Report - cdn.discordapp.com/attachments/1237485690107990016/1237538518335488062/LogMeIn_Hamachi.zip?ex=663c030f&is=663ab18f&hm=c802b6785df2011649bb3a34fd472e16a02d3a41ae1c029f6d4897772de56109&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1237485690107990016/1237538518335488062/LogMeIn_Hamachi.zip?ex=663c030f&is=663ab18f&hm=c802b6785df2011649bb3a34fd472e16a02d3a41ae1c029f6d4897772de56109&
IP
162.159.135.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-07 22:57:32
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
1

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-05-06	637 B	6.5 MB	162.159.130.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1237485690107990016/1237538518335488062/LogMeIn_Hamachi.zip?ex=663c030f&is=663ab18f&hm=c802b6785df2011649bb3a34fd472e16a02d3a41ae1c029f6d4897772de56109&
IP
162.159.130.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
6.5 MB (6450580 bytes)
Hash
3f5e90ff2616fb2dea7548d46334de17
4a2dd016c544f8a66ccf41d7ce37e8a07d908a72
b02c9782b47615858b434dc1ebf79176fd873d7e44af8460a826a6f2020a5563

Archive (16)

Filename

Md5

File type

hamachi-2-ui.exe

f33e0de70dba0f3230e1cf3f718b9648

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

hamachi.lng

b43ec8ad1ba4f9cf76cdbc5e25ededc2

Unicode text, UTF-8 (with BOM) text, with very long lines (336), with CRLF line terminators

