URL:

https://pandaquestdemo.com/

Full analysis: https://app.any.run/tasks/74d0d188-b35f-44a8-b9ed-03a12cb1af10
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: September 05, 2024, 18:19:11
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
discord
stealer
discordgrabber
generic
Indicators:
MD5:

21AAC31E689576005625FEF202E63476

SHA1:

1DAECDC13065030FAD00924B32653F20FC431A0F

SHA256:

5D2D4058D93D597084E90A3B7BEC66AB8BBE5653D1BCA172B2C31BDB10A87276

SSDEEP:

3:N8AUzk:2AUzk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • PandaQuestDemo.exe (PID: 4064)

    • DISCORDGRABBER has been detected (YARA)

      • PandaQuestDemo.exe (PID: 4064)

  • SUSPICIOUS

    • Drops 7-zip archiver for unpacking

      • PandaQuestDemo.exe (PID: 6296)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • PandaQuestDemo.exe (PID: 6296)

    • Executable content was dropped or overwritten

      • PandaQuestDemo.exe (PID: 6296)
      • PandaQuestDemo.exe (PID: 4064)

    • Process drops legitimate windows executable

      • PandaQuestDemo.exe (PID: 6296)

    • Creates a software uninstall entry

      • PandaQuestDemo.exe (PID: 6296)

    • The process creates files with name similar to system file names

      • PandaQuestDemo.exe (PID: 6296)

    • Reads security settings of Internet Explorer

      • PandaQuestDemo.exe (PID: 6296)

    • Accesses product unique identifier via WMI (SCRIPT)

      • WMIC.exe (PID: 1828)

    • Get information on the list of running processes

      • PandaQuestDemo.exe (PID: 4064)
      • cmd.exe (PID: 4060)
      • cmd.exe (PID: 3316)
      • cmd.exe (PID: 3328)
      • cmd.exe (PID: 5544)
      • cmd.exe (PID: 5548)

    • Application launched itself

      • PandaQuestDemo.exe (PID: 4064)

    • Starts CMD.EXE for commands execution

      • PandaQuestDemo.exe (PID: 4064)

    • Uses WMIC.EXE to obtain Windows Installer data

      • cmd.exe (PID: 5072)

    • Uses TASKKILL.EXE to kill Browsers

      • cmd.exe (PID: 7024)
      • cmd.exe (PID: 5248)
      • cmd.exe (PID: 6364)

  • INFO

    • Reads the computer name

      • PandaQuestDemo.exe (PID: 6296)
      • PandaQuestDemo.exe (PID: 2992)
      • PandaQuestDemo.exe (PID: 4064)
      • PandaQuestDemo.exe (PID: 6184)

    • Create files in a temporary directory

      • PandaQuestDemo.exe (PID: 6296)
      • PandaQuestDemo.exe (PID: 4064)

    • Reads the software policy settings

      • slui.exe (PID: 3908)

    • Creates files or folders in the user directory

      • PandaQuestDemo.exe (PID: 6296)
      • PandaQuestDemo.exe (PID: 4064)

    • Reads product name

      • PandaQuestDemo.exe (PID: 4064)

    • Reads Environment values

      • PandaQuestDemo.exe (PID: 4064)

    • Manual execution by a user

      • PandaQuestDemo.exe (PID: 4064)
      • PandaQuestDemo.exe (PID: 6296)
      • WinRAR.exe (PID: 4060)

    • The process uses the downloaded file

      • chrome.exe (PID: 3036)
      • WinRAR.exe (PID: 4060)

    • Checks supported languages

      • PandaQuestDemo.exe (PID: 6296)
      • PandaQuestDemo.exe (PID: 4064)
      • PandaQuestDemo.exe (PID: 2992)
      • PandaQuestDemo.exe (PID: 6184)

    • Application launched itself

      • chrome.exe (PID: 6196)

    • Process checks computer location settings

      • PandaQuestDemo.exe (PID: 4064)

    • Checks proxy server information

      • PandaQuestDemo.exe (PID: 4064)

    • Reads the machine GUID from the registry

      • PandaQuestDemo.exe (PID: 4064)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 1828)

    • Attempting to use instant messaging service

      • chrome.exe (PID: 6148)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
189
Monitored processes
55
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs sppextcomobj.exe no specs slui.exe chrome.exe no specs chrome.exe no specs rundll32.exe no specs chrome.exe no specs winrar.exe no specs slui.exe no specs pandaquestdemo.exe #DISCORDGRABBER pandaquestdemo.exe cmd.exe no specs conhost.exe no specs wmic.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs tasklist.exe no specs tasklist.exe no specs pandaquestdemo.exe no specs pandaquestdemo.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs svchost.exe taskkill.exe no specs where.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs taskkill.exe no specs where.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs cmd.exe no specs conhost.exe no specs tasklist.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1132where /r . cookies.sqliteC:\Windows\System32\where.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Where - Lists location of files
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\where.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
1332tasklistC:\Windows\System32\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1432"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --no-appcompat-clear --mojo-platform-channel-handle=2212 --field-trial-handle=1896,i,14653304177830361224,1738180009100824572,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
1
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1656"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgABAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1892 --field-trial-handle=1896,i,14653304177830361224,1738180009100824572,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
1
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
1828wmic csproduct get uuidC:\Windows\System32\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
2144"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4072 --field-trial-handle=1896,i,14653304177830361224,1738180009100824572,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
1
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2228C:\WINDOWS\system32\cmd.exe /d /s /c "where /r . cookies.sqlite"C:\Windows\System32\cmd.exePandaQuestDemo.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
2256C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
2580tasklistC:\Windows\System32\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2876\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
8 325
Read events
8 282
Write events
37
Delete events
6

Modification events

(PID) Process:(6196) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6196) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6196) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6196) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6196) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(3036) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
Value:
0100000000000000FDDE613EC0FFDA01
(PID) Process:(4060) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(4060) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(4060) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(4060) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
22
Suspicious files
252
Text files
44
Unknown types
11

Dropped files

PID
Process
Filename
Type
6196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF12a967.TMP
MD5:
SHA256:
6196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF12a967.TMP
MD5:
SHA256:
6196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
MD5:
SHA256:
6196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
6196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
6196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old~RF12aaa0.TMPtext
MD5:86E6BAA91A6F56387D777804EC3DE437
SHA256:BB32752B143D45A6914D496141D263991B7AA04ADD153D8BD8C736DE282A2A1A
6196chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:723783C35EAEEE1492EDB30847AE6750
SHA256:C29323F784CF873BF34992E7A2B4630B19641BF42980109E31D5AF2D487DF6F8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
86
DNS requests
54
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6344
SIHClient.exe
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6516
svchost.exe
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6344
SIHClient.exe
GET
200
23.32.185.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
3652
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5944
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjAtN2FlY2ZjMDg0NmNj/1.0.0.17_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
unknown
whitelisted
5944
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjAtN2FlY2ZjMDg0NmNj/1.0.0.17_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5944
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjAtN2FlY2ZjMDg0NmNj/1.0.0.17_llkgjffcdpffmhiakmfcdcblohccpfmo.crx
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6516
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
6652
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2120
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6148
chrome.exe
18.192.94.96:443
pandaquestdemo.com
AMAZON-02
DE
unknown
6196
chrome.exe
239.255.255.250:1900
whitelisted
6148
chrome.exe
64.233.167.84:443
accounts.google.com
GOOGLE
US
whitelisted
6148
chrome.exe
104.26.9.213:443
matstats.theindiestone.com
CLOUDFLARENET
US
malicious
6148
chrome.exe
172.67.23.148:443
projectzomboid.com
CLOUDFLARENET
US
whitelisted
6148
chrome.exe
184.24.77.168:443
img.itch.zone
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 52.137.106.217
  • 52.140.118.28
whitelisted
google.com
  • 142.250.186.174
whitelisted
pandaquestdemo.com
  • 18.192.94.96
  • 3.70.101.28
unknown
accounts.google.com
  • 64.233.167.84
whitelisted
matstats.theindiestone.com
  • 104.26.9.213
  • 172.67.72.167
  • 104.26.8.213
malicious
projectzomboid.com
  • 172.67.23.148
  • 104.22.16.241
  • 104.22.17.241
whitelisted
img.itch.zone
  • 184.24.77.168
  • 184.24.77.139
unknown
fonts.googleapis.com
  • 216.58.212.138
whitelisted
fonts.gstatic.com
  • 142.250.186.67
whitelisted
cdn.discordapp.com
  • 162.159.134.233
  • 162.159.133.233
  • 162.159.135.233
  • 162.159.130.233
  • 162.159.129.233
shared

Threats

PID
Process
Class
Message
6148
chrome.exe
Misc activity
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
6148
chrome.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
6148
chrome.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
6148
chrome.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
6148
chrome.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
6148
chrome.exe
Misc activity
ET INFO Observed Discord Domain (discordapp .com in TLS SNI)
2256
svchost.exe
Potentially Bad Traffic
ET INFO Online File Storage Domain in DNS Lookup (gofile .io)
4064
PandaQuestDemo.exe
Misc activity
ET INFO File Sharing Related Domain in TLS SNI (gofile .io)
2256
svchost.exe
Potentially Bad Traffic
ET INFO Online File Storage Domain in DNS Lookup (gofile .io)
4064
PandaQuestDemo.exe
Misc activity
ET INFO File Sharing Related Domain in TLS SNI (gofile .io)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://pandaquestdemo.com/