Report - cfx-finder.lol/download/tools.zip

Report Overview

Visited public
2024-10-10 02:09:38
Tags
URL
cfx-finder.lol/download/tools.zip
Finishing URL
about:privatebrowsing
IP / ASN
104.21.2.74
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
r11.o.lencr.org	unknown	2020-06-29	2024-06-07 07:43:57	2024-10-08 18:12:09	327 B	888 B	23.33.119.27
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-10-08 18:12:21	1.3 kB	3.6 kB	23.33.119.57
cfx-finder.lol	unknown	2024-09-10	2024-09-11 14:46:39	2024-09-24 02:45:56	487 B	3.5 MB	172.67.128.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cfx-finder.lol/download/tools.zip
IP
172.67.128.226
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
3.5 MB (3461356 bytes)
Hash
cd8513e875314724d7b640a8cc55dcac
0ca33b8f689a37e95ff00e192ec1c7308ebb0ccd
87f91bf5495a1a4a0a3a45701819bd5272afffb12ff1ca13cc86b53752eae76d

Archive (35)

Filename

Md5

File type

PreviousFilesRecovery.exe

9e4c902e52d513e1437c599953ef7e1e

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

RecentFilesView.exe

4d27a0ef39f71709510662519553b24d

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

RegScanner.exe

6b319a9e95bd87100a7bf957f118c437

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

ShellBagsView.exe

b49150234164df5b46fc44a299e3fd82

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

SimpleWMIView.exe

94a23a1e67e4224851113cbe1769f4df

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

sst.exe

9b0fed778b3ab64bb42867a0bf604453

PE32+ executable (console) x86-64, for MS Windows, 6 sections

UninstallView.exe

1183bc7d7d8bd03185550989ea60d11e

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

USBDeview.exe

47dcf62390925838511422da7543614f

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

USBDriveLog.exe

bd3e069ea0f575eedb990b5c20bb7155

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

UserAssistView.exe

f36530f46a34516be38521ee9a134d28

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

VideoCacheView.exe

516ba129eacf66b7fd335d8804cb6e56

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

WebCacheImageInfo.exe

27c3d478d2f09c6073e3b7023a888c51

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

WhatInStartup.exe

61f69c0c83c2e8e86b63b79965783a78

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

WinDefLogView.exe

558903d412ad38bb682ad10c77c8b82a

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

WinDefThreatsView.exe

1c4397520b2d2e06f8e97d5d06177dd1

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

WinPrefetchView.exe

0bda189b15f2fb42365d37ec8c6d77f7

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

AlternateStreamView.exe

d941b03c5c54c08d2e64673e783e2ed6

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

AppCompatibilityView.exe

db4906a482c7a1728d659fd43aaf52cb

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

AppReadWriteCounter.exe

f0c8b428d1afa45f1bf64dcae0f6cc8c

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

BrowserDownloadsView.exe

d40e6b512892c7560cf804f0b88ac9b6

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

BrowsingHistoryView.exe

c427a3d302f6bc3cda29f1371f899154

PE32+ executable (GUI) x86-64, for MS Windows, 3 sections

ChromeCacheView.exe

97b311d4999f52d9c35d23779d7156f0

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

ChromeCookiesView.exe

8e2ac3ecf64445e2a79e962704674748

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

EventLogChannelsView.exe

d0313132c55cf557b276f1f928d7feca

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

ExecutedProgramsList.exe

7366668cc7eaa1068a38cc2761217fc4

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

FileAccessErrorView.exe

4bd628d9161e6c7445afffc58cc7e411

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

FolderTimeUpdate.exe

4079cbc9bbafc0ac754c397838f1328f

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

ImageCacheViewer.exe

c505789d16728f45d8c6bffec8cfa7dc

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

LastActivityView.exe

f27a284ef9b018cdd2a98a7b78ccdcb3

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

LoadedDllsView.exe

14398fa22886de2d4ee6673a1dd24924

PE32+ executable (GUI) x86-64, for MS Windows, 5 sections

memory.exe

d12ecf58a06d888f5d8d54aa28ece7ef

PE32+ executable (console) x86-64, for MS Windows, 6 sections

MUICacheView.exe

e999c811b919c420d5657a484cecdd61

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

MyLastSearch.exe

c275072d4af6363d01f003b5b7ec92b9

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

MZCacheView.exe

7acc0c3098525fb5f3767fbf9b4279cc

PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, 3 sections

NetworkUsageView.exe

f309aa043ecb41c2080e4aa037929a67

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

JavaScript (0)

HTTP Transactions (6)