LMIGuardianDll.dll

a308aa323e4f244edae9f92aced1e717

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections

LMIGuardianEvt.Dll

70fa35fbf8dd4cb513a4c5d149be801d

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 2 sections

LMIGuardianSvc.exe

93a4e2b886e2815b6b732a2380b0f068

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

ReleaseNotes.rtf

5135de585388a4fc11bf1f81c90e6787

Rich Text Format data, version 1, ANSI, code page 1250, default language ID 1038

hamachi-2.exe

493510f5eb2c49efea54e58a83677e13

PE32+ executable (console) x86-64, for MS Windows, 7 sections

hamachi.cat

4695e8a2fca26f8487b69eb3e10b6cde

DER Encoded PKCS#7 Signed Data

hamachi.inf

b00eff7dc335d40aea15ba37db6b6beb

Windows setup INFormation

hamachi.sys

83de7b3afeff862eb098776815f662b5

PE32+ executable (native) x86-64, for MS Windows, 6 sections

hamdrv.cat

f49c69fcca067884f38e9cab20ba8920

DER Encoded PKCS#7 Signed Data

hamdrv.inf

da79247b2ba817d655c2db44bdebff1c

Windows setup INFormation

hamdrv.sys

7f79205b4efa98f0767309479c8c01c6

PE32+ executable (native) x86-64, for MS Windows, 8 sections

LMIGuardianDll.dll

df7051274b6080da5298c61decad2fdf

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

LMIGuardianEvt.Dll

3f2969f27f61470ddbbd3bd0db8d625d

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 2 sections

LMIGuardianSvc.exe

0554f3b69d39d175dd110d765c11347a

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	cdn.discordapp.com/attachments/1237485690107990016/1237538518335488062/LogMeIn_Hamachi.zip?ex=663c030f&is=663ab18f&hm=c802b6785df2011649bb3a34fd472e16a02d3a41ae1c029f6d4897772de56109&	162.159.130.233	200 OK	6.5 MB
URL User Request GET HTTP/2 cdn.discordapp.com/attachments/1237485690107990016/1237538518335488062/LogMeIn_Hamachi.zip?ex=663c030f&is=663ab18f&hm=c802b6785df2011649bb3a34fd472e16a02d3a41ae1c029f6d4897772de56109& IP 162.159.130.233:443 ASN #13335 CLOUDFLARENET Certificate IssuerCloudflare, Inc. Subjectdiscordapp.com Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39 ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=store Size 6.5 MB (6450580 bytes) Hash 3f5e90ff2616fb2dea7548d46334de17 4a2dd016c544f8a66ccf41d7ce37e8a07d908a72 b02c9782b47615858b434dc1ebf79176fd873d7e44af8460a826a6f2020a5563 HTTP Headers GET /attachments/1237485690107990016/1237538518335488062/LogMeIn_Hamachi.zip?ex=663c030f&is=663ab18f&hm=c802b6785df2011649bb3a34fd472e16a02d3a41ae1c029f6d4897772de56109& HTTP/1.1 Host: cdn.discordapp.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Tue, 07 May 2024 22:57:04 GMT content-type: application/zip content-length: 6450580 cf-ray: 8804ce8e09af56b4-OSL cf-cache-status: MISS accept-ranges: bytes, bytes cache-control: public, max-age=31536000 content-disposition: attachment; filename="LogMeIn_Hamachi.zip" etag: "3f5e90ff2616fb2dea7548d46334de17" expires: Wed, 07 May 2025 22:57:04 GMT last-modified: Tue, 07 May 2024 22:56:15 GMT vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-goog-generation: 1715122575204633 x-goog-hash: crc32c=aQ0N7Q==, md5=P16Q/yYW+y3qdUjUYzTeFw== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 6450580 x-guploader-uploadid: ABPtcPr-n5Uy93fP7qHhpcLc42Nga05TCbETT-vxl0fEpjAgKupgph-DkzNkmGGBVeOJJtIVOwY x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JFSncS%2B%2FcMNEvirDKdt%2FV1eaEj0iAzyg4C79Ryta788UPga7X8odaWvfh4bAzGtkY6o0WbiB6KFXoQ1%2BzDSyrv6zLTuc0mETRGKBEfsL3uOf95Rc2y7%2FhQ3cK92WJT0N9kuyMg%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} set-cookie: __cf_bm=Ev98z1S2r2BfCLvNl8HDEVAYAf6lC0tqy3o5Z1y.6xQ-1715122624-1.0.1.1-P_iZhrn_Unklq3bvZua7rXHoVDSWrYO3tU1vcKPT0.9GPLaPIc_oxgD1i9Bls.bO._jpLFBioPzVLby1J8W51g; path=/; expires=Tue, 07-May-24 23:27:04 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None _cfuvid=2yvtAkEEJvcMoiOyzF19nLRFSxvbCnKO.ABJuQ8abkE-1715122624278-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None server: cloudflare X-Firefox-Spdy: h2

cdn.discordapp.com/attachments/1237485690107990016/1237538518335488062/LogMeIn_Hamachi.zip?ex=663c030f&is=663ab18f&hm=c802b6785df2011649bb3a34fd472e16a02d3a41ae1c029f6d4897772de56109&

162.159.130.233

200 OK

6.5 MB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1237485690107990016/1237538518335488062/LogMeIn_Hamachi.zip?ex=663c030f&is=663ab18f&hm=c802b6785df2011649bb3a34fd472e16a02d3a41ae1c029f6d4897772de56109&
IP
162.159.130.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
6.5 MB (6450580 bytes)
Hash
3f5e90ff2616fb2dea7548d46334de17
4a2dd016c544f8a66ccf41d7ce37e8a07d908a72
b02c9782b47615858b434dc1ebf79176fd873d7e44af8460a826a6f2020a5563

HTTP Headers

GET /attachments/1237485690107990016/1237538518335488062/LogMeIn_Hamachi.zip?ex=663c030f&is=663ab18f&hm=c802b6785df2011649bb3a34fd472e16a02d3a41ae1c029f6d4897772de56109& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 22:57:04 GMT
content-type: application/zip
content-length: 6450580
cf-ray: 8804ce8e09af56b4-OSL
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="LogMeIn_Hamachi.zip"
etag: "3f5e90ff2616fb2dea7548d46334de17"
expires: Wed, 07 May 2025 22:57:04 GMT
last-modified: Tue, 07 May 2024 22:56:15 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1715122575204633
x-goog-hash: crc32c=aQ0N7Q==, md5=P16Q/yYW+y3qdUjUYzTeFw==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 6450580
x-guploader-uploadid: ABPtcPr-n5Uy93fP7qHhpcLc42Nga05TCbETT-vxl0fEpjAgKupgph-DkzNkmGGBVeOJJtIVOwY
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JFSncS%2B%2FcMNEvirDKdt%2FV1eaEj0iAzyg4C79Ryta788UPga7X8odaWvfh4bAzGtkY6o0WbiB6KFXoQ1%2BzDSyrv6zLTuc0mETRGKBEfsL3uOf95Rc2y7%2FhQ3cK92WJT0N9kuyMg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=Ev98z1S2r2BfCLvNl8HDEVAYAf6lC0tqy3o5Z1y.6xQ-1715122624-1.0.1.1-P_iZhrn_Unklq3bvZua7rXHoVDSWrYO3tU1vcKPT0.9GPLaPIc_oxgD1i9Bls.bO._jpLFBioPzVLby1J8W51g; path=/; expires=Tue, 07-May-24 23:27:04 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=2yvtAkEEJvcMoiOyzF19nLRFSxvbCnKO.ABJuQ8abkE-1715122624278-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (16)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers