Report - cdn.discordapp.com/attachments/1228373331279872033/1228386715677364425/HWID_SPOOFER.zip?ex=662bdb47&is=66196647&hm=a3f4d5b9e7d5b4445b2a0c97e931a36f6137041bf156ea2b0fbfecf82e6470dd&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1228373331279872033/1228386715677364425/HWID_SPOOFER.zip?ex=662bdb47&is=66196647&hm=a3f4d5b9e7d5b4445b2a0c97e931a36f6137041bf156ea2b0fbfecf82e6470dd&
IP
162.159.135.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-16 21:17:31
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
17

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-04-16	634 B	2.4 MB	162.159.133.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1228373331279872033/1228386715677364425/HWID_SPOOFER.zip?ex=662bdb47&is=66196647&hm=a3f4d5b9e7d5b4445b2a0c97e931a36f6137041bf156ea2b0fbfecf82e6470dd&
IP
162.159.133.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
2.4 MB (2407259 bytes)
Hash
43d94a96b1776bc15a34cd22ca0a31a2
d885eaf096f3bbccae3642d1b6b04fc88b81ba00
d3fa3d8235c18f2783a72dfea7d81efc69424a012e025f82b63ea34b8a292fc4

Archive (34)

Filename

Md5

File type

SOLENOID-HWID-SPOOFER.cmd

fa447aa7489f3f8c8d0a1653c7e522f5

DOS batch file, ASCII text, with CRLF line terminators

1. Install TMACv6.0.7_Setup.exe

a7c8cf1d50ebe630a7d0c47686a0abbf

PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections

READ ME PLEASE.txt

d1fb342f3d318e241a1f5a8d2967513d

ASCII text, with CRLF line terminators

MMOGA.url

3146cd554b223f5425f8eeb73ca1fd22

Generic INItialization configuration [InternetShortcut]

MMOGAH.url

f7e17290359b067a5643677da12ca4be

Generic INItialization configuration [InternetShortcut]

READ ME PLEASE.txt

1a48b8b1f2515e9a3191c2f00fe50154

ASCII text, with CRLF line terminators

READ ME PLEASE.txt

2523e4adbfa0525e4b517e0bebbce1a1

ASCII text, with CRLF line terminators

reset-all.exe

3d47586c62bf61dac639d8cc1bf43ee7

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

restart.exe

8242ce426ad462eff02edae1487a6949

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

restart64.exe

297aa19bade534a791d053ca190b74ad

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

READ ME PLEASE.txt

45c496cc57657e19a9b6fdaa19568a5e

ASCII text, with no line terminators

USBDeview.cfg

919177df19f3e61669dcc1c8f9034aa6

ASCII text, with very long lines (487), with CRLF line terminators

USBDeview.chm

411e4fba3110e963a85ceaf46e8cedd2

MS Windows HtmlHelp Data

USBDeview.exe

5c1729d2611fdcaeeadd238c1f0427c7

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

1. Uninstall the Game & Launcher.url

1636d3ead6e23281333ceaf20e2a4b22

Generic INItialization configuration [InternetShortcut]

2. Delete Game,Launcher Folders.lnk

0172d7a6c2810707c634975454c55604

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Fri Jun 18 20:51:11 2021, mtime=Fri Jul 9 08:02:06 2021, atime=Fri Jul 9 08:02:06 2021, length=8192, window=hide

3. Delete Game,Launcher Folders.lnk

8a417c65b8b4e1bb661f9a3f53409c28

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Sat Dec 7 09:14:52 2019, mtime=Fri Jul 9 07:55:41 2021, atime=Fri Jul 9 07:55:33 2021, length=8192, window=hide

4.1Delete Anything Related to Game and Launcher.lnk

324534bf9c24314767c0721f32bb7c1b

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Sat Dec 7 09:14:52 2019, mtime=Thu Apr 7 06:37:57 2022, atime=Sun Mar 20 20:27:50 2022, length=4096, window=hide

4.2 Delete Anything Related to Game and Launcher.lnk

ef5f327d00af23e11e65e946c251f024

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Sat Dec 7 09:14:52 2019, mtime=Thu Apr 7 07:02:13 2022, atime=Fri Mar 25 20:30:57 2022, length=8192, window=hide

4.3 Delete Anything Related to Game and Launcher.lnk

bc078dedc8b1c5501a19479759f6dd20

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Fri Mar 18 19:36:58 2022, mtime=Thu Apr 7 07:06:06 2022, atime=Mon Apr 4 14:27:04 2022, length=4096, window=hide

4.4 Delete Anything Related to Game and Launcher.lnk

1dc76a8666f8beed0a0a0726b04739d6

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Fri Mar 18 19:36:58 2022, mtime=Thu Apr 7 07:06:45 2022, atime=Mon Apr 4 14:27:04 2022, length=12288, window=hide

4.5 Delete Anything Related to Game and Launcher.lnk

08ef09d3aa7edb2be07002d7fbbe0cbe

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Hidden, Directory, ctime=Sat Dec 7 09:14:52 2019, mtime=Thu Apr 7 07:05:56 2022, atime=Sun Mar 20 20:27:57 2022, length=4096, window=hide

