URL:

https://discord.com/api/downloads/distributions/app/installers/latest?channel=stable&platform=win&arch=x64

Full analysis: https://app.any.run/tasks/4ec53080-d34d-4249-a009-acc13218ba0a
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: January 28, 2026, 14:47:24
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
discord
stealer
phishing
filename-lure
payload
Indicators:
MD5:

176979DA664172F1B72BDD36F2A2C849

SHA1:

5BEB2D19617DC43F13AB2A7C46AA7793C2A92FEE

SHA256:

B31AAF3CF32B6B90DC09221247FC9942272FE0F352D444363275DBB31C61080B

SSDEEP:

3:N8U8XkTF8E4K6WKwNWfCDEJOXb4AWdsWuJADjEs/LDEXamn:2Uia6WfWfCkOXb8GADjEssL

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • Discord.exe (PID: 2796)

    • Changes the autorun value in the registry

      • reg.exe (PID: 5548)

    • Executing a file with an untrusted certificate

      • DiscordSystemHelper.exe (PID: 9784)
      • DiscordSystemHelper.exe (PID: 9884)
      • DiscordSystemHelper.exe (PID: 9928)
      • DiscordSystemHelper.exe (PID: 9944)
      • DiscordSystemHelper.exe (PID: 10012)
      • DiscordSystemHelper.exe (PID: 10068)
      • DiscordSystemHelper.exe (PID: 10108)
      • DiscordSystemHelper.exe (PID: 10176)

    • Phishing lure filenames

      • Discord.exe (PID: 8628)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • DiscordSetup.exe (PID: 6320)
      • Update.exe (PID: 7564)
      • Discord.exe (PID: 6316)
      • DiscordSystemHelper.exe (PID: 9884)

    • Application launched itself

      • Discord.exe (PID: 2796)
      • Discord.exe (PID: 6316)
      • DiscordSystemHelper.exe (PID: 9784)

    • Possible stealing of messenger data

      • Discord.exe (PID: 2796)

    • Process drops legitimate windows executable

      • Update.exe (PID: 7564)

    • Uses REG/REGEDIT.EXE to modify registry

      • Discord.exe (PID: 2796)
      • Discord.exe (PID: 6316)

    • Searches for installed software

      • Update.exe (PID: 7564)

    • Reads the date of Windows installation

      • DiscordSystemHelper.exe (PID: 9784)

    • Executes as Windows Service

      • DiscordSystemHelper.exe (PID: 10012)
      • DiscordSystemHelper.exe (PID: 10108)

    • Starts itself from another location

      • DiscordSystemHelper.exe (PID: 10012)
      • DiscordSystemHelper.exe (PID: 10108)

    • Discord domain found in command line (probably downloading payload)

      • msedge.exe (PID: 9256)
      • msedge.exe (PID: 9456)

  • INFO

    • Application launched itself

      • firefox.exe (PID: 7236)
      • firefox.exe (PID: 8736)
      • msedge.exe (PID: 9456)
      • msedge.exe (PID: 9256)

    • Executable content was dropped or overwritten

      • firefox.exe (PID: 7236)

    • Create files in a temporary directory

      • DiscordSetup.exe (PID: 6320)
      • Update.exe (PID: 7564)
      • Discord.exe (PID: 6316)

    • Drops script file

      • firefox.exe (PID: 7236)
      • Discord.exe (PID: 6316)
      • Discord.exe (PID: 8628)

    • Checks supported languages

      • DiscordSetup.exe (PID: 6320)
      • Update.exe (PID: 7564)
      • Discord.exe (PID: 8596)
      • Discord.exe (PID: 8584)
      • Update.exe (PID: 7228)
      • Discord.exe (PID: 2796)
      • Discord.exe (PID: 7884)
      • Discord.exe (PID: 6316)
      • Discord.exe (PID: 7828)
      • Discord.exe (PID: 3220)
      • Discord.exe (PID: 4136)
      • Discord.exe (PID: 8104)
      • Discord.exe (PID: 8412)
      • Discord.exe (PID: 8628)
      • gpu_encoder_helper.exe (PID: 7884)
      • gpu_encoder_helper.exe (PID: 9228)
      • gpu_encoder_helper.exe (PID: 2608)
      • gpu_encoder_helper.exe (PID: 9236)
      • DiscordSystemHelper.exe (PID: 9784)
      • DiscordSystemHelper.exe (PID: 9884)
      • DiscordSystemHelper.exe (PID: 9928)
      • DiscordSystemHelper.exe (PID: 9944)
      • DiscordSystemHelper.exe (PID: 10012)
      • DiscordSystemHelper.exe (PID: 10068)
      • DiscordSystemHelper.exe (PID: 10176)
      • DiscordSystemHelper.exe (PID: 10108)
      • Discord.exe (PID: 4200)
      • Discord.exe (PID: 1856)

    • Creates files or folders in the user directory

      • Update.exe (PID: 7564)
      • DiscordSetup.exe (PID: 6320)
      • Discord.exe (PID: 2796)
      • Discord.exe (PID: 8596)
      • Update.exe (PID: 7228)
      • Discord.exe (PID: 7884)
      • Discord.exe (PID: 6316)
      • Discord.exe (PID: 7828)
      • Discord.exe (PID: 3220)
      • DiscordSystemHelper.exe (PID: 9784)
      • Discord.exe (PID: 8628)

    • Reads the computer name

      • Update.exe (PID: 7564)
      • Update.exe (PID: 7228)
      • Discord.exe (PID: 2796)
      • Discord.exe (PID: 8584)
      • Discord.exe (PID: 7884)
      • Discord.exe (PID: 6316)
      • Discord.exe (PID: 4136)
      • Discord.exe (PID: 3220)
      • Discord.exe (PID: 8628)
      • gpu_encoder_helper.exe (PID: 7884)
      • gpu_encoder_helper.exe (PID: 9228)
      • Discord.exe (PID: 4200)
      • gpu_encoder_helper.exe (PID: 9236)
      • DiscordSystemHelper.exe (PID: 9784)
      • gpu_encoder_helper.exe (PID: 2608)
      • DiscordSystemHelper.exe (PID: 9884)
      • DiscordSystemHelper.exe (PID: 9928)
      • DiscordSystemHelper.exe (PID: 9944)
      • DiscordSystemHelper.exe (PID: 10012)
      • DiscordSystemHelper.exe (PID: 10108)
      • DiscordSystemHelper.exe (PID: 10176)
      • Discord.exe (PID: 1856)
      • DiscordSystemHelper.exe (PID: 10068)

    • Reads the machine GUID from the registry

      • Update.exe (PID: 7564)
      • Update.exe (PID: 7228)
      • Discord.exe (PID: 2796)
      • Discord.exe (PID: 6316)
      • DiscordSystemHelper.exe (PID: 10012)
      • DiscordSystemHelper.exe (PID: 10108)
      • DiscordSystemHelper.exe (PID: 10176)
      • DiscordSystemHelper.exe (PID: 10068)
      • Discord.exe (PID: 8628)

    • Process checks computer location settings

      • Discord.exe (PID: 2796)
      • Update.exe (PID: 7564)
      • Discord.exe (PID: 6316)
      • Discord.exe (PID: 8104)
      • Discord.exe (PID: 8412)
      • Discord.exe (PID: 8628)
      • DiscordSystemHelper.exe (PID: 9784)

    • Reads Environment values

      • Discord.exe (PID: 2796)
      • Discord.exe (PID: 6316)
      • Discord.exe (PID: 8628)

    • Checks proxy server information

      • Discord.exe (PID: 2796)
      • Discord.exe (PID: 6316)

    • Reads product name

      • Discord.exe (PID: 2796)
      • Discord.exe (PID: 6316)
      • Discord.exe (PID: 8628)

    • The sample compiled with english language support

      • Update.exe (PID: 7564)
      • firefox.exe (PID: 7236)

    • Launching a file from a Registry key

      • reg.exe (PID: 5548)

    • Reads security settings of Internet Explorer

      • Update.exe (PID: 7564)
      • DiscordSystemHelper.exe (PID: 9784)
      • DiscordSystemHelper.exe (PID: 10068)
      • Discord.exe (PID: 8628)
      • DiscordSystemHelper.exe (PID: 10176)

    • Creates a software uninstall entry

      • Update.exe (PID: 7564)

    • Reads CPU info

      • Discord.exe (PID: 8628)

    • Creates files in the program directory

      • DiscordSystemHelper.exe (PID: 9884)

    • Attempting to use instant messaging service

      • msedge.exe (PID: 5404)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
234
Monitored processes
77
Malicious processes
8
Suspicious processes
9

Behavior graph

Click at the process to see the details
start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs discordsetup.exe update.exe discord.exe discord.exe no specs update.exe no specs discord.exe no specs discord.exe no specs reg.exe no specs conhost.exe no specs reg.exe conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs discord.exe discord.exe no specs discord.exe no specs discord.exe reg.exe no specs conhost.exe no specs discord.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs discord.exe no specs #PHISHING discord.exe gpu_encoder_helper.exe no specs discord.exe no specs discord.exe no specs gpu_encoder_helper.exe no specs conhost.exe no specs gpu_encoder_helper.exe no specs gpu_encoder_helper.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs slui.exe no specs discordsystemhelper.exe no specs discordsystemhelper.exe discordsystemhelper.exe no specs discordsystemhelper.exe no specs discordsystemhelper.exe no specs discordsystemhelper.exe no specs discordsystemhelper.exe no specs discordsystemhelper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
552\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
676"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4772 -prefsLen 39277 -prefMapHandle 4776 -prefMapSize 272981 -jsInitHandle 4780 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 4788 -initialChannelId {1cc233f0-a6a3-41ee-8319-6ace0f9c5350} -parentPid 7236 -crashReporter "\\.\pipe\gecko-crash-server-pipe.7236" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\vcruntime140_1.dll
c:\windows\system32\crypt32.dll
908C:\WINDOWS\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /fC:\Windows\System32\reg.exeDiscord.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
1348"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5032 -prefsLen 45266 -prefMapHandle 5036 -prefMapSize 272981 -jsInitHandle 5040 -jsInitLen 247456 -parentBuildID 20250227124745 -ipcHandle 5052 -initialChannelId {5e959c57-6874-4c40-99a5-a3b17bcc6eb6} -parentPid 7236 -crashReporter "\\.\pipe\gecko-crash-server-pipe.7236" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Version:
136.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\vcruntime140.dll
c:\windows\system32\vcruntime140_1.dll
1856"C:\Users\admin\AppData\Local\Discord\app-1.0.9221\Discord.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\admin\AppData\Roaming\discord" --standard-schemes=disclip --secure-schemes=disclip,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip,sentry-ipc --streaming-schemes=disclip --field-trial-handle=1944,i,1156948161976797580,9221489915923441366,262144 --enable-features=EnableTransparentHwndEnlargement --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,ScreenAIOCREnabled,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:8C:\Users\admin\AppData\Local\Discord\app-1.0.9221\Discord.exeDiscord.exe
User:
admin
Company:
Discord Inc.
Integrity Level:
LOW
Description:
Discord
Version:
1.0.9221
Modules
Images
c:\users\admin\appdata\local\discord\app-1.0.9221\discord.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1928\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2244"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4296,i,8402646769032440275,15897401613744329407,262144 --variations-seed-version --mojo-platform-channel-handle=4300 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2452\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2608"\\?\C:\Users\admin\AppData\Local\Discord\app-1.0.9221\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe" amdC:\Users\admin\AppData\Local\Discord\app-1.0.9221\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exeDiscord.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\discord\app-1.0.9221\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
2688C:\WINDOWS\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\admin\AppData\Local\Discord\app-1.0.9221\Discord.exe\" --url -- \"%1\"" /fC:\Windows\System32\reg.exeDiscord.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
7 164
Read events
7 110
Write events
17
Delete events
37

Modification events

(PID) Process:(2796) Discord.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en-US
Value:
(PID) Process:(2796) Discord.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en
Value:
(PID) Process:(2796) Discord.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:_Global_
Value:
(PID) Process:(7856) reg.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
Operation:delete valueName:Discord
Value:
(PID) Process:(4372) reg.exeKey:HKEY_CLASSES_ROOT\Discord
Operation:writeName:URL Protocol
Value:
(PID) Process:(7564) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
Operation:writeName:Left
Value:
0
(PID) Process:(7564) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
Operation:writeName:Top
Value:
0
(PID) Process:(5548) reg.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Discord
Value:
"C:\Users\admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
(PID) Process:(7564) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Discord
Operation:writeName:DisplayName
Value:
Discord
(PID) Process:(7564) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Discord
Operation:writeName:DisplayVersion
Value:
1.0.9221
Executable files
52
Suspicious files
682
Text files
968
Unknown types
0

Dropped files

PID
Process
Filename
Type
7236firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin
MD5:
SHA256:
7236firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
7236firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.jsontext
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
7236firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
7236firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
7236firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\SiteSecurityServiceState.binbinary
MD5:017718D9990B8227B39B9D10E93E5073
SHA256:73551820A01B8A3DD0961A59903E035DEC1A0B0BCA55405EA140AAB542EC5D70
7236firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-child-current.binbinary
MD5:5152D8F49F1AD4219D935611EFE18437
SHA256:9A6E50715E3C49A43E3D622EDE7E37ECF0767342B3039B8B0AE25BBE4FF6F66E
7236firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmptext
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
7236firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.binbinary
MD5:3134ED3F12E4F4F8643DB90043B0FD7B
SHA256:26E4F122034D7A03F6DA0E707799B09CBEEBDAF8D7A3133A1F7BD894AC72EEA1
7236firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
42
TCP/UDP connections
85
DNS requests
111
Threats
46

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7236
firefox.exe
GET
204
34.36.137.203:443
https://contile.services.mozilla.com/v1/tiles
US
unknown
7236
firefox.exe
GET
101
34.107.243.93:443
https://push.services.mozilla.com/
US
unknown
7236
firefox.exe
GET
200
34.126.226.51:443
https://stable.dl2.discordapp.net/distro/app/stable/win/x64/1.0.9221/DiscordSetup.exe
US
unknown
7236
firefox.exe
GET
200
151.101.1.91:443
https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=url-parser-default-unknown-schemes-interventions&bucket=main&_expected=0
US
text
274 b
unknown
7236
firefox.exe
GET
200
151.101.1.91:443
https://firefox.settings.services.mozilla.com/v1/
US
text
1.20 Kb
unknown
7236
firefox.exe
GET
200
151.101.1.91:443
https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=hijack-blocklists&bucket=main&_expected=0
US
text
243 b
unknown
7236
firefox.exe
GET
200
151.101.1.91:443
https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/url-parser-default-unknown-schemes-interventions/changeset?_expected=1743513175300&_since=%221726769128879%22
US
text
1.76 Kb
unknown
7236
firefox.exe
GET
200
151.101.1.91:443
https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists?_expected=1605801189258
US
text
1.68 Kb
unknown
7236
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
US
text
90 b
unknown
7236
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
US
text
8 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
8380
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7696
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
7236
firefox.exe
151.101.1.91:443
firefox.settings.services.mozilla.com
FASTLY
US
whitelisted
7236
firefox.exe
162.159.136.232:443
discord.com
CLOUDFLARENET
US
whitelisted
7236
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
7236
firefox.exe
34.36.137.203:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
7236
firefox.exe
172.217.20.131:80
o.pki.goog
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
firefox.settings.services.mozilla.com
  • 151.101.1.91
  • 151.101.193.91
  • 151.101.65.91
  • 151.101.129.91
whitelisted
mozilla.map.fastly.net
  • 151.101.1.91
  • 151.101.193.91
  • 151.101.65.91
  • 151.101.129.91
  • 2a04:4e42:200::347
  • 2a04:4e42::347
  • 2a04:4e42:600::347
  • 2a04:4e42:400::347
whitelisted
discord.com
  • 162.159.136.232
  • 162.159.135.232
  • 162.159.128.233
  • 162.159.138.232
  • 162.159.137.232
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
contile.services.mozilla.com
  • 34.36.137.203
whitelisted
spocs.getpocket.com
  • 34.36.137.203
whitelisted
mc.prod.ads.prod.webservices.mozgcp.net
  • 34.36.137.203
whitelisted
example.org
  • 104.18.2.24
  • 104.18.3.24
whitelisted
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted

Threats

PID
Process
Class
Message
7236
firefox.exe
Misc activity
ET INFO Observed Discord Service Domain (discord .com) in TLS SNI
2292
svchost.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
2292
svchost.exe
Misc activity
ET INFO Discord Chat Service Domain in DNS Lookup (discord .com)
2292
svchost.exe
Misc activity
ET INFO Discord Chat Service Domain in DNS Lookup (discord .com)
7236
firefox.exe
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
2292
svchost.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
2292
svchost.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
2292
svchost.exe
Misc activity
ET INFO Discord Chat Service Domain in DNS Lookup (discord .com)
Potentially Bad Traffic
ET INFO PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
Process
Message
DiscordSetup.exe
Start up installer:
DiscordSetup.exe
Elevated process: ?
DiscordSetup.exe
Want standard install
Discord.exe
Error: 31
Discord.exe
Error: 31
Discord.exe
Error: 31
Discord.exe
Error: 31
Discord.exe
Error: 31
Discord.exe
Error: 31
Discord.exe
Error: 31
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://discord.com/api/downloads/distributions/app/installers/latest?channel=stable&platform=win&arch=x64