File name:

zapret-discord-youtube-1.9.7b.rar

Full analysis: https://app.any.run/tasks/5ab63188-a342-4eb5-bb92-f8720f135c1b
Verdict: Malicious activity
Analysis date: April 29, 2026, 07:30:14
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
windivert-sys
mal-driver
arch-exec
arch-scr
arch-doc
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

450FD422955BB27ACC2231266AFF08EF

SHA1:

45705314783D893294660BEF24D1746C8F1294BC

SHA256:

071AD7A1B4D0B2DE49817A6BBB03F639792D3DE1E2CBD110036AD2C5038F0DB4

SSDEEP:

49152:ffb4FMyNCQMf5udb/DNj7Ze9rm45sDC69wDe1fwTCFvppsBS9VWIwQtkcTa8ZM1Z:ffb4utV58b/Jj789rv5D6uDefjFvppr0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Malicious driver has been detected

      • WinRAR.exe (PID: 5420)

    • Detects Cygwin installation

      • WinRAR.exe (PID: 5420)

    • Starts NET.EXE for service management

      • cmd.exe (PID: 4704)
      • net.exe (PID: 1296)

  • SUSPICIOUS

    • Drops a system driver (possible attempt to evade defenses)

      • WinRAR.exe (PID: 5420)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 3156)
      • cmd.exe (PID: 4704)
      • cmd.exe (PID: 2916)
      • cmd.exe (PID: 7876)
      • cmd.exe (PID: 1536)
      • cmd.exe (PID: 5788)
      • cmd.exe (PID: 2100)
      • cmd.exe (PID: 3552)

    • The process bypasses the loading of PowerShell profile settings

      • cmd.exe (PID: 3156)
      • cmd.exe (PID: 4704)
      • cmd.exe (PID: 2100)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 3156)
      • cmd.exe (PID: 4704)
      • cmd.exe (PID: 2100)

    • Starts process via Powershell

      • powershell.exe (PID: 7920)

    • Executing commands from a ".bat" file

      • powershell.exe (PID: 7920)
      • cmd.exe (PID: 4704)

    • Hides command output

      • cmd.exe (PID: 2916)
      • cmd.exe (PID: 7876)
      • cmd.exe (PID: 1536)
      • cmd.exe (PID: 6592)
      • cmd.exe (PID: 3552)

    • Starts CMD.EXE with special quote handling

      • cmd.exe (PID: 3084)
      • cmd.exe (PID: 2832)
      • cmd.exe (PID: 352)
      • cmd.exe (PID: 6592)
      • cmd.exe (PID: 488)
      • cmd.exe (PID: 5196)
      • cmd.exe (PID: 4776)
      • cmd.exe (PID: 7504)
      • cmd.exe (PID: 7832)
      • cmd.exe (PID: 7872)
      • cmd.exe (PID: 5632)
      • cmd.exe (PID: 2316)
      • cmd.exe (PID: 8076)
      • cmd.exe (PID: 2692)
      • cmd.exe (PID: 8072)
      • cmd.exe (PID: 3612)
      • cmd.exe (PID: 7580)
      • cmd.exe (PID: 6792)
      • cmd.exe (PID: 4564)
      • cmd.exe (PID: 7240)
      • cmd.exe (PID: 2364)
      • cmd.exe (PID: 8164)
      • cmd.exe (PID: 3324)
      • cmd.exe (PID: 2016)
      • cmd.exe (PID: 7384)
      • cmd.exe (PID: 3264)
      • cmd.exe (PID: 6668)
      • cmd.exe (PID: 7484)
      • cmd.exe (PID: 1304)
      • cmd.exe (PID: 6628)
      • cmd.exe (PID: 6696)
      • cmd.exe (PID: 2792)
      • cmd.exe (PID: 6836)
      • cmd.exe (PID: 7556)
      • cmd.exe (PID: 6804)
      • cmd.exe (PID: 6936)
      • cmd.exe (PID: 5800)
      • cmd.exe (PID: 6112)
      • cmd.exe (PID: 4916)
      • cmd.exe (PID: 7052)
      • cmd.exe (PID: 5200)
      • cmd.exe (PID: 7648)
      • cmd.exe (PID: 6720)
      • cmd.exe (PID: 3076)
      • cmd.exe (PID: 7800)
      • cmd.exe (PID: 8072)
      • cmd.exe (PID: 5392)
      • cmd.exe (PID: 7864)
      • cmd.exe (PID: 8028)
      • cmd.exe (PID: 7724)
      • cmd.exe (PID: 2304)
      • cmd.exe (PID: 4280)
      • cmd.exe (PID: 1268)
      • cmd.exe (PID: 6536)
      • cmd.exe (PID: 7192)
      • cmd.exe (PID: 2680)
      • cmd.exe (PID: 7204)
      • cmd.exe (PID: 1140)

    • Starts CMD.EXE with AutoRun commands disabled

      • cmd.exe (PID: 3084)
      • cmd.exe (PID: 5196)
      • cmd.exe (PID: 2832)
      • cmd.exe (PID: 488)
      • cmd.exe (PID: 352)
      • cmd.exe (PID: 6592)
      • cmd.exe (PID: 4776)
      • cmd.exe (PID: 7872)
      • cmd.exe (PID: 7504)
      • cmd.exe (PID: 7832)
      • cmd.exe (PID: 5632)
      • cmd.exe (PID: 2316)
      • cmd.exe (PID: 8076)
      • cmd.exe (PID: 2692)
      • cmd.exe (PID: 3612)
      • cmd.exe (PID: 6792)
      • cmd.exe (PID: 7240)
      • cmd.exe (PID: 2364)
      • cmd.exe (PID: 7580)
      • cmd.exe (PID: 4564)
      • cmd.exe (PID: 8164)
      • cmd.exe (PID: 2016)
      • cmd.exe (PID: 3324)
      • cmd.exe (PID: 7384)
      • cmd.exe (PID: 8072)
      • cmd.exe (PID: 3264)
      • cmd.exe (PID: 6668)
      • cmd.exe (PID: 6628)
      • cmd.exe (PID: 7484)
      • cmd.exe (PID: 1304)
      • cmd.exe (PID: 6696)
      • cmd.exe (PID: 5800)
      • cmd.exe (PID: 2792)
      • cmd.exe (PID: 6836)
      • cmd.exe (PID: 6804)
      • cmd.exe (PID: 6936)
      • cmd.exe (PID: 6112)
      • cmd.exe (PID: 4916)
      • cmd.exe (PID: 7052)
      • cmd.exe (PID: 7556)
      • cmd.exe (PID: 7648)
      • cmd.exe (PID: 6720)
      • cmd.exe (PID: 8028)
      • cmd.exe (PID: 7800)
      • cmd.exe (PID: 5200)
      • cmd.exe (PID: 5392)
      • cmd.exe (PID: 7864)
      • cmd.exe (PID: 3076)
      • cmd.exe (PID: 2304)
      • cmd.exe (PID: 7204)
      • cmd.exe (PID: 4280)
      • cmd.exe (PID: 1268)
      • cmd.exe (PID: 8072)
      • cmd.exe (PID: 7192)
      • cmd.exe (PID: 2680)
      • cmd.exe (PID: 7724)
      • cmd.exe (PID: 6536)
      • cmd.exe (PID: 1140)

    • Starts application with an unusual extension

      • cmd.exe (PID: 4704)

    • Probably obfuscated PowerShell command line is found

      • cmd.exe (PID: 2100)

    • Windows service management via SC.EXE

      • sc.exe (PID: 5888)
      • sc.exe (PID: 4136)
      • sc.exe (PID: 7636)

    • Uses REG/REGEDIT.EXE to modify or delete registry entries

      • cmd.exe (PID: 4704)

    • Executes as Windows Service

      • winws.exe (PID: 2648)

    • Creates or modifies Windows services

      • reg.exe (PID: 8148)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 4704)

    • Creates a new Windows service

      • sc.exe (PID: 7336)

  • INFO

    • Generic archive extractor

      • WinRAR.exe (PID: 5420)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 5420)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 5420)

    • Manual execution by a user

      • cmd.exe (PID: 3156)

    • Checks supported languages

      • chcp.com (PID: 3352)
      • chcp.com (PID: 8028)
      • chcp.com (PID: 8100)
      • chcp.com (PID: 5760)
      • chcp.com (PID: 4564)
      • chcp.com (PID: 5712)
      • chcp.com (PID: 932)
      • chcp.com (PID: 7232)
      • chcp.com (PID: 2420)
      • chcp.com (PID: 2880)
      • chcp.com (PID: 7960)
      • chcp.com (PID: 2648)
      • winws.exe (PID: 2648)
      • chcp.com (PID: 1404)
      • chcp.com (PID: 2660)
      • chcp.com (PID: 8080)

    • Application launched itself

      • cmd.exe (PID: 2916)
      • cmd.exe (PID: 4704)
      • cmd.exe (PID: 7876)
      • cmd.exe (PID: 1536)
      • cmd.exe (PID: 3552)

    • Changes the display of characters in the console

      • cmd.exe (PID: 4704)

    • Uses string replace method (POWERSHELL)

      • powershell.exe (PID: 1152)

    • Reads the computer name

      • winws.exe (PID: 2648)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)

EXIF

ZIP

FileVersion: RAR v5
CompressedSize: 628
UncompressedSize: 3275
OperatingSystem: Win32
ArchivedFileName: general (ALT2).bat
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
298
Monitored processes
164
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start THREAT winrar.exe cmd.exe no specs conhost.exe no specs where.exe no specs powershell.exe no specs cmd.exe conhost.exe no specs where.exe no specs where.exe no specs where.exe no specs where.exe no specs chcp.com no specs cmd.exe no specs cmd.exe no specs find.exe no specs findstr.exe no specs chcp.com no specs chcp.com no specs chcp.com no specs powershell.exe no specs chcp.com no specs cmd.exe no specs cmd.exe no specs find.exe no specs findstr.exe no specs chcp.com no specs chcp.com no specs chcp.com no specs chcp.com no specs cmd.exe no specs cmd.exe no specs find.exe no specs chcp.com no specs chcp.com no specs chcp.com no specs cmd.exe no specs powershell.exe no specs cmd.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs netsh.exe no specs findstr.exe no specs findstr.exe no specs netsh.exe no specs net.exe no specs net1.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs winws.exe no specs reg.exe no specs chcp.com no specs cmd.exe no specs cmd.exe no specs find.exe no specs chcp.com no specs chcp.com no specs

Process information

PID
CMD
Path
Indicators
Parent process
224findstr /i "winws.exe" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
352C:\WINDOWS\system32\cmd.exe /S /D /c" echo @echo off "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
488C:\WINDOWS\system32\cmd.exe /S /D /c" echo :: 65001 - UTF-8 "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
552findstr ":" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
784findstr /i "winws.exe" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
800findstr /i "winws.exe" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
868where find C:\Windows\System32\where.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Where - Lists location of files
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\where.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
900where netsh C:\Windows\System32\where.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Where - Lists location of files
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\where.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
932chcp 437 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
1140findstr ":" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
16 943
Read events
16 920
Write events
23
Delete events
0

Modification events

(PID) Process:(5420) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3d\52C64B7E
Operation:writeName:@C:\WINDOWS\System32\acppage.dll,-6002
Value:
Windows Batch File
(PID) Process:(5420) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(5420) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(5420) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Downloads\chromium_build 1.zip
(PID) Process:(5420) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\zapret-discord-youtube-1.9.7b.rar
(PID) Process:(5420) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(5420) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(5420) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(5420) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(5420) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:name
Value:
256
Executable files
4
Suspicious files
6
Text files
39
Unknown types
0

Dropped files

PID
Process
Filename
Type
5420WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5420.47922\general (ALT3).battext
MD5:1DC3CAA65A31E27A19665C0628E90FBF
SHA256:5E50CBD4E74796A8FB42555B076CB1B7D5ABCF5FFE1227C8D82F17826732B37A
5420WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5420.47922\general (ALT7).battext
MD5:F5A674210E392BAEB032D9BD1B4088B5
SHA256:FF49BD6C4281DA322925375465D57143E00EA9EA6D17B79E388801150C973802
5420WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5420.47922\general (ALT2).battext
MD5:D43F122288FF522B2D1A3886C09495D3
SHA256:3DFAB68519B23C747A6DE957C197C467B2DBE5C932AC24713B5D5E31F18F4AF2
5420WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5420.47922\general (ALT4).battext
MD5:5DEA9765EF6D50A7DBC77E700876B772
SHA256:2CE749C1DB9918215833AF6CC116BE096EA0E1C07181F81B064EF0F61C396CF4
5420WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5420.47922\general (ALT6).battext
MD5:DE4E78504BBD89601460918BA09E77FF
SHA256:683D210BECF3926D0EBD0BF76DE6DDD6204BDB27BFF0D90C5DF30AAEEA6843E5
5420WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5420.47922\general (ALT5).battext
MD5:EE50F4D311623ACF442D9E1F8AF573D3
SHA256:BCF8BDB486CB76150436010495E3A034B4568326ADD99ED44522050ADB58E97A
5420WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5420.47922\general (ALT8).battext
MD5:DE3A4D9EC9FCE357967E19B0C054EFF3
SHA256:C561A5C35B7295488A5E2C3B45ADA9868268177C3B0C397C9B5F02F7A4F955D6
5420WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5420.47922\general (ALT11).battext
MD5:28DD9521447DB4339428553457CD1210
SHA256:C9BA68454E647C69D62A96ECA3B378E3BB60CD22CD66D759C945EE24FB073E2F
5420WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5420.47922\general (SIMPLE FAKE).battext
MD5:7E4E87364FF4E030C37F0DB72A1099DF
SHA256:5B8648D0B44253397E68B8C2D5870FFC2D908D2ABCA947DA7B8D068A0EEDDF8F
5420WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5420.47922\general (FAKE TLS AUTO ALT3).battext
MD5:EEF808AA25032177A59FA406A453743E
SHA256:DA4CB05EEF4F66356384BEADA9302BA2ACB269D74A789A0FAC50A44A2B357655
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
36
TCP/UDP connections
26
DNS requests
20
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5276
MoUsoCoreWorker.exe
GET
304
51.104.136.2:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
5316
svchost.exe
POST
200
20.190.160.2:443
https://login.live.com/RST2.srf
US
xml
1.24 Kb
whitelisted
6832
SIHClient.exe
GET
304
74.179.77.204:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
5316
svchost.exe
POST
400
20.190.160.2:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
204 b
whitelisted
5316
svchost.exe
GET
200
23.11.40.157:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
NL
binary
471 b
whitelisted
6832
SIHClient.exe
GET
200
135.233.95.135:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
6832
SIHClient.exe
GET
200
74.179.77.204:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
6832
SIHClient.exe
GET
304
74.179.77.204:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
5316
svchost.exe
POST
400
20.190.160.2:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
204 b
whitelisted
5316
svchost.exe
POST
400
20.190.160.2:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
204 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
8044
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5276
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
128.24.231.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
5316
svchost.exe
20.190.160.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3428
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5316
svchost.exe
23.11.40.157:80
ocsp.digicert.com
AKAMAI-AMS
NL
whitelisted
8044
svchost.exe
23.216.77.6:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
8044
svchost.exe
23.59.18.102:80
www.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
activation-v2.sls.microsoft.com
  • 128.24.231.65
whitelisted
google.com
  • 142.251.13.113
  • 142.251.13.101
  • 142.251.13.138
  • 142.251.13.100
  • 142.251.13.102
  • 142.251.13.139
whitelisted
login.live.com
  • 20.190.160.2
  • 20.190.160.22
  • 40.126.32.138
  • 40.126.32.136
  • 40.126.32.68
  • 20.190.160.20
  • 20.190.160.131
  • 20.190.160.5
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
ocsp.digicert.com
  • 23.11.40.157
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
  • 23.216.77.42
whitelisted
www.microsoft.com
  • 23.59.18.102
  • 88.221.169.152
whitelisted
www.bing.com
  • 2.16.204.160
  • 2.16.204.156
  • 2.16.204.148
  • 2.16.204.135
  • 2.16.204.152
  • 2.16.204.153
  • 2.16.204.138
  • 2.16.204.157
  • 2.16.204.158
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
zapret-discord-youtube-1.9.7b.rar