	URL	IP	Response	Size
	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 92a230cb5218879a64fe719acf75881c 7f7635dedaaca6b4b4ecb370b51df9538d7a7d0d 14ffc94e6280a14388fda9745042b01144374fd782cf089b48025a1316ecbd24 HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "14FFC94E6280A14388FDA9745042B01144374FD782CF089B48025A1316ECBD24" Last-Modified: Tue, 08 Oct 2024 04:17:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=6471 Expires: Thu, 10 Oct 2024 03:57:01 GMT Date: Thu, 10 Oct 2024 02:09:10 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 7338853386defad2f045b3bee05dd9c8 6aaf1269eb3b9e16629c1b20652ee2dbd12c7182 50b50dc294c0c33b05390bd82ad7a823a64b8c24a0de5b92b770e8cfd4e5259f HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "50B50DC294C0C33B05390BD82AD7A823A64B8C24A0DE5B92B770E8CFD4E5259F" Last-Modified: Tue, 08 Oct 2024 04:16:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=11763 Expires: Thu, 10 Oct 2024 05:25:13 GMT Date: Thu, 10 Oct 2024 02:09:10 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 7f6ccf69eed9545b5aab46fd5cbfe118 b51761c80ad244f0c688a0359c2cf9a1bc362f02 8be09440b2725844ff40689a73f3ba0ef5b9b4f59a2e96207ecf466d40f13a9b HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "8BE09440B2725844FF40689A73F3BA0EF5B9B4F59A2E96207ECF466D40F13A9B" Last-Modified: Wed, 09 Oct 2024 22:54:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=13300 Expires: Thu, 10 Oct 2024 05:50:51 GMT Date: Thu, 10 Oct 2024 02:09:11 GMT Connection: keep-alive`

	r10.o.lencr.org/	23.33.119.57		504 B
URL r10.o.lencr.org/ IP 23.33.119.57:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash 691959fefcfad097bc3ec1a354630850 9be67f0c9108246241e1539ed995907bd47bc070 8da8a9af223c237874474d06c24ea3a8a1b38c029469290e99b287d6ea71e29a HTTP Headers `POST / HTTP/1.1 Host: r10.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "8DA8A9AF223C237874474D06C24EA3A8A1B38C029469290E99B287D6EA71E29A" Last-Modified: Wed, 09 Oct 2024 22:50:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=20842 Expires: Thu, 10 Oct 2024 07:56:33 GMT Date: Thu, 10 Oct 2024 02:09:11 GMT Connection: keep-alive`

	cfx-finder.lol/download/tools.zip	172.67.128.226	200 OK	3.5 MB
URL User Request GET HTTP/2 cfx-finder.lol/download/tools.zip IP 172.67.128.226:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectcfx-finder.lol Fingerprint0F:33:93:01:5E:74:82:FF:82:45:82:CB:86:A6:37:A5:AD:C8:71:22 ValidityTue, 10 Sep 2024 23:07:00 GMT - Mon, 09 Dec 2024 23:06:59 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 3.5 MB (3461356 bytes) Hash cd8513e875314724d7b640a8cc55dcac 0ca33b8f689a37e95ff00e192ec1c7308ebb0ccd 87f91bf5495a1a4a0a3a45701819bd5272afffb12ff1ca13cc86b53752eae76d HTTP Headers `GET /download/tools.zip HTTP/1.1 Host: cfx-finder.lol User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Thu, 10 Oct 2024 02:09:11 GMT content-type: application/zip content-length: 3461356 content-disposition: attachment; filename=tools.zip last-modified: Thu, 10 Oct 2024 00:55:43 GMT cache-control: max-age=14400 etag: "1728521743.0253541-3461356-2890402646" cf-cache-status: MISS accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FLhpa4nbnVjo8IN%2FFkw7F3p3%2BLMWXAPQe94nJcE%2BL9bK6Y5iBR%2FTQAo2sZmMjpdBtCEM9W6qAs1zyRDvSBU1oDJJPNJ1bFUvn4bMC%2BgqsetFuUxGMCNl1TXDS%2F5yxZZvVw%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8d03111e6e3356c9-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	r11.o.lencr.org/	23.33.119.27		504 B
URL r11.o.lencr.org/ IP 23.33.119.27:0 ASN #20940 Akamai International B.V. File type data Size 504 B (504 bytes) Hash ccb7c0a230775ffeed6f8a2d5495f2f4 b64d41f2ff0740b511f8043dd7f00db3d937bdc8 c1086024116cc032f78be5a4521af542f33df4c8534249eaf15c5eeccf4ec5f7 HTTP Headers `POST / HTTP/1.1 Host: r11.o.lencr.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 85 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Server: nginx Content-Type: application/ocsp-response Content-Length: 504 ETag: "C1086024116CC032F78BE5A4521AF542F33DF4C8534249EAF15C5EECCF4EC5F7" Last-Modified: Wed, 09 Oct 2024 23:02:00 UTC Cache-Control: public, no-transform, must-revalidate, max-age=10394 Expires: Thu, 10 Oct 2024 05:02:27 GMT Date: Thu, 10 Oct 2024 02:09:13 GMT Connection: keep-alive`

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (35)

Detections

JavaScript (0)

HTTP Transactions (6)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers