File name:

zapret-discord-youtube-1.9.8c (extract.me).zip

Full analysis: https://app.any.run/tasks/49a3458d-f234-4068-a530-9ea8eb8f3794
Verdict: Malicious activity
Analysis date: May 20, 2026, 13:48:34
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
windivert-sys
mal-driver
arch-exec
arch-scr
arch-doc
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

DD2AFB7A6FF7E71A12E6EC3870E7CBDE

SHA1:

41CDA0123717FBC1F4B6349D8D5DD57365BA7D0E

SHA256:

409AF2173B47293D4AADF281FB5E426D4ED63CCAD7435EE80243599376AABDC7

SSDEEP:

49152:MGNXx8dZ2GejpqlpbteGWWKVr4oARN/pJ0wX5MzncN2Wv7JqVvGt8Li2lWqZfQS1:MG9iBAqlpbtrWLMH0tzncAIqVv08Li27

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Malicious driver has been detected

      • WinRAR.exe (PID: 8008)
      • WinRAR.exe (PID: 2676)

  • SUSPICIOUS

    • Executing commands from a ".bat" file

      • WinRAR.exe (PID: 8008)
      • WinRAR.exe (PID: 2676)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 7508)
      • cmd.exe (PID: 7248)
      • cmd.exe (PID: 2340)
      • cmd.exe (PID: 6472)
      • cmd.exe (PID: 680)
      • cmd.exe (PID: 2392)
      • cmd.exe (PID: 4968)
      • cmd.exe (PID: 6840)
      • cmd.exe (PID: 2840)

    • Starts application with an unusual extension

      • cmd.exe (PID: 7508)
      • cmd.exe (PID: 7248)
      • cmd.exe (PID: 2340)
      • cmd.exe (PID: 6472)
      • cmd.exe (PID: 680)
      • cmd.exe (PID: 2392)

  • INFO

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 8008)
      • WinRAR.exe (PID: 2676)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 8008)
      • WinRAR.exe (PID: 2676)

    • Checks supported languages

      • chcp.com (PID: 7768)
      • chcp.com (PID: 7504)
      • chcp.com (PID: 2456)
      • chcp.com (PID: 736)
      • chcp.com (PID: 5224)
      • chcp.com (PID: 6684)

    • Changes the display of characters in the console

      • cmd.exe (PID: 7508)
      • cmd.exe (PID: 7248)
      • cmd.exe (PID: 2340)
      • cmd.exe (PID: 6472)
      • cmd.exe (PID: 680)
      • cmd.exe (PID: 2392)

    • Manual execution by a user

      • WinRAR.exe (PID: 2676)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2026:05:20 16:30:54
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: bin/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
165
Monitored processes
27
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start THREAT winrar.exe no specs slui.exe cmd.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs conhost.exe no specs chcp.com no specs THREAT winrar.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
680C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\Rar$DIa8008.29545\general (ALT).bat" "C:\Windows\System32\cmd.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
736chcp 65001 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
2092\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2220\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2340C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\Rar$DIa8008.22088\general (ALT).bat" "C:\Windows\System32\cmd.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
2392C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\Rar$DIa2676.31314\general (ALT).bat" "C:\Windows\System32\cmd.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
2456chcp 65001 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
2676"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\zapret-discord-youtube-1.9.8c (extract.me).zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2832\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2840C:\WINDOWS\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\Rar$DIa2676.34495\service.bat" "C:\Windows\System32\cmd.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
c:\windows\system32\advapi32.dll
Total events
11 792
Read events
11 753
Write events
39
Delete events
0

Modification events

(PID) Process:(8008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(8008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(8008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Downloads\chromium_build 1.zip
(PID) Process:(8008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(8008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(8008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(8008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(4684) slui.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3d\52C64B7E
Operation:writeName:@%SystemRoot%\System32\sppcomapi.dll,-3200
Value:
Software Licensing
(PID) Process:(8008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\zapret-discord-youtube-1.9.8c (extract.me).zip
(PID) Process:(8008) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\ArcColumnWidths
Operation:writeName:name
Value:
256
Executable files
0
Suspicious files
6
Text files
10
Unknown types
0

Dropped files

PID
Process
Filename
Type
8008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa8008.17235\general (ALT).battext
MD5:CADB63E600829D6D26AAAC973D55D89D
SHA256:C6DFF44EA3C7159788077E31A8E35929EAB1C0270FB86F5490D44B1FD049A6FC
8008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa8008.21216\general (ALT).battext
MD5:CADB63E600829D6D26AAAC973D55D89D
SHA256:C6DFF44EA3C7159788077E31A8E35929EAB1C0270FB86F5490D44B1FD049A6FC
8008WinRAR.exeC:\Users\admin\AppData\Local\Temp\zapret-discord-youtube-1.9.8c (extract.me).zipcompressed
MD5:77127760409635A87F5F1E8E8362B33E
SHA256:EA0EBC28B981BD3EAE710F16D78FD12D1ADA54A917FBE3C5CD0B9DD5ECDAE332
8008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa8008.29545\general (ALT).battext
MD5:CADB63E600829D6D26AAAC973D55D89D
SHA256:C6DFF44EA3C7159788077E31A8E35929EAB1C0270FB86F5490D44B1FD049A6FC
2676WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa2676.31314\general (ALT).battext
MD5:CADB63E600829D6D26AAAC973D55D89D
SHA256:C6DFF44EA3C7159788077E31A8E35929EAB1C0270FB86F5490D44B1FD049A6FC
8008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa8008.22088\general (ALT).battext
MD5:CADB63E600829D6D26AAAC973D55D89D
SHA256:C6DFF44EA3C7159788077E31A8E35929EAB1C0270FB86F5490D44B1FD049A6FC
8008WinRAR.exeC:\Users\admin\AppData\Local\Temp\__rzi_8008.7646compressed
MD5:0357596C0E38A10A4B99DCA2032419CC
SHA256:9CD5469309780CA56C0BD97266524A48C7EE529D02C3179CFECB20B260A59641
8008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa8008.27258\general (ALT).battext
MD5:CADB63E600829D6D26AAAC973D55D89D
SHA256:C6DFF44EA3C7159788077E31A8E35929EAB1C0270FB86F5490D44B1FD049A6FC
8008WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa8008.18503\general (ALT).battext
MD5:CADB63E600829D6D26AAAC973D55D89D
SHA256:C6DFF44EA3C7159788077E31A8E35929EAB1C0270FB86F5490D44B1FD049A6FC
2676WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa2676.34495\service.battext
MD5:A3E7586630D7EDA33A637B761BD28FFD
SHA256:005197067AE3752A99FD14863E3051A4AF479B22A718B7AF221F7046449568D4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
39
TCP/UDP connections
29
DNS requests
23
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5276
MoUsoCoreWorker.exe
GET
304
48.209.138.189:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
6844
SIHClient.exe
GET
304
74.178.240.61:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
6844
SIHClient.exe
GET
200
74.178.240.51:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
5316
svchost.exe
POST
200
40.126.31.3:443
https://login.live.com/RST2.srf
US
xml
1.24 Kb
whitelisted
6844
SIHClient.exe
GET
200
74.178.240.61:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
6844
SIHClient.exe
GET
304
74.178.240.61:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
5316
svchost.exe
POST
400
40.126.31.3:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
204 b
whitelisted
5316
svchost.exe
POST
400
40.126.31.3:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
203 b
whitelisted
3352
svchost.exe
GET
304
48.209.138.189:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
whitelisted
5316
svchost.exe
POST
400
40.126.31.3:443
https://login.live.com/ppsecure/deviceaddcredential.srf
US
text
204 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5276
MoUsoCoreWorker.exe
48.209.138.168:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
3352
svchost.exe
48.209.138.168:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6116
slui.exe
48.192.1.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
2.16.241.197:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
23.11.40.157:80
ocsp.digicert.com
AKAMAI-AMS
NL
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
3428
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5316
svchost.exe
40.126.31.3:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 48.209.138.168
  • 48.209.133.15
  • 48.209.138.189
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.65
whitelisted
www.bing.com
  • 2.16.241.197
  • 2.16.241.223
  • 2.16.241.219
  • 2.16.241.227
  • 2.16.241.209
  • 2.16.241.218
  • 2.16.241.215
  • 2.16.241.217
  • 2.16.241.222
whitelisted
ocsp.digicert.com
  • 23.11.40.157
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
google.com
  • 142.250.154.113
  • 142.250.154.139
  • 142.250.154.101
  • 142.250.154.138
  • 142.250.154.100
  • 142.250.154.102
whitelisted
client.wns.windows.com
  • 172.211.123.249
  • 172.211.123.248
whitelisted
login.live.com
  • 40.126.31.3
  • 40.126.31.129
  • 40.126.31.131
  • 20.190.159.4
  • 40.126.31.73
  • 40.126.31.69
  • 20.190.159.0
  • 40.126.31.71
whitelisted
crl.microsoft.com
  • 184.24.77.27
  • 184.24.77.29
  • 184.24.77.11
  • 184.24.77.24
  • 184.24.77.25
  • 184.24.77.18
  • 184.24.77.22
  • 184.24.77.10
  • 184.24.77.19
  • 184.24.77.41
  • 184.24.77.6
  • 184.24.77.34
  • 184.24.77.7
  • 184.24.77.35
  • 184.24.77.37
whitelisted
www.microsoft.com
  • 72.246.29.11
  • 23.52.181.212
  • 2.23.246.101
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
zapret-discord-youtube-1.9.8c (extract.me).zip