Report - cdn.discordapp.com/attachments/1238554909020913814/1238554938548686878/SS_EXPOSED_50.zip?ex=663fb5ac&is=663e642c&hm=54ccfbba645e885e0996b2323b3ba6655ae5d652c5d6fada333b662facae543c&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1238554909020913814/1238554938548686878/SS_EXPOSED_50.zip?ex=663fb5ac&is=663e642c&hm=54ccfbba645e885e0996b2323b3ba6655ae5d652c5d6fada333b662facae543c&
IP
162.159.133.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-10 18:15:57
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-05-09	635 B	6.3 MB	162.159.135.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1238554909020913814/1238554938548686878/SS_EXPOSED_50.zip?ex=663fb5ac&is=663e642c&hm=54ccfbba645e885e0996b2323b3ba6655ae5d652c5d6fada333b662facae543c&
IP
162.159.135.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
6.3 MB (6255037 bytes)
Hash
db3d5b6453ebfce33014589f907de85f
a017e689341808fac0d9520c1733a504760903e6
3f0d5d9981f1893bce363c778340c040411a42e3edc13e1bedee93c9d511d6b7

Archive (89)

Filename

Md5

File type

antibypass 3.txt

508758486fa19275e2604768791042b6

ASCII text, with CRLF line terminators

eventviewer.txt

0e356ea57875ff8f912b8dd197fa0fc8

ASCII text, with CRLF line terminators

nunesbypass.txt

e1f56dbfd107b5752d5bb0f025a8cad0

ASCII text, with CRLF line terminators

PROCESS HACKER 2 BYPASS-NERF.url

0e50a12013035245b0b7c8e0d8c30c84

MS Windows 95 Internet shortcut text (URL=<https://streamable.com/2tw5j2>), ASCII text, with CRLF line terminators

TASK KILL.url

dab7ed09c1c7fc1f3fe729a180f9a59e

MS Windows 95 Internet shortcut text (URL=<https://streamable.com/x4lf8g>), ASCII text, with CRLF line terminators

cheat da cercare.txt

49a9ce758c8e388a1eafc3a7a4a5898c

ASCII text, with CRLF line terminators

asgard stringa.txt

8f7c32852a35c857267f9a37e7b3c264

Unicode text, UTF-8 text, with CRLF line terminators

eulen stringa.txt

ddfd5a9f69a856aa87be4f6a38865cc0

Unicode text, UTF-8 text, with CRLF line terminators

monster stringa.txt

4bf01a2e6e3d3cc54d98a2d570fb97b7

Unicode text, UTF-8 text, with CRLF line terminators

skript stringa.txt

26d5fe819ed44600c55bd02f27872097

Unicode text, UTF-8 text, with CRLF line terminators

dir.txt

7cc0a08cc079af143358735bf8f63c20

ASCII text, with CRLF line terminators

estensioni.txt

a331f5be418810dba5da7fb12b544022

ASCII text, with no line terminators

file cancellati.txt

901a05d14fa144f6edabab4c401a56b8

ASCII text, with no line terminators

file creati.txt

73b9324580526c011cddf6422fa7364d

ASCII text, with no line terminators

file rinominati (nuovo nome).txt

50443d0ba99ec0ace4b90733375e1f5c

ASCII text, with no line terminators

file rinominati (vecchio nome).txt

cf9511d98b58fbad87192c1bfda228b8

ASCII text, with CRLF line terminators

file rinominati.txt

623759bd4c2a7bf0968f0f22cca174af

ASCII text, with very long lines (348), with no line terminators

list volume.txt

f42caf082ed4cc43d7b3b6c973e597ed

ASCII text, with CRLF line terminators

processo riavviato .txt

16fbc5f121eac85767174e730c8acbf0

ASCII text, with no line terminators

tasklist.txt

6e0ad8e44cff1b5d2901e1c7d166a2a4

ASCII text, with no line terminators

tree.txt

77f85b1111b7d5ad892b2e46226a4b28

ASCII text, with CRLF line terminators

usn journal.txt

cbabcf3e6e446dd0bdde8c7e2a0bd883

ASCII text, with CRLF line terminators

vssadmin.txt

96eb307d14ca341bf5501b95be450a7a

ASCII text, with no line terminators

acrivity monitor.txt

3f0c7c55a63ec52957d8170870ff0832

Unicode text, UTF-8 text, with no line terminators

cestino.txt

5c8d1b713205e86b87dbcf90441ffdfd

Unicode text, UTF-8 text, with CRLF line terminators

finder 2.txt

6a7da03a5c809b2e84beff966ad33bdd

Unicode text, UTF-8 text, with no line terminators

finder.txt

0ba96427fdb765760de5ea3c3eb5268a

ASCII text, with no line terminators

recent.txt

aa7a46ce3f8b4f6666541ab3925aaaba

ASCII text, with CRLF line terminators

systeminfo.txt

ec9cb07127898a1cdd8148b543021d44

Unicode text, UTF-8 text, with CRLF line terminators

macro.txt

a32495862fa764d75ebb663831c84dca

ASCII text, with CRLF line terminators

childitem.txt

04ffa44b24e02967c7a7428121f1f75a

ASCII text, with CRLF line terminators

getservice.txt

c7eb9f3d97c7c881fea7d06e70525d09

ASCII text, with CRLF line terminators

history.txt

dc743f9e958277fb8f4ab5e04b664581

ASCII text, with no line terminators

programmi.txt

2e2d7d8668865abbdf5bf58f867231cf

ASCII text, with CRLF line terminators

recurse.txt

72a9b085bde1ea9bfc5498596d414b6c

ASCII text, with CRLF line terminators

storico comandi.txt

04a61ea59da4308fc663f3940bd85ad0

ASCII text, with CRLF line terminators

usb.txt

06b6ca5ba84b3021982699570c06c501

ASCII text, with CRLF line terminators

usbdeview.txt

04cca2aafd06f18f84be589852cd0eb8

ASCII text, with no line terminators

processi da analizzare.txt

b06db1ee2594326882af9574272d6cad

ASCII text, with CRLF line terminators

cdpu.txt

986fd8f89effb538232acab8ff6d7d22

ASCII text, with CRLF line terminators

csrss.txt

d4e2e07dfc3ebf3d9299ce9c45454501

ASCII text, with CRLF line terminators

diagtrack.txt

9aee76a2053b3962064ebd10ab0d1d14

ASCII text, with CRLF line terminators

discord.txt

73bfae5aa2674b1d0501cb7b1fe86d31

ASCII text, with CRLF line terminators

dps -s dps.txt

d162591f243be20ba9d2a1854bcc3824

ASCII text, with CRLF line terminators

dwm.txt

75f015545bae5f290479dc2f873967ea

ASCII text, with CRLF line terminators

explorer.txt

358ea2c5181ea6fa997351bebb0a4a8d

ASCII text, with CRLF line terminators

msmpeng.txt

080d158f6a5e7d8db67283b90cd32041

ASCII text, with CRLF line terminators

pcasvc.txt

6d35de41696222c0fd644b5c39d70522

ASCII text, with CRLF line terminators

sens.txt

9cf07d0f0f1e586e23eb077cd225e136

ASCII text, with CRLF line terminators

sihost.txt

38772d24c47c1c67d236491e7e2c74a4

ASCII text, with CRLF line terminators

smartscreen.txt

97d942f211fc84a60f1709f7d4f03105

Unicode text, UTF-8 text, with CRLF line terminators

stringhe.txt

52ca2232d3e772ea2d6145cb8757e4fe

Unicode text, UTF-8 text, with CRLF line terminators

taskhost.txt

f6b1b9c6d0fa9888ef7d41cebdb4f928

Hewlett-Packard Graphics Language, starting with "PASSO 1 : .exe" with "PASSO 2 : "

CombatV3 3.3.exe

63b05c89422ddcbd4e77d3ee0147c696

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

Everything-1.4.1.1015.x86-Setup.exe

95d150503972a8aa8f20dc70c20fa6bb

PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections

LastActivityView.cfg

9689da8b2277ab84645d0282f05bf6a6

ASCII text, with CRLF line terminators

LastActivityView.exe

a19eb1487622a13402c0d63eede58f59

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

passaggi.rtf

0e48c4d1d98dd21301ccfba91644ebdd

Rich Text Format data, version 1, ANSI, code page 1252

Process Hacker 2.lnk

4bb24ef23e9233396dd7f82b85ddeea0

MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Fri Jun 24 12:18:27 2022, mtime=Fri Jun 24 12:18:28 2022, atime=Tue Mar 29 10:35:02 2016, length=1719840, window=hide

RecentFilesView.cfg

d0d670007c182cfbab01fb6d7200d709

ASCII text, with CRLF line terminators

RecentFilesView.exe

4d27a0ef39f71709510662519553b24d

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

regscanner.cfg

983325d83f3854117269da5fea232fc5

Generic INItialization configuration [RecentConfigFiles]

RegScanner.exe

6b319a9e95bd87100a7bf957f118c437

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

USBDeview.cfg

8d4729976471d041868d939c36b47d63

ASCII text, with very long lines (487), with CRLF line terminators

USBDeview.exe

90c932023af5fc1900e374e66f5e8140

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

All regedit strings.txt

dd8909c63182b22ee18e21fc6dd66170

ASCII text, with CRLF line terminators

7 zip.txt

87f0d619ffde15e2052875aedad7e145

ASCII text, with no line terminators

appswitched.txt

60ed796be034d4154c4ea40d79ca5bb1

ASCII text, with CRLF line terminators

archistory.txt

b503f4c841d3549e861440041160b23e

ASCII text, with CRLF line terminators

cidsizemru.txt

804ac79fa968252490ec9aa78ac5ebba

ASCII text, with CRLF line terminators

lastvisitedpidlmru.txt

27332fec8f9a8b0255d5f2250fd2fc7f

ASCII text, with CRLF line terminators

muicache.txt

a1284bd099ab706f06c3459d28ede416

ASCII text, with CRLF line terminators

muont device.txt

83556531c9a2ef080c6bd817ccb4fc5d

ASCII text, with CRLF line terminators

opensavepidlmru.txt

85f41ac37b0bba7fae58ecc997749810

ASCII text, with CRLF line terminators

recent docs.txt

ea61eb0f7a72f42b9fa6c01a964a30ab

ASCII text, with CRLF line terminators

showjumpview.txt

09a33a5319e1cc4ed12823f0924f14d4

ASCII text, with CRLF line terminators

store.txt

c0be44b9867f21e8a21d5f2deca4512b

ASCII text, with CRLF line terminators

user settings.txt

98dd880f0ffe4a73e1c4de4e8875b6df

ASCII text, with CRLF line terminators

winrar.txt

e6275d50dcc979af4b04f6b61fcc1f72

ASCII text, with CRLF line terminators

Antivirus Detection.url

c60c932bdcbde04c0eca8d7113c2e356

MS Windows 95 Internet shortcut text (URL=<https://streamable.com/os5z9d>), ASCII text, with CRLF line terminators

CPU USAGE, SPOILER PACK ULTRA + BASIC THINGS.url

518de100352720c6111bbb5ae5414867

MS Windows 95 Internet shortcut text (URL=<https://streamable.com/dvgp3e>), ASCII text, with CRLF line terminators

All win+r.txt

580d3d7d337489b1c4943b2d7aa6b578

ASCII text, with CRLF line terminators

cestino win + r.txt

8fc6d747a46c103306b64abf5545249e

Unicode text, UTF-8 text, with CRLF line terminators

firewall win + r.txt

5329b5fe0960bcf916ba247ad2bf836d

ASCII text, with CRLF line terminators

netplwiz.txt

0688833455e9d3ac71a1d197fe2b4fe6

Unicode text, UTF-8 text, with CRLF line terminators

partizioni.txt

83556531c9a2ef080c6bd817ccb4fc5d

ASCII text, with CRLF line terminators

prefetch win + r.txt

e082fb6e006112e9a66abf204ab1f673

ASCII text, with CRLF line terminators

recenti win + r.txt

8a18453ff17532dcc6efa6d0a11255bd

ASCII text, with CRLF line terminators

temp win + r.txt

41713a0d0367f1e8a1033645dd1266e1

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_stackstrings
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
VirusTotal	suspicious	VirusTotal - Scan result 5/65

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.discordapp.com/attachments/1238554909020913814/1238554938548686878/SS_EXPOSED_50.zip?ex=663fb5ac&is=663e642c&hm=54ccfbba645e885e0996b2323b3ba6655ae5d652c5d6fada333b662facae543c&

162.159.135.233

200 OK

6.3 MB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1238554909020913814/1238554938548686878/SS_EXPOSED_50.zip?ex=663fb5ac&is=663e642c&hm=54ccfbba645e885e0996b2323b3ba6655ae5d652c5d6fada333b662facae543c&
IP
162.159.135.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=store
Size
6.3 MB (6255037 bytes)
Hash
db3d5b6453ebfce33014589f907de85f
a017e689341808fac0d9520c1733a504760903e6
3f0d5d9981f1893bce363c778340c040411a42e3edc13e1bedee93c9d511d6b7

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 5/65

HTTP Headers

GET /attachments/1238554909020913814/1238554938548686878/SS_EXPOSED_50.zip?ex=663fb5ac&is=663e642c&hm=54ccfbba645e885e0996b2323b3ba6655ae5d652c5d6fada333b662facae543c& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 10 May 2024 18:15:31 GMT
content-type: application/zip
content-length: 6255037
cf-ray: 881bea40a89256b9-OSL
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="SS_EXPOSED_50.zip"
etag: "db3d5b6453ebfce33014589f907de85f"
expires: Sat, 10 May 2025 18:15:31 GMT
last-modified: Fri, 10 May 2024 18:15:08 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1715364908667370
x-goog-hash: crc32c=xU454g==, md5=2z1bZFPr/OMwFFifkH3oXw==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 6255037
x-guploader-uploadid: ABPtcPqyi2S2m4nkpe0-VJHzuaqyh4wgxxWBNvaZKxT-NIp43weA52WaHvkREaxYs8EM81BoqU4
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lTgkzf7MIrBkwtHkudCKW%2BVFAazbGsEqKwSGnI%2F9C%2FF9eOEJAEzkq2eOMXUssei1L2onCSIf9rQejHZpTdE0bty5luJjL9wL9g1UrBjN6F0g7ygpxr6UWwhCnY3tZfUXFrM4JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=ZX7njiV1wQyJaxx4rpYY2qDPHMiGbp1Vl25hr6tGnZY-1715364931-1.0.1.1-ry6FI1BnrkhQ771_4GgFv6kJ_sGZmQK7GprPkO2BrgW6RzNwo7vBhA1DWRIFBoFoExskndS.sV6hEzNj.41AUw; path=/; expires=Fri, 10-May-24 18:45:31 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=KTW6kfDJQmCXDrWFuGKZVvZoeVdhsIsvrdgPcizfbqg-1715364931244-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (89)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers