Report - cdn.discordapp.com/attachments/1178042744615211079/1178095448246984785/Pro_Aim_Shot.7z?ex=6636b262&is=663560e2&hm=827953706fdc5b7896713653a2391b7391fa6947262eafc330c16456249234c2&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1178042744615211079/1178095448246984785/Pro_Aim_Shot.7z?ex=6636b262&is=663560e2&hm=827953706fdc5b7896713653a2391b7391fa6947262eafc330c16456249234c2&
IP
162.159.133.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-03 23:57:05
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
13

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-05-02	633 B	9.4 MB	162.159.129.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1178042744615211079/1178095448246984785/Pro_Aim_Shot.7z?ex=6636b262&is=663560e2&hm=827953706fdc5b7896713653a2391b7391fa6947262eafc330c16456249234c2&
IP
162.159.129.233
ASN
#13335 CLOUDFLARENET

File type
7-zip archive data, version 0.4
Size
9.4 MB (9414941 bytes)
Hash
878d22f6803a94171e75875a4e8cda9b
3c262eecc6258736d459ea7ad144882555cf3be6
dcd53c018cef041c8e3b1c96957384f618abbdfc44369a44bcfd9057e871f375

Archive (41)

Filename

Md5

File type

RUN ALL .BATCH FILES AS ADMIN.txt

d41d8cd98f00b204e9800998ecf8427e

1.All Netrwork.reg

a082bca60f3811897444fe20f27ac053

ASCII text, with CRLF line terminators

2. network.reg

68c658101ef77eafc29fa11fe4be9afa

Windows Registry little-endian text (Win2K or above)

2.DeviceCleanup.ini

994f77456cfdf5c81f32e4cb6af509e1

ASCII text, with CRLF line terminators

2.Lower Ping.bat

85f126246b341dcdd0d6914e75f112a7

DOS batch file, ASCII text, with CRLF line terminators

CubiqqFreeProgram.bat

376dc73ff560b1c5acf6260c5e7bf4a9

DOS batch file, ASCII text, with CRLF line terminators

deleteprefetch.bat

931765a11745e1efcfb06056724755c6

ASCII text, with no line terminators

deletetemp.bat

7f77fa362c72f9a4a04953c68fe3b95e

ASCII text, with no line terminators

Disable Excess Network Services.bat

4d22f49b7eb75b79aff6e26c009faac3

DOS batch file, ASCII text, with CRLF line terminators

Inject into TCP Optimizer.spg

3432868b093a35fcf0ab514ace32e384

ASCII text, with CRLF line terminators

low ping.bat

4d22f49b7eb75b79aff6e26c009faac3

DOS batch file, ASCII text, with CRLF line terminators

low ping.spg

3432868b093a35fcf0ab514ace32e384

ASCII text, with CRLF line terminators

refresh dns.bat

b01f41d85d8212a7433f805110837be8

DOS batch file, ASCII text, with CRLF line terminators

AUTO TWEAKING UTILITY 2 EULA.txt

8b20aeedc680a293eac53eac7cedd8be

ASCII text, with CRLF line terminators

Auto Tweaking Utility 2.exe.config

c16b0746faa39818049fe38709a82c62

XML 1.0 document, ASCII text, with CRLF line terminators

INTEL SOFTWARE LICENSE AGREEMENT.txt

894d9a257da6e7a92c8fd510fc401a53

ASCII text, with CRLF line terminators

NSUDO LICENSE.txt

ef5e2467ce2f9a22b1d9b3e433c99bb4

ASCII text, with CRLF line terminators

NVIDIA PROFILE INSPECTOR LICENSE.txt

470241450c7b5d62278fa5c481b0b22b

ASCII text, with CRLF line terminators

Basic.nip

3884000c99e6833121725fa5765a0f91

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Low_Latency.nip

cd24e96574fb864c6027b9fa19826e51

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Reference.xml

1a8493bff2d17c83e299101954dcb562

XML 1.0 document, ASCII text, with CRLF line terminators

Disable Network Throttling Index.reg

0fdafb0a67805077f37e74dbdf6dd399

ASCII text, with CRLF line terminators

Disable Transparency.reg

47f70ecd2697c2698372e2fcd674c244

ASCII text, with CRLF line terminators

Network Tweaks.cmd

30324657ef2db8e8457b24fd4d316589

ASCII text, with CRLF line terminators

Network_Tweaks_by_Sviat.bat

13345f98b9c01558628061ea4cafc3c8

DOS batch file, ASCII text, with CRLF line terminators

ping_delay.reg

a33a770344437b9a6e7032734f0a2d9d

Windows Registry text (Win2K or above)

potential_network_help.reg

b6e5eb04831b4af49ca5d1f4c8965029

Windows Registry text (Win2K or above)

shakey FPS.reg

dc3fdc8c318f84b95cf9ee36f0b2c5ee

Windows Registry little-endian text (Win2K or above)

vynla low ping.reg

f6d59ac25994b979eddd553204e489f9

Windows Registry text (Win2K or above)

[2] Network Optimization.cmd

8fb341e085dfc1d67bab09add66f723a

DOS batch file, ASCII text, with very long lines (325), with CRLF, CR line terminators

2.DeviceCleanup.exe

df46db7f7b07b3f87b879834df4edbee

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

3.adwcleaner_8.3.1.exe

7293259f38f9c37df4b05aacdea047b6

PE32 executable (console) Intel 80386, for MS Windows, UPX compressed, 3 sections

Cubiqq_PO_v0.3.exe

352ee4e7509758d948acf0439537b6bc

PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections

TCPOptimizer.exe

d8292150c8ce862a97a923318df07805

PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections

Auto Tweaking Utility 2.exe

11d9ae6b7ac0bad75346bad9cbcb29e4

PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows, 2 sections

amifldrv64.sys

785045f8b25cd2e937ddc6b09debe01a

PE32+ executable (native) x86-64, for MS Windows, 5 sections

ATU_x64.dll

86ccd06316a15ddd6180eb7987d04298

PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows, 3 sections

NSudoLC.exe

0ac3e9d59309f599403ac51615bfe41b

PE32+ executable (console) x86-64, for MS Windows, 6 sections

nvidia-smi.exe

d07b484b8dba9ffb686d82ff6cec3cb2

PE32+ executable (console) x86-64, for MS Windows, 7 sections

nvidiaProfileInspector.exe

9a11825bb9ffaa5317b8f038dae2c078

PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SCEWIN_64.exe

d3201407f3a843a47eb888cadb46d0de

PE32+ executable (console) x86-64, for MS Windows, 5 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
YARAhub by abuse.ch	malware	signed_sys_with_vulnerablity
Elastic Security YARA Rules	malware	Windows.VulnDriver.Amifldrv
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
VirusTotal	malicious	VirusTotal - Scan result 13/61

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.discordapp.com/attachments/1178042744615211079/1178095448246984785/Pro_Aim_Shot.7z?ex=6636b262&is=663560e2&hm=827953706fdc5b7896713653a2391b7391fa6947262eafc330c16456249234c2&

162.159.129.233

200 OK

9.4 MB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1178042744615211079/1178095448246984785/Pro_Aim_Shot.7z?ex=6636b262&is=663560e2&hm=827953706fdc5b7896713653a2391b7391fa6947262eafc330c16456249234c2&
IP
162.159.129.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
7-zip archive data, version 0.4
Size
9.4 MB (9414941 bytes)
Hash
878d22f6803a94171e75875a4e8cda9b
3c262eecc6258736d459ea7ad144882555cf3be6
dcd53c018cef041c8e3b1c96957384f618abbdfc44369a44bcfd9057e871f375

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 13/61

HTTP Headers

GET /attachments/1178042744615211079/1178095448246984785/Pro_Aim_Shot.7z?ex=6636b262&is=663560e2&hm=827953706fdc5b7896713653a2391b7391fa6947262eafc330c16456249234c2& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 03 May 2024 23:56:37 GMT
content-type: application/x-7z-compressed
content-length: 9414941
cf-ray: 87e4304b8a3a1c0a-OSL
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="Pro_Aim_Shot.7z"
etag: "878d22f6803a94171e75875a4e8cda9b"
expires: Sat, 03 May 2025 23:56:37 GMT
last-modified: Sat, 25 Nov 2023 22:10:42 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1700950242882703
x-goog-hash: crc32c=SNR/RA==, md5=h40i9oA6lBcedYdaTozamw==
x-goog-metageneration: 5
x-goog-storage-class: COLDLINE
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 9414941
x-guploader-uploadid: ABPtcPrM_qhOVXgzH4j9ZuWQEms-RJqnbJwjAkO9Y3se2KUM5rWMbW63DOGr-hn77R4hJyFwyEDU-nstmA
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BaUmWbTpqcdJ%2B3mHbqy7yWUWJqHlIbg2osl2K7KOfJzOoT80Z7W1zkdta59hO3O%2Fx8PPWlW7LTJEwZAyhcev5o5AWNYkiZE03EVkKVe1luIWjLMGLEE%2F%2BsyEE0hN%2FBmX%2B6D6Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=aKqPwCeDPOFFL3vHNSxNF_H5_mgAbqdP26gzSwO3KwU-1714780597-1.0.1.1-ZriKYmSnL48xOQQOrP65Gv1IcEffgCskptyBL0Mb0v7NVgjrLjjy2Fv59IrI4wIswbkjkuaabRCZd8yJ7IywBg; path=/; expires=Sat, 04-May-24 00:26:37 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=v7m2fYvbwXwUHsOmqCPVa1hj2Wb9Aj3mg.chBY1rExg-1714780597613-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (41)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers