File name:

zapret-discord-youtube-1.9.8.rar

Full analysis: https://app.any.run/tasks/752333e2-698b-41d5-a61f-4981ae108adf
Verdict: Malicious activity
Analysis date: April 30, 2026, 23:56:35
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
windivert-sys
mal-driver
arch-exec
arch-scr
arch-doc
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

062A3BC59C5FD31F1FC41B4766EBBD30

SHA1:

23A9806024498F62B6E05F0A8CFEE45A91D8F05C

SHA256:

522E24D6CF1E63A4EA77DB209B8E4425DDB5E7168EE89F3A4E0A107F68A2520B

SSDEEP:

49152:fyRZ33TZ6b4FMyNCQMf5udb/DNj7Ze9rm45sDC69wDe1fwTCFvppsBS9VWIwQtkZ:KRz6b4utV58b/Jj789rv5D6uDefjFvpO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Detects Cygwin installation

      • WinRAR.exe (PID: 4624)

    • Malicious driver has been detected

      • WinRAR.exe (PID: 4624)

    • Starts NET.EXE for service management

      • cmd.exe (PID: 3420)
      • net.exe (PID: 6536)

    • Changes powershell execution policy (Bypass)

      • cmd.exe (PID: 3420)

  • SUSPICIOUS

    • Starts CMD.EXE with special quote handling

      • cmd.exe (PID: 2220)
      • cmd.exe (PID: 7848)
      • cmd.exe (PID: 3320)
      • cmd.exe (PID: 7884)
      • cmd.exe (PID: 6060)
      • cmd.exe (PID: 5616)
      • cmd.exe (PID: 2156)
      • cmd.exe (PID: 3748)
      • cmd.exe (PID: 4504)
      • cmd.exe (PID: 6096)
      • cmd.exe (PID: 664)
      • cmd.exe (PID: 1864)
      • cmd.exe (PID: 8104)
      • cmd.exe (PID: 7316)
      • cmd.exe (PID: 2996)
      • cmd.exe (PID: 1772)
      • cmd.exe (PID: 3140)
      • cmd.exe (PID: 7188)
      • cmd.exe (PID: 7900)
      • cmd.exe (PID: 7368)
      • cmd.exe (PID: 7320)
      • cmd.exe (PID: 6884)
      • cmd.exe (PID: 8028)
      • cmd.exe (PID: 3016)
      • cmd.exe (PID: 2452)
      • cmd.exe (PID: 3460)
      • cmd.exe (PID: 3448)
      • cmd.exe (PID: 4280)
      • cmd.exe (PID: 6084)
      • cmd.exe (PID: 3276)
      • cmd.exe (PID: 4680)
      • cmd.exe (PID: 8180)
      • cmd.exe (PID: 7988)
      • cmd.exe (PID: 4932)
      • cmd.exe (PID: 4592)
      • cmd.exe (PID: 7684)
      • cmd.exe (PID: 5564)
      • cmd.exe (PID: 6844)
      • cmd.exe (PID: 7336)
      • cmd.exe (PID: 3156)
      • cmd.exe (PID: 2576)
      • cmd.exe (PID: 5764)
      • cmd.exe (PID: 8148)
      • cmd.exe (PID: 6092)
      • cmd.exe (PID: 552)
      • cmd.exe (PID: 5884)
      • cmd.exe (PID: 7856)
      • cmd.exe (PID: 1108)
      • cmd.exe (PID: 7504)
      • cmd.exe (PID: 6816)
      • cmd.exe (PID: 5716)
      • cmd.exe (PID: 4772)
      • cmd.exe (PID: 2528)
      • cmd.exe (PID: 6208)
      • cmd.exe (PID: 7212)
      • cmd.exe (PID: 1824)
      • cmd.exe (PID: 8088)
      • cmd.exe (PID: 5712)
      • cmd.exe (PID: 1500)
      • cmd.exe (PID: 7484)
      • cmd.exe (PID: 2652)
      • cmd.exe (PID: 2328)
      • cmd.exe (PID: 6044)
      • cmd.exe (PID: 6180)
      • cmd.exe (PID: 2432)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 5788)
      • cmd.exe (PID: 3276)
      • cmd.exe (PID: 3420)

    • Starts process via Powershell

      • powershell.exe (PID: 1500)

    • Starts CMD.EXE with AutoRun commands disabled

      • cmd.exe (PID: 2220)
      • cmd.exe (PID: 7848)
      • cmd.exe (PID: 6060)
      • cmd.exe (PID: 3320)
      • cmd.exe (PID: 7884)
      • cmd.exe (PID: 3748)
      • cmd.exe (PID: 8104)
      • cmd.exe (PID: 4504)
      • cmd.exe (PID: 2156)
      • cmd.exe (PID: 5616)
      • cmd.exe (PID: 6096)
      • cmd.exe (PID: 664)
      • cmd.exe (PID: 1864)
      • cmd.exe (PID: 2996)
      • cmd.exe (PID: 7316)
      • cmd.exe (PID: 7368)
      • cmd.exe (PID: 1772)
      • cmd.exe (PID: 3140)
      • cmd.exe (PID: 7900)
      • cmd.exe (PID: 7320)
      • cmd.exe (PID: 6884)
      • cmd.exe (PID: 8028)
      • cmd.exe (PID: 7188)
      • cmd.exe (PID: 2452)
      • cmd.exe (PID: 3016)
      • cmd.exe (PID: 3460)
      • cmd.exe (PID: 4680)
      • cmd.exe (PID: 4280)
      • cmd.exe (PID: 6084)
      • cmd.exe (PID: 3276)
      • cmd.exe (PID: 3448)
      • cmd.exe (PID: 8180)
      • cmd.exe (PID: 7988)
      • cmd.exe (PID: 4932)
      • cmd.exe (PID: 4592)
      • cmd.exe (PID: 7684)
      • cmd.exe (PID: 5564)
      • cmd.exe (PID: 6844)
      • cmd.exe (PID: 7336)
      • cmd.exe (PID: 3156)
      • cmd.exe (PID: 2576)
      • cmd.exe (PID: 5764)
      • cmd.exe (PID: 8148)
      • cmd.exe (PID: 6092)
      • cmd.exe (PID: 552)
      • cmd.exe (PID: 5716)
      • cmd.exe (PID: 5884)
      • cmd.exe (PID: 7856)
      • cmd.exe (PID: 1108)
      • cmd.exe (PID: 7504)
      • cmd.exe (PID: 1500)
      • cmd.exe (PID: 4772)
      • cmd.exe (PID: 7212)
      • cmd.exe (PID: 6208)
      • cmd.exe (PID: 8088)
      • cmd.exe (PID: 5712)
      • cmd.exe (PID: 2652)
      • cmd.exe (PID: 6816)
      • cmd.exe (PID: 7484)
      • cmd.exe (PID: 2528)
      • cmd.exe (PID: 1824)
      • cmd.exe (PID: 2328)
      • cmd.exe (PID: 6044)
      • cmd.exe (PID: 6180)
      • cmd.exe (PID: 2432)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 3420)
      • cmd.exe (PID: 5788)
      • cmd.exe (PID: 2324)
      • cmd.exe (PID: 3276)
      • cmd.exe (PID: 7708)
      • cmd.exe (PID: 7464)
      • cmd.exe (PID: 2368)
      • cmd.exe (PID: 7856)

    • The process bypasses the loading of PowerShell profile settings

      • cmd.exe (PID: 5788)
      • cmd.exe (PID: 3276)
      • cmd.exe (PID: 3420)

    • Executing commands from a ".bat" file

      • powershell.exe (PID: 1500)
      • cmd.exe (PID: 3420)

    • Hides command output

      • cmd.exe (PID: 2324)
      • cmd.exe (PID: 6060)
      • cmd.exe (PID: 7464)
      • cmd.exe (PID: 7856)
      • cmd.exe (PID: 2368)

    • Drops a system driver (possible attempt to evade defenses)

      • WinRAR.exe (PID: 4624)

    • Starts application with an unusual extension

      • cmd.exe (PID: 3420)

    • Probably obfuscated PowerShell command line is found

      • cmd.exe (PID: 3276)

    • Creates a new Windows service

      • sc.exe (PID: 5140)

    • Windows service management via SC.EXE

      • sc.exe (PID: 1656)
      • sc.exe (PID: 7324)
      • sc.exe (PID: 4044)

    • Executes as Windows Service

      • winws.exe (PID: 5988)

    • Suspicious use of NETSH.EXE

      • cmd.exe (PID: 3420)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 4600)

    • Uses REG/REGEDIT.EXE to modify or delete registry entries

      • cmd.exe (PID: 3420)

    • Creates or modifies Windows services

      • reg.exe (PID: 7708)

    • Checks a user's role membership (POWERSHELL)

      • powershell.exe (PID: 4600)

  • INFO

    • Checks supported languages

      • chcp.com (PID: 5264)
      • chcp.com (PID: 7352)
      • chcp.com (PID: 2528)
      • chcp.com (PID: 5384)
      • chcp.com (PID: 4524)
      • chcp.com (PID: 6148)
      • winws.exe (PID: 5988)
      • chcp.com (PID: 7440)
      • chcp.com (PID: 3748)
      • chcp.com (PID: 6408)
      • chcp.com (PID: 5788)
      • chcp.com (PID: 7664)
      • chcp.com (PID: 2324)
      • chcp.com (PID: 7420)
      • chcp.com (PID: 2204)
      • chcp.com (PID: 8060)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 4624)

    • Application launched itself

      • cmd.exe (PID: 2324)
      • cmd.exe (PID: 3420)
      • cmd.exe (PID: 7464)
      • cmd.exe (PID: 7856)
      • cmd.exe (PID: 2368)

    • Manual execution by a user

      • cmd.exe (PID: 5788)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 4624)

    • Generic archive extractor

      • WinRAR.exe (PID: 4624)

    • Changes the display of characters in the console

      • cmd.exe (PID: 3420)

    • Uses string replace method (POWERSHELL)

      • powershell.exe (PID: 3324)

    • Reads the computer name

      • winws.exe (PID: 5988)

    • Returns hidden items found within a container (POWERSHELL)

      • conhost.exe (PID: 7612)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)

EXIF

ZIP

FileVersion: RAR v5
CompressedSize: 100
UncompressedSize: 100
OperatingSystem: Unix
ArchivedFileName: bin/stun.bin
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
316
Monitored processes
183
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start THREAT winrar.exe cmd.exe no specs conhost.exe no specs where.exe no specs powershell.exe no specs cmd.exe conhost.exe no specs where.exe no specs where.exe no specs where.exe no specs where.exe no specs chcp.com no specs cmd.exe no specs cmd.exe no specs find.exe no specs findstr.exe no specs chcp.com no specs chcp.com no specs chcp.com no specs cmd.exe no specs powershell.exe no specs cmd.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs netsh.exe no specs findstr.exe no specs findstr.exe no specs netsh.exe no specs net.exe no specs net1.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs winws.exe no specs reg.exe no specs chcp.com no specs cmd.exe no specs cmd.exe no specs find.exe no specs findstr.exe no specs chcp.com no specs chcp.com no specs chcp.com no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs cmd.exe no specs find.exe no specs findstr.exe no specs chcp.com no specs chcp.com no specs chcp.com no specs powershell.exe no specs chcp.com no specs cmd.exe no specs cmd.exe no specs find.exe no specs findstr.exe no specs chcp.com no specs chcp.com no specs

Process information

PID
CMD
Path
Indicators
Parent process
552C:\WINDOWS\system32\cmd.exe /S /D /c" echo %BIN%quic_initial_www_google_com.bin "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
664C:\WINDOWS\system32\cmd.exe /S /D /c" echo set "LISTS=%~dp0lists\" "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
672findstr /i "winws.exe" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
736findstr /i "winws.exe" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1108C:\WINDOWS\system32\cmd.exe /S /D /c" echo %LISTS%list-exclude-user.txt "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
1500powershell -NoProfile -Command "Start-Process 'cmd.exe' -ArgumentList '/c \"\"C:\Users\admin\Desktop\zapret-discord-youtube-1.9.8\service.bat\" admin\"' -Verb RunAs"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1500C:\WINDOWS\system32\cmd.exe /S /D /c" echo %LISTS%ipset-exclude-user.txt "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
1652findstr ":" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1656sc delete zapret C:\Windows\System32\sc.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
1060
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
1772C:\WINDOWS\system32\cmd.exe /S /D /c" echo %LISTS%list-general.txt "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
4
Suspicious files
7
Text files
43
Unknown types
0

Dropped files

PID
Process
Filename
Type
4624WinRAR.exeC:\Users\admin\Desktop\zapret-discord-youtube-1.9.8\bin\stun.binbinary
MD5:0357596C0E38A10A4B99DCA2032419CC
SHA256:9CD5469309780CA56C0BD97266524A48C7EE529D02C3179CFECB20B260A59641
4624WinRAR.exeC:\Users\admin\Desktop\zapret-discord-youtube-1.9.8\bin\cygwin1.dllexecutable
MD5:A1C82ED072DC079DD7851F82D9AA7678
SHA256:103104A52E5293CE418944725DF19E2BF81AD9269B9A120D71D39028E821499B
4624WinRAR.exeC:\Users\admin\Desktop\zapret-discord-youtube-1.9.8\bin\WinDivert64.sysexecutable
MD5:89ED5BE7EA83C01D0DE33D3519944AA5
SHA256:8DA085332782708D8767BCACE5327A6EC7283C17CFB85E40B03CD2323A90DDC2
4624WinRAR.exeC:\Users\admin\Desktop\zapret-discord-youtube-1.9.8\bin\winws.exeexecutable
MD5:D498E19BC7A79DD1EFCB6B928CBE9909
SHA256:AFFB4F69D2EA302A7ABCCD5325D81826E140DDAE014F1E070BC4A6C0DD555188
4624WinRAR.exeC:\Users\admin\Desktop\zapret-discord-youtube-1.9.8\bin\WinDivert.dllexecutable
MD5:B2014D33EE645112D5DC16FE9D9FCBFF
SHA256:C1E060EE19444A259B2162F8AF0F3FE8C4428A1C6F694DCE20DE194AC8D7D9A2
4624WinRAR.exeC:\Users\admin\Desktop\zapret-discord-youtube-1.9.8\bin\tls_clienthello_4pda_to.binbinary
MD5:E6D649DE132C3C10CB62531EF74F5B73
SHA256:EEFEAF09DDE8D69B1F176212541F63C68B314A33A335ECED99A8A29F17254DA8
4624WinRAR.exeC:\Users\admin\Desktop\zapret-discord-youtube-1.9.8\lists\list-exclude.txttext
MD5:72AF6DA1AA30598FF6261E9EA1099AEA
SHA256:C1B3832CADC4CF7AA3590E512C656AAD16CB694743F1B1515822B177A9999033
4624WinRAR.exeC:\Users\admin\Desktop\zapret-discord-youtube-1.9.8\bin\quic_initial_www_google_com.binbinary
MD5:312526D39958D89B1F8AB67789AB985F
SHA256:F4589C57749F956BB30538197A521D7005F8B0A8723B4707E72405E51DDAC50A
4624WinRAR.exeC:\Users\admin\Desktop\zapret-discord-youtube-1.9.8\bin\quic_initial_dbankcloud_ru.binbinary
MD5:5E594564FD03D52D6257356DCD25909E
SHA256:F7A1C1CFFC8F65BD47412B7CA5588653D21EEC916BB79203C9914890A62874DF
4624WinRAR.exeC:\Users\admin\Desktop\zapret-discord-youtube-1.9.8\bin\tls_clienthello_max_ru.binbinary
MD5:B2B3E684CE449B60F0BC5A9028221A08
SHA256:4EE0870ABE0A0128600B0095189987BA1D210DAE8BF963BC725AFF49CF922624
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
34
TCP/UDP connections
26
DNS requests
21
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5276
MoUsoCoreWorker.exe
GET
304
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/wsd/muse?ProcessorClockSpeed=3094&FlightIds=&UpdateOfferedDays=4294967295&BranchReadinessLevel=CB&OEMManufacturerName=DELL&IsCloudDomainJoined=0&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&sku=48&ActivationChannel=Retail&AttrDataVer=186&IsMDMEnrolled=0&ProcessorCores=6&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&TotalPhysicalRAM=6144&PrimaryDiskType=4294967295&FlightingBranchName=&ChassisTypeId=1&OEMModelNumber=DELL&SystemVolumeTotalCapacity=260281&sampleId=95271487&deviceClass=Windows.Desktop&App=muse&DisableDualScan=0&AppVer=10.0&OEMSubModel=J5CR&locale=en-US&IsAlwaysOnAlwaysConnectedCapable=0&ms=0&DefaultUserRegion=244&UpdateServiceUrl=http%3A%2F%2Fneverupdatewindows10.com&osVer=10.0.19045.4046.amd64fre.vb_release.191206-1406&os=windows&deviceId=s%3ABAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&DeferQualityUpdatePeriodInDays=0&ring=Retail&DeferFeatureUpdatePeriodInDays=30
US
whitelisted
2156
SIHClient.exe
GET
304
135.233.95.144:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
2156
SIHClient.exe
GET
200
74.179.77.164:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
US
whitelisted
2156
SIHClient.exe
GET
200
135.233.95.144:443
https://slscr.update.microsoft.com/sls/ping
US
whitelisted
6076
svchost.exe
GET
200
23.216.77.28:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
2156
SIHClient.exe
GET
304
135.233.95.144:443
https://slscr.update.microsoft.com/SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
US
whitelisted
6076
svchost.exe
GET
304
20.73.194.208:443
https://settings-win.data.microsoft.com/settings/v3.0/WSD/UpdateHealthTools?os=Windows&osVer=10.0.19041.1.amd64fre.vb_release.191206-&sku=48&deviceClass=Windows.Desktop&locale=en-US&deviceId=s:BAD99146-31D3-4EC6-A1A4-BE76F32BA5D4&sampleId=s:95271487&appVer=10.0.19041.3626&FlightRing=Retail&TelemetryLevel=1&HidOverGattReg=C%3A%5CWINDOWS%5CSystem32%5CDriverStore%5CFileRepository%5Chidbthle.inf_amd64_9610b4821fdf82a5%5CMicrosoft.Bluetooth.Profiles.HidOverGatt.dll&AppVer=&ProcessorIdentifier=AMD64%20Family%2023%20Model%201%20Stepping%202&OEMModel=DELL&UpdateOfferedDays=4294967295&ProcessorManufacturer=AuthenticAMD&InstallDate=1661339444&OEMModelBaseBoard=&BranchReadinessLevel=CB&OEMSubModel=J5CR&IsCloudDomainJoined=0&DeferFeatureUpdatePeriodInDays=30&IsDeviceRetailDemo=0&FlightingBranchName=&OSUILocale=en-US&DeviceFamily=Windows.Desktop&WuClientVer=10.0.19041.3996&UninstallActive=1&IsFlightingEnabled=0&OSSkuId=48&ProcessorClockSpeed=3094&TotalPhysicalRAM=6144&SecureBootCapable=0&App=SedimentPack&ProcessorCores=6&CurrentBranch=vb_release&InstallLanguage=en-US&DeferQualityUpdatePeriodInDays=0&OEMName_Uncleaned=DELL&TPMVersion=0&PrimaryDiskTotalCapacity=262144&InstallationType=Client&AttrDataVer=186&ProcessorModel=AMD%20Ryzen%205%203500%206-Core%20Processor&IsEdgeWithChromiumInstalled=1&OSVersion=10.0.19045.4046&IsMDMEnrolled=0&ActivationChannel=Retail&FirmwareVersion=A.40&TrendInstalledKey=1&OSArchitecture=AMD64&DefaultUserRegion=244&UpdateManagementGroup=2
US
whitelisted
6076
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
US
binary
814 b
whitelisted
GET
200
23.11.41.157:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAjTxtAB8my1oj8MfWpz%2F7Y%3D
NL
binary
312 b
whitelisted
GET
200
204.79.197.203:80
http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQ3L3%2F%2Fa6ADK8NraY2GXzVaYrHG4AQUb6t%2B2v%2BXQ3LsO2d33oJhNYhHQoUCEzMAAAAGb6JMMcOVb6sAAAAAAAY%3D
US
binary
923 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
5276
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6076
svchost.exe
23.216.77.28:80
crl.microsoft.com
AKAMAI-ASN1
NL
whitelisted
6076
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
US
whitelisted
48.192.1.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
184.86.251.18:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
23.11.41.157:80
ocsp.digicert.com
AKAMAI-AMS
NL
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.216.77.28
  • 23.216.77.6
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 23.59.18.102
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.65
whitelisted
www.bing.com
  • 184.86.251.18
  • 184.86.251.10
whitelisted
ocsp.digicert.com
  • 23.11.41.157
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
google.com
  • 142.250.154.138
  • 142.250.154.113
  • 142.250.154.100
  • 142.250.154.139
  • 142.250.154.102
  • 142.250.154.101
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
login.live.com
  • 20.190.160.67
  • 40.126.32.136
  • 20.190.160.2
  • 20.190.160.14
  • 20.190.160.132
  • 20.190.160.131
  • 20.190.160.65
  • 40.126.32.74
whitelisted

Threats

PID
Process
Class
Message
5276
MoUsoCoreWorker.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
zapret-discord-youtube-1.9.8.rar