File name:

zapret-discord-youtube-1.6.1 (1).rar

Full analysis: https://app.any.run/tasks/3bccace7-5c1c-4b1f-9a5f-cd52a03cd1ab
Verdict: Malicious activity
Analysis date: December 13, 2024, 14:33:34
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-doc
github
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

DB6DDF779FEDE5B17A289880EB2CE217

SHA1:

DF3ACA68FB4D28116FD17C286907DE4709E50F2A

SHA256:

2AAC3961D99AB14BEE7BC9D4CC3ABDA083050BE23456BF15C4BAA2B580CF9B70

SSDEEP:

49152:nD2pC3Q/k0bvTtqsyTDWaxsJ/tfjnlcNw7hqnFTII6w8b+IWx8n/cYZrECWSBVcx:Dx3Q/k0dYT6axYhzIZnFkI6fHRcYZr/C

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Detects Cygwin installation

      • WinRAR.exe (PID: 6236)

    • Starts NET.EXE for service management

      • cmd.exe (PID: 4228)
      • net.exe (PID: 4980)

  • SUSPICIOUS

    • Drops a system driver (possible attempt to evade defenses)

      • WinRAR.exe (PID: 6236)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 5208)
      • cmd.exe (PID: 6692)
      • powershell.exe (PID: 848)
      • cmd.exe (PID: 4228)

    • Application launched itself

      • cmd.exe (PID: 5208)
      • cmd.exe (PID: 6692)
      • cmd.exe (PID: 4228)

    • Starts application with an unusual extension

      • cmd.exe (PID: 5208)
      • cmd.exe (PID: 6692)
      • cmd.exe (PID: 7096)
      • cmd.exe (PID: 4228)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 204)
      • cmd.exe (PID: 2676)
      • cmd.exe (PID: 6828)
      • cmd.exe (PID: 7096)
      • cmd.exe (PID: 624)

    • Hides command output

      • cmd.exe (PID: 2676)
      • cmd.exe (PID: 3696)

    • Executing commands from a ".bat" file

      • powershell.exe (PID: 848)
      • cmd.exe (PID: 4228)

    • Starts process via Powershell

      • powershell.exe (PID: 848)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 4228)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 4228)

    • Executes as Windows Service

      • winws.exe (PID: 3060)

  • INFO

    • The process uses the downloaded file

      • WinRAR.exe (PID: 6236)

    • Manual execution by a user

      • cmd.exe (PID: 5208)
      • cmd.exe (PID: 6692)
      • cmd.exe (PID: 7096)

    • Checks supported languages

      • chcp.com (PID: 2216)

    • Changes the display of characters in the console

      • cmd.exe (PID: 5208)
      • cmd.exe (PID: 6692)
      • cmd.exe (PID: 7096)
      • cmd.exe (PID: 4228)

    • Reads the computer name

      • winws.exe (PID: 6516)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 6236)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6236)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)

EXIF

ZIP

FileVersion: RAR v5
CompressedSize: 2826
UncompressedSize: 7925
OperatingSystem: Win32
ArchivedFileName: README.md
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
204
Monitored processes
74
Malicious processes
3
Suspicious processes
3

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs powershell.exe no specs cmd.exe no specs powershell.exe winws.exe no specs winws.exe no specs winws.exe conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs powershell.exe no specs winws.exe no specs winws.exe no specs winws.exe conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs powershell.exe no specs cmd.exe conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs powershell.exe no specs cmd.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs net.exe no specs net1.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs winws.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
204C:\WINDOWS\system32\cmd.exe /c powershell -command "[datetime]::Now.ToString('yyyy-MM-dd HH:mm:ss')"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
520"C:\Users\admin\Desktop\New folder\bin\winws.exe" --wf-tcp=80,443 --wf-udp=443,50000-50100 --filter-udp=443 --hostlist="list-general.txt" --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fake-quic="C:\Users\admin\Desktop\New folder\bin\quic_initial_www_google_com.bin" --new --filter-udp=50000-50100 --ipset="ipset-discord.txt" --dpi-desync=fake --dpi-desync-any-protocol --dpi-desync-cutoff=d3 --dpi-desync-repeats=6 --new --filter-tcp=80 --hostlist="list-general.txt" --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --new --filter-tcp=443 --hostlist="list-general.txt" --dpi-desync=fake --dpi-desync-autottl=2 --dpi-desync-repeats=6 --dpi-desync-fooling=badseq --dpi-desync-fake-tls="C:\Users\admin\Desktop\New folder\bin\tls_clienthello_www_google_com.bin"C:\Users\admin\Desktop\New folder\bin\winws.exe
cmd.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\desktop\new folder\bin\winws.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\users\admin\desktop\new folder\bin\cygwin1.dll
c:\windows\system32\rpcrt4.dll
624C:\WINDOWS\system32\cmd.exe /c powershell -command "[datetime]::Now.ToString('yyyy-MM-dd HH:mm:ss')"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
848powershell -Command "Start-Process 'cmd.exe' -ArgumentList '/k \"\"C:\Users\admin\Desktop\New folder\service_install.bat\" admin\"' -Verb RunAs"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\ucrtbase.dll
1536chcp 65001 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
1588findstr /i "winws.exe" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2216chcp 437 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
2448C:\WINDOWS\system32\cmd.exe /S /D /c" echo :: 65001 - UTF-8 "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
2460findstr /i "winws.exe" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2676C:\WINDOWS\system32\cmd.exe /c powershell -command "(Invoke-WebRequest -Uri https://raw.githubusercontent.com/Flowseal/zapret-discord-youtube/refs/heads/main/.service/version.txt -Headers @{\"Cache-Control\"=\"no-cache\"} -TimeoutSec 5).Content" 2>nulC:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
Total events
23 999
Read events
23 986
Write events
13
Delete events
0

