File name:

zapret-discord-youtube-1.8.3.zip

Full analysis: https://app.any.run/tasks/28027020-cdf0-4394-a0d2-b88d1da19cae
Verdict: Malicious activity
Analysis date: August 14, 2025, 20:05:01
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
arch-exec
arch-doc
github
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

A6D631D221D3F2FE835B4E7B937FDD68

SHA1:

387D31F71DE13382BF48906484E87A01DF8D25AE

SHA256:

0983566889F26AB9C0741ED2B549CC793EB922B99D6B993640FA8F6E7B84E922

SSDEEP:

49152:wvw/Cv8X9eQS0s7eWvRlefNYLw1yD1LE6tVz64qEu1KufrHNW3FzmUS74G6+hefM:N/e8teQzUJRlSNYLeyD1DhdqCirtW3FK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Detects Cygwin installation

      • WinRAR.exe (PID: 4320)

    • Starts NET.EXE for service management

      • cmd.exe (PID: 3940)
      • net.exe (PID: 1204)

  • SUSPICIOUS

    • Drops a system driver (possible attempt to evade defenses)

      • WinRAR.exe (PID: 4320)

    • Starts CMD.EXE for commands execution

      • powershell.exe (PID: 5684)
      • cmd.exe (PID: 3940)
      • cmd.exe (PID: 2804)
      • cmd.exe (PID: 2128)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 5744)
      • cmd.exe (PID: 4788)

    • Executing commands from a ".bat" file

      • powershell.exe (PID: 5684)
      • cmd.exe (PID: 3940)

    • Starts process via Powershell

      • powershell.exe (PID: 5684)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 3940)
      • cmd.exe (PID: 6240)

    • Starts application with an unusual extension

      • cmd.exe (PID: 3940)
      • cmd.exe (PID: 2128)
      • cmd.exe (PID: 2804)

    • Application launched itself

      • cmd.exe (PID: 3940)
      • cmd.exe (PID: 2128)
      • cmd.exe (PID: 2804)

    • Hides command output

      • cmd.exe (PID: 2356)
      • cmd.exe (PID: 4788)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 3940)
      • cmd.exe (PID: 6240)

    • Windows service management via SC.EXE

      • sc.exe (PID: 6228)
      • sc.exe (PID: 3840)
      • sc.exe (PID: 3896)
      • sc.exe (PID: 620)

    • Creates a new Windows service

      • sc.exe (PID: 3740)

    • Executes as Windows Service

      • winws.exe (PID: 7032)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 3940)

    • Creates or modifies Windows services

      • reg.exe (PID: 2040)

  • INFO

    • Manual execution by a user

      • cmd.exe (PID: 5744)
      • cmd.exe (PID: 2804)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 4320)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 4320)

    • Checks supported languages

      • chcp.com (PID: 4512)
      • chcp.com (PID: 984)
      • chcp.com (PID: 5436)
      • winws.exe (PID: 7032)
      • chcp.com (PID: 6236)
      • chcp.com (PID: 3876)
      • chcp.com (PID: 2216)
      • chcp.com (PID: 4456)
      • chcp.com (PID: 7052)
      • winws.exe (PID: 3584)

    • Changes the display of characters in the console

      • cmd.exe (PID: 3940)
      • cmd.exe (PID: 2128)
      • cmd.exe (PID: 2804)

    • Reads the computer name

      • winws.exe (PID: 7032)
      • winws.exe (PID: 3584)

    • Reads the software policy settings

      • slui.exe (PID: 7140)

    • Checks proxy server information

      • slui.exe (PID: 7140)
      • powershell.exe (PID: 2728)

    • Disables trace logs

      • powershell.exe (PID: 2728)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2025:07:25 20:11:04
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: bin/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
248
Monitored processes
103
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs slui.exe cmd.exe no specs conhost.exe no specs powershell.exe no specs cmd.exe conhost.exe no specs chcp.com no specs findstr.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs net.exe no specs net1.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs winws.exe no specs reg.exe no specs chcp.com no specs findstr.exe no specs chcp.com no specs cmd.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs sc.exe no specs findstr.exe no specs cmd.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs winws.exe no specs powershell.exe winws.exe no specs winws.exe conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
72C:\WINDOWS\system32\cmd.exe /S /D /c" echo %BIN%quic_initial_www_google_com.bin "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
236C:\WINDOWS\system32\cmd.exe /S /D /c" echo %LISTS%ipset-all.txt "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
304findstr ":" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
620sc query "zapret" C:\Windows\System32\sc.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Service Control Manager Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
684findstr ":" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
768C:\WINDOWS\system32\cmd.exe /S /D /c" echo --filter-udp=443 --hostlist="%LISTS%list-general.txt" --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fake-quic="%BIN%quic_initial_www_google_com.bin" --new ^ "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
856findstr /i "winws.exe" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
984chcp 437 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
984findstr ":" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1028findstr ":" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
16 846
Read events
16 691
Write events
123
Delete events
32

Modification events

(PID) Process:(4320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(4320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(4320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(4320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\zapret-discord-youtube-1.8.3.zip
(PID) Process:(4320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(4320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(4320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(4320) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(4320) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:NodeSlots
Value:
02020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:(4320) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
0E00000004000000030000000000000011000000100000000F0000000C0000000D0000000B000000050000000A000000090000000800000001000000070000000600000002000000FFFFFFFF
Executable files
4
Suspicious files
3
Text files
22
Unknown types
0

Dropped files

PID
Process
Filename
Type
4320WinRAR.exeC:\Users\admin\Downloads\bin\quic_initial_www_google_com.binbinary
MD5:312526D39958D89B1F8AB67789AB985F
SHA256:F4589C57749F956BB30538197A521D7005F8B0A8723B4707E72405E51DDAC50A
4320WinRAR.exeC:\Users\admin\Downloads\bin\WinDivert64.sysexecutable
MD5:89ED5BE7EA83C01D0DE33D3519944AA5
SHA256:8DA085332782708D8767BCACE5327A6EC7283C17CFB85E40B03CD2323A90DDC2
4320WinRAR.exeC:\Users\admin\Downloads\bin\tls_clienthello_www_google_com.binbinary
MD5:41E47557F16690DF1781F67C8712714E
SHA256:F966351AE376963DFFBCB5B94256872649B9CDAAB8C5175025936FA50E07DC19
4320WinRAR.exeC:\Users\admin\Downloads\bin\cygwin1.dllexecutable
MD5:A1C82ED072DC079DD7851F82D9AA7678
SHA256:103104A52E5293CE418944725DF19E2BF81AD9269B9A120D71D39028E821499B
4320WinRAR.exeC:\Users\admin\Downloads\general (ALT2).battext
MD5:779EB1CC5877DD178ED4E05C96870039
SHA256:76BD39660FC381E4D503CD3E58E2E4450C835F5A2937D2265D7E2981FCB0336E
4320WinRAR.exeC:\Users\admin\Downloads\general (МГТС).battext
MD5:E2BAF0CCAF077C25B9FBBD038CDD1EF7
SHA256:24F39838BFE6A63D11518E4D702BB721D785D2A2AB901CFBC94B420A1DF791F2
4320WinRAR.exeC:\Users\admin\Downloads\general (FAKE TLS AUTO).battext
MD5:84F88648F6B2D68B88E0325FD40F8429
SHA256:08A95CB237E4D4A5C753E7F8D21AEFDBBC79976F242533D3E18272E763AC3ECF
4320WinRAR.exeC:\Users\admin\Downloads\general (ALT5).battext
MD5:68DE5784A9BB56A80E70726EDE309B75
SHA256:9793DFE135E45D53BF28F4B977044298E6770935F1EB6F3D36CEE8861E589596
4320WinRAR.exeC:\Users\admin\Downloads\general (МГТС2).battext
MD5:BCB1EF8E77620113ECFAE2424190BDE8
SHA256:F9D873FC09F0852245E7ED67B0213FA2E08F21AF29C8F158064C04AB85F90062
4320WinRAR.exeC:\Users\admin\Downloads\general (FAKE TLS).battext
MD5:DCA4E32491E58815FBC3A0D4C0C1C349
SHA256:3E0FD76E3BB65F65A692A3E40DEF8ED2E89437BF63E0FB1BD8A075213A5702C2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
30
DNS requests
25
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.55.110.211:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
504
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3840
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2940
svchost.exe
GET
200
104.76.201.34:80
http://x1.c.lencr.org/
unknown
whitelisted
3840
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
3976
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1268
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6900
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
23.55.110.211:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
5944
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
504
svchost.exe
20.190.159.130:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
504
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
whitelisted
google.com
  • 142.250.186.142
whitelisted
crl.microsoft.com
  • 23.55.110.211
  • 23.55.110.193
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
login.live.com
  • 20.190.159.130
  • 20.190.159.68
  • 20.190.159.71
  • 20.190.159.64
  • 40.126.31.0
  • 20.190.159.2
  • 20.190.159.73
  • 40.126.31.69
  • 20.190.160.3
  • 40.126.32.136
  • 40.126.32.68
  • 20.190.160.20
  • 20.190.160.132
  • 20.190.160.5
  • 20.190.160.2
  • 20.190.160.17
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted
self.events.data.microsoft.com
  • 20.50.201.200
whitelisted
client.wns.windows.com
  • 172.211.123.249
  • 172.211.123.250
whitelisted

Threats

PID
Process
Class
Message
2200
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
Not Suspicious Traffic
ET INFO Windows Powershell User-Agent Usage
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
zapret-discord-youtube-1.8.3.zip