URL:

https://discord.com/ra/98rFlTC8zPOXAVOi3dwdsGSeWHF4z9HTRBzDjTku4kY

Full analysis: https://app.any.run/tasks/ceeb3802-82c3-437c-ba89-76aae9d9bd61
Verdict: Malicious activity
Analysis date: April 10, 2026, 10:44:55
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
discord
phishing
filename-lure
payload
nodejs
rust
websocket
Indicators:
MD5:

50FC1920DFC2A2F80219895EF5DDB4EB

SHA1:

CB364AB7631F6350937E7535D9330D60EEE5C9B4

SHA256:

BBA10175DBC8FCB915BBECBD3EC83ED4E1EB403B18233D0082E91FA8AEB7F3BD

SSDEEP:

3:N8U8XkTSgBRSn2Ac5czZTn:2UWwRDsTn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Phishing lure filenames

      • Discord.exe (PID: 8476)

    • Executing a file with an untrusted certificate

      • DiscordSystemHelper.exe (PID: 7648)
      • DiscordSystemHelper.exe (PID: 2724)
      • DiscordSystemHelper.exe (PID: 8140)
      • DiscordSystemHelper.exe (PID: 7708)
      • DiscordSystemHelper.exe (PID: 7984)
      • DiscordSystemHelper.exe (PID: 2988)
      • DiscordSystemHelper.exe (PID: 9132)
      • DiscordSystemHelper.exe (PID: 8956)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • DiscordSetup.exe (PID: 8468)
      • Update.exe (PID: 8488)
      • Discord.exe (PID: 8652)
      • DiscordSystemHelper.exe (PID: 2724)

    • Possible stealing of messenger data

      • Discord.exe (PID: 8772)

    • Application launched itself

      • Discord.exe (PID: 8772)
      • Discord.exe (PID: 8652)
      • DiscordSystemHelper.exe (PID: 7648)

    • Uses REG/REGEDIT.EXE to modify or delete registry entries

      • Discord.exe (PID: 8772)
      • Discord.exe (PID: 8652)

    • Searches for installed software

      • Update.exe (PID: 8488)

    • Reads the date of Windows installation

      • DiscordSystemHelper.exe (PID: 7648)

    • Starts itself from another location

      • DiscordSystemHelper.exe (PID: 2988)
      • DiscordSystemHelper.exe (PID: 9132)

    • Executes as Windows Service

      • DiscordSystemHelper.exe (PID: 2988)
      • DiscordSystemHelper.exe (PID: 9132)

    • Discord domain found in command line (probably downloading payload)

      • msedge.exe (PID: 7796)

  • INFO

    • Checks supported languages

      • identity_helper.exe (PID: 2340)
      • DiscordSetup.exe (PID: 8468)
      • Update.exe (PID: 8488)
      • Update.exe (PID: 8884)
      • Discord.exe (PID: 9020)
      • Discord.exe (PID: 8840)
      • Discord.exe (PID: 8652)
      • Discord.exe (PID: 9212)
      • Discord.exe (PID: 8376)
      • Discord.exe (PID: 8772)
      • Discord.exe (PID: 8420)
      • Discord.exe (PID: 9088)
      • Discord.exe (PID: 7868)
      • Discord.exe (PID: 8476)
      • Discord.exe (PID: 8468)
      • Discord.exe (PID: 7440)
      • gpu_encoder_helper.exe (PID: 8696)
      • gpu_encoder_helper.exe (PID: 7452)
      • gpu_encoder_helper.exe (PID: 8048)
      • gpu_encoder_helper.exe (PID: 5876)
      • DiscordSystemHelper.exe (PID: 7648)
      • DiscordSystemHelper.exe (PID: 2724)
      • DiscordSystemHelper.exe (PID: 7708)
      • DiscordSystemHelper.exe (PID: 8140)
      • DiscordSystemHelper.exe (PID: 2988)
      • DiscordSystemHelper.exe (PID: 7984)
      • DiscordSystemHelper.exe (PID: 9132)
      • Discord.exe (PID: 8984)
      • DiscordSystemHelper.exe (PID: 8956)
      • Discord.exe (PID: 8800)

    • Reads Environment values

      • identity_helper.exe (PID: 2340)
      • Discord.exe (PID: 8772)
      • Discord.exe (PID: 8652)
      • Discord.exe (PID: 8476)

    • Reads the computer name

      • identity_helper.exe (PID: 2340)
      • Update.exe (PID: 8488)
      • Update.exe (PID: 8884)
      • Discord.exe (PID: 8772)
      • Discord.exe (PID: 9020)
      • Discord.exe (PID: 8652)
      • Discord.exe (PID: 8420)
      • Discord.exe (PID: 8376)
      • Discord.exe (PID: 8476)
      • gpu_encoder_helper.exe (PID: 8696)
      • Discord.exe (PID: 8468)
      • gpu_encoder_helper.exe (PID: 7452)
      • gpu_encoder_helper.exe (PID: 8048)
      • gpu_encoder_helper.exe (PID: 5876)
      • Discord.exe (PID: 7440)
      • DiscordSystemHelper.exe (PID: 7648)
      • DiscordSystemHelper.exe (PID: 2724)
      • DiscordSystemHelper.exe (PID: 8140)
      • DiscordSystemHelper.exe (PID: 2988)
      • DiscordSystemHelper.exe (PID: 7708)
      • DiscordSystemHelper.exe (PID: 7984)
      • DiscordSystemHelper.exe (PID: 9132)
      • Discord.exe (PID: 8984)
      • DiscordSystemHelper.exe (PID: 8956)
      • Discord.exe (PID: 8800)

    • Application launched itself

      • msedge.exe (PID: 7804)

    • Create files in a temporary directory

      • DiscordSetup.exe (PID: 8468)
      • Update.exe (PID: 8488)
      • Discord.exe (PID: 8652)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 7804)

    • Creates files or folders in the user directory

      • DiscordSetup.exe (PID: 8468)
      • Discord.exe (PID: 8840)
      • Discord.exe (PID: 8772)
      • Update.exe (PID: 8488)
      • Discord.exe (PID: 9020)
      • Update.exe (PID: 8884)
      • Discord.exe (PID: 9212)
      • Discord.exe (PID: 8652)
      • Discord.exe (PID: 8420)
      • Discord.exe (PID: 8476)
      • DiscordSystemHelper.exe (PID: 7648)
      • Discord.exe (PID: 8800)

    • Reads the machine GUID from the registry

      • Update.exe (PID: 8488)
      • Update.exe (PID: 8884)
      • Discord.exe (PID: 8772)
      • Discord.exe (PID: 8652)
      • DiscordSystemHelper.exe (PID: 2988)
      • DiscordSystemHelper.exe (PID: 7984)
      • DiscordSystemHelper.exe (PID: 9132)
      • Discord.exe (PID: 8476)
      • DiscordSystemHelper.exe (PID: 8956)
      • Discord.exe (PID: 8800)

    • The sample compiled with english language support

      • Update.exe (PID: 8488)

    • Process checks computer location settings

      • Discord.exe (PID: 8772)
      • Update.exe (PID: 8488)
      • Discord.exe (PID: 8652)
      • Discord.exe (PID: 7868)
      • Discord.exe (PID: 9088)
      • Discord.exe (PID: 8476)
      • DiscordSystemHelper.exe (PID: 7648)

    • Reads product name

      • Discord.exe (PID: 8772)
      • Discord.exe (PID: 8652)
      • Discord.exe (PID: 8476)

    • Launching a file from a Registry key

      • reg.exe (PID: 8388)

    • Reads security settings of Internet Explorer

      • Update.exe (PID: 8488)
      • DiscordSystemHelper.exe (PID: 7648)
      • DiscordSystemHelper.exe (PID: 7984)
      • DiscordSystemHelper.exe (PID: 8956)
      • Discord.exe (PID: 8476)

    • Creates a software uninstall entry

      • Update.exe (PID: 8488)

    • Reads CPU info

      • Discord.exe (PID: 8476)

    • Node.js compiler has been detected

      • Discord.exe (PID: 8652)
      • Discord.exe (PID: 9212)
      • Discord.exe (PID: 8376)
      • Discord.exe (PID: 8420)

    • Application based on Rust

      • Discord.exe (PID: 8652)

    • There is functionality for taking screenshot (YARA)

      • Discord.exe (PID: 8376)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
234
Monitored processes
90
Malicious processes
6
Suspicious processes
9

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs discordsetup.exe update.exe discord.exe no specs discord.exe no specs update.exe no specs discord.exe no specs discord.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs discord.exe discord.exe no specs discord.exe no specs discord.exe reg.exe no specs conhost.exe no specs discord.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs discord.exe no specs #PHISHING discord.exe discord.exe no specs discord.exe no specs gpu_encoder_helper.exe no specs gpu_encoder_helper.exe no specs gpu_encoder_helper.exe no specs gpu_encoder_helper.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs discordsystemhelper.exe no specs discordsystemhelper.exe discordsystemhelper.exe no specs discordsystemhelper.exe no specs discordsystemhelper.exe no specs discordsystemhelper.exe no specs discordsystemhelper.exe no specs discordsystemhelper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs discord.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
508"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --disable-quic --onnx-enabled-for-ee --string-annotations --always-read-main-dll --field-trial-handle=4388,i,16821525870507946336,11751714192892014441,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
680C:\WINDOWS\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\admin\AppData\Local\Discord\app-1.0.9232\Discord.exe\",-1" /fC:\Windows\System32\reg.exeDiscord.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
1728\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exegpu_encoder_helper.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1864"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4864,i,16821525870507946336,11751714192892014441,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=4912 /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2340"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6236,i,16821525870507946336,11751714192892014441,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
2368"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=5588,i,16821525870507946336,11751714192892014441,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=3740 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2532"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6036,i,16821525870507946336,11751714192892014441,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2724"C:\Users\admin\AppData\Local\Discord\app-1.0.9232\modules\discord_utils-1\discord_utils\DiscordSystemHelper.exe" "install" "--pid" "8476" "--counter" "1" "--admin"C:\Users\admin\AppData\Local\Discord\app-1.0.9232\modules\discord_utils-1\discord_utils\DiscordSystemHelper.exe
DiscordSystemHelper.exe
User:
admin
Company:
Discord Inc.
Integrity Level:
HIGH
Description:
Discord System Helper
Exit code:
0
Version:
0.1.0
Modules
Images
c:\users\admin\appdata\local\discord\app-1.0.9232\modules\discord_utils-1\discord_utils\discordsystemhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2832C:\WINDOWS\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\admin\AppData\Local\Discord\app-1.0.9232\Discord.exe\" --url -- \"%1\"" /fC:\Windows\System32\reg.exeDiscord.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ws2_32.dll
2988"C:\Program Files\Common Files\Discord\Discord\DiscordSystemHelper.exe" serviceC:\Program Files\Common Files\Discord\Discord\DiscordSystemHelper.exeservices.exe
User:
SYSTEM
Company:
Discord Inc.
Integrity Level:
SYSTEM
Description:
Discord System Helper
Exit code:
0
Version:
0.1.0
Modules
Images
c:\program files\common files\discord\discord\discordsystemhelper.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
25 176
Read events
25 121
Write events
18
Delete events
37

Modification events

(PID) Process:(8772) Discord.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en-US
Value:
(PID) Process:(8772) Discord.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en
Value:
(PID) Process:(8772) Discord.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:_Global_
Value:
(PID) Process:(8388) reg.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Discord
Value:
"C:\Users\admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe
(PID) Process:(5876) reg.exeKey:HKEY_CLASSES_ROOT\Discord
Operation:writeName:URL Protocol
Value:
(PID) Process:(8244) reg.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
Operation:delete valueName:Discord
Value:
(PID) Process:(8488) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
Operation:writeName:Left
Value:
0
(PID) Process:(8488) Update.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
Operation:writeName:Top
Value:
0
(PID) Process:(8652) Discord.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en-US
Value:
(PID) Process:(8652) Discord.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Spelling\Dictionaries
Operation:delete valueName:en
Value:
Executable files
49
Suspicious files
544
Text files
1 178
Unknown types
14

Dropped files

PID
Process
Filename
Type
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFdfdc9.TMP
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RFdfdd9.TMP
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFdfdc9.TMP
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFdfde8.TMP
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RFdfdf8.TMP
MD5:
SHA256:
7804msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
616
TCP/UDP connections
95
DNS requests
105
Threats
55

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4324
msedge.exe
OPTIONS
200
35.190.80.1:443
https://a.nel.cloudflare.com/report/v4?s=IrL4xmxMpZMFL9URuSmblgjVGYyiJ%2Fje95LdOUc2vVznXriUwEOhYGvyCyblx7%2F8YGnFUW8oaiSW9x2PY3%2B6%2FS9mHt8WQkPP8J8EdtgG9JhoPyR2Fw99PqS2CQOT
US
unknown
GET
200
162.159.142.9:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
US
binary
312 b
whitelisted
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D
US
binary
958 b
whitelisted
4324
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:TGVWRhp-8ZB_a_MTJ3RdZqkcOABcpvBu5Q3-Xp8A0aU&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
102 b
whitelisted
4324
msedge.exe
GET
302
162.159.138.232:443
https://discord.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
US
whitelisted
4324
msedge.exe
GET
200
150.171.22.17:443
https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=67&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1775817901&lafgdate=0
US
text
4.31 Kb
whitelisted
4324
msedge.exe
GET
200
150.171.28.11:443
https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0
US
text
132 b
whitelisted
4324
msedge.exe
GET
404
162.159.138.232:443
https://discord.com/ra/98rFlTC8zPOXAVOi3dwdsGSeWHF4z9HTRBzDjTku4kY
US
html
44.8 Kb
unknown
4324
msedge.exe
GET
200
104.18.23.222:443
https://copilot.microsoft.com/c/api/user/eligibility
US
text
25 b
whitelisted
4324
msedge.exe
GET
200
150.171.109.193:443
https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US
US
binary
82 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6260
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
5276
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
48.192.1.64:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
2.16.204.161:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
162.159.142.9:80
ocsp.digicert.com
CLOUDFLARENET
US
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
4324
msedge.exe
162.159.138.232:443
discord.com
CLOUDFLARENET
US
whitelisted
4324
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
  • 40.127.240.158
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.64
whitelisted
www.bing.com
  • 2.16.204.161
  • 2.16.204.150
  • 2.16.204.157
  • 2.16.204.160
  • 2.16.204.153
  • 2.16.204.158
  • 2.16.204.156
  • 2.16.204.149
  • 2.16.204.151
  • 2.16.204.144
  • 2.16.204.146
  • 2.16.204.147
  • 2.16.204.148
  • 2.16.204.142
  • 2.16.204.140
  • 2.16.204.143
  • 2.16.204.141
  • 2.16.204.136
  • 2.16.241.217
  • 2.16.241.220
  • 2.16.241.219
  • 2.16.241.208
  • 2.16.241.207
  • 2.16.241.200
  • 2.16.241.206
  • 2.16.241.197
  • 2.16.241.222
whitelisted
google.com
  • 142.251.14.138
  • 142.251.14.100
  • 142.251.14.102
  • 142.251.14.139
  • 142.251.14.101
  • 142.251.14.113
whitelisted
ocsp.digicert.com
  • 162.159.142.9
  • 172.66.2.5
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
discord.com
  • 162.159.138.232
  • 162.159.135.232
  • 162.159.128.233
  • 162.159.136.232
  • 162.159.137.232
whitelisted
api.edgeoffer.microsoft.com
  • 150.171.109.193
whitelisted

Threats

PID
Process
Class
Message
4324
msedge.exe
Misc activity
ET INFO Discord Chat Service Domain in DNS Lookup (discord .com)
4324
msedge.exe
Misc activity
ET INFO Observed Discord Service Domain (discord .com) in TLS SNI
4324
msedge.exe
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
4324
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
4324
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
4324
msedge.exe
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
4324
msedge.exe
Misc activity
ET INFO Discord Chat Service Domain in DNS Lookup (discord .com)
4324
msedge.exe
Misc activity
ET INFO Observed Discord Service Domain (discord .com) in TLS SNI
4324
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
4324
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
Process
Message
DiscordSetup.exe
Start up installer:
DiscordSetup.exe
Elevated process: ?
DiscordSetup.exe
Want standard install
Discord.exe
Error: 5
Discord.exe
Error: 5
Discord.exe
Error: 5
Discord.exe
Error: 5
Discord.exe
Error: 5
Discord.exe
Error: 5
Discord.exe
Error: 5
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://discord.com/ra/98rFlTC8zPOXAVOi3dwdsGSeWHF4z9HTRBzDjTku4kY