4.6 Delete Anything Related to Game and Launcher.lnk

c52185fcfc800b32df1944a1c67b50e3

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Directory, ctime=Fri Mar 18 19:36:58 2022, mtime=Thu Apr 7 07:07:26 2022, atime=Mon Apr 4 14:27:04 2022, length=12288, window=hide

5. Open Registry Edit.lnk

18e7d9e9256787d48e2f1988aeac01a1

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Oct 6 13:52:34 2021, mtime=Wed Apr 6 16:59:20 2022, atime=Wed Oct 6 13:52:34 2021, length=370176, window=hide

5.1 Locations to search in Registry.txt

8928a7c1a2a575261f7cbd6f7a5b2ebd

ASCII text, with CRLF line terminators

READ THIS FILE PLEASE.txt

a509ae973573140f17be5160bef0ff8d

ASCII text, with CRLF line terminators

1. Registry Editor.lnk

0e2092f136d0e7f155a6c688e34533dc

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Oct 6 13:52:34 2021, mtime=Thu Apr 7 12:48:45 2022, atime=Wed Oct 6 13:52:34 2021, length=370176, window=hide

2. Locations in Registry.txt

cfa2f0268d39cd32ccf768d315451778

ASCII text, with CRLF line terminators

3. GUID Generator Website.url

dc2726585a60180658c2fb0714e436b8

Generic INItialization configuration [InternetShortcut]

READ ME PLEASE.txt

488e8a8011a1b78eb97bcb5a6921e575

ASCII text, with CRLF line terminators

1. Download NordVPN.url

4dea1dbebe681d39c5ce2d2a7c27d0c5

Generic INItialization configuration [InternetShortcut]

READ ME PLEASE.txt

60693d0f582782efee6c956af8490b06

ASCII text, with CRLF line terminators

1. Change Disk IDs.cmd

bd030282c3cb68b5c05cb962465669c3

DOS batch file, ASCII text, with CRLF line terminators

READ ME PLEASE.txt

50bc60383c45b15bb32f3168dce065f9

ASCII text, with CRLF line terminators

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	meth_get_eip
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
Public Nextron YARA rules	malware	Detects possible shortcut usage for .URL persistence
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.
Public InfoSec YARA rules	malware	Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.
Public InfoSec YARA rules	malware	Identifies executable artefacts in shortcut (LNK) files.
Public InfoSec YARA rules	malware	Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.
VirusTotal	suspicious	VirusTotal - Scan result 1/65

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.discordapp.com/attachments/1228373331279872033/1228386715677364425/HWID_SPOOFER.zip?ex=662bdb47&is=66196647&hm=a3f4d5b9e7d5b4445b2a0c97e931a36f6137041bf156ea2b0fbfecf82e6470dd&

162.159.133.233

200 OK

2.4 MB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1228373331279872033/1228386715677364425/HWID_SPOOFER.zip?ex=662bdb47&is=66196647&hm=a3f4d5b9e7d5b4445b2a0c97e931a36f6137041bf156ea2b0fbfecf82e6470dd&
IP
162.159.133.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
2.4 MB (2407259 bytes)
Hash
43d94a96b1776bc15a34cd22ca0a31a2
d885eaf096f3bbccae3642d1b6b04fc88b81ba00
d3fa3d8235c18f2783a72dfea7d81efc69424a012e025f82b63ea34b8a292fc4

Detections

Analyzer	Verdict	Alert
VirusTotal	suspicious	VirusTotal - Scan result 1/65

HTTP Headers

GET /attachments/1228373331279872033/1228386715677364425/HWID_SPOOFER.zip?ex=662bdb47&is=66196647&hm=a3f4d5b9e7d5b4445b2a0c97e931a36f6137041bf156ea2b0fbfecf82e6470dd& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 16 Apr 2024 21:17:05 GMT
content-type: application/zip
content-length: 2407259
cf-ray: 87573339eee1b529-OSL
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="HWID_SPOOFER.zip"
etag: "43d94a96b1776bc15a34cd22ca0a31a2"
expires: Wed, 16 Apr 2025 21:17:05 GMT
last-modified: Fri, 12 Apr 2024 16:50:15 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1712940615406240
x-goog-hash: crc32c=GsLurw==, md5=Q9lKlrF3a8FaNM0iygoxog==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 2407259
x-guploader-uploadid: ABPtcPomg7ewZTJK5z8bb_ZIfVRcPWXwXECFKjDyZ7Yt8vkX81JbajNftYRYGk59Bk2tC4Ovyzl75YcGiw
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Csg1r0%2Fy9Rki3YNCJgabjN%2FfzgXz902gHlGUwHgJ0l%2BK4a9uCo246PQl9OCLhorDagjrj3ngrEgi6emn%2F0IVBIIUMDBMI8iYhNCNygJ6166%2BBRSyf35rYcE2q22x%2F87gzMYrWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=6wkDWSHak4TaYXeGUBptgOEMnACTxeg9aJZpHLVAqMQ-1713302225-1.0.1.1-5bFR16TRS5qK9HUvwcFxdW3qjerbi0cNT8pxiuLm2v.QW0JuvIVLtQBPbwy0nIlyrpQwPyPm7ZP.s0oxPGnTAA; path=/; expires=Tue, 16-Apr-24 21:47:05 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=WEyy1WCPh86GBQnFF1AV.KJByv6kgVbjvUU4TOQXPDI-1713302225544-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (34)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers