File name:

zapret-discord-youtube-1.6.1 (1).rar

Full analysis: https://app.any.run/tasks/3bccace7-5c1c-4b1f-9a5f-cd52a03cd1ab
Verdict: Malicious activity
Analysis date: December 13, 2024, 14:33:34
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-doc
github
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

DB6DDF779FEDE5B17A289880EB2CE217

SHA1:

DF3ACA68FB4D28116FD17C286907DE4709E50F2A

SHA256:

2AAC3961D99AB14BEE7BC9D4CC3ABDA083050BE23456BF15C4BAA2B580CF9B70

SSDEEP:

49152:nD2pC3Q/k0bvTtqsyTDWaxsJ/tfjnlcNw7hqnFTII6w8b+IWx8n/cYZrECWSBVcx:Dx3Q/k0dYT6axYhzIZnFkI6fHRcYZr/C

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Detects Cygwin installation

      • WinRAR.exe (PID: 6236)

    • Starts NET.EXE for service management

      • cmd.exe (PID: 4228)
      • net.exe (PID: 4980)

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 5208)
      • cmd.exe (PID: 6692)
      • powershell.exe (PID: 848)
      • cmd.exe (PID: 4228)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 204)
      • cmd.exe (PID: 2676)
      • cmd.exe (PID: 7096)
      • cmd.exe (PID: 624)
      • cmd.exe (PID: 6828)

    • Starts application with an unusual extension

      • cmd.exe (PID: 5208)
      • cmd.exe (PID: 6692)
      • cmd.exe (PID: 7096)
      • cmd.exe (PID: 4228)

    • Drops a system driver (possible attempt to evade defenses)

      • WinRAR.exe (PID: 6236)

    • Application launched itself

      • cmd.exe (PID: 5208)
      • cmd.exe (PID: 6692)
      • cmd.exe (PID: 4228)

    • Hides command output

      • cmd.exe (PID: 2676)
      • cmd.exe (PID: 3696)

    • Starts process via Powershell

      • powershell.exe (PID: 848)

    • Executing commands from a ".bat" file

      • powershell.exe (PID: 848)
      • cmd.exe (PID: 4228)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 4228)

    • Executes as Windows Service

      • winws.exe (PID: 3060)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 4228)

  • INFO

    • Changes the display of characters in the console

      • cmd.exe (PID: 5208)
      • cmd.exe (PID: 6692)
      • cmd.exe (PID: 7096)
      • cmd.exe (PID: 4228)

    • Checks supported languages

      • chcp.com (PID: 2216)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6236)

    • Manual execution by a user

      • cmd.exe (PID: 5208)
      • cmd.exe (PID: 6692)
      • cmd.exe (PID: 7096)

    • The process uses the downloaded file

      • WinRAR.exe (PID: 6236)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 6236)

    • Reads the computer name

      • winws.exe (PID: 6516)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)

EXIF

ZIP

FileVersion: RAR v5
CompressedSize: 2826
UncompressedSize: 7925
OperatingSystem: Win32
ArchivedFileName: README.md
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
204
Monitored processes
74
Malicious processes
3
Suspicious processes
3

Behavior graph

Click at the process to see the details
start winrar.exe rundll32.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs powershell.exe no specs cmd.exe no specs powershell.exe winws.exe no specs winws.exe no specs winws.exe conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs powershell.exe no specs winws.exe no specs winws.exe no specs winws.exe conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs powershell.exe no specs cmd.exe conhost.exe no specs chcp.com no specs chcp.com no specs cmd.exe no specs powershell.exe no specs cmd.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs net.exe no specs net1.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs sc.exe no specs winws.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
204C:\WINDOWS\system32\cmd.exe /c powershell -command "[datetime]::Now.ToString('yyyy-MM-dd HH:mm:ss')"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
520"C:\Users\admin\Desktop\New folder\bin\winws.exe" --wf-tcp=80,443 --wf-udp=443,50000-50100 --filter-udp=443 --hostlist="list-general.txt" --dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-fake-quic="C:\Users\admin\Desktop\New folder\bin\quic_initial_www_google_com.bin" --new --filter-udp=50000-50100 --ipset="ipset-discord.txt" --dpi-desync=fake --dpi-desync-any-protocol --dpi-desync-cutoff=d3 --dpi-desync-repeats=6 --new --filter-tcp=80 --hostlist="list-general.txt" --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --new --filter-tcp=443 --hostlist="list-general.txt" --dpi-desync=fake --dpi-desync-autottl=2 --dpi-desync-repeats=6 --dpi-desync-fooling=badseq --dpi-desync-fake-tls="C:\Users\admin\Desktop\New folder\bin\tls_clienthello_www_google_com.bin"C:\Users\admin\Desktop\New folder\bin\winws.exe
cmd.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\desktop\new folder\bin\winws.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\users\admin\desktop\new folder\bin\cygwin1.dll
c:\windows\system32\rpcrt4.dll
624C:\WINDOWS\system32\cmd.exe /c powershell -command "[datetime]::Now.ToString('yyyy-MM-dd HH:mm:ss')"C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
848powershell -Command "Start-Process 'cmd.exe' -ArgumentList '/k \"\"C:\Users\admin\Desktop\New folder\service_install.bat\" admin\"' -Verb RunAs"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\ucrtbase.dll
1536chcp 65001 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
1588findstr /i "winws.exe" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2216chcp 437 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
2448C:\WINDOWS\system32\cmd.exe /S /D /c" echo :: 65001 - UTF-8 "C:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
2460findstr /i "winws.exe" C:\Windows\System32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
2676C:\WINDOWS\system32\cmd.exe /c powershell -command "(Invoke-WebRequest -Uri https://raw.githubusercontent.com/Flowseal/zapret-discord-youtube/refs/heads/main/.service/version.txt -Headers @{\"Cache-Control\"=\"no-cache\"} -TimeoutSec 5).Content" 2>nulC:\Windows\System32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
Total events
23 999
Read events
23 986
Write events
13
Delete events
0

Modification events

(PID) Process:(6236) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(6236) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(6236) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(6236) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\zapret-discord-youtube-1.6.1 (1).rar
(PID) Process:(6236) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6236) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6236) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6236) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6516) winws.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\WinDivert
Operation:writeName:EventMessageFile
Value:
C:\Users\admin\Desktop\New folder\bin\WinDivert64.sys
(PID) Process:(6516) winws.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\WinDivert
Operation:writeName:TypesSupported
Value:
7
Executable files
4
Suspicious files
3
Text files
28
Unknown types
0

Dropped files

PID
Process
Filename
Type
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\service_goodbye_discord.battext
MD5:8B043F2A0EC87328DC40542B9739988F
SHA256:263102816588BD719FC628A75C8B73185110050564EA21A62B360F3AE545022B
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\service_remove.battext
MD5:F7AD12616404A382B1689C9E3937C9E5
SHA256:9D8F0B7105D86DE09B9408515F30B2BC2BB935430F4E73196021368906B7F128
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\bin\cygwin1.dllexecutable
MD5:C50B50303FAE4AFE7248307339A00D13
SHA256:712C39A069541AFA69CFCBE01B422BD67B4201EEE7E94CC1327D4ED8B4FA2167
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\service_install.battext
MD5:55D22378709DC7EA40E84CADCED29E4A
SHA256:A77AC7ABD0ADCB995C701019BFE2D67133D6D0F94D90754046A13ADE40ADF693
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\check_updates.battext
MD5:C0AF479B986A7E2095929A68136CD97C
SHA256:438ADFB9F66429E1B6B0474FE0CDBD397098D58C4B80FF2C74237C6F9B99DF23
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\bin\quic_initial_www_google_com.binbinary
MD5:312526D39958D89B1F8AB67789AB985F
SHA256:F4589C57749F956BB30538197A521D7005F8B0A8723B4707E72405E51DDAC50A
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\bin\tls_clienthello_www_google_com.binbinary
MD5:7AB7AD857C5B8794FBDF1091B494DC94
SHA256:E5938780152169F720383F80EABB309E9477369B83B5EC40CC137C397F862CDE
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\README.mdhtml
MD5:1C1C8E2DA620A9988B305ECD13E8E8FF
SHA256:A3D9D6C4BA590F5B8790BCDB68258425FD268534588A7B74E4EF926336FD653B
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\general (ALT2).battext
MD5:4B24D1B6ACA069DFFB4A55C003AD89CF
SHA256:16113CF48D720D27BEFBCDDCF26C890515D5586967A0B536838D2C8F5D42974F
6236WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa6236.24116\general (ALT4).battext
MD5:D731B6B9E4E68B70CAB7721FD84AF920
SHA256:8CA143406A8D2007CF6E123DA7D7DD8898BF230DAEA1A6D79DE5A104D323E82B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
33
DNS requests
17
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.16.164.97:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7164
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7164
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1480
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
2.23.209.135:443
www.bing.com
Akamai International B.V.
GB
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
720
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.16.164.97:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1176
svchost.exe
20.190.160.22:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 2.23.209.135
  • 2.23.209.140
  • 2.23.209.130
  • 2.23.209.161
  • 2.23.209.141
  • 2.23.209.149
  • 2.23.209.158
  • 2.23.209.133
  • 2.23.209.150
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.142
whitelisted
crl.microsoft.com
  • 2.16.164.97
  • 2.16.164.98
  • 2.16.164.99
  • 2.16.164.82
  • 2.16.164.106
  • 2.16.164.49
  • 2.16.164.40
  • 2.16.164.81
  • 2.16.164.34
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
login.live.com
  • 20.190.160.22
  • 40.126.32.76
  • 40.126.32.136
  • 40.126.32.140
  • 40.126.32.74
  • 20.190.160.20
  • 40.126.32.68
  • 40.126.32.138
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
fd.api.iris.microsoft.com
  • 20.223.35.26
whitelisted

Threats

PID
Process
Class
Message
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
zapret-discord-youtube-1.6.1 (1).rar