File name:

zapret-discord-youtube-1.8.1.zip

Full analysis: https://app.any.run/tasks/3cf32ef1-aba9-4e55-afc5-72ec12e56019
Verdict: Malicious activity
Analysis date: June 30, 2025, 03:41:52
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
windivert-sys
mal-driver
arch-exec
arch-doc
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

9C89182226E73F03E9E1C09C9EF10C2C

SHA1:

F029742BA3834EC9AF4465EA4AA80CF94DE3B335

SHA256:

30698809A1EBF51A4A44E914000235069EFAC911A104C3FD2FC04748CFE5059B

SSDEEP:

49152:cvw/Cv8X9eQS0s7eWvRlefNYLw1yD1LE6tVz64qEu1KufrHNW3FzmUS74G6+hefm:x/e8teQzUJRlSNYLeyD1DhdqCirtW3FY

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Malicious driver has been detected

      • WinRAR.exe (PID: 5080)

    • Detects Cygwin installation

      • WinRAR.exe (PID: 5080)

    • Starts NET.EXE for service management

      • cmd.exe (PID: 2192)
      • net.exe (PID: 1352)

  • SUSPICIOUS

    • Drops a system driver (possible attempt to evade defenses)

      • WinRAR.exe (PID: 5080)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 2800)

    • Starts process via Powershell

      • powershell.exe (PID: 3636)

    • Executing commands from a ".bat" file

      • powershell.exe (PID: 3636)
      • cmd.exe (PID: 2192)

    • Starts CMD.EXE for commands execution

      • powershell.exe (PID: 3636)
      • cmd.exe (PID: 2192)

    • Starts application with an unusual extension

      • cmd.exe (PID: 2192)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 2192)

    • Application launched itself

      • cmd.exe (PID: 2192)

    • Hides command output

      • cmd.exe (PID: 888)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 2192)

    • Creates a new Windows service

      • sc.exe (PID: 432)

    • Windows service management via SC.EXE

      • sc.exe (PID: 684)
      • sc.exe (PID: 2388)
      • sc.exe (PID: 3000)

    • Executes as Windows Service

      • winws.exe (PID: 2468)

  • INFO

    • The sample compiled with english language support

      • WinRAR.exe (PID: 5080)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 5080)

    • Manual execution by a user

      • cmd.exe (PID: 2800)

    • Checks supported languages

      • chcp.com (PID: 3924)
      • chcp.com (PID: 1984)
      • chcp.com (PID: 5104)
      • chcp.com (PID: 6636)
      • winws.exe (PID: 2468)
      • chcp.com (PID: 4968)

    • Changes the display of characters in the console

      • cmd.exe (PID: 2192)

    • Reads the computer name

      • winws.exe (PID: 2468)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2025:06:20 14:39:12
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: bin/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
219
Monitored processes
85
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start THREAT winrar.exe rundll32.exe no specs slui.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs cmd.exe conhost.exe no specs chcp.com no specs findstr.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs net.exe no specs net1.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs winws.exe no specs chcp.com no specs findstr.exe no specs chcp.com no specs

Process information

PID
CMD
Path
Indicators
Parent process
72findstr ":" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
432sc create zapret binPath= "\"C:\Users\admin\Desktop\Zapret\bin\winws.exe\" --wf-tcp 80,443,1024-65535 --wf-udp 443,50000-50100,1024-65535 --filter-udp 443 --hostlist \"C:\Users\admin\Desktop\Zapret\lists\list-general.txt\" --dpi-desync fake --dpi-desync-repeats 6 --dpi-desync-fake-quic \"C:\Users\admin\Desktop\Zapret\bin\quic_initial_www_google_com.bin\" --new --filter-udp 50000-50100 --filter-l7 discord,stun --dpi-desync fake --dpi-desync-repeats 6 --new --filter-tcp 80 --hostlist \"C:\Users\admin\Desktop\Zapret\lists\list-general.txt\" --dpi-desync fake,split2 --dpi-desync-autottl 2 --dpi-desync-fooling md5sig --new --filter-tcp 443 --hostlist \"C:\Users\admin\Desktop\Zapret\lists\list-general.txt\" --dpi-desync split2 --dpi-desync-repeats 2 --dpi-desync-split-seqovl 681 --dpi-desync-split-pos 1 --dpi-desync-fooling badseq,hopbyhop2 --dpi-desync-split-seqovl-pattern \"C:\Users\admin\Desktop\Zapret\bin\tls_clienthello_www_google_com.bin\" --new --filter-udp 443 --ipset \"C:\Users\admin\Desktop\Zapret\lists\ipset-all.txt\" --dpi-desync fake --dpi-desync-repeats 6 --dpi-desync-fake-quic \"C:\Users\admin\Desktop\Zapret\bin\quic_initial_www_google_com.bin\" --new --filter-tcp 80 --ipset \"C:\Users\admin\Desktop\Zapret\lists\ipset-all.txt\" --dpi-desync fake,split2 --dpi-desync-autottl 2 --dpi-desync-fooling md5sig --new --filter-tcp 443,1024-65535 --ipset \"C:\Users\admin\Desktop\Zapret\lists\ipset-all.txt\" --dpi-desync split2 --dpi-desync-split-seqovl 681 --dpi-desync-split-pos 1 --dpi-desync-fooling badseq,hopbyhop2 --dpi-desync-split-seqovl-pattern \"C:\Users\admin\Desktop\Zapret\bin\tls_clienthello_www_google_com.bin\" --new --filter-udp 1024-65535 --ipset \"C:\Users\admin\Desktop\Zapret\lists\ipset-all.txt\" --dpi-desync fake --dpi-desync-autottl 2 --dpi-desync-repeats 12 --dpi-desync-any-protocol 1 --dpi-desync-fake-unknown-udp \"C:\Users\admin\Desktop\Zapret\bin\quic_initial_www_google_com.bin\" --dpi-desync-cutoff n2" DisplayName= "zapret" start= autoC:\Windows\System32\sc.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
632C:\WINDOWS\system32\cmd.exe /S /D /c" echo %LISTS%list-general.txt "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
684sc delete zapret C:\Windows\System32\sc.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
1060
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
888C:\WINDOWS\system32\cmd.exe /S /D /c" echo chcp 65001 > nul "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
1216findstr ":" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1324C:\WINDOWS\system32\cmd.exe /S /D /c" echo %BIN%tls_clienthello_www_google_com.bin "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
1352findstr /i "winws.exe" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1352net stop zapret C:\Windows\System32\net.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\net.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\mpr.dll
1512findstr /i "winws.exe" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
Total events
10 164
Read events
10 140
Write events
24
Delete events
0

Modification events

(PID) Process:(5080) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(5080) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(5080) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(5080) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(5080) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(5080) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\zapret-discord-youtube-1.8.1.zip
(PID) Process:(5080) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(5080) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(5080) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(5080) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
4
Suspicious files
3
Text files
20
Unknown types
0

Dropped files

PID
Process
Filename
Type
5080WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5080.25110\bin\cygwin1.dllexecutable
MD5:A1C82ED072DC079DD7851F82D9AA7678
SHA256:103104A52E5293CE418944725DF19E2BF81AD9269B9A120D71D39028E821499B
5080WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5080.25110\general (ALT3).battext
MD5:05E6BED20602B7446CE108AF184937AA
SHA256:52C9615FAC65EF030CB31BAB6C5226A1A86216C52570F19964506F0990AD3296
5080WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5080.25110\bin\WinDivert.dllexecutable
MD5:B2014D33EE645112D5DC16FE9D9FCBFF
SHA256:C1E060EE19444A259B2162F8AF0F3FE8C4428A1C6F694DCE20DE194AC8D7D9A2
5080WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5080.25110\bin\game_filter.enabledtext
MD5:9E57D6BDA4BEC067FF636FE400AF6EA5
SHA256:02FA0E83883800772EC3462347E9A9F623FA3E13BE7D4DE7E0B2CB7E425AB212
5080WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5080.25110\general (МГТС2).battext
MD5:EB668BCDF6EA1E4F9FAAC7903592AC1A
SHA256:F4257045772DE124E1AADD1A1F5D89932687092E167E0AA11E68601B69FF3B0C
5080WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5080.25110\bin\quic_initial_www_google_com.binbinary
MD5:312526D39958D89B1F8AB67789AB985F
SHA256:F4589C57749F956BB30538197A521D7005F8B0A8723B4707E72405E51DDAC50A
5080WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5080.25110\bin\tls_clienthello_www_google_com.binbinary
MD5:41E47557F16690DF1781F67C8712714E
SHA256:F966351AE376963DFFBCB5B94256872649B9CDAAB8C5175025936FA50E07DC19
5080WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5080.25110\general (ALT).battext
MD5:4CBFC3D0DC8D04E3BC5F94DD93EC2857
SHA256:AF117A9F7EF0668B6CA14AEB8CE40EA21D8D008DDA3636627DF60ED8B22B77B2
5080WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5080.25110\bin\WinDivert64.sysexecutable
MD5:89ED5BE7EA83C01D0DE33D3519944AA5
SHA256:8DA085332782708D8767BCACE5327A6EC7283C17CFB85E40B03CD2323A90DDC2
5080WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5080.25110\general (ALT5).battext
MD5:374635972157D5CEF34340C1FD697E04
SHA256:5A4688161D1CDE8043511CC111464DEE9C8226C611AB7C1F048CA4F11169F084
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
23
DNS requests
15
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
2.20.245.139:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1180
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1180
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7020
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
3964
RUXIMICS.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
2.20.245.139:80
crl.microsoft.com
Akamai International B.V.
SE
whitelisted
1268
svchost.exe
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
7020
svchost.exe
20.190.159.130:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7020
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.184.238
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.20.245.139
  • 2.20.245.137
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
login.live.com
  • 20.190.159.130
  • 20.190.159.64
  • 40.126.31.129
  • 20.190.159.73
  • 40.126.31.71
  • 20.190.159.128
  • 20.190.159.0
  • 40.126.31.2
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
nexusrules.officeapps.live.com
  • 52.111.243.31
whitelisted
slscr.update.microsoft.com
  • 4.175.87.197
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 40.69.42.241
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
zapret-discord-youtube-1.8.1.zip