Report - github.com/AKrisz2/r6cucc/raw/main/Cracks.zip

Report Overview

Submitted URL
github.com/AKrisz2/r6cucc/raw/main/Cracks.zip
IP
140.82.121.3
ASN
#36459 GITHUB
Submitted
2024-05-08 05:02:46
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2024-03-24	499 B	3.5 kB	140.82.121.3
raw.githubusercontent.com	35802	2014-02-06	2014-03-01	2024-05-06	510 B	3.1 MB	185.199.110.133

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
raw.githubusercontent.com/AKrisz2/r6cucc/main/Cracks.zip
IP
185.199.110.133
ASN
#54113 FASTLY

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.1 MB (3091020 bytes)
Hash
e1926350554a0e1e1fc8e9bc20b01f20
590ddb41a538f7420208f76b0ce5f2f64183ef3f
d2fd855d6d70b86aa5bad7b76065a9457a6225c3b8026ca7c1ec2dbb6532027e

Archive (38)

Filename

Md5

File type

README.txt

534d5517a5329bd3704b9338df66947f

ASCII text, with CRLF line terminators

CODEX.ini

9a3305686dc02d2a23e3552a275bfd3f

ASCII text, with CRLF line terminators

CPlay.ini

51711ecb470b0692d5d798fc4e6568d7

ASCII text, with CRLF line terminators

cream_api.ini

0e3fbeaa6e089812fd90b1749cffdb25

ASCII text, with CRLF line terminators

defaultargs.dll

15d4418cb12fcfacd5040b8f25c95094

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

RainbowSix.bat

17f0f74d06c8f3cfca6ac28c42f82a17

DOS batch file, ASCII text, with CRLF line terminators

steam_api64.dll

9ff5374f639aba21ec77932b0b572697

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

steam_api64_o.dll

8afde2d19c89d0bf1a9f6ec475aa0ebb

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

uplay_r164_o.dll

ca26813a9fc019890cfc682c629e7f28

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 3 sections

uplay_r1_loader.dll

eddbbe03714c5d30ffce07f09bb76d7e

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

uplay_r1_loader64.cdx

9d64e0e3a07b6c001ed8f106bff9373c

PE32+ executable (DLL) (console) x86-64, for MS Windows, 9 sections

uplay_r1_loader64.dll

db68a475a247e2c31d452478c222a5ac

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

uplay_r1_o.dll

ebbf77e67da7441c4619fe1e00fbc40c

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 8 sections

CODEX.ini

e3c1016f983891ca014b4371b7903487

ASCII text, with CRLF line terminators

CPlay.ini

6013a64d3c35413f9a41b8764291ae10

ASCII text, with CRLF line terminators

cream_api.ini

0e3fbeaa6e089812fd90b1749cffdb25

ASCII text, with CRLF line terminators

defaultargs.dll

15d4418cb12fcfacd5040b8f25c95094

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

RainbowSix.bat

17f0f74d06c8f3cfca6ac28c42f82a17

DOS batch file, ASCII text, with CRLF line terminators

steam_api64.dll

9ff5374f639aba21ec77932b0b572697

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

steam_api64_o.dll

8afde2d19c89d0bf1a9f6ec475aa0ebb

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

upc_r1_loader.dll

91d18611ef098522d4cb23970e623b45

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

upc_r1_loader64.dll

bcaa4d73893421c8da2a1d62bc33da3d

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

uplay_r164_o.dll

ca26813a9fc019890cfc682c629e7f28

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 3 sections

uplay_r1_o.dll

ebbf77e67da7441c4619fe1e00fbc40c

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 8 sections

defaultargs.dll

15d4418cb12fcfacd5040b8f25c95094

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

RainbowSix.bat

17f0f74d06c8f3cfca6ac28c42f82a17

DOS batch file, ASCII text, with CRLF line terminators

steamclient64.dll

4cff480250b8541bdb077f91a89d1cd4

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

steam_api64.dll

37a7e0deae6e7bd1154f8fd059f9a241

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections

steam_appid.txt

1771a9bff4cc257daf7254d6a8957251

ASCII text, with CRLF line terminators

steam_interfaces.txt

cca6bd0fd6345948ead85477cb99cabc

ASCII text, with CRLF line terminators

disable_lan_only.txt

d41d8cd98f00b204e9800998ecf8427e

account_name.txt

7e20d471144b1bff4e1f5d953e05ed15

ASCII text, with no line terminators

language.txt

ba0a6ddd94c73698a3658f92ac222f8a

ASCII text, with no line terminators

listen_port.txt

76bf79e9a0a4c128d97dbd6900773f4b

ASCII text, with no line terminators

steam_appid.txt

1771a9bff4cc257daf7254d6a8957251

ASCII text, with CRLF line terminators

upc_r2_loader.dll

43f6c7a25644e2b1f6860519aaaef780

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 4 sections

upc_r2_loader64.dll

4c669990aac12ed5c6b8b93478907bc5

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

uplay_r2.ini

bd2719404ebbb83e9c5d2eb40e7639ca

ASCII text

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects a binary signed with the leaked NVIDIA certifcate and compiled after March 1st 2022
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Public Nextron YARA rules	malware	Detects a binary signed with the leaked NVIDIA certifcate and compiled after March 1st 2022
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Public Nextron YARA rules	malware	Detects a binary signed with the leaked NVIDIA certifcate and compiled after March 1st 2022
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	malicious	VirusTotal - Scan result 25/62

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/AKrisz2/r6cucc/raw/main/Cracks.zip

140.82.121.3

302 Found

0 B

URL User Request GET HTTP/2
github.com/AKrisz2/r6cucc/raw/main/Cracks.zip
IP
140.82.121.3:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /AKrisz2/r6cucc/raw/main/Cracks.zip HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Wed, 08 May 2024 05:02:19 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin: 
location: https://raw.githubusercontent.com/AKrisz2/r6cucc/main/Cracks.zip
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: DD0A:3044F8:77415:799BD:663B075B
X-Firefox-Spdy: h2

raw.githubusercontent.com/AKrisz2/r6cucc/main/Cracks.zip

185.199.110.133

200 OK

3.1 MB

URL User Request GET HTTP/2
raw.githubusercontent.com/AKrisz2/r6cucc/main/Cracks.zip
IP
185.199.110.133:443
ASN
#54113 FASTLY

Certificate
IssuerDigiCert Inc
Subject*.github.io
Fingerprint97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28
ValidityFri, 15 Mar 2024 00:00:00 GMT - Fri, 14 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.1 MB (3091020 bytes)
Hash
e1926350554a0e1e1fc8e9bc20b01f20
590ddb41a538f7420208f76b0ce5f2f64183ef3f
d2fd855d6d70b86aa5bad7b76065a9457a6225c3b8026ca7c1ec2dbb6532027e

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 25/62

HTTP Headers

GET /AKrisz2/r6cucc/main/Cracks.zip HTTP/1.1
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
etag: W/"8fce9306c19079b01e6b1a4b5407c475f80fd8b37cdf3c30e7a933065e614674"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 95CC:EFC42:26D58C2:28FF9BA:663B075B
accept-ranges: bytes
date: Wed, 08 May 2024 05:02:20 GMT
via: 1.1 varnish
x-served-by: cache-hel1410030-HEL
x-cache: MISS
x-cache-hits: 0
x-timer: S1715144540.981873,VS0,VE352
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: fc65fe56b0b17621d07bcccc74eec374cb592e0d
expires: Wed, 08 May 2024 05:07:20 GMT
source-age: 0
content-length: 3091020
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (38)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers