URL:

discord.com

Full analysis: https://app.any.run/tasks/d201790c-cd5e-4e3c-acd9-3eeafb7c2923
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: November 24, 2024, 13:17:50
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
discord
payload
stealer
Indicators:
MD5:

1F91556FE059AC592214C39B0F8C24C1

SHA1:

BC8290BE23939EA58126315973867AD739B7BC6C

SHA256:

C8E8F9F979E435F9EFB6DD72F274FDD609FC813C13B5070EEC30DA1A080AE5F1

SSDEEP:

3:kK0Tn:Dk

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • Discord.exe (PID: 7848)
      • Discord.exe (PID: 7460)

    • Changes the autorun value in the registry

      • reg.exe (PID: 6280)
      • reg.exe (PID: 5104)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • DiscordSetup.exe (PID: 7404)
      • Update.exe (PID: 7488)
      • Discord.exe (PID: 7460)
      • Discord.exe (PID: 6436)
      • Discord.exe (PID: 3640)

    • Process drops legitimate windows executable

      • Update.exe (PID: 7488)

    • Application launched itself

      • Discord.exe (PID: 7848)
      • Discord.exe (PID: 7460)

    • Uses REG/REGEDIT.EXE to modify registry

      • Discord.exe (PID: 7848)
      • Discord.exe (PID: 7460)

    • Reads security settings of Internet Explorer

      • Update.exe (PID: 7488)
      • Discord.exe (PID: 7460)
      • Discord.exe (PID: 6604)

    • Searches for installed software

      • Update.exe (PID: 7488)

    • Creates a software uninstall entry

      • Update.exe (PID: 7488)

    • Starts CMD.EXE for commands execution

      • Discord.exe (PID: 6604)

    • Checks Windows Trust Settings

      • Discord.exe (PID: 6604)

    • Discord domain found in command line (probably downloading payload)

      • msedge.exe (PID: 7696)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 2100)

    • Reads the computer name

      • identity_helper.exe (PID: 3416)
      • Update.exe (PID: 7488)
      • Update.exe (PID: 7164)
      • Discord.exe (PID: 8088)
      • Discord.exe (PID: 7932)
      • Discord.exe (PID: 7848)
      • Discord.exe (PID: 7460)
      • Discord.exe (PID: 1916)
      • Discord.exe (PID: 8184)
      • Discord.exe (PID: 6604)
      • Discord.exe (PID: 5096)
      • Discord.exe (PID: 3664)
      • gpu_encoder_helper.exe (PID: 8044)
      • gpu_encoder_helper.exe (PID: 8140)
      • gpu_encoder_helper.exe (PID: 7796)
      • Discord.exe (PID: 6728)
      • VencordInstaller.exe (PID: 2800)
      • VencordInstaller.exe (PID: 7364)

    • Checks supported languages

      • identity_helper.exe (PID: 3416)
      • DiscordSetup.exe (PID: 7404)
      • Update.exe (PID: 7488)
      • Discord.exe (PID: 6988)
      • Update.exe (PID: 7164)
      • Discord.exe (PID: 7848)
      • Discord.exe (PID: 7932)
      • Discord.exe (PID: 8088)
      • Discord.exe (PID: 6864)
      • Discord.exe (PID: 7460)
      • Discord.exe (PID: 8184)
      • Discord.exe (PID: 7328)
      • Discord.exe (PID: 3640)
      • Discord.exe (PID: 6436)
      • Discord.exe (PID: 1916)
      • Discord.exe (PID: 6604)
      • Discord.exe (PID: 3664)
      • Discord.exe (PID: 5096)
      • gpu_encoder_helper.exe (PID: 8044)
      • gpu_encoder_helper.exe (PID: 7796)
      • Discord.exe (PID: 6940)
      • gpu_encoder_helper.exe (PID: 8140)
      • Discord.exe (PID: 7900)
      • Discord.exe (PID: 6728)
      • VencordInstaller.exe (PID: 2800)
      • VencordInstaller.exe (PID: 7364)

    • Reads Environment values

      • identity_helper.exe (PID: 3416)
      • Discord.exe (PID: 7848)
      • Discord.exe (PID: 7460)
      • Discord.exe (PID: 6604)
      • Discord.exe (PID: 8184)

    • The process uses the downloaded file

      • msedge.exe (PID: 6896)
      • msedge.exe (PID: 2100)
      • Update.exe (PID: 7488)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 2100)
      • msedge.exe (PID: 3724)
      • msedge.exe (PID: 4708)

    • Attempting to use instant messaging service

      • msedge.exe (PID: 4708)
      • Discord.exe (PID: 7460)
      • Discord.exe (PID: 1916)

    • Sends debugging messages

      • DiscordSetup.exe (PID: 7404)
      • Discord.exe (PID: 6604)

    • Create files in a temporary directory

      • DiscordSetup.exe (PID: 7404)
      • Update.exe (PID: 7488)
      • Discord.exe (PID: 7460)

    • Creates files or folders in the user directory

      • DiscordSetup.exe (PID: 7404)
      • Update.exe (PID: 7488)
      • Discord.exe (PID: 6988)
      • Update.exe (PID: 7164)
      • Discord.exe (PID: 8088)
      • Discord.exe (PID: 7848)
      • Discord.exe (PID: 7460)
      • Discord.exe (PID: 6864)
      • Discord.exe (PID: 1916)
      • Discord.exe (PID: 6604)
      • Discord.exe (PID: 6728)

    • Reads the machine GUID from the registry

      • Update.exe (PID: 7488)
      • Discord.exe (PID: 7848)
      • Update.exe (PID: 7164)
      • Discord.exe (PID: 7460)
      • Discord.exe (PID: 6604)
      • Discord.exe (PID: 8184)
      • Discord.exe (PID: 6728)
      • VencordInstaller.exe (PID: 2800)
      • VencordInstaller.exe (PID: 7364)

    • Reads product name

      • Discord.exe (PID: 7848)
      • Discord.exe (PID: 7460)
      • Discord.exe (PID: 6604)

    • Process checks computer location settings

      • Discord.exe (PID: 7848)
      • Update.exe (PID: 7488)
      • Discord.exe (PID: 7460)
      • Discord.exe (PID: 7328)
      • Discord.exe (PID: 6604)
      • Discord.exe (PID: 6940)
      • Discord.exe (PID: 7900)

    • Checks proxy server information

      • Discord.exe (PID: 7848)
      • Discord.exe (PID: 7460)
      • Discord.exe (PID: 6604)

    • Reads the software policy settings

      • Discord.exe (PID: 7460)
      • Discord.exe (PID: 6604)
      • VencordInstaller.exe (PID: 2800)
      • VencordInstaller.exe (PID: 7364)

    • Reads CPU info

      • Discord.exe (PID: 7460)
      • Discord.exe (PID: 6604)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
267
Monitored processes
133
Malicious processes
6
Suspicious processes
4

Behavior graph

Click at the process to see the details
start iexplore.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs discordsetup.exe update.exe msedge.exe no specs msedge.exe no specs discord.exe discord.exe no specs update.exe no specs discord.exe no specs discord.exe no specs reg.exe conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs discord.exe discord.exe no specs discord.exe no specs discord.exe reg.exe no specs conhost.exe no specs discord.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs reg.exe no specs conhost.exe no specs discord.exe discord.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs discord.exe no specs discord.exe msedge.exe no specs msedge.exe no specs discord.exe no specs discord.exe no specs msedge.exe no specs gpu_encoder_helper.exe no specs gpu_encoder_helper.exe no specs gpu_encoder_helper.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe discord.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs reg.exe no specs conhost.exe no specs reg.exe conhost.exe no specs discord.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs vencordinstaller.exe vencordinstaller.exe

Process information

PID
CMD
Path
Indicators
Parent process
236"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3764 --field-trial-handle=2324,i,17674712675421795088,10546618893547195237,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
556"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2344 --field-trial-handle=2324,i,17674712675421795088,10546618893547195237,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
732"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7996 --field-trial-handle=2324,i,17674712675421795088,10546618893547195237,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
732"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=9080 --field-trial-handle=2324,i,17674712675421795088,10546618893547195237,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1448"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7256 --field-trial-handle=2324,i,17674712675421795088,10546618893547195237,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1576"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=8436 --field-trial-handle=2324,i,17674712675421795088,10546618893547195237,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1916"C:\Users\admin\AppData\Local\Discord\app-1.0.9171\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\discord" --secure-schemes=disclip,sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=disclip,sentry-ipc --field-trial-handle=2176,i,15356937277588660349,569030569130915894,262144 --disable-features=AllowAggressiveThrottlingWithWebSocket,HardwareMediaKeyHandling,IntensiveWakeUpThrottling,MediaSessionService,SpareRendererForSitePerProcess,UseEcoQoSForBackgroundProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2024 /prefetch:3C:\Users\admin\AppData\Local\Discord\app-1.0.9171\Discord.exe
Discord.exe
User:
admin
Company:
Discord Inc.
Integrity Level:
MEDIUM
Description:
Discord
Version:
1.0.9171
Modules
Images
c:\users\admin\appdata\local\discord\app-1.0.9171\discord.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
2100"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=8 -- "http://discord.com/"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2440\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2612"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=7300 --field-trial-handle=2324,i,17674712675421795088,10546618893547195237,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
31 686
Read events
31 547
Write events
103
Delete events
36

Modification events

(PID) Process:(3364) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3364) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3364) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3364) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3364) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Operation:writeName:SecuritySafe
Value:
1
(PID) Process:(3364) iexplore.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
Operation:writeName:DisableFirstRunCustomize
Value:
1
(PID) Process:(2100) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328360
Operation:writeName:WindowTabManagerFileMappingId
Value:
{B44DEE31-E873-4CF5-AFFA-3D73C08658A6}
(PID) Process:(2100) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328360
Operation:writeName:WindowTabManagerFileMappingId
Value:
{40089EE2-925C-4041-A7CD-79D351D410D5}
(PID) Process:(2100) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328360
Operation:writeName:WindowTabManagerFileMappingId
Value:
{4469D5BD-94BD-4421-B73A-376B320AA2BE}
(PID) Process:(2100) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328360
Operation:writeName:WindowTabManagerFileMappingId
Value:
{3B1567A0-97AB-4A19-A180-02EF4F5FA0FE}
Executable files
72
Suspicious files
1 889
Text files
517
Unknown types
28

Dropped files

PID
Process
Filename
Type
2100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF135b04.TMP
MD5:
SHA256:
2100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF135b14.TMP
MD5:
SHA256:
2100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
2100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF135b14.TMP
MD5:
SHA256:
2100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
2100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
2100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF135b14.TMP
MD5:
SHA256:
2100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
2100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF135b14.TMP
MD5:
SHA256:
2100msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
58
TCP/UDP connections
292
DNS requests
312
Threats
58

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7840
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7840
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
2100
msedge.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5892
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
104.126.37.154:443
www.bing.com
Akamai International B.V.
DE
whitelisted
2100
msedge.exe
239.255.255.250:1900
whitelisted
4708
msedge.exe
104.18.161.117:443
cdn.prod.website-files.com
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 216.58.206.46
whitelisted
crl.microsoft.com
  • 23.53.40.178
  • 23.53.40.176
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
www.bing.com
  • 104.126.37.154
  • 104.126.37.160
  • 104.126.37.137
  • 104.126.37.178
  • 104.126.37.136
  • 104.126.37.130
  • 104.126.37.176
  • 104.126.37.163
  • 104.126.37.155
  • 104.126.37.186
  • 104.126.37.123
  • 104.126.37.185
  • 104.126.37.162
  • 104.126.37.128
  • 2.23.209.141
  • 2.23.209.144
  • 2.23.209.140
  • 2.23.209.185
  • 2.23.209.149
  • 2.23.209.183
  • 2.23.209.150
  • 2.23.209.187
  • 2.23.209.182
  • 2.23.209.133
  • 2.23.209.130
  • 2.23.209.189
  • 2.23.209.148
  • 104.126.37.179
  • 104.126.37.177
  • 104.126.37.170
  • 104.126.37.161
  • 104.126.37.171
  • 2.23.209.193
  • 2.23.209.177
  • 2.23.209.176
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
discord.com
  • 162.159.135.232
  • 162.159.136.232
  • 162.159.138.232
  • 162.159.128.233
  • 162.159.137.232
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
business.bing.com
  • 13.107.6.158
whitelisted

Threats

PID
Process
Class
Message
4708
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
4708
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
4708
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
4708
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
4708
msedge.exe
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
4708
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
4708
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Hosted Libraries (ajax .googleapis .com)
4708
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
4708
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discordapp .com)
4708
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
Process
Message
DiscordSetup.exe
Start up installer:
DiscordSetup.exe
Elevated process: ?
DiscordSetup.exe
Want standard install
Discord.exe
Error: 31
Discord.exe
Error: 31
Discord.exe
Error: 31
Discord.exe
Error: 31
Discord.exe
Error: 31
Discord.exe
Error: 31
Discord.exe
Error: 31
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
discord.com