Report - cdn.discordapp.com/attachments/557345589579218984/699948514276278292/KMSAuto_Net_2016_v1.5.1_Portable.zip

Report Overview

Visited public
2023-12-10 09:48:27
Tags
URL
cdn.discordapp.com/attachments/557345589579218984/699948514276278292/KMSAuto_Net_2016_v1.5.1_Portable.zip
Finishing URL
about:privatebrowsing
IP / ASN
162.159.135.233
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

0

Threat Detection Systems

2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24 15:06:21	2023-12-09 05:10:05	571 B	5.7 MB	162.159.130.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/557345589579218984/699948514276278292/KMSAuto_Net_2016_v1.5.1_Portable.zip
IP
162.159.130.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store - data
Size
5.7 MB (5711584 bytes)
Hash
64b138fd83e9cb34b2378f2fa51bd12a
b420235aec9e01eebda6514b5796c4d6e5202e4a
afbc38abc93bd4425ad8f5bd21fd86501a23af4a4b8765f2ae5a960ac2e580c3

Archive (10)

Filename

Md5

File type

KMSAuto Net.exe

93a3a8ce440197d31168fac569082937

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

readme_bg.txt

cb4b185eeeb51897aa4f951e619ca318

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

readme_cn.txt

e643aa6022d8964908c25aa83d6b3ece

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

readme_en.txt

307bcfbe0319a029b1ca6943bd961b24

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

readme_es.txt

d8e1052f2909bee8c7b8e4387b4ab299

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

readme_fr.txt

913ac61be4addc98b1fc2bf04d0bcb64

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

readme_kms.txt

352709b6aed3902d4399f6615a7a7e70

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

readme_ru.txt

dd11e21c79b0704fd7ed6f3c9477aab5

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

readme_ua.txt

aa0923ad86bf1e029dd3bbe4e2ff39fe

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

readme_vi.txt

d657661686539223d4f1c34c1e53ce07

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 42/61

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.discordapp.com/attachments/557345589579218984/699948514276278292/KMSAuto_Net_2016_v1.5.1_Portable.zip

162.159.130.233

200 OK

5.7 MB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/557345589579218984/699948514276278292/KMSAuto_Net_2016_v1.5.1_Portable.zip
IP
162.159.130.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store - data
Size
5.7 MB (5711584 bytes)
Hash
64b138fd83e9cb34b2378f2fa51bd12a
b420235aec9e01eebda6514b5796c4d6e5202e4a
afbc38abc93bd4425ad8f5bd21fd86501a23af4a4b8765f2ae5a960ac2e580c3

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 42/61

HTTP Headers

GET /attachments/557345589579218984/699948514276278292/KMSAuto_Net_2016_v1.5.1_Portable.zip HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 10 Dec 2023 09:46:22 GMT
content-type: application/zip
content-length: 5711584
cf-ray: 83348f741ce356b9-OSL
cf-cache-status: HIT
accept-ranges: bytes, bytes
age: 11983
cache-control: public, max-age=31536000
content-disposition: attachment;%20filename=KMSAuto_Net_2016_v1.5.1_Portable.zip
etag: "64b138fd83e9cb34b2378f2fa51bd12a"
expires: Mon, 09 Dec 2024 09:46:22 GMT
last-modified: Wed, 15 Apr 2020 11:45:30 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1586951130467926
x-goog-hash: crc32c=WPuwCA==, md5=ZLE4/YPpyzSyN48vpRvRKg==
x-goog-metageneration: 3
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 5711584
x-guploader-uploadid: ABPtcPq4AT6OIkGFfCDm2vShnkV5UXBLwvyTDU8VgMUYhwmV-T0l5VEYWJ3yQp79CQFEiaxGZy0vnTjjRA
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EsNjlFEM7T%2FD0OwLzawOSuJTgLjC%2Bo3YBQLly5gcOaCj%2B4nnpoTO286pd2bFh9GwJlRoV01FpY5YjQPTPAtpWYQ%2BmxbcdbGHc6oYV9Osd%2B%2FqEQF6ltMfXuxqysmZbG%2BwKm0URg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=dALHxi03983GYeeUaN5WpaVO2SbXBqNnB3ZYD6OpT_w-1702201582-1-AYeoyTMBVw/G1eFdJzJUg133nH70Vb+64ZKBm3v0z0fSwEEZKMR6PPsgqQBGBqOA2xDYXClkCYYJKCBwUqQG3xk=; path=/; expires=Sun, 10-Dec-23 10:16:22 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=kzCQZi_T7COt3_Rr8aaIdjMvW6GAIqS37wiYHVM3hKE-1702201582760-0-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2