Modification events

(PID) Process:(6236) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6236) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6236) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6236) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\zapret-discord-youtube-1.6.1 (1).rar
(PID) Process:(6236) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6236) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6236) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6236) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6516) winws.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\WinDivert
Operation:writeName:EventMessageFile
Value:
C:\Users\admin\Desktop\New folder\bin\WinDivert64.sys
(PID) Process:(6516) winws.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\WinDivert
Operation:writeName:TypesSupported
Value:
7
Executable files
4
Suspicious files
3
Text files
28
Unknown types
0

Dropped files

PID
Process
Filename
Type
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\README.mdhtml
MD5:1C1C8E2DA620A9988B305ECD13E8E8FF
SHA256:A3D9D6C4BA590F5B8790BCDB68258425FD268534588A7B74E4EF926336FD653B
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\service_install.battext
MD5:55D22378709DC7EA40E84CADCED29E4A
SHA256:A77AC7ABD0ADCB995C701019BFE2D67133D6D0F94D90754046A13ADE40ADF693
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\service_goodbye_discord.battext
MD5:8B043F2A0EC87328DC40542B9739988F
SHA256:263102816588BD719FC628A75C8B73185110050564EA21A62B360F3AE545022B
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\bin\quic_initial_www_google_com.binbinary
MD5:312526D39958D89B1F8AB67789AB985F
SHA256:F4589C57749F956BB30538197A521D7005F8B0A8723B4707E72405E51DDAC50A
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\bin\tls_clienthello_www_google_com.binbinary
MD5:7AB7AD857C5B8794FBDF1091B494DC94
SHA256:E5938780152169F720383F80EABB309E9477369B83B5EC40CC137C397F862CDE
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\general (ALT).battext
MD5:F2DFDB0EC74378D6DEFC004BCFCEE491
SHA256:ADFA52BEACE1FF288D2CC20D6814E8EB04FAE5A9256B600C402F91AB94AF5886
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\bin\WinDivert64.sysexecutable
MD5:89ED5BE7EA83C01D0DE33D3519944AA5
SHA256:8DA085332782708D8767BCACE5327A6EC7283C17CFB85E40B03CD2323A90DDC2
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\bin\winws.exeexecutable
MD5:444FE359CA183016B93D8BFE398D5103
SHA256:0453FCE6906402181DBFF7E09B32181EB1C08BB002BE89849E8992B832F43B89
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\general (ALT2).battext
MD5:4B24D1B6ACA069DFFB4A55C003AD89CF
SHA256:16113CF48D720D27BEFBCDDCF26C890515D5586967A0B536838D2C8F5D42974F
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\bin\WinDivert.dllexecutable
MD5:B2014D33EE645112D5DC16FE9D9FCBFF
SHA256:C1E060EE19444A259B2162F8AF0F3FE8C4428A1C6F694DCE20DE194AC8D7D9A2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
33
DNS requests
17
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7164
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
GET
200
2.16.164.97:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7164
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1480
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
2.23.209.135:443
www.bing.com
Akamai International B.V.
GB
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
720
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.16.164.97:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
20.190.160.22:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 2.23.209.135
  • 2.23.209.140
  • 2.23.209.130
  • 2.23.209.161
  • 2.23.209.141
  • 2.23.209.149
  • 2.23.209.158
  • 2.23.209.133
  • 2.23.209.150
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.142
whitelisted
crl.microsoft.com
  • 2.16.164.97
  • 2.16.164.98
  • 2.16.164.99
  • 2.16.164.82
  • 2.16.164.106
  • 2.16.164.49
  • 2.16.164.40
  • 2.16.164.81
  • 2.16.164.34
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
login.live.com
  • 20.190.160.22
  • 40.126.32.76
  • 40.126.32.136
  • 40.126.32.140
  • 40.126.32.74
  • 20.190.160.20
  • 40.126.32.68
  • 40.126.32.138
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
zapret-discord-youtube-1.6.1 (1).rar