180B9617C6272647EBC1
2676discord-1-0-9034.exeC:\Users\admin\AppData\Local\Temp\SquirrelSetup.logtext
MD5:F9A846467DDC05FCF593AB80F78A7383
SHA256:03A8A782FB7F41A30049483844A4229213459A6FD0D910FA946C9631E012B270
2676discord-1-0-9034.exeC:\Users\admin\AppData\Local\SquirrelTemp\Update.exeexecutable
MD5:B761D7400D5136EE0B1A40B5A3228152
SHA256:4E06DB09B8C3769968C3D0B51D7CF7470FDBA1AAF32DECF49DBD923708F86AE7
5728Update.exeC:\Users\admin\AppData\Local\Discord\Update.exeexecutable
MD5:B761D7400D5136EE0B1A40B5A3228152
SHA256:4E06DB09B8C3769968C3D0B51D7CF7470FDBA1AAF32DECF49DBD923708F86AE7
5728Update.exeC:\Users\admin\AppData\Local\Discord\app-1.0.9034\lib\net45\app.icoimage
MD5:084F9BC0136F779F82BEA88B5C38A358
SHA256:DFCEA1BEA8A924252D507D0316D8CF38EFC61CF1314E47DCA3EB723F47D5FE43
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
34
DNS requests
10
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
162.159.138.232:443
https://updates.discord.com/distributions/app/manifests/latest?install_id=a94ca4da-ace6-489b-99b7-58327c8f8853&channel=stable&platform=win&arch=x86
unknown
binary
9.16 Kb
whitelisted
GET
200
34.126.226.51:443
https://stable.dl2.discordapp.net/distro/app/stable/win/x86/1.0.9059/full.distro
US
binary
85.3 Mb
whitelisted
GET
200
34.126.226.51:443
https://stable.dl2.discordapp.net/distro/app/stable/win/x86/1.0.9059/discord_voice/1/full.distro
US
binary
8.67 Mb
whitelisted
GET
200
34.126.226.51:443
https://stable.dl2.discordapp.net/distro/app/stable/win/x86/1.0.9059/discord_desktop_core/1/full.distro
US
binary
1.46 Mb
whitelisted
GET
200
34.126.226.51:443
https://stable.dl2.discordapp.net/distro/app/stable/win/x64/1.0.9172/discord_spellcheck/1/full.distro
US
binary
1.58 Mb
whitelisted
GET
200
162.159.137.232:443
https://updates.discord.com/distributions/app/manifests/latest?install_id=a94ca4da-ace6-489b-99b7-58327c8f8853&channel=stable&platform=win&arch=x86
unknown
binary
9.16 Kb
whitelisted
POST
200
172.217.16.195:443
https://update.googleapis.com/service/update2/json?cup2key=14:CGDfQtT9kGjBiYBCWXmheSFehuVzLtupsb5kZq9pOwY&cup2hreq=13dab0a16c278b8c05ab5e43c0dd4de554840a168289705d6513b57dcdcb3c46
US
text
1.33 Kb
whitelisted
GET
200
162.159.135.232:443
https://updates.discord.com/distributions/app/manifests/latest?install_id=a94ca4da-ace6-489b-99b7-58327c8f8853&channel=stable&platform=win&arch=x64&platform_version=10.0.19045
unknown
binary
9.68 Kb
whitelisted
3796
Discord.exe
GET
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adwxj5t3i5sknzmzrdcts2ahocna_4.10.2830.0/oimompecagnajdejgnnjijobebaeigek_4.10.2830.0_win32_pi7fbtgomadufx37pziz5b3buy.crx3
US
binary
13.4 Mb
whitelisted
GET
200
34.126.226.51:443
https://stable.dl2.discordapp.net/distro/app/stable/win/x64/1.0.9172/discord_erlpack/1/full.distro
US
ini
216 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2.16.110.171:443
www.bing.com
Akamai International B.V.
DE
whitelisted
2076
Discord.exe
162.159.136.232:443
updates.discord.com
CLOUDFLARENET
whitelisted
2076
Discord.exe
34.126.226.51:443
stable.dl2.discordapp.net
GOOGLE
US
whitelisted
3796
Discord.exe
142.250.185.227:443
update.googleapis.com
GOOGLE
US
whitelisted
3936
Discord.exe
162.159.136.232:443
updates.discord.com
CLOUDFLARENET
whitelisted
3796
Discord.exe
34.104.35.123:80
edgedl.me.gvt1.com
GOOGLE
US
whitelisted
3936
Discord.exe
34.126.226.51:443
stable.dl2.discordapp.net
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
whitelisted
www.bing.com
  • 2.16.110.171
  • 2.16.110.121
whitelisted
google.com
  • 216.58.206.46
whitelisted
updates.discord.com
  • 162.159.136.232
  • 162.159.138.232
  • 162.159.137.232
  • 162.159.128.233
  • 162.159.135.232
whitelisted
stable.dl2.discordapp.net
  • 34.126.226.51
whitelisted
update.googleapis.com
  • 142.250.185.227
whitelisted
edgedl.me.gvt1.com
  • 34.104.35.123
whitelisted
self.events.data.microsoft.com
  • 20.189.173.14
whitelisted

Threats

PID
Process
Class
Message
2192
svchost.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
2076
Discord.exe
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
3936
Discord.exe
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
Process
Message
discord-1-0-9034.exe
Start up installer:
discord-1-0-9034.exe
Want standard install
discord-1-0-9034.exe
Elevated process: ?
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
discord-1-0-9034.exe