Report - cdn.discordapp.com/attachments/1233059696072720394/1233059740498788454/Liwky_Optimisation.zip?ex=662d095f&is=662bb7df&hm=b14262b7a3492947c817f66813b4402f6db9756f2184e52672683fe16cd6f439&

Report Overview

Submitted URL
cdn.discordapp.com/attachments/1233059696072720394/1233059740498788454/Liwky_Optimisation.zip?ex=662d095f&is=662bb7df&hm=b14262b7a3492947c817f66813b4402f6db9756f2184e52672683fe16cd6f439&
IP
162.159.134.233
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-26 14:54:29
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
3

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.discordapp.com	2474	2015-02-26	2015-08-24	2024-04-25	640 B	18 MB	162.159.133.233

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cdn.discordapp.com/attachments/1233059696072720394/1233059740498788454/Liwky_Optimisation.zip?ex=662d095f&is=662bb7df&hm=b14262b7a3492947c817f66813b4402f6db9756f2184e52672683fe16cd6f439&
IP
162.159.133.233
ASN
#13335 CLOUDFLARENET

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
18 MB (18411243 bytes)
Hash
2ea8018bca4fac72fee9f9742cf691f3
f1424c2004ae11cf72b82f6c8bdd60df107e24a0
fae49c54f1103eda856a794d88b08f221c0672797531ddb9a1667d9d63677fcc

Archive (15)

Filename

Md5

File type

AddMaximumProcessorFrequency.reg

1c24465f700389e1f1df349f775b101b

Windows Registry little-endian text (Win2K or above)

CPU Performance Boost.reg

203bc46e7ce817ddb57a362333f89f3e

Windows Registry text (Win2K or above)

CPU Priority Class.reg

72d83d873e65d03d37102ca0cabae7b3

Windows Registry text (Win2K or above)

Disable Power Throttling.reg

0fc492ecc3504d0dbd1707b173f7931f

Unicode text, UTF-16, little-endian text, with CRLF line terminators

Game Optimization.reg

31b070f3b97367639b4c5930044ff82c

ASCII text, with CRLF line terminators

Graphics Speed.reg

ca73622dbc15c8d18397ad6bc64064db

Windows Registry little-endian text (Win2K or above)

Increase CPU Resposiveness.reg

47f346d3ff7b67642e9a9768cc6277a4

ASCII text, with CRLF line terminators

O CPU.reg

5e6547f18182ff61ae0e8e1f1a1b5ae3

ASCII text, with CRLF line terminators

PortThreadPriority.reg

4a331bdc0637b53703504832878fed88

Windows Registry little-endian text (Win2K or above)

Wake_Up_Cores.reg

a6df13304813b3e72972ff44497f2048

ASCII text, with CRLF line terminators

Clean Temporary Files.bat

ac0a8d47cca6816a43207aaefa93d164

DOS batch file, ASCII text, with CRLF line terminators

Increase Power Efficiency.reg

32184d6be4dd173ec307dd12be11e488

ASCII text, with CRLF line terminators

Useful Tweaks.bat

8d97d4940241d1ea6a15e8009563f7fc

DOS batch file, ASCII text, with very long lines (1719), with CRLF line terminators

Optimizer.txt

aa9068a6e90c4de871d50aa0ee669d05

Unicode text, UTF-8 text, with CRLF line terminators

Optimizer.exe

b8b1dd7f17d1327636c3aac809b4a603

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
Public InfoSec YARA rules	malware	Identifies executable converted using PyInstaller.

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

cdn.discordapp.com/attachments/1233059696072720394/1233059740498788454/Liwky_Optimisation.zip?ex=662d095f&is=662bb7df&hm=b14262b7a3492947c817f66813b4402f6db9756f2184e52672683fe16cd6f439&

162.159.133.233

200 OK

18 MB

URL User Request GET HTTP/2
cdn.discordapp.com/attachments/1233059696072720394/1233059740498788454/Liwky_Optimisation.zip?ex=662d095f&is=662bb7df&hm=b14262b7a3492947c817f66813b4402f6db9756f2184e52672683fe16cd6f439&
IP
162.159.133.233:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectdiscordapp.com
Fingerprint97:8B:EE:AD:1E:BF:A1:69:E7:94:29:F7:55:7A:29:64:19:C7:81:39
ValidityFri, 20 Oct 2023 00:00:00 GMT - Sat, 19 Oct 2024 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
18 MB (18411243 bytes)
Hash
2ea8018bca4fac72fee9f9742cf691f3
f1424c2004ae11cf72b82f6c8bdd60df107e24a0
fae49c54f1103eda856a794d88b08f221c0672797531ddb9a1667d9d63677fcc

HTTP Headers

GET /attachments/1233059696072720394/1233059740498788454/Liwky_Optimisation.zip?ex=662d095f&is=662bb7df&hm=b14262b7a3492947c817f66813b4402f6db9756f2184e52672683fe16cd6f439& HTTP/1.1
Host: cdn.discordapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 14:54:00 GMT
content-type: application/zip
content-length: 18411243
cf-ray: 87a767d3ff7d56ae-OSL
cf-cache-status: MISS
accept-ranges: bytes, bytes
cache-control: public, max-age=31536000
content-disposition: attachment; filename="Liwky_Optimisation.zip"
etag: "2ea8018bca4fac72fee9f9742cf691f3"
expires: Sat, 26 Apr 2025 14:54:00 GMT
last-modified: Thu, 25 Apr 2024 14:19:11 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
x-goog-generation: 1714054751341087
x-goog-hash: crc32c=URU9EQ==, md5=LqgBi8pPrHL+6fl0LPaR8w==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 18411243
x-guploader-uploadid: ABPtcPrYai0FnvhJ6PZTP6ZMxe9hQdw3_gmEnNnQg6kbNQPpftJ251MK04l9-F-N-BPO9cL5kOp9GndyYQ
x-robots-tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZbYKJ%2Bjf%2FE0Tfu3ps5T1RhpAKR9fw0C0nAV0nZbTc6XrGAZInrtEG7U%2Ft%2BeDDOUYqabv0M3Djn7QrtkiW%2BvqClxb6T6iPE%2Flis1Sq89tG4yQ84wp%2FMLQ3%2F6Twgbg41hyxp1RUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: __cf_bm=ilZVxswLa3Rf4oAnLK4_qFvfGnVU8r1nOr16Wjvs9z4-1714143240-1.0.1.1-zYz6lMLa1JWRPIq5OLokj5S1DtoTbevghZEgcovhjugFEdE7K98YNuuIU6rDi6AyUEZkTdhcCUPJX_DjRtkwYA; path=/; expires=Fri, 26-Apr-24 15:24:00 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
_cfuvid=0BGStQAfefRLeTCY8z9RhyOFrisB16i2.slIUffzD4s-1714143240907-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
server: cloudflare
X-Firefox-Spdy: h2