{"report_id":"127f6a46-f651-4d0b-ad11-ae4813a216ab","version":6,"status":"done","tags":[],"date":"2025-01-16T21:13:13Z","url":{"schema":"http","addr":"github.com/KintaroEB/POE-2-Assistance/raw/refs/heads/main/3.5.zip","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.3","port":0,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-03-27T21:13:12Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"github.com","ip":{"addr":"140.82.121.4","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"domain_registered":"2007-10-09","domain_rank":1423,"first_seen":"2016-07-13T12:28:22Z","last_seen":"2025-01-15T02:17:23.86894Z","alert_count":0,"request_count":1,"received_data":3942,"sent_data":519,"comment":"","tags":null,"fingerprints":null},{"fqdn":"raw.githubusercontent.com","ip":{"addr":"185.199.108.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2014-02-06","domain_rank":35802,"first_seen":"2014-03-01T07:08:08Z","last_seen":"2025-01-15T04:01:34.674619Z","alert_count":0,"request_count":1,"received_data":7682967,"sent_data":530,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"da9dd381752c0b132de9b266b1fbd5ce","sha1":"a6337af0e934662c18685ef7759ec7c34f49bc09","sha256":"eef82834ce64d09570d752de77f56d3750c2de4a720f1b827c7b667b0faf8985","sha512":"cda107b7bfa72c93cac3fd9b9475b6d5ea4177e98d21f735c0dd2446b873de8c5463684902ec7112622a55d8c19237b036d5f762e562953401bf048a28f93f10","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":7682081,"url":{"schema":"https","addr":"raw.githubusercontent.com/KintaroEB/POE-2-Assistance/refs/heads/main/3.5.zip","fqdn":"raw.githubusercontent.com","domain":"raw.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.108.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":[{"path":"3.5/config.ini","filename":"config.ini","modified":"2025-01-16T22:01:26+01:00","Modified":"","magic":"Generic INItialization configuration [values]","size":516,"md5":"cd5a7f9d9409e6bb89bb3e4adedcb945","sha1":"48c98b0630818f5480dcbdcbc0694cbc6068f177","sha256":"87894ba261c1041f0cfeb7e5f4d89fe37ba472274914254486ba05b7753fb03d","sha512":"7ea80a4f16932910509b95fb8da26f20b9e05305a7f92daaab21789497a003bcf2767c921b7231aa3120da5b479016f4f637f2a84633e1e075b4f15c0e52556f","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/cports.exe","filename":"cports.exe","modified":"2019-03-11T16:50:14+01:00","Modified":"","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 5 sections","size":195280,"md5":"996b2a9ad2af67fbf9629e86a42597c2","sha1":"14f47a3b1fc82806540c5139b37d2f2a834dcd60","sha256":"a82c70fe52f0142b4f72340aefe2a4f54c55cf352e8a042274802f43a9c3c19a","sha512":"47892c4d65871d45c12aaa8a889b2be2d2a87b1a12494a5fa7a35baecf36be72a0103a9e643b0ba77f6805624d3e1be15d5228196a99d0ab24bb11b24d38ab3a","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/advanced/ggpx_files_here","filename":"ggpx_files_here","modified":"2025-01-12T12:09:52+01:00","Modified":"","magic":"","size":0,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/auth/upload_me_this_file_in_discord","filename":"upload_me_this_file_in_discord","modified":"2025-01-16T19:56:04+01:00","Modified":"","magic":"","size":0,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/basic/atlas.ggpx","filename":"atlas.ggpx","modified":"2025-01-15T00:24:35+01:00","Modified":"","magic":"data","size":181376,"md5":"2e54de132d602f3d599633f24669333b","sha1":"7d63696e81df9cb5e6a19ea6e3f4873405756285","sha256":"446c33ec09ab5c67510c4593d50d8e2a8104fe3bd8ae8d9b63a960c6bc4cd541","sha512":"0b5114950fcaab991bde97a8ecb8f46c5b5d19929f8185b31fd25516ff05786738d6cae4b2e09dfe0a0d972042155d4457f6087f7dacf232e022fedff20cf28c","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/basic/delirium.ggpx","filename":"delirium.ggpx","modified":"2025-01-15T00:24:35+01:00","Modified":"","magic":"data","size":1728,"md5":"2e5057b3d072bea446f79bee481cec2a","sha1":"422403b0e6d8294b2a11d1ef8a1fe1b5a6f88fae","sha256":"4d1e433d97c9045cb00e0baaad13ec1e78c4a66e869550dea8b2b4e77df1d92c","sha512":"4876042c8e0ee68e5c04fc6000f0962c0d504ddbcff10b0140216177c306448ce197cbbe28b76d6a6d89cd71b1b1a05aa44a90fa167b71d44349d6567c941b70","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/basic/minimap.ggpx","filename":"minimap.ggpx","modified":"2025-01-15T00:24:35+01:00","Modified":"","magic":"data","size":7648,"md5":"aeba590be074e16629be894b4501dad7","sha1":"635ab7fdebf37c3fc9ed8c458bf9333712188c53","sha256":"752f9de93367768eae815cdb71c842a4aceaf21699f5ce412452bd7099d0b7b7","sha512":"8980a7cea714a683846f9d590585ad0d5dc6e39c613601687940e0346904ea0eab10c3a91080a1ada1ac6da3a68fccaed1b771be2e6aac6956b8aab079007faa","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/basic/monsterhp.ggpx","filename":"monsterhp.ggpx","modified":"2025-01-15T00:24:35+01:00","Modified":"","magic":"data","size":4704,"md5":"1fbd4c43de978811d1d9fb9dd4b382f2","sha1":"7d49f624d1a5f5ddc4782b04b52955faf8cc7d49","sha256":"9c7be380ce5d00299b392b83fb54088d7d9eaa87ce80b038f2383d3575e4c583","sha512":"751e01795ea89bc749edfcd668ca880db2b8606c088a7d5bd9134c0595363cff602c41a43f2458962be5c2159016ccf98c5d406314432cfc24d89469fbc0dcd4","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/basic/restore.ggpx","filename":"restore.ggpx","modified":"2025-01-15T00:24:35+01:00","Modified":"","magic":"data","size":380352,"md5":"e017ed010dad5ebd596076f6fe286b2b","sha1":"e8a5065f43f2b7e5cb7b3b403219bd7c6f47d67f","sha256":"eb36d94199d7167a89c402dc7b8f1a52257a822c6de60b2d39d683082a56df40","sha512":"973457c5861ca2e31c62c27736c06a69801034ffec801e20b3fd66ec0a7a228d97432099f0f3910e545b9cb59c486a43802c33935d2443cf20e46bf6ff9cbb12","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/basic/zoom13.ggpx","filename":"zoom13.ggpx","modified":"2025-01-15T00:24:36+01:00","Modified":"","magic":"data","size":135200,"md5":"e45e870ba4c4b62dd765106f875e06a5","sha1":"bcf85849025b95b5effd025fb5e901b209c7d61f","sha256":"916eed6c232c9479414082d4f822b3daa0ddf9d4c885ef285c8df9e1fce1d89f","sha512":"ce075c3b23c79b5495a277a5bad35ccc0a8be43791e2401a2183d41add782a4cd00fb2f70000f263b2308a87ad398808ad0e1a455fdf9a1a9b1cd7246d9d57f3","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/basic/zoom16.ggpx","filename":"zoom16.ggpx","modified":"2025-01-15T00:24:36+01:00","Modified":"","magic":"data","size":135200,"md5":"3785ded1d5e7a1b8da92a86825a667c0","sha1":"4f2561b52e96c945e2e8401094670d929d3ea64f","sha256":"dda3f87c9e40969e632df08ce935fcc3cb710550f0ce99a7ca30b9404b9b0a7d","sha512":"88a1caa4cbdcae9e4712bea4dd083576b90a4f6852567d65f015cb5dd8cc98fa5f3351cb6fc5bc43c1cfd6245db28e23e615bcb484e66b3a72e809f72285178f","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/basic/zoom19.ggpx","filename":"zoom19.ggpx","modified":"2025-01-15T00:24:36+01:00","Modified":"","magic":"data","size":135200,"md5":"07d6145dd07d5cdb6bec029ed6e2938d","sha1":"205686e8ce93de637377af0c70c041a28988c9b9","sha256":"d433328d93f4fc0a92cf08442939789069d2bb3427b41abc42aadbf8c4fcc53d","sha512":"fd7f57efb2795a33a31c1b46c807f64e016afeaff0e6f74a571848196936716dfbcfc87a6ff8f05391ccd214781d63a852301af404b54154121d2b567e426f2e","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/ggpx_files_in_advanced","filename":"ggpx_files_in_advanced","modified":"2025-01-16T19:54:59+01:00","Modified":"","magic":"","size":0,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/includes/_FUNCTIONS.AHK","filename":"_FUNCTIONS.AHK","modified":"2025-01-08T14:00:31+01:00","Modified":"","magic":"Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2691,"md5":"3f4a2ce84145c38af1b75e8b1a538736","sha1":"ca3f6911ccf24631d7d517c7bb267ba905adb657","sha256":"ceffb976275e195f6728fa78a46a20479a57fb92a424b26b18abb11c0635b3ce","sha512":"d41f1d186752ec961206800a125f82b68f79e9c1651f1d74f323ea51937f35ff518eed194746a10708bfd38b17bad6b16ab3692096131fbd34f7f2890cf85ad5","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/includes/_INCLUDES_GLOBAL","filename":"_INCLUDES_GLOBAL","modified":"2024-12-19T16:32:53+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":232,"md5":"3adf83a93430a2c3e5045a0a61e8b0f5","sha1":"d0306fd492eb40487fc9bd7bc92f64a33ea17a1f","sha256":"8e25e88c99227a8b24e3fdc5568b173fb56c01ee86aa5a7663ffc300fc965ada","sha512":"266f7113431369d2f13755995cae6a669eb072f3529a84622494289e0f215333f20a7f1706d94107fd43b8cb22630e6417bc5c06f64e47c9f6f8e8a17ff70789","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/includes/_INCLUDES_THREAD","filename":"_INCLUDES_THREAD","modified":"2025-01-04T21:06:15+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":1743,"md5":"c354e958b3da26fd1e22d587fdef4783","sha1":"1741ef4a923dfaddceef6ecff899c981a4ceb1bd","sha256":"f64e789adc76559b1c264496a1442e1382ec0757d1c8933aaf162c0c996a3669","sha512":"ddd54db895d27bfd06045162e18ebb04f302b7f077df724b2c57833bc555874880ae7bf05d1e81784f1f1811d3eb4420a91924bcde376cb0ac1c2e09008e3484","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/LibBundle3.dll","filename":"LibBundle3.dll","modified":"2025-01-14T22:55:31+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":45568,"md5":"da258b2cfc77579481789df2b0fc5dc8","sha1":"d37d429835ef768c7616949c48e75d4fc058638c","sha256":"3036d0baa03db552091179729e9844f1468af2ebc028995e9661beda93831300","sha512":"1b8f88eb18b063ed2b8c8de742e75d1024b6e3e6e2819eee1a20a6b2557c6d3e9ceae18d4a3885534d6d746e0f3d1727801b2b39003228ec7435a60fdab969ad","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/LibBundledGGPK3.dll","filename":"LibBundledGGPK3.dll","modified":"2025-01-14T23:43:54+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":9216,"md5":"8dc28b44625424aa3f0dbf3a531035fe","sha1":"7fcf823fba3790f097f80dca1637fe32fc084932","sha256":"37c4fdc15924cb7ebfed01d599a869c27c15332693cad4cecd2aa26a616eb767","sha512":"3b3469c891c6d163ee783c2fff212ed642343c8a89db115fb9c61cec4ab76d44363cd6de61d029442e3a947093068be5c55be1fa243e3304d72ddf4314058490","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/LibGGPK3.dll","filename":"LibGGPK3.dll","modified":"2025-01-14T22:55:50+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":61952,"md5":"e073759831f4be629b5355771faaee15","sha1":"99472694e12fab4ce51d7304e09a7171bbd58855","sha256":"332d2842e4fcb28aab717f090335e18246dd3cd392784666357384004c182770","sha512":"63d96e8ac8c2681333fb699c483ca6c36826b9a56574110b80bcf60c724f6663ad762a16cac074ff82db364a50899bbfb3c29ea52a35462707eb0a2596e309b9","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/oo2core.dll","filename":"oo2core.dll","modified":"2024-02-12T14:10:10+01:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 5 sections","size":645400,"md5":"a555e1cd5870d1fd7c385d0ea695aa2a","sha1":"28b7f7ffe991a02bde8e62fe0da92e2e259348f3","sha256":"4758c7901cbd68df1848b7afed48c1975ad59b509886c21b87c0e91d717446b5","sha512":"3404ab5a635a5980683d73265190647399e4ea062ba6a3f0abab59c2b69e503abfc4af2942291ce2e4e829fa079cfa73000cf8cd88c7489963b59ba3b28d1c39","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/PatchBundle3.dll","filename":"PatchBundle3.dll","modified":"2025-01-16T13:57:59+01:00","Modified":"","magic":"PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows, 2 sections","size":116224,"md5":"cf3c608dd4e432dcdc9135e146d190ed","sha1":"19c024a0ebc51e990217360d5e410d14c7a00795","sha256":"a027d5024c0dac074aad096e9f45c245c6ec4b1ad7eb374db28d7496a0fbc20a","sha512":"57518af118f0a771907420996534354f989201f94bff985f433d0def313c6af1d32ae0534dfec4c7244ea7196c0edf2bfe8e0d24d9ec8c5da448b9f594a667c1","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-16","alert":"Detect pe file that no import table","trigger":"3.5/dependencies/LibGGPK3/PatchBundle3.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-16","alert":"Scan result 2/72","trigger":"a027d5024c0dac074aad096e9f45c245c6ec4b1ad7eb374db28d7496a0fbc20a","verdict":"suspicious","severity":"","comment":"suspicious - 2/72","link":"https://www.virustotal.com/gui/file/a027d5024c0dac074aad096e9f45c245c6ec4b1ad7eb374db28d7496a0fbc20a","meta":null}]}},{"path":"3.5/dependencies/LibGGPK3/PatchBundle3.exe","filename":"PatchBundle3.exe","modified":"2025-01-15T02:35:55+01:00","Modified":"","magic":"PE32+ executable (console) x86-64, for MS Windows, 6 sections","size":139264,"md5":"22fd07dd3087958750fe4a405ca0935e","sha1":"3ba321626fb69f747c80788725ede851564b1c99","sha256":"56482794a1c00a70e22c5aabba98e248f1115da7f16ac595ac99228ef0110467","sha512":"d58d510369644fd763c807d2d48284c3d25193c65e96056055f1845d139ebe7eff851166747d74e3be9b8faf9f31ae8d86f4b0edbb3c99e4eba75317a56e8e2c","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/PatchBundle3.runtimeconfig.json","filename":"PatchBundle3.runtimeconfig.json","modified":"2025-01-14T22:55:34+01:00","Modified":"","magic":"JSON text data","size":483,"md5":"8668acdba4ef5bae1442d1caafb5385a","sha1":"be1acdf60f0df2b718bb822f8ff73cd5d2da2922","sha256":"b0be19eafe89d62b412845c1550d4124c7a08100c14b87e6fc11c370ddd80778","sha512":"2a3ec112256cac7ddb6f3eb6da08c67200b5802b69ad187be3b9ccb5aa46c4da58069eab19530609df78f50da5f21004bb66252cbd01926128e584d13aba7f74","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/PatchBundledGGPK3.dll","filename":"PatchBundledGGPK3.dll","modified":"2025-01-15T14:58:18+01:00","Modified":"","magic":"PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows, 2 sections","size":115200,"md5":"b136082b80e03b29dc78ab3fb1dcf024","sha1":"addfaf818e8b6550ec8342e94acf0fe34f3ac277","sha256":"f5b81f8378a48dd652c2a2ae85b4f3c45cde47d8337acb685d0a6e3f928f01ef","sha512":"891fb5b4aed5047b0231e088d5b567ba35dc9e8a5b9fbc090d8a74d6923e3a48297932e01861728bbd1dacb78442fe64f97b2676003d4bb7acfc19021678129e","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-16","alert":"Detect pe file that no import table","trigger":"3.5/dependencies/LibGGPK3/PatchBundledGGPK3.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-16","alert":"Scan result 2/72","trigger":"f5b81f8378a48dd652c2a2ae85b4f3c45cde47d8337acb685d0a6e3f928f01ef","verdict":"suspicious","severity":"","comment":"suspicious - 2/72","link":"https://www.virustotal.com/gui/file/f5b81f8378a48dd652c2a2ae85b4f3c45cde47d8337acb685d0a6e3f928f01ef","meta":null}]}},{"path":"3.5/dependencies/LibGGPK3/PatchBundledGGPK3.exe","filename":"PatchBundledGGPK3.exe","modified":"2025-01-15T02:19:07+01:00","Modified":"","magic":"PE32+ executable (console) x86-64, for MS Windows, 6 sections","size":139264,"md5":"39f1c2e7b1fb183c8f51e1d7559abb68","sha1":"60398dcb7404b681c004dcf28a7ce645e278116a","sha256":"119d8f53d3798cf5dac1ca846f9ee9c3c7340cbb1e8e7bedc50a6d961019efb6","sha512":"27fbae3e7cfeda40e9f0a1070934edcc58a8b8ce6ea6ec1bab291beda0619e58dec77572ce172729e9e749d7123daea7e0097d933a86f1037e6094c2da966734","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/PatchBundledGGPK3.runtimeconfig.json","filename":"PatchBundledGGPK3.runtimeconfig.json","modified":"2025-01-14T22:55:53+01:00","Modified":"","magic":"JSON text data","size":483,"md5":"8668acdba4ef5bae1442d1caafb5385a","sha1":"be1acdf60f0df2b718bb822f8ff73cd5d2da2922","sha256":"b0be19eafe89d62b412845c1550d4124c7a08100c14b87e6fc11c370ddd80778","sha512":"2a3ec112256cac7ddb6f3eb6da08c67200b5802b69ad187be3b9ccb5aa46c4da58069eab19530609df78f50da5f21004bb66252cbd01926128e584d13aba7f74","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/SystemExtensions.dll","filename":"SystemExtensions.dll","modified":"2024-10-14T22:27:30+02:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":92248,"md5":"f3a2d9cd7de5c93b63115bd016c5b2d0","sha1":"93855939341ae42345a9a8eae436cf7fca383bff","sha256":"335211d0714440678bf544886a2f62c7060059f2bf804d345becd68a6321c5c4","sha512":"23be5f9b818ca31ce9536760d1e7c1ab42052eadf3fc200be055f6a90860b9481457a918d1e0188292ec0dbfd0d9b800107c1d7803f2d06391ac34b160c1c990","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/always_enemy_hp.png","filename":"always_enemy_hp.png","modified":"2024-12-28T00:36:13+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":5392,"md5":"bf4f1c3c029e34a769cd1de018e652bb","sha1":"d9a824c5aab56d8ba99a7a291e98b4999414354b","sha256":"1ade922657f61269b838980b5d512be67ba468efd11ae3d9b82f0257089133d1","sha512":"d60d88171016f48709e8d8943b907da4bed25ca4c242d8b5046e375c77f5ff37f5f26eb3dcd423efc03a75eeb444c5dd5d1d1637dfca8481d66c8f8e152453a1","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/always_enemy_hp_a.png","filename":"always_enemy_hp_a.png","modified":"2024-12-28T00:36:53+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":5460,"md5":"bb69e5d95035adb56a2d03341f9a3d66","sha1":"90c92d11e898574372f488ec36905801e5e67ffa","sha256":"4d211124be24c124b20dffb2095d7e3668a5b97ffc53a105eac6793db54235ef","sha512":"bec23bfcd9add3ece1ae4c176f7fe20e130f13a7c6d31508ffa02c2ba5859111bcec0f0d25450869ac0ecd3eca1405b644f7d3554b34a19207ae37e5be3947c7","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/blackscreenmode.png","filename":"blackscreenmode.png","modified":"2025-01-03T19:52:51+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":5213,"md5":"7af49d4e5700cba4c3544c9ffcfcb353","sha1":"1643daba4d8954979fa9d0657de06319aced06ba","sha256":"969ce5229c53840b2afa533e66a6fc4c89679cbb27e663bc50e100003567210b","sha512":"e30b2b7300bbbe9457996001be569cb6a27c3328a8cae93ab56a9fd115418128ba8dcd7430924b91127b266c33df62cdf24ccc241fbe16482b8ef604d4a84090","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/blackscreenmode_a.png","filename":"blackscreenmode_a.png","modified":"2025-01-03T19:53:15+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":5223,"md5":"5ba40549437f4a80f2983ad05e95b8d2","sha1":"f6fa5bc3e23d2d43c838eea9d35009610966d041","sha256":"8713fa4ca6ade203fcf5967049d7b61e4871880d81e4fede9265194b648cb874","sha512":"4a0c0ef0caf2e92ab706e439bf8e4fac68de6087ecc546db9c46acfacd8afb4162861c65fe483ba3271f8372b558982f05fea7d8386cb0a000a557e04dd88a10","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/close.png","filename":"close.png","modified":"2024-12-18T15:23:24+01:00","Modified":"","magic":"PNG image data, 125 x 38, 8-bit/color RGB, non-interlaced","size":4222,"md5":"b225d613564860b8020ba9248a1b6f2b","sha1":"58920e3e1e43454a46346c13eb2a34443c75dfc9","sha256":"311c9588cc4b5a194eea97e804086510ef6e538664dafed4de0299a6c8e5a2cc","sha512":"7cd15e1040463d9377e44f5348eb16ef971bd64ff838c4ed789ad79d25822446c59c92072e61c25f99dd74cd654d6d28a10e96981f82fd15991e1e703ea7fe32","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/close_altered.png","filename":"close_altered.png","modified":"2024-12-18T15:21:11+01:00","Modified":"","magic":"PNG image data, 125 x 38, 8-bit/color RGB, non-interlaced","size":4217,"md5":"dc0278a2dbec73b60385115efae75942","sha1":"2efb54520767c9b378db53cbd430f35d9d726488","sha256":"a3247d15a447ed24bb57fbb7a4b392fa2ad51b90770a5981596b592e67eaab54","sha512":"04544caac0d7fc00e9061938ca68e1d76bb9c970edc712ee8d76b098ba66602c2241d30ed5c804ccae99b54cd06ea086fae250fad5b086f1718fb638750e6c6d","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/dc.png","filename":"dc.png","modified":"2024-12-16T05:20:06+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGBA, non-interlaced","size":4509,"md5":"1d749b98836bc8e47cead02bde8a4437","sha1":"63c03d40cf45869b9707c98421047638c59f3eef","sha256":"ab7ffa7d24dfa8fa4f76980a1d7a21536d5485d12fbbf5c5fb95c9fff4fecfb0","sha512":"fd02ffabd1685a8e18634137d853529ca00e8737561ef98fd10ef321ddec17bd2ba707d45b75d89476cc3d84d46833660e4b13ab36d67d196d60602f0e77c096","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/dc_altered.png","filename":"dc_altered.png","modified":"2024-12-16T06:35:53+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGBA, non-interlaced","size":4714,"md5":"cbbcc1ad191ecf357baaf1cb01bf4bce","sha1":"4a443e9824b62fb0a850a2ca967776c1310a54ca","sha256":"ff3560d14de7dd9bfb657e3a57cca8d066910e082af7abb8cfd19364ba0009d5","sha512":"9d3156cdf520ed3e324473a4fb9a8d7528cf8cbe4274388af38f3fd5d676654fcce402cd7ba860d947cab6121c523d46790c4d6a85f2087dd2f332f6750af2e9","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/enable.wav","filename":"enable.wav","modified":"2024-12-18T21:29:21+01:00","Modified":"","magic":"RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz","size":271734,"md5":"0d8adbf6b0dbad15f3c708510f63a295","sha1":"f4e7f6761268df4b428ee74ec2ddb9ccf352cfd9","sha256":"bd4757a84decd73f20080324c446358c95dbb2e46457bfb81138c7dffe5d9d5b","sha512":"76fefda8970b3e95af82d0d5faaf3aa8991c33cd79ea2a727765daa2b4cd1866e8ea5d616a834b474079ee543adcc37ff261a478c2c8276167fcad3179b6a514","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/exit.png","filename":"exit.png","modified":"2024-12-18T15:23:42+01:00","Modified":"","magic":"PNG image data, 125 x 38, 8-bit/color RGB, non-interlaced","size":4317,"md5":"e2c3de4958bc38d7d8863f436cc33336","sha1":"90090a90b46f774fe8b2861b5fae523f2776e9a5","sha256":"5e1c4232b3f6f2974d6c64c82bc8248b6b9693062b2d2e0d1fade51aeac70342","sha512":"664d93c2223b383e832221a7bd63bb1fcd2d0843adfe25513686b82caee7186d0a24f3f0b6934d5bc42fdefbd687987e79a321fb0c74f64f84ba0ea5b7485abe","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/exit.wav","filename":"exit.wav","modified":"2024-12-16T02:03:22+01:00","Modified":"","magic":"RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz","size":589898,"md5":"0cd6c260ef1faf1efc252a25613bf31e","sha1":"b72f26d445da21615ac853806fe5eed701fe88c5","sha256":"cc1d96be17ae2ba54c48960ac41cd5b0eb114129dfe99a1a87f8ee47642cf836","sha512":"2bf8cd7a30cfb8af1e5cea61e9451092282e976353f66a1aacd96e64b48b3eb7851e56fae717f7d3b0170ae24c49d596f60085d5b84848a1c642ab6a9080df28","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/exit_altered.png","filename":"exit_altered.png","modified":"2024-12-18T15:21:30+01:00","Modified":"","magic":"PNG image data, 125 x 38, 8-bit/color RGB, non-interlaced","size":4312,"md5":"3f59cc6f003e6e12ccb739ce5f68f4f3","sha1":"d2e1169337d6d3384307aacac41e67aeba2ee673","sha256":"3e44e2e5eee75a4cec8574110ac21a3bb6d4c9147e8a7e85d8d1bb7b8fefe910","sha512":"2ed0d05d2638d02df0381e11977e06dcaed9542d6234ad30b5d2368570c6774d99e1ae8b859addb46981b67f60d93790b6c372d124629f10ffc833a79342237f","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/gamepad_ai.png","filename":"gamepad_ai.png","modified":"2024-12-24T00:00:29+01:00","Modified":"","magic":"PNG image data, 651 x 420, 8-bit/color RGB, non-interlaced","size":110879,"md5":"8ec6073595afff32cee7b360a87dfa2e","sha1":"06af4689da884d85d4afca68aff0b73c8dc7cebf","sha256":"2f5db2ba1c9c7ff7c6ce86c1d3b46890b23450abc2d6ac3fd5c2bcf19fb893ba","sha512":"3790102481faafc20788e52b7d1bf7bbb7a81605c04dd9388177692bbf52f5cd1fb2063d0167b017954ee5800333b1d5f8c3c2af8cb34dac177a9e71d357bedc","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/gamepad_ai1.png","filename":"gamepad_ai1.png","modified":"2024-12-24T00:04:36+01:00","Modified":"","magic":"PNG image data, 651 x 520, 8-bit/color RGB, non-interlaced","size":112147,"md5":"3dc9ef7c8074ba6105d76f5f981471fa","sha1":"64dd2351f2aa33820a9778a4d0684a28525ed0af","sha256":"fa474b4a2a9c1f88dc569f3280a69618da584cafc988b3d1f85b8c1f7c36b121","sha512":"ddd840ba0fb8db233b675842f225336a037512d3d279488d610b4148358be4dbe5904e09abe4fb55a7356bc1964ceb63a5e1b9f9312024ad040c535a74ef86d6","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/gamepad_wnd.png","filename":"gamepad_wnd.png","modified":"2024-12-27T00:25:36+01:00","Modified":"","magic":"PNG image data, 163 x 105, 8-bit/color RGB, non-interlaced","size":15084,"md5":"0998493e571984a817f2f68a9bb084e0","sha1":"80d6bd2a25dad8e556c9333bdf28037f80ed0f3d","sha256":"295965a3d35b9d8123eb4555d05c303312526dcc01f548c3ff2fc01d28e5b9c8","sha512":"7befa42a7f5edb237aed03b1cf0ac5239244d791e0762ca655783a2fc6a18a6a0738f18eefa2a51e47313c7f0d49101d1cbe60cdf9453351a5bd98af451f49bf","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/insert.wav","filename":"insert.wav","modified":"2024-12-24T00:43:01+01:00","Modified":"","magic":"RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 48000 Hz","size":125254,"md5":"4b2e7f99fc2e1f402e317f862ce78ffc","sha1":"52242477a0f6d1b9f756869c14d1319209d53d94","sha256":"e0aa44c4c3e9ce28e621478acdb3a6ab931cfd9ea39ca447fd0ad14e41b6adc2","sha512":"755f66cd22268ef5618f4f1efba321605d46fe67bb36a150d4c1e12e8cc14231d1d84dc837e236d6982d997f0345e7adb30d435f8418f33cb02bbeb641a94479","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/maphack.png","filename":"maphack.png","modified":"2024-12-18T20:59:37+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4388,"md5":"9f654edd9409b946692998bb98fb300b","sha1":"f0008f4d910de90ed0ad7cf5f43762436f19a4c2","sha256":"06d621c13012eb7aab5269b263dd61e1aa00ce2fe040899c3be03b905ac68a3b","sha512":"11c818a0219b17aa39c4d559ba3ae739f01bd7032e20bb70227a28ae50392505dfc893a925575fe29d93e3273012ad9f72791078bfd7318e6bacd213f35fa35d","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/maphack_altered.png","filename":"maphack_altered.png","modified":"2024-12-18T20:59:48+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4447,"md5":"a045d78e751197d155ee79c00ccbee38","sha1":"50fa8e87924e41d1a5a242d9c1a9ee2ed5676314","sha256":"127507b32bcdbc5951ba76948b61c1fbbed06ab5295c2a07224ca0e32759776b","sha512":"087de99d0c44bbe2352204e8cca2fa7035341f904a9582db4a1dbe2a977e962fd8330b4e878ca7ec0a466c702e961238e05176d272d17014a61762691b5ea038","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/minimap.png","filename":"minimap.png","modified":"2024-12-18T21:00:09+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4419,"md5":"1dd4e67ed360f9406c26c945d4f58125","sha1":"bfc51fb0565c868827d6805acc021bc75bc5e4d0","sha256":"f310fb671427828aead494b3532b7d68183ca632610c514616ec6b5bcda68f4f","sha512":"de339a37b3f0a4ee3f2a7c168b227faf9c875b7b545ac90295cf06c60c6308d1c10ff235d61edf820ff701bd97f9a5e5fa4fb7057317d742bd6948ee4962dbd8","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/minimap_altered.png","filename":"minimap_altered.png","modified":"2024-12-18T21:00:29+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4524,"md5":"c5da668a82c84d268b73a9a79b7c8148","sha1":"f04f1fa712da48796e75df4474d5dbe80041512d","sha256":"0c4001bda0134469fa94950b825ee099f998f455b5b13e7dd9a5e0a1b445b393","sha512":"110c8e612cdf1f155c03111b1a34db62ba932d322863b40a791bdff9bebd46ee15035d401309aed4833b010c025627ec6dc87f518c4ae3aaf6133753ba1813fe","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/notify.wav","filename":"notify.wav","modified":"2024-12-20T05:16:25+01:00","Modified":"","magic":"RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 48000 Hz","size":247758,"md5":"80c94c596e16453bac410773ceadadfb","sha1":"f8d1264a059f6ecaaf09af6e78432eb3673a056f","sha256":"cefd091aec2cb3ddabaacbd529fa65a9af4df047303f9a9571d7ee21cb83e5b9","sha512":"ce13600759bcc1e0d288858abe7ad6c3d5d02d3c096e04bb7c533deea9c1b292b20ee9540f1f868c02847161c64079832f318871cd8bb251230543fe0aded5b8","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/pp.png","filename":"pp.png","modified":"2024-12-16T07:13:25+01:00","Modified":"","magic":"PNG image data, 188 x 35, 8-bit/color RGBA, non-interlaced","size":5005,"md5":"b501654a158aaa2243c532ed01b135d6","sha1":"597adf9f143308503872517679eb698c5b90ea39","sha256":"62ff31014ef0763e7bb40ba77d052159d61a9fa0b06ac8e8390662bc8a8f7b18","sha512":"e5c615064b420886c4809b0ed5911a938bccabd0ae9ae4b770f02e4a27273d8df8154e19451fe2f963edad8a4bdac0a04e4382fa5c3dc5dabcf75b065e3d314a","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/pp_altered.png","filename":"pp_altered.png","modified":"2024-12-16T07:13:39+01:00","Modified":"","magic":"PNG image data, 188 x 35, 8-bit/color RGBA, non-interlaced","size":4858,"md5":"bcebd645465a3f95ba92678358b2c538","sha1":"f1e226c9eb5958260ee22e1e64ee4f5c5b76706c","sha256":"591f7cabc9dbba8f5fa895d460bc9c9f2835adede59c88b316f1316c1938a6b8","sha512":"96d4ff1307a3cc093b7473d121045c9c9f03a6f20a97d5078cad4cb76b720cc1dc80bf9f984e2c2cc55bf989799dd9e76585f24530a772d9436e61f22aebe732","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/remove.wav","filename":"remove.wav","modified":"2024-12-24T00:42:20+01:00","Modified":"","magic":"RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 48000 Hz","size":161614,"md5":"7b8be1db87a4bddee47dd8cc849a9ffd","sha1":"ee7a21e1391e68af0e806fd2a0d413ba0de82b5f","sha256":"0abbfb9371ebeb4475503734027dd6f0aa21395363374cefd2fae5a428f29853","sha512":"c7c87965a17ba27f47ff9de30f2bfd1a919a5c96abb729a88606a46b1e5dd26a94683d8e885a0ef56a71e16e42abff4d414c8e177c1af58f5827540f8abd5eec","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/remove_atlas_fog.png","filename":"remove_atlas_fog.png","modified":"2024-12-29T18:00:15+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4966,"md5":"efff2969dee80cd2ebd28e6957a324cf","sha1":"c24f6c2727f8449468d41d64e46e722a34adc987","sha256":"dc96fcf72577283d298b22dae60da2d1ea74ce59cb4a352e0d09e6906bb2fe6c","sha512":"07afb67c41133327749941bb65d78fa981d33f564c46809d73ed26ff40d30420453b5bbb9f2cf61d324d3f4c20a6b495aacb8cf1781a24387f8c5d45ae52d86f","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/remove_atlas_fog_a.png","filename":"remove_atlas_fog_a.png","modified":"2024-12-29T18:00:04+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":5084,"md5":"af547f3f45a6e2e89b9aa6cc15f06973","sha1":"b301d60777213053a2779ed7da829a4e67a5a10d","sha256":"4e4f0ed107edc4032a7ac9c092b64d37091b6a6b1042710ddf90b0be96813b2b","sha512":"b2b4809845ed1ac26d6dccd7d6ecbbb6c0edf2ef2ce4a107af62feb08e31c51c58324e465b5b0b60f59153fb46a90e08b0f7ddc9ba774545d94787be3d5cbc76","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/remove_delirium_fog.png","filename":"remove_delirium_fog.png","modified":"2024-12-28T01:37:27+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4959,"md5":"ac277b4d0ac78d17143d10f7b4042510","sha1":"7ab63905dcf100407e717132b62d59309c5f4039","sha256":"68d2bb7d3a71e96494bba1889e2f34953ad1505c675d765ac51b804773c7da48","sha512":"fd81336461b0b2c785feafef5747e1869a5f26b91ab96f960c5b2fe52b49b411f78b0c3f39d307d830394bcb53c0f07bbda69caed5cb6ed1a3d54ab94c5bd7ef","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/remove_delirium_fog_a.png","filename":"remove_delirium_fog_a.png","modified":"2024-12-28T01:37:54+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4965,"md5":"61636c8159a5bceaeb0c6782666f52cf","sha1":"7db15e51f60594d86896dc47fdc66a2cc0c30c52","sha256":"162720f9de5c82036e8a14acd34585bbc577fa56f2914d042c3eb57124818251","sha512":"bdc2303ffbc6c92c2e80d67af9bc67ab87227ff8de0cb275cb93eb0431c04e2dbf3e39bce21c9b2e557091ef3f32832342cebb7cdc27028cb84c807043ddae33","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/remove_shadowseffects.png","filename":"remove_shadowseffects.png","modified":"2025-01-10T18:54:42+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":5311,"md5":"150b1961b625f41aa4dd8e379d6c7ce8","sha1":"6419be64e91ed90b5d65fdd22ac82057c629202a","sha256":"31041446da16a4bb30727836d710f01a73691eaf74ea70494920650635451bde","sha512":"fbdd72f09115a2791f2137e49bc570226ec4a9f62352477fe372763e1ffaf2487476d1920b83ebeddcd4ec5410286e885f44564b608f627ab7ee92f4c15de527","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/remove_shadowseffects_a.png","filename":"remove_shadowseffects_a.png","modified":"2025-01-10T18:54:10+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":5402,"md5":"e7d71e8d2cb0674aeb6b7bc31019aed3","sha1":"c00479c3fd3e0204ddc7809a9618a461e4e64dbc","sha256":"12fae4f06c3f0d2b4f390292af7702f6849c3caaf10e6aebfea0f3a9e3a243aa","sha512":"8a60264b73e007c7d891f1b3f07e26726aea939b6b96745dd6957e84bfa1f6b5fcb9d8a368d6c1bc0661bc23eb45540bb7b0a66cb28836b56976eaad0f19c054","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/restore.png","filename":"restore.png","modified":"2024-12-19T15:57:25+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4711,"md5":"62e1fec0f572c925495c9c684242b055","sha1":"f894d44f9e13dff73ec7350eb43f05d7d01fc183","sha256":"f5d50a7d54928ef7cc9a0d923e72c6533bb486cea2f98aaa66511450166a6e1a","sha512":"bba138b2798a7e7a52ba38b3c24c1f7a91ce196bb29ab855e574599380b1028de470266f3887896d2420ad6e451c86ae88946443b71d35ad8ea8d735ee8ab68d","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/restore_altered.png","filename":"restore_altered.png","modified":"2024-12-19T15:58:14+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4705,"md5":"8820fdcff318dd9534505b14d22b2c6d","sha1":"054fb4740a30c451e3fe298cab0e1a9b23f80584","sha256":"b3599515391b4b2990afb3581cba228c92613e29fbf535f08497e86782015eca","sha512":"82a32319e345bf0fd9bf70fea44e71ee038d7c1d365c754ff1295a9dd76fe3153047ba9fc326bd39fb6eb75193a381e1301a47170358d8ac18f6b8ab3fff4181","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/save.png","filename":"save.png","modified":"2024-12-18T15:23:09+01:00","Modified":"","magic":"PNG image data, 125 x 38, 8-bit/color RGB, non-interlaced","size":4572,"md5":"82a631b6b495482b761a5ca35025f842","sha1":"ecabd0faafd2f1af125f14668c9c229ffa6a6000","sha256":"627cc8136d201646ef8491be98be59a6f237b85bcc20ee0cb50b7e0633be4bf4","sha512":"700fc89f40e495dfd70cb7578b203bb5e8e2e0854f5a635cb9b26dd8ecc3f56598f92f2f7074dc200589250e1b0a588f15bcc522e8417f24d2c0ab60773da411","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/save.wav","filename":"save.wav","modified":"2024-12-15T21:27:26+01:00","Modified":"","magic":"RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz","size":313422,"md5":"3a38af61795d6a0b85801f4c5bcd3169","sha1":"9548886fe4b1a8acdccb993bbda9d2912248cc2e","sha256":"589f859ebda41746629ba6c6accd47daf973781508c9ca8aa3c40180efb9e75c","sha512":"ba442f79c552d6838a0fc3e8603ccae3c4f61f83fa4267138a9f69f366057799f057ce8b3d53cc5ef35f1842da50894bebed9b9e29fc613ee4c4ea66ee951f93","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/save_altered.png","filename":"save_altered.png","modified":"2024-12-18T15:21:00+01:00","Modified":"","magic":"PNG image data, 125 x 38, 8-bit/color RGB, non-interlaced","size":4615,"md5":"838c4b5bb5766b44663b897f6d2f062e","sha1":"581118614a2390e2456ccbbfd1096c05025ccf26","sha256":"01aa0d80816ea7059fcb5ae263662fbf902e67b8cd78b1b06e6e368156a8d72a","sha512":"6c214bf4c8eb9594ed04f65737d4d932e69e63f2d9b79534eb95824f3315c82113154018a1bcaf5ada12ab1c86a10973375396a1edcaff8a6e3b55249f520580","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/settings.png","filename":"settings.png","modified":"2024-12-18T15:34:26+01:00","Modified":"","magic":"PNG image data, 125 x 38, 8-bit/color RGB, non-interlaced","size":4798,"md5":"29cbb0ad3654c61efcba09aeef305a23","sha1":"4c3061738fd9d0570d243e9e0389cb27c2bbfd4f","sha256":"652ba4c37db009434295c0b42829bf0a4e229fbe9f0f18c62a67854befe72c4a","sha512":"3f7cc5fa89cfda0cb0f4f804380a7790a00a39c0073ef0dd0110c6a66d5d68de8799889a9eb0a523fd98dea042fe1cb4d6737693e6d253c43a331c27d79e2fbc","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/settings_altered.png","filename":"settings_altered.png","modified":"2024-12-18T15:34:11+01:00","Modified":"","magic":"PNG image data, 125 x 38, 8-bit/color RGB, non-interlaced","size":4805,"md5":"286e4d6ab5e4a423fa65d3ba24a293c4","sha1":"dcd722e82a80aa7f4f106abdee8e81985f143010","sha256":"57db13dad5b69e87da1328d884c1fb6e84f67f3a8ec868cc872c2f39c1c2bb0b","sha512":"28f018f7947d8a6c0226c20a28d880164c64226d02a6b36aad48b900777167eea532c201d98655868be44ab123c203efe9128ebdd20c3a1f499790f47549c163","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/virtualgamepad.png","filename":"virtualgamepad.png","modified":"2024-12-24T00:14:19+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4758,"md5":"87b1fc67b5bb8cee20750dbaa66f16a9","sha1":"94b25b651f24263a8753f7b4edfc7fa3f5689f10","sha256":"9299cb6f1779043382b016a659d4fb532b88d737ae5382b51ee9a85108633e08","sha512":"5087c4e009a65e7c8e58f8049271e7ae96f19acc7c9a3f959f826ff695f4fc303b9360d9f47198cc67b7332b0c5d38a4ba0874543008977c182451d0fc031d3b","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/virtualgamepad_altered.png","filename":"virtualgamepad_altered.png","modified":"2024-12-24T00:14:53+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4788,"md5":"baf10cd8173f8ce72db5f2ec02024293","sha1":"d8ce946fe0bc702873516957be2439165212ea2f","sha256":"6f2471dad82e7e1842e1f11c384dcd9a01dd563f185bd23d30a0871b5581242e","sha512":"4b18c7e1dfb7f8f7121a0a451b91a2f7efb1f6ad4093726d3e4cf741b32dc1dc28a0e6a2bac74a3e12b685e7c88fe36f6becd48691dd39e97a9bf71d4614fa73","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/zoomout13.png","filename":"zoomout13.png","modified":"2024-12-19T15:08:05+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4747,"md5":"c2becb2a42f45c0540dbcaf99d3bf3ff","sha1":"8cb3546ac9218a245eb524b000d7e0933216fb93","sha256":"fd21c2b4f8cb4bfd3b8f21e0eb843759d0e5a1814767ebbd890566fcbf50bd08","sha512":"8b8be6e453f397d31e8db152af2c881cfaa95ddcd8962bbc69dd6ebfe028dc18f384196441b48c7110a7b0ccd8a5b8db580f83d8bae3fdc7ef95d4c9547e4016","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/zoomout13_altered.png","filename":"zoomout13_altered.png","modified":"2024-12-19T15:07:43+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4765,"md5":"06368455696c5c527dc55e8733a538c0","sha1":"d5c2ed29796665cf1378ea77597df3f0ec3e070d","sha256":"cb7ba735509092c6873e5ce58ba44b402d6d3f032eeca81ab7c7acce1664787d","sha512":"cc8463ef80f5eb26f01bcfac2a42e581aac188ab484d8ad3fcedf63967f5c407d64c5865db4ce2d8a73d86c891b48501f61cf63c82e0331ab0d477f85ecd8291","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/zoomout16.png","filename":"zoomout16.png","modified":"2024-12-19T15:05:12+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4776,"md5":"3bc2b680436888ba99ed11a64b376431","sha1":"693d6018c976f0275841efea6e4296b76ab4eafe","sha256":"87584a36e7196804645cbdd65fb811103fa3e74fbc73098af77eae7e7456cf37","sha512":"9822baf114c2a2417ed13c95303146c8ac887a7a57a16d24e03c1a6e295e2782e5891d51ef5b8dbb8e0e00bf0cf12230d584d9e4f749852d100c6869a6886d05","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/zoomout16_altered.png","filename":"zoomout16_altered.png","modified":"2024-12-19T15:05:31+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4783,"md5":"23609b2d7f41f82cf2bea4d6c5aaa59e","sha1":"e874925e5715b821e72a420f19b9fcc1c2148e18","sha256":"855127e42a887d6a36ec47f955538a8e6b614cff18c9c250471637caf77e4202","sha512":"bf231f235717392b0dfbb8390f9be8d7c1e8c820f6e9bc65404195791dd1bb6b62e5a6a5152ef5791d8d71cfedcb61c9cfe52b79152abe8a626fa4906d537ca1","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/zoomout19.png","filename":"zoomout19.png","modified":"2024-12-19T17:29:20+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4802,"md5":"864058d764a34c13626feab35103240d","sha1":"8bca913ff2d0eb199325f814c86434a72cd1a32e","sha256":"492183607bfc39f46112deb568a6ac794088987117bf4f92eec0300fee01fc90","sha512":"72a16fab28fe33f6b18461be6279ae5c277dc0510f934699696ec777f47a84c277153cba2456c1e97cde131c7f999fb47a1794fb9ee4e356d2c0fc11494dc2ab","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/zoomout19_altered.png","filename":"zoomout19_altered.png","modified":"2024-12-19T17:29:51+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4803,"md5":"e2aa98d4c194612a35c3396939c64069","sha1":"1f91759485ba79c1b85db9a9f8a34e8d8b0e72ea","sha256":"7db7fbf38c22d06fcc29c42f09a18171976111b019fb8a4419f476a29b776fb2","sha512":"9a714ca51d1aeace697f6508ae57e74bf0af9aba0ef9bfd95622bdca97dc3ebb59a8095447a11021ba78b1671439b8a1426212a2fa6ad4d5eed65e5620f1c641","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/ViGEmBusX/allow_virtualGamepadPoe2exe_to_start_always_as_admin","filename":"allow_virtualGamepadPoe2exe_to_start_always_as_admin","modified":"2025-01-16T20:22:46+01:00","Modified":"","magic":"","size":0,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/ViGEmBusX/ViGEmWrapper.dll","filename":"ViGEmWrapper.dll","modified":"2021-03-07T22:33:25+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":44032,"md5":"9053d4747feb614cbe4947d80231f791","sha1":"ec7e0487e22942951d949826ac907080056d8108","sha256":"9828b5e6c7a5c8e3d684d8c048e14b0cc567d07f2a649b926e31126a4d6d45db","sha512":"bd787e9bf503007a3fb70a7756af9e4e2aaee9c0852f06430aaa1354bd26889fbe0a7589bc35d168ec70b89a04ae7388ab75f37aca6af2eeb60e49ef47748e07","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/ViGEmBusX/virtualGamepadPoe2.exe","filename":"virtualGamepadPoe2.exe","modified":"2024-12-29T19:55:02+01:00","Modified":"","magic":"PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, 3 sections","size":669184,"md5":"b5ca63be02cd2fae400c434b2d6d9726","sha1":"d78d7d6433c99d87b531f6291c719289bdde1d16","sha256":"9ffdb6f9be255084e8225b04fe156a1254a1807a1fbf18821ea20064e3aae847","sha512":"f39b24c134670c84f97d87379dfc02fead8f966b7a34c12e828dbb9f8c9796cc40f1da82eb29b83267b73d5f3bdaa696679ff4a83c9a72add0825a4287ccf143","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-12","alert":"Scan result 5/72","trigger":"9ffdb6f9be255084e8225b04fe156a1254a1807a1fbf18821ea20064e3aae847","verdict":"suspicious","severity":"","comment":"suspicious - 5/72","link":"https://www.virustotal.com/gui/file/9ffdb6f9be255084e8225b04fe156a1254a1807a1fbf18821ea20064e3aae847","meta":null}]}},{"path":"3.5/KeyListController.txt","filename":"KeyListController.txt","modified":"2024-12-27T00:47:33+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":211,"md5":"6023c3148f2373bc3dbab898cd1b2578","sha1":"0225406af9631ff1cdb56f2593827876c0df3c33","sha256":"9d18c569f16c6a031fdf4f0452741acb66fba8b6392f2fa012f6bd4e22613e45","sha512":"1d2733c38955162059ac34d1ea1bb942604c045543c824e42e42e9429b6640ea4ffbe367ca24a79a13802e733e971d2b64c8ddeb202656e9d2a91a6b973433d9","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/main.exe","filename":"main.exe","modified":"2025-01-16T22:02:26+01:00","Modified":"","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 5 sections","size":2968576,"md5":"f771ac1aa4ca4c29805090a8162108b1","sha1":"b39c7bf066fcef76779f75b0aa17a1679f8a1860","sha256":"d2e768b0efb8ec996d403adada6d77823cbf1c38404efb94f7f996b139939e14","sha512":"416794de7b959541617722bda5b9cd006494166aa1f5d7623e86acef891a795e88f9cd01b8f56f071361c213743911558dcbbb22eadb524fd831856a27a1bbea","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-16","alert":"meth_stackstrings","trigger":"3.5/main.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_stackstrings","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"00000000000000000000000000000000","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"71fe67dc-8cb3-4b1f-8eb8-7b2e0933e0b4"}}]}},{"path":"3.5/readme.txt","filename":"readme.txt","modified":"2025-01-16T20:24:51+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":652,"md5":"d94e31975e5b0f7a680a8dee793b5246","sha1":"5cd980e397900f9052664a8f23cec0dfa43f813e","sha256":"2865b46cb9f7c8922551da1f7eb66358cc83e880bf64d1db884644fe1fde5b5f","sha512":"610d304f268193da9b2a3623fbb880e38a3d0105550df84cd9c2a7769c0c80d8072b5fed7121f251a9003bb7fc4ca75c1dd40b49df155e10db54db245fcd0503","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/scripts/HYBRID__THREAD__UTILITY.AHK","filename":"HYBRID__THREAD__UTILITY.AHK","modified":"2025-01-04T21:04:47+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":2277,"md5":"f835d9c2c0b586148af88afd0456316b","sha1":"df3daa4091bb46ba4e6ba8577577b0b9fbb9226c","sha256":"ff250b75d7c8054def4423d38177ff7e467a9065e055a756e4997dcf921b2502","sha512":"bc226aad5ad608d0c8007281dad7fe14d4c901765ae88379d8442164d9cd20f3b58d3ac6d911b5678758aa0491ae77497b56245be5c734a461f9f40c36d56160","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/scripts/LOWLIFE__THREAD__TEMPORALRIFT.AHK","filename":"LOWLIFE__THREAD__TEMPORALRIFT.AHK","modified":"2025-01-04T21:04:05+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":864,"md5":"6a68b839213cdb1a0d31b3f4ed80a39b","sha1":"24e6bad239c49aa62bf282d9ef67b11882dd74c9","sha256":"483a24b7ca9dc0cb851f35a44a7777cd11632e206b2f9635f4befc533a78837f","sha512":"968d5aebb8ba843e2343dff315a61b44f181e8d47f81001ff367ad9c67814b511e8939d95dc1f0bdaa1606411e40b61f335e88efe42395946407f613aff61094","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/scripts/MOM__THREAD__UTILITY.AHK","filename":"MOM__THREAD__UTILITY.AHK","modified":"2025-01-04T21:04:14+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":2251,"md5":"1eeffd9dd5a1d54e1750fc02a95da97e","sha1":"ea759274ecb976fa9f9513f20a72689d713ee46b","sha256":"2e1c1c7fedba8e9630bc6f5ad79744a3f9fe50ed2437fd4761c28baa01531e76","sha512":"fcb6f8f77c5b9855830729296416847ebfa53df3e554fa089fc8a72c25922e7b615e2e1f477efa1be28c8b5b085194ac02cd3b53c212fa782ac0e7c6566c7eef","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/scripts/readme.txt","filename":"readme.txt","modified":"2024-12-29T19:56:01+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":826,"md5":"e0eb170be3c64b780d58c5e3cf294453","sha1":"b5c03576a14446a490031d3fa834384863fc894a","sha256":"fb0a6aef136cbccfb1065a5fbda98e11bbd4e5bc21d456b95cdcf1a91ac1196a","sha512":"cc3348c2f24e400c97e504925bb5b228fd651672d65b02ac011a5b00dee93b4585e6bd267912279cc7d4ebe74546ce319f26eced3c4e7b41bb0109a1f828ffea","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/updater.exe","filename":"updater.exe","modified":"2025-01-16T20:36:20+01:00","Modified":"","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 5 sections","size":2805760,"md5":"92749280fa7b89bb2c69dffbcec01c69","sha1":"150912a49dcb996f2dd300229b41aeb0c469e380","sha256":"e44c9c84f315ea9167bc6ceb000f3d00b4f7a6039b46d3b29b6fa294d65263a3","sha512":"245ccc88017fd2c37625fc90647d2f4e01abfbd91f4298ff51f3408caeea842f331240fb55bfb19c2b2fbc6fa8ba1dcdc22329d7ea91800c71ead109c60c5fdb","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-16","alert":"meth_stackstrings","trigger":"3.5/updater.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_stackstrings","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"00000000000000000000000000000000","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"71fe67dc-8cb3-4b1f-8eb8-7b2e0933e0b4"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-13","alert":"Scan result 18/72","trigger":"e44c9c84f315ea9167bc6ceb000f3d00b4f7a6039b46d3b29b6fa294d65263a3","verdict":"malicious","severity":"","comment":"malicious - 18/72","link":"https://www.virustotal.com/gui/file/e44c9c84f315ea9167bc6ceb000f3d00b4f7a6039b46d3b29b6fa294d65263a3","meta":null}]}},{"path":"3.5/__THREAD__KEYSTATE.AHK","filename":"__THREAD__KEYSTATE.AHK","modified":"2025-01-04T21:08:15+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":1412,"md5":"322cdeade33a350d6135a293ea3ec74a","sha1":"63dbadff06cd556cc0d9eeaf97cd20155fb6e281","sha256":"09559421bf21675cf7ae0768535dd894d586aae055a4ba7d4ff6e868de7de153","sha512":"1c52ce9423ae2cb6877474f91815713ebf985cf4519059fab7651dfa2697b2714b2afd04a7e5ce1e089abf9d645b58efe54379aac6f24f41c5fe0384b94266b8","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/__THREAD__TEMPORALRIFT.AHK","filename":"__THREAD__TEMPORALRIFT.AHK","modified":"2025-01-04T21:06:37+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":1545,"md5":"d8e7b05615ab3a0316bda2de8ecf1d70","sha1":"21909b7c8c78e5efe35f87683feaea9b27012621","sha256":"3698e5b0bb9548051371d34101d774b3840ece55437d560adbd85a21c63f6c92","sha512":"3958c81b51d99b7bb8d62449f6e5dbb4b2fd8f7b3071063daa576ffdb5475a5fea475ff5e818df6c93442f03cb58392956d5dc89adcbaad4a39b9a240c9a8284","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/__THREAD__UTILITY.AHK","filename":"__THREAD__UTILITY.AHK","modified":"2025-01-04T21:13:57+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":2993,"md5":"9211adbfaeb2d655bbedb4e2870b1f93","sha1":"9e1c10fe595f8132ff2cb91e92cab1ba8bd7e81d","sha256":"fade9b404aeb84cd3253f994236e7706e18fe633c3a6bb27c7ac7dd0edf690f0","sha512":"ab938acc42e193687333ce2a15cb199a9f037a70bf1f9f8a2e543f713a2be5cf8ef07442a3f076858319b927261631de2210d43eb00a364b208215fd0b048d7e","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-16","alert":"Detect pe file that no import table","trigger":"3.5/dependencies/LibGGPK3/PatchBundle3.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-16","alert":"Detect pe file that no import table","trigger":"3.5/dependencies/LibGGPK3/PatchBundledGGPK3.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-16","alert":"meth_stackstrings","trigger":"3.5/main.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_stackstrings","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"00000000000000000000000000000000","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"71fe67dc-8cb3-4b1f-8eb8-7b2e0933e0b4"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-16","alert":"meth_stackstrings","trigger":"3.5/updater.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_stackstrings","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"00000000000000000000000000000000","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"71fe67dc-8cb3-4b1f-8eb8-7b2e0933e0b4"}}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"da9dd381752c0b132de9b266b1fbd5ce","sha1":"a6337af0e934662c18685ef7759ec7c34f49bc09","sha256":"eef82834ce64d09570d752de77f56d3750c2de4a720f1b827c7b667b0faf8985","sha512":"cda107b7bfa72c93cac3fd9b9475b6d5ea4177e98d21f735c0dd2446b873de8c5463684902ec7112622a55d8c19237b036d5f762e562953401bf048a28f93f10","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":7682081,"url":{"schema":"https","addr":"raw.githubusercontent.com/KintaroEB/POE-2-Assistance/refs/heads/main/3.5.zip","fqdn":"raw.githubusercontent.com","domain":"raw.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.108.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":[{"path":"3.5/config.ini","filename":"config.ini","modified":"2025-01-16T22:01:26+01:00","Modified":"","magic":"Generic INItialization configuration [values]","size":516,"md5":"cd5a7f9d9409e6bb89bb3e4adedcb945","sha1":"48c98b0630818f5480dcbdcbc0694cbc6068f177","sha256":"87894ba261c1041f0cfeb7e5f4d89fe37ba472274914254486ba05b7753fb03d","sha512":"7ea80a4f16932910509b95fb8da26f20b9e05305a7f92daaab21789497a003bcf2767c921b7231aa3120da5b479016f4f637f2a84633e1e075b4f15c0e52556f","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/cports.exe","filename":"cports.exe","modified":"2019-03-11T16:50:14+01:00","Modified":"","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 5 sections","size":195280,"md5":"996b2a9ad2af67fbf9629e86a42597c2","sha1":"14f47a3b1fc82806540c5139b37d2f2a834dcd60","sha256":"a82c70fe52f0142b4f72340aefe2a4f54c55cf352e8a042274802f43a9c3c19a","sha512":"47892c4d65871d45c12aaa8a889b2be2d2a87b1a12494a5fa7a35baecf36be72a0103a9e643b0ba77f6805624d3e1be15d5228196a99d0ab24bb11b24d38ab3a","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/advanced/ggpx_files_here","filename":"ggpx_files_here","modified":"2025-01-12T12:09:52+01:00","Modified":"","magic":"","size":0,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/auth/upload_me_this_file_in_discord","filename":"upload_me_this_file_in_discord","modified":"2025-01-16T19:56:04+01:00","Modified":"","magic":"","size":0,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/basic/atlas.ggpx","filename":"atlas.ggpx","modified":"2025-01-15T00:24:35+01:00","Modified":"","magic":"data","size":181376,"md5":"2e54de132d602f3d599633f24669333b","sha1":"7d63696e81df9cb5e6a19ea6e3f4873405756285","sha256":"446c33ec09ab5c67510c4593d50d8e2a8104fe3bd8ae8d9b63a960c6bc4cd541","sha512":"0b5114950fcaab991bde97a8ecb8f46c5b5d19929f8185b31fd25516ff05786738d6cae4b2e09dfe0a0d972042155d4457f6087f7dacf232e022fedff20cf28c","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/basic/delirium.ggpx","filename":"delirium.ggpx","modified":"2025-01-15T00:24:35+01:00","Modified":"","magic":"data","size":1728,"md5":"2e5057b3d072bea446f79bee481cec2a","sha1":"422403b0e6d8294b2a11d1ef8a1fe1b5a6f88fae","sha256":"4d1e433d97c9045cb00e0baaad13ec1e78c4a66e869550dea8b2b4e77df1d92c","sha512":"4876042c8e0ee68e5c04fc6000f0962c0d504ddbcff10b0140216177c306448ce197cbbe28b76d6a6d89cd71b1b1a05aa44a90fa167b71d44349d6567c941b70","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/basic/minimap.ggpx","filename":"minimap.ggpx","modified":"2025-01-15T00:24:35+01:00","Modified":"","magic":"data","size":7648,"md5":"aeba590be074e16629be894b4501dad7","sha1":"635ab7fdebf37c3fc9ed8c458bf9333712188c53","sha256":"752f9de93367768eae815cdb71c842a4aceaf21699f5ce412452bd7099d0b7b7","sha512":"8980a7cea714a683846f9d590585ad0d5dc6e39c613601687940e0346904ea0eab10c3a91080a1ada1ac6da3a68fccaed1b771be2e6aac6956b8aab079007faa","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/basic/monsterhp.ggpx","filename":"monsterhp.ggpx","modified":"2025-01-15T00:24:35+01:00","Modified":"","magic":"data","size":4704,"md5":"1fbd4c43de978811d1d9fb9dd4b382f2","sha1":"7d49f624d1a5f5ddc4782b04b52955faf8cc7d49","sha256":"9c7be380ce5d00299b392b83fb54088d7d9eaa87ce80b038f2383d3575e4c583","sha512":"751e01795ea89bc749edfcd668ca880db2b8606c088a7d5bd9134c0595363cff602c41a43f2458962be5c2159016ccf98c5d406314432cfc24d89469fbc0dcd4","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/basic/restore.ggpx","filename":"restore.ggpx","modified":"2025-01-15T00:24:35+01:00","Modified":"","magic":"data","size":380352,"md5":"e017ed010dad5ebd596076f6fe286b2b","sha1":"e8a5065f43f2b7e5cb7b3b403219bd7c6f47d67f","sha256":"eb36d94199d7167a89c402dc7b8f1a52257a822c6de60b2d39d683082a56df40","sha512":"973457c5861ca2e31c62c27736c06a69801034ffec801e20b3fd66ec0a7a228d97432099f0f3910e545b9cb59c486a43802c33935d2443cf20e46bf6ff9cbb12","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/basic/zoom13.ggpx","filename":"zoom13.ggpx","modified":"2025-01-15T00:24:36+01:00","Modified":"","magic":"data","size":135200,"md5":"e45e870ba4c4b62dd765106f875e06a5","sha1":"bcf85849025b95b5effd025fb5e901b209c7d61f","sha256":"916eed6c232c9479414082d4f822b3daa0ddf9d4c885ef285c8df9e1fce1d89f","sha512":"ce075c3b23c79b5495a277a5bad35ccc0a8be43791e2401a2183d41add782a4cd00fb2f70000f263b2308a87ad398808ad0e1a455fdf9a1a9b1cd7246d9d57f3","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/basic/zoom16.ggpx","filename":"zoom16.ggpx","modified":"2025-01-15T00:24:36+01:00","Modified":"","magic":"data","size":135200,"md5":"3785ded1d5e7a1b8da92a86825a667c0","sha1":"4f2561b52e96c945e2e8401094670d929d3ea64f","sha256":"dda3f87c9e40969e632df08ce935fcc3cb710550f0ce99a7ca30b9404b9b0a7d","sha512":"88a1caa4cbdcae9e4712bea4dd083576b90a4f6852567d65f015cb5dd8cc98fa5f3351cb6fc5bc43c1cfd6245db28e23e615bcb484e66b3a72e809f72285178f","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/basic/zoom19.ggpx","filename":"zoom19.ggpx","modified":"2025-01-15T00:24:36+01:00","Modified":"","magic":"data","size":135200,"md5":"07d6145dd07d5cdb6bec029ed6e2938d","sha1":"205686e8ce93de637377af0c70c041a28988c9b9","sha256":"d433328d93f4fc0a92cf08442939789069d2bb3427b41abc42aadbf8c4fcc53d","sha512":"fd7f57efb2795a33a31c1b46c807f64e016afeaff0e6f74a571848196936716dfbcfc87a6ff8f05391ccd214781d63a852301af404b54154121d2b567e426f2e","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/ggpx_files_in_advanced","filename":"ggpx_files_in_advanced","modified":"2025-01-16T19:54:59+01:00","Modified":"","magic":"","size":0,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/includes/_FUNCTIONS.AHK","filename":"_FUNCTIONS.AHK","modified":"2025-01-08T14:00:31+01:00","Modified":"","magic":"Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2691,"md5":"3f4a2ce84145c38af1b75e8b1a538736","sha1":"ca3f6911ccf24631d7d517c7bb267ba905adb657","sha256":"ceffb976275e195f6728fa78a46a20479a57fb92a424b26b18abb11c0635b3ce","sha512":"d41f1d186752ec961206800a125f82b68f79e9c1651f1d74f323ea51937f35ff518eed194746a10708bfd38b17bad6b16ab3692096131fbd34f7f2890cf85ad5","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/includes/_INCLUDES_GLOBAL","filename":"_INCLUDES_GLOBAL","modified":"2024-12-19T16:32:53+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":232,"md5":"3adf83a93430a2c3e5045a0a61e8b0f5","sha1":"d0306fd492eb40487fc9bd7bc92f64a33ea17a1f","sha256":"8e25e88c99227a8b24e3fdc5568b173fb56c01ee86aa5a7663ffc300fc965ada","sha512":"266f7113431369d2f13755995cae6a669eb072f3529a84622494289e0f215333f20a7f1706d94107fd43b8cb22630e6417bc5c06f64e47c9f6f8e8a17ff70789","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/includes/_INCLUDES_THREAD","filename":"_INCLUDES_THREAD","modified":"2025-01-04T21:06:15+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":1743,"md5":"c354e958b3da26fd1e22d587fdef4783","sha1":"1741ef4a923dfaddceef6ecff899c981a4ceb1bd","sha256":"f64e789adc76559b1c264496a1442e1382ec0757d1c8933aaf162c0c996a3669","sha512":"ddd54db895d27bfd06045162e18ebb04f302b7f077df724b2c57833bc555874880ae7bf05d1e81784f1f1811d3eb4420a91924bcde376cb0ac1c2e09008e3484","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/LibBundle3.dll","filename":"LibBundle3.dll","modified":"2025-01-14T22:55:31+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":45568,"md5":"da258b2cfc77579481789df2b0fc5dc8","sha1":"d37d429835ef768c7616949c48e75d4fc058638c","sha256":"3036d0baa03db552091179729e9844f1468af2ebc028995e9661beda93831300","sha512":"1b8f88eb18b063ed2b8c8de742e75d1024b6e3e6e2819eee1a20a6b2557c6d3e9ceae18d4a3885534d6d746e0f3d1727801b2b39003228ec7435a60fdab969ad","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/LibBundledGGPK3.dll","filename":"LibBundledGGPK3.dll","modified":"2025-01-14T23:43:54+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":9216,"md5":"8dc28b44625424aa3f0dbf3a531035fe","sha1":"7fcf823fba3790f097f80dca1637fe32fc084932","sha256":"37c4fdc15924cb7ebfed01d599a869c27c15332693cad4cecd2aa26a616eb767","sha512":"3b3469c891c6d163ee783c2fff212ed642343c8a89db115fb9c61cec4ab76d44363cd6de61d029442e3a947093068be5c55be1fa243e3304d72ddf4314058490","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/LibGGPK3.dll","filename":"LibGGPK3.dll","modified":"2025-01-14T22:55:50+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":61952,"md5":"e073759831f4be629b5355771faaee15","sha1":"99472694e12fab4ce51d7304e09a7171bbd58855","sha256":"332d2842e4fcb28aab717f090335e18246dd3cd392784666357384004c182770","sha512":"63d96e8ac8c2681333fb699c483ca6c36826b9a56574110b80bcf60c724f6663ad762a16cac074ff82db364a50899bbfb3c29ea52a35462707eb0a2596e309b9","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/oo2core.dll","filename":"oo2core.dll","modified":"2024-02-12T14:10:10+01:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 5 sections","size":645400,"md5":"a555e1cd5870d1fd7c385d0ea695aa2a","sha1":"28b7f7ffe991a02bde8e62fe0da92e2e259348f3","sha256":"4758c7901cbd68df1848b7afed48c1975ad59b509886c21b87c0e91d717446b5","sha512":"3404ab5a635a5980683d73265190647399e4ea062ba6a3f0abab59c2b69e503abfc4af2942291ce2e4e829fa079cfa73000cf8cd88c7489963b59ba3b28d1c39","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/PatchBundle3.dll","filename":"PatchBundle3.dll","modified":"2025-01-16T13:57:59+01:00","Modified":"","magic":"PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows, 2 sections","size":116224,"md5":"cf3c608dd4e432dcdc9135e146d190ed","sha1":"19c024a0ebc51e990217360d5e410d14c7a00795","sha256":"a027d5024c0dac074aad096e9f45c245c6ec4b1ad7eb374db28d7496a0fbc20a","sha512":"57518af118f0a771907420996534354f989201f94bff985f433d0def313c6af1d32ae0534dfec4c7244ea7196c0edf2bfe8e0d24d9ec8c5da448b9f594a667c1","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-16","alert":"Detect pe file that no import table","trigger":"3.5/dependencies/LibGGPK3/PatchBundle3.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-16","alert":"Scan result 2/72","trigger":"a027d5024c0dac074aad096e9f45c245c6ec4b1ad7eb374db28d7496a0fbc20a","verdict":"suspicious","severity":"","comment":"suspicious - 2/72","link":"https://www.virustotal.com/gui/file/a027d5024c0dac074aad096e9f45c245c6ec4b1ad7eb374db28d7496a0fbc20a","meta":null}]}},{"path":"3.5/dependencies/LibGGPK3/PatchBundle3.exe","filename":"PatchBundle3.exe","modified":"2025-01-15T02:35:55+01:00","Modified":"","magic":"PE32+ executable (console) x86-64, for MS Windows, 6 sections","size":139264,"md5":"22fd07dd3087958750fe4a405ca0935e","sha1":"3ba321626fb69f747c80788725ede851564b1c99","sha256":"56482794a1c00a70e22c5aabba98e248f1115da7f16ac595ac99228ef0110467","sha512":"d58d510369644fd763c807d2d48284c3d25193c65e96056055f1845d139ebe7eff851166747d74e3be9b8faf9f31ae8d86f4b0edbb3c99e4eba75317a56e8e2c","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/PatchBundle3.runtimeconfig.json","filename":"PatchBundle3.runtimeconfig.json","modified":"2025-01-14T22:55:34+01:00","Modified":"","magic":"JSON text data","size":483,"md5":"8668acdba4ef5bae1442d1caafb5385a","sha1":"be1acdf60f0df2b718bb822f8ff73cd5d2da2922","sha256":"b0be19eafe89d62b412845c1550d4124c7a08100c14b87e6fc11c370ddd80778","sha512":"2a3ec112256cac7ddb6f3eb6da08c67200b5802b69ad187be3b9ccb5aa46c4da58069eab19530609df78f50da5f21004bb66252cbd01926128e584d13aba7f74","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/PatchBundledGGPK3.dll","filename":"PatchBundledGGPK3.dll","modified":"2025-01-15T14:58:18+01:00","Modified":"","magic":"PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows, 2 sections","size":115200,"md5":"b136082b80e03b29dc78ab3fb1dcf024","sha1":"addfaf818e8b6550ec8342e94acf0fe34f3ac277","sha256":"f5b81f8378a48dd652c2a2ae85b4f3c45cde47d8337acb685d0a6e3f928f01ef","sha512":"891fb5b4aed5047b0231e088d5b567ba35dc9e8a5b9fbc090d8a74d6923e3a48297932e01861728bbd1dacb78442fe64f97b2676003d4bb7acfc19021678129e","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-16","alert":"Detect pe file that no import table","trigger":"3.5/dependencies/LibGGPK3/PatchBundledGGPK3.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-16","alert":"Scan result 2/72","trigger":"f5b81f8378a48dd652c2a2ae85b4f3c45cde47d8337acb685d0a6e3f928f01ef","verdict":"suspicious","severity":"","comment":"suspicious - 2/72","link":"https://www.virustotal.com/gui/file/f5b81f8378a48dd652c2a2ae85b4f3c45cde47d8337acb685d0a6e3f928f01ef","meta":null}]}},{"path":"3.5/dependencies/LibGGPK3/PatchBundledGGPK3.exe","filename":"PatchBundledGGPK3.exe","modified":"2025-01-15T02:19:07+01:00","Modified":"","magic":"PE32+ executable (console) x86-64, for MS Windows, 6 sections","size":139264,"md5":"39f1c2e7b1fb183c8f51e1d7559abb68","sha1":"60398dcb7404b681c004dcf28a7ce645e278116a","sha256":"119d8f53d3798cf5dac1ca846f9ee9c3c7340cbb1e8e7bedc50a6d961019efb6","sha512":"27fbae3e7cfeda40e9f0a1070934edcc58a8b8ce6ea6ec1bab291beda0619e58dec77572ce172729e9e749d7123daea7e0097d933a86f1037e6094c2da966734","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/PatchBundledGGPK3.runtimeconfig.json","filename":"PatchBundledGGPK3.runtimeconfig.json","modified":"2025-01-14T22:55:53+01:00","Modified":"","magic":"JSON text data","size":483,"md5":"8668acdba4ef5bae1442d1caafb5385a","sha1":"be1acdf60f0df2b718bb822f8ff73cd5d2da2922","sha256":"b0be19eafe89d62b412845c1550d4124c7a08100c14b87e6fc11c370ddd80778","sha512":"2a3ec112256cac7ddb6f3eb6da08c67200b5802b69ad187be3b9ccb5aa46c4da58069eab19530609df78f50da5f21004bb66252cbd01926128e584d13aba7f74","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/LibGGPK3/SystemExtensions.dll","filename":"SystemExtensions.dll","modified":"2024-10-14T22:27:30+02:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":92248,"md5":"f3a2d9cd7de5c93b63115bd016c5b2d0","sha1":"93855939341ae42345a9a8eae436cf7fca383bff","sha256":"335211d0714440678bf544886a2f62c7060059f2bf804d345becd68a6321c5c4","sha512":"23be5f9b818ca31ce9536760d1e7c1ab42052eadf3fc200be055f6a90860b9481457a918d1e0188292ec0dbfd0d9b800107c1d7803f2d06391ac34b160c1c990","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/always_enemy_hp.png","filename":"always_enemy_hp.png","modified":"2024-12-28T00:36:13+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":5392,"md5":"bf4f1c3c029e34a769cd1de018e652bb","sha1":"d9a824c5aab56d8ba99a7a291e98b4999414354b","sha256":"1ade922657f61269b838980b5d512be67ba468efd11ae3d9b82f0257089133d1","sha512":"d60d88171016f48709e8d8943b907da4bed25ca4c242d8b5046e375c77f5ff37f5f26eb3dcd423efc03a75eeb444c5dd5d1d1637dfca8481d66c8f8e152453a1","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/always_enemy_hp_a.png","filename":"always_enemy_hp_a.png","modified":"2024-12-28T00:36:53+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":5460,"md5":"bb69e5d95035adb56a2d03341f9a3d66","sha1":"90c92d11e898574372f488ec36905801e5e67ffa","sha256":"4d211124be24c124b20dffb2095d7e3668a5b97ffc53a105eac6793db54235ef","sha512":"bec23bfcd9add3ece1ae4c176f7fe20e130f13a7c6d31508ffa02c2ba5859111bcec0f0d25450869ac0ecd3eca1405b644f7d3554b34a19207ae37e5be3947c7","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/blackscreenmode.png","filename":"blackscreenmode.png","modified":"2025-01-03T19:52:51+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":5213,"md5":"7af49d4e5700cba4c3544c9ffcfcb353","sha1":"1643daba4d8954979fa9d0657de06319aced06ba","sha256":"969ce5229c53840b2afa533e66a6fc4c89679cbb27e663bc50e100003567210b","sha512":"e30b2b7300bbbe9457996001be569cb6a27c3328a8cae93ab56a9fd115418128ba8dcd7430924b91127b266c33df62cdf24ccc241fbe16482b8ef604d4a84090","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/blackscreenmode_a.png","filename":"blackscreenmode_a.png","modified":"2025-01-03T19:53:15+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":5223,"md5":"5ba40549437f4a80f2983ad05e95b8d2","sha1":"f6fa5bc3e23d2d43c838eea9d35009610966d041","sha256":"8713fa4ca6ade203fcf5967049d7b61e4871880d81e4fede9265194b648cb874","sha512":"4a0c0ef0caf2e92ab706e439bf8e4fac68de6087ecc546db9c46acfacd8afb4162861c65fe483ba3271f8372b558982f05fea7d8386cb0a000a557e04dd88a10","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/close.png","filename":"close.png","modified":"2024-12-18T15:23:24+01:00","Modified":"","magic":"PNG image data, 125 x 38, 8-bit/color RGB, non-interlaced","size":4222,"md5":"b225d613564860b8020ba9248a1b6f2b","sha1":"58920e3e1e43454a46346c13eb2a34443c75dfc9","sha256":"311c9588cc4b5a194eea97e804086510ef6e538664dafed4de0299a6c8e5a2cc","sha512":"7cd15e1040463d9377e44f5348eb16ef971bd64ff838c4ed789ad79d25822446c59c92072e61c25f99dd74cd654d6d28a10e96981f82fd15991e1e703ea7fe32","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/close_altered.png","filename":"close_altered.png","modified":"2024-12-18T15:21:11+01:00","Modified":"","magic":"PNG image data, 125 x 38, 8-bit/color RGB, non-interlaced","size":4217,"md5":"dc0278a2dbec73b60385115efae75942","sha1":"2efb54520767c9b378db53cbd430f35d9d726488","sha256":"a3247d15a447ed24bb57fbb7a4b392fa2ad51b90770a5981596b592e67eaab54","sha512":"04544caac0d7fc00e9061938ca68e1d76bb9c970edc712ee8d76b098ba66602c2241d30ed5c804ccae99b54cd06ea086fae250fad5b086f1718fb638750e6c6d","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/dc.png","filename":"dc.png","modified":"2024-12-16T05:20:06+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGBA, non-interlaced","size":4509,"md5":"1d749b98836bc8e47cead02bde8a4437","sha1":"63c03d40cf45869b9707c98421047638c59f3eef","sha256":"ab7ffa7d24dfa8fa4f76980a1d7a21536d5485d12fbbf5c5fb95c9fff4fecfb0","sha512":"fd02ffabd1685a8e18634137d853529ca00e8737561ef98fd10ef321ddec17bd2ba707d45b75d89476cc3d84d46833660e4b13ab36d67d196d60602f0e77c096","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/dc_altered.png","filename":"dc_altered.png","modified":"2024-12-16T06:35:53+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGBA, non-interlaced","size":4714,"md5":"cbbcc1ad191ecf357baaf1cb01bf4bce","sha1":"4a443e9824b62fb0a850a2ca967776c1310a54ca","sha256":"ff3560d14de7dd9bfb657e3a57cca8d066910e082af7abb8cfd19364ba0009d5","sha512":"9d3156cdf520ed3e324473a4fb9a8d7528cf8cbe4274388af38f3fd5d676654fcce402cd7ba860d947cab6121c523d46790c4d6a85f2087dd2f332f6750af2e9","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/enable.wav","filename":"enable.wav","modified":"2024-12-18T21:29:21+01:00","Modified":"","magic":"RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz","size":271734,"md5":"0d8adbf6b0dbad15f3c708510f63a295","sha1":"f4e7f6761268df4b428ee74ec2ddb9ccf352cfd9","sha256":"bd4757a84decd73f20080324c446358c95dbb2e46457bfb81138c7dffe5d9d5b","sha512":"76fefda8970b3e95af82d0d5faaf3aa8991c33cd79ea2a727765daa2b4cd1866e8ea5d616a834b474079ee543adcc37ff261a478c2c8276167fcad3179b6a514","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/exit.png","filename":"exit.png","modified":"2024-12-18T15:23:42+01:00","Modified":"","magic":"PNG image data, 125 x 38, 8-bit/color RGB, non-interlaced","size":4317,"md5":"e2c3de4958bc38d7d8863f436cc33336","sha1":"90090a90b46f774fe8b2861b5fae523f2776e9a5","sha256":"5e1c4232b3f6f2974d6c64c82bc8248b6b9693062b2d2e0d1fade51aeac70342","sha512":"664d93c2223b383e832221a7bd63bb1fcd2d0843adfe25513686b82caee7186d0a24f3f0b6934d5bc42fdefbd687987e79a321fb0c74f64f84ba0ea5b7485abe","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/exit.wav","filename":"exit.wav","modified":"2024-12-16T02:03:22+01:00","Modified":"","magic":"RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz","size":589898,"md5":"0cd6c260ef1faf1efc252a25613bf31e","sha1":"b72f26d445da21615ac853806fe5eed701fe88c5","sha256":"cc1d96be17ae2ba54c48960ac41cd5b0eb114129dfe99a1a87f8ee47642cf836","sha512":"2bf8cd7a30cfb8af1e5cea61e9451092282e976353f66a1aacd96e64b48b3eb7851e56fae717f7d3b0170ae24c49d596f60085d5b84848a1c642ab6a9080df28","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/exit_altered.png","filename":"exit_altered.png","modified":"2024-12-18T15:21:30+01:00","Modified":"","magic":"PNG image data, 125 x 38, 8-bit/color RGB, non-interlaced","size":4312,"md5":"3f59cc6f003e6e12ccb739ce5f68f4f3","sha1":"d2e1169337d6d3384307aacac41e67aeba2ee673","sha256":"3e44e2e5eee75a4cec8574110ac21a3bb6d4c9147e8a7e85d8d1bb7b8fefe910","sha512":"2ed0d05d2638d02df0381e11977e06dcaed9542d6234ad30b5d2368570c6774d99e1ae8b859addb46981b67f60d93790b6c372d124629f10ffc833a79342237f","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/gamepad_ai.png","filename":"gamepad_ai.png","modified":"2024-12-24T00:00:29+01:00","Modified":"","magic":"PNG image data, 651 x 420, 8-bit/color RGB, non-interlaced","size":110879,"md5":"8ec6073595afff32cee7b360a87dfa2e","sha1":"06af4689da884d85d4afca68aff0b73c8dc7cebf","sha256":"2f5db2ba1c9c7ff7c6ce86c1d3b46890b23450abc2d6ac3fd5c2bcf19fb893ba","sha512":"3790102481faafc20788e52b7d1bf7bbb7a81605c04dd9388177692bbf52f5cd1fb2063d0167b017954ee5800333b1d5f8c3c2af8cb34dac177a9e71d357bedc","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/gamepad_ai1.png","filename":"gamepad_ai1.png","modified":"2024-12-24T00:04:36+01:00","Modified":"","magic":"PNG image data, 651 x 520, 8-bit/color RGB, non-interlaced","size":112147,"md5":"3dc9ef7c8074ba6105d76f5f981471fa","sha1":"64dd2351f2aa33820a9778a4d0684a28525ed0af","sha256":"fa474b4a2a9c1f88dc569f3280a69618da584cafc988b3d1f85b8c1f7c36b121","sha512":"ddd840ba0fb8db233b675842f225336a037512d3d279488d610b4148358be4dbe5904e09abe4fb55a7356bc1964ceb63a5e1b9f9312024ad040c535a74ef86d6","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/gamepad_wnd.png","filename":"gamepad_wnd.png","modified":"2024-12-27T00:25:36+01:00","Modified":"","magic":"PNG image data, 163 x 105, 8-bit/color RGB, non-interlaced","size":15084,"md5":"0998493e571984a817f2f68a9bb084e0","sha1":"80d6bd2a25dad8e556c9333bdf28037f80ed0f3d","sha256":"295965a3d35b9d8123eb4555d05c303312526dcc01f548c3ff2fc01d28e5b9c8","sha512":"7befa42a7f5edb237aed03b1cf0ac5239244d791e0762ca655783a2fc6a18a6a0738f18eefa2a51e47313c7f0d49101d1cbe60cdf9453351a5bd98af451f49bf","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/insert.wav","filename":"insert.wav","modified":"2024-12-24T00:43:01+01:00","Modified":"","magic":"RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 48000 Hz","size":125254,"md5":"4b2e7f99fc2e1f402e317f862ce78ffc","sha1":"52242477a0f6d1b9f756869c14d1319209d53d94","sha256":"e0aa44c4c3e9ce28e621478acdb3a6ab931cfd9ea39ca447fd0ad14e41b6adc2","sha512":"755f66cd22268ef5618f4f1efba321605d46fe67bb36a150d4c1e12e8cc14231d1d84dc837e236d6982d997f0345e7adb30d435f8418f33cb02bbeb641a94479","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/maphack.png","filename":"maphack.png","modified":"2024-12-18T20:59:37+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4388,"md5":"9f654edd9409b946692998bb98fb300b","sha1":"f0008f4d910de90ed0ad7cf5f43762436f19a4c2","sha256":"06d621c13012eb7aab5269b263dd61e1aa00ce2fe040899c3be03b905ac68a3b","sha512":"11c818a0219b17aa39c4d559ba3ae739f01bd7032e20bb70227a28ae50392505dfc893a925575fe29d93e3273012ad9f72791078bfd7318e6bacd213f35fa35d","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/maphack_altered.png","filename":"maphack_altered.png","modified":"2024-12-18T20:59:48+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4447,"md5":"a045d78e751197d155ee79c00ccbee38","sha1":"50fa8e87924e41d1a5a242d9c1a9ee2ed5676314","sha256":"127507b32bcdbc5951ba76948b61c1fbbed06ab5295c2a07224ca0e32759776b","sha512":"087de99d0c44bbe2352204e8cca2fa7035341f904a9582db4a1dbe2a977e962fd8330b4e878ca7ec0a466c702e961238e05176d272d17014a61762691b5ea038","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/minimap.png","filename":"minimap.png","modified":"2024-12-18T21:00:09+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4419,"md5":"1dd4e67ed360f9406c26c945d4f58125","sha1":"bfc51fb0565c868827d6805acc021bc75bc5e4d0","sha256":"f310fb671427828aead494b3532b7d68183ca632610c514616ec6b5bcda68f4f","sha512":"de339a37b3f0a4ee3f2a7c168b227faf9c875b7b545ac90295cf06c60c6308d1c10ff235d61edf820ff701bd97f9a5e5fa4fb7057317d742bd6948ee4962dbd8","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/minimap_altered.png","filename":"minimap_altered.png","modified":"2024-12-18T21:00:29+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4524,"md5":"c5da668a82c84d268b73a9a79b7c8148","sha1":"f04f1fa712da48796e75df4474d5dbe80041512d","sha256":"0c4001bda0134469fa94950b825ee099f998f455b5b13e7dd9a5e0a1b445b393","sha512":"110c8e612cdf1f155c03111b1a34db62ba932d322863b40a791bdff9bebd46ee15035d401309aed4833b010c025627ec6dc87f518c4ae3aaf6133753ba1813fe","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/notify.wav","filename":"notify.wav","modified":"2024-12-20T05:16:25+01:00","Modified":"","magic":"RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 48000 Hz","size":247758,"md5":"80c94c596e16453bac410773ceadadfb","sha1":"f8d1264a059f6ecaaf09af6e78432eb3673a056f","sha256":"cefd091aec2cb3ddabaacbd529fa65a9af4df047303f9a9571d7ee21cb83e5b9","sha512":"ce13600759bcc1e0d288858abe7ad6c3d5d02d3c096e04bb7c533deea9c1b292b20ee9540f1f868c02847161c64079832f318871cd8bb251230543fe0aded5b8","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/pp.png","filename":"pp.png","modified":"2024-12-16T07:13:25+01:00","Modified":"","magic":"PNG image data, 188 x 35, 8-bit/color RGBA, non-interlaced","size":5005,"md5":"b501654a158aaa2243c532ed01b135d6","sha1":"597adf9f143308503872517679eb698c5b90ea39","sha256":"62ff31014ef0763e7bb40ba77d052159d61a9fa0b06ac8e8390662bc8a8f7b18","sha512":"e5c615064b420886c4809b0ed5911a938bccabd0ae9ae4b770f02e4a27273d8df8154e19451fe2f963edad8a4bdac0a04e4382fa5c3dc5dabcf75b065e3d314a","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/pp_altered.png","filename":"pp_altered.png","modified":"2024-12-16T07:13:39+01:00","Modified":"","magic":"PNG image data, 188 x 35, 8-bit/color RGBA, non-interlaced","size":4858,"md5":"bcebd645465a3f95ba92678358b2c538","sha1":"f1e226c9eb5958260ee22e1e64ee4f5c5b76706c","sha256":"591f7cabc9dbba8f5fa895d460bc9c9f2835adede59c88b316f1316c1938a6b8","sha512":"96d4ff1307a3cc093b7473d121045c9c9f03a6f20a97d5078cad4cb76b720cc1dc80bf9f984e2c2cc55bf989799dd9e76585f24530a772d9436e61f22aebe732","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/remove.wav","filename":"remove.wav","modified":"2024-12-24T00:42:20+01:00","Modified":"","magic":"RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 48000 Hz","size":161614,"md5":"7b8be1db87a4bddee47dd8cc849a9ffd","sha1":"ee7a21e1391e68af0e806fd2a0d413ba0de82b5f","sha256":"0abbfb9371ebeb4475503734027dd6f0aa21395363374cefd2fae5a428f29853","sha512":"c7c87965a17ba27f47ff9de30f2bfd1a919a5c96abb729a88606a46b1e5dd26a94683d8e885a0ef56a71e16e42abff4d414c8e177c1af58f5827540f8abd5eec","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/remove_atlas_fog.png","filename":"remove_atlas_fog.png","modified":"2024-12-29T18:00:15+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4966,"md5":"efff2969dee80cd2ebd28e6957a324cf","sha1":"c24f6c2727f8449468d41d64e46e722a34adc987","sha256":"dc96fcf72577283d298b22dae60da2d1ea74ce59cb4a352e0d09e6906bb2fe6c","sha512":"07afb67c41133327749941bb65d78fa981d33f564c46809d73ed26ff40d30420453b5bbb9f2cf61d324d3f4c20a6b495aacb8cf1781a24387f8c5d45ae52d86f","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/remove_atlas_fog_a.png","filename":"remove_atlas_fog_a.png","modified":"2024-12-29T18:00:04+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":5084,"md5":"af547f3f45a6e2e89b9aa6cc15f06973","sha1":"b301d60777213053a2779ed7da829a4e67a5a10d","sha256":"4e4f0ed107edc4032a7ac9c092b64d37091b6a6b1042710ddf90b0be96813b2b","sha512":"b2b4809845ed1ac26d6dccd7d6ecbbb6c0edf2ef2ce4a107af62feb08e31c51c58324e465b5b0b60f59153fb46a90e08b0f7ddc9ba774545d94787be3d5cbc76","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/remove_delirium_fog.png","filename":"remove_delirium_fog.png","modified":"2024-12-28T01:37:27+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4959,"md5":"ac277b4d0ac78d17143d10f7b4042510","sha1":"7ab63905dcf100407e717132b62d59309c5f4039","sha256":"68d2bb7d3a71e96494bba1889e2f34953ad1505c675d765ac51b804773c7da48","sha512":"fd81336461b0b2c785feafef5747e1869a5f26b91ab96f960c5b2fe52b49b411f78b0c3f39d307d830394bcb53c0f07bbda69caed5cb6ed1a3d54ab94c5bd7ef","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/remove_delirium_fog_a.png","filename":"remove_delirium_fog_a.png","modified":"2024-12-28T01:37:54+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4965,"md5":"61636c8159a5bceaeb0c6782666f52cf","sha1":"7db15e51f60594d86896dc47fdc66a2cc0c30c52","sha256":"162720f9de5c82036e8a14acd34585bbc577fa56f2914d042c3eb57124818251","sha512":"bdc2303ffbc6c92c2e80d67af9bc67ab87227ff8de0cb275cb93eb0431c04e2dbf3e39bce21c9b2e557091ef3f32832342cebb7cdc27028cb84c807043ddae33","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/remove_shadowseffects.png","filename":"remove_shadowseffects.png","modified":"2025-01-10T18:54:42+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":5311,"md5":"150b1961b625f41aa4dd8e379d6c7ce8","sha1":"6419be64e91ed90b5d65fdd22ac82057c629202a","sha256":"31041446da16a4bb30727836d710f01a73691eaf74ea70494920650635451bde","sha512":"fbdd72f09115a2791f2137e49bc570226ec4a9f62352477fe372763e1ffaf2487476d1920b83ebeddcd4ec5410286e885f44564b608f627ab7ee92f4c15de527","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/remove_shadowseffects_a.png","filename":"remove_shadowseffects_a.png","modified":"2025-01-10T18:54:10+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":5402,"md5":"e7d71e8d2cb0674aeb6b7bc31019aed3","sha1":"c00479c3fd3e0204ddc7809a9618a461e4e64dbc","sha256":"12fae4f06c3f0d2b4f390292af7702f6849c3caaf10e6aebfea0f3a9e3a243aa","sha512":"8a60264b73e007c7d891f1b3f07e26726aea939b6b96745dd6957e84bfa1f6b5fcb9d8a368d6c1bc0661bc23eb45540bb7b0a66cb28836b56976eaad0f19c054","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/restore.png","filename":"restore.png","modified":"2024-12-19T15:57:25+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4711,"md5":"62e1fec0f572c925495c9c684242b055","sha1":"f894d44f9e13dff73ec7350eb43f05d7d01fc183","sha256":"f5d50a7d54928ef7cc9a0d923e72c6533bb486cea2f98aaa66511450166a6e1a","sha512":"bba138b2798a7e7a52ba38b3c24c1f7a91ce196bb29ab855e574599380b1028de470266f3887896d2420ad6e451c86ae88946443b71d35ad8ea8d735ee8ab68d","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/restore_altered.png","filename":"restore_altered.png","modified":"2024-12-19T15:58:14+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4705,"md5":"8820fdcff318dd9534505b14d22b2c6d","sha1":"054fb4740a30c451e3fe298cab0e1a9b23f80584","sha256":"b3599515391b4b2990afb3581cba228c92613e29fbf535f08497e86782015eca","sha512":"82a32319e345bf0fd9bf70fea44e71ee038d7c1d365c754ff1295a9dd76fe3153047ba9fc326bd39fb6eb75193a381e1301a47170358d8ac18f6b8ab3fff4181","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/save.png","filename":"save.png","modified":"2024-12-18T15:23:09+01:00","Modified":"","magic":"PNG image data, 125 x 38, 8-bit/color RGB, non-interlaced","size":4572,"md5":"82a631b6b495482b761a5ca35025f842","sha1":"ecabd0faafd2f1af125f14668c9c229ffa6a6000","sha256":"627cc8136d201646ef8491be98be59a6f237b85bcc20ee0cb50b7e0633be4bf4","sha512":"700fc89f40e495dfd70cb7578b203bb5e8e2e0854f5a635cb9b26dd8ecc3f56598f92f2f7074dc200589250e1b0a588f15bcc522e8417f24d2c0ab60773da411","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/save.wav","filename":"save.wav","modified":"2024-12-15T21:27:26+01:00","Modified":"","magic":"RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz","size":313422,"md5":"3a38af61795d6a0b85801f4c5bcd3169","sha1":"9548886fe4b1a8acdccb993bbda9d2912248cc2e","sha256":"589f859ebda41746629ba6c6accd47daf973781508c9ca8aa3c40180efb9e75c","sha512":"ba442f79c552d6838a0fc3e8603ccae3c4f61f83fa4267138a9f69f366057799f057ce8b3d53cc5ef35f1842da50894bebed9b9e29fc613ee4c4ea66ee951f93","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/save_altered.png","filename":"save_altered.png","modified":"2024-12-18T15:21:00+01:00","Modified":"","magic":"PNG image data, 125 x 38, 8-bit/color RGB, non-interlaced","size":4615,"md5":"838c4b5bb5766b44663b897f6d2f062e","sha1":"581118614a2390e2456ccbbfd1096c05025ccf26","sha256":"01aa0d80816ea7059fcb5ae263662fbf902e67b8cd78b1b06e6e368156a8d72a","sha512":"6c214bf4c8eb9594ed04f65737d4d932e69e63f2d9b79534eb95824f3315c82113154018a1bcaf5ada12ab1c86a10973375396a1edcaff8a6e3b55249f520580","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/settings.png","filename":"settings.png","modified":"2024-12-18T15:34:26+01:00","Modified":"","magic":"PNG image data, 125 x 38, 8-bit/color RGB, non-interlaced","size":4798,"md5":"29cbb0ad3654c61efcba09aeef305a23","sha1":"4c3061738fd9d0570d243e9e0389cb27c2bbfd4f","sha256":"652ba4c37db009434295c0b42829bf0a4e229fbe9f0f18c62a67854befe72c4a","sha512":"3f7cc5fa89cfda0cb0f4f804380a7790a00a39c0073ef0dd0110c6a66d5d68de8799889a9eb0a523fd98dea042fe1cb4d6737693e6d253c43a331c27d79e2fbc","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/settings_altered.png","filename":"settings_altered.png","modified":"2024-12-18T15:34:11+01:00","Modified":"","magic":"PNG image data, 125 x 38, 8-bit/color RGB, non-interlaced","size":4805,"md5":"286e4d6ab5e4a423fa65d3ba24a293c4","sha1":"dcd722e82a80aa7f4f106abdee8e81985f143010","sha256":"57db13dad5b69e87da1328d884c1fb6e84f67f3a8ec868cc872c2f39c1c2bb0b","sha512":"28f018f7947d8a6c0226c20a28d880164c64226d02a6b36aad48b900777167eea532c201d98655868be44ab123c203efe9128ebdd20c3a1f499790f47549c163","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/virtualgamepad.png","filename":"virtualgamepad.png","modified":"2024-12-24T00:14:19+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4758,"md5":"87b1fc67b5bb8cee20750dbaa66f16a9","sha1":"94b25b651f24263a8753f7b4edfc7fa3f5689f10","sha256":"9299cb6f1779043382b016a659d4fb532b88d737ae5382b51ee9a85108633e08","sha512":"5087c4e009a65e7c8e58f8049271e7ae96f19acc7c9a3f959f826ff695f4fc303b9360d9f47198cc67b7332b0c5d38a4ba0874543008977c182451d0fc031d3b","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/virtualgamepad_altered.png","filename":"virtualgamepad_altered.png","modified":"2024-12-24T00:14:53+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4788,"md5":"baf10cd8173f8ce72db5f2ec02024293","sha1":"d8ce946fe0bc702873516957be2439165212ea2f","sha256":"6f2471dad82e7e1842e1f11c384dcd9a01dd563f185bd23d30a0871b5581242e","sha512":"4b18c7e1dfb7f8f7121a0a451b91a2f7efb1f6ad4093726d3e4cf741b32dc1dc28a0e6a2bac74a3e12b685e7c88fe36f6becd48691dd39e97a9bf71d4614fa73","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/zoomout13.png","filename":"zoomout13.png","modified":"2024-12-19T15:08:05+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4747,"md5":"c2becb2a42f45c0540dbcaf99d3bf3ff","sha1":"8cb3546ac9218a245eb524b000d7e0933216fb93","sha256":"fd21c2b4f8cb4bfd3b8f21e0eb843759d0e5a1814767ebbd890566fcbf50bd08","sha512":"8b8be6e453f397d31e8db152af2c881cfaa95ddcd8962bbc69dd6ebfe028dc18f384196441b48c7110a7b0ccd8a5b8db580f83d8bae3fdc7ef95d4c9547e4016","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/zoomout13_altered.png","filename":"zoomout13_altered.png","modified":"2024-12-19T15:07:43+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4765,"md5":"06368455696c5c527dc55e8733a538c0","sha1":"d5c2ed29796665cf1378ea77597df3f0ec3e070d","sha256":"cb7ba735509092c6873e5ce58ba44b402d6d3f032eeca81ab7c7acce1664787d","sha512":"cc8463ef80f5eb26f01bcfac2a42e581aac188ab484d8ad3fcedf63967f5c407d64c5865db4ce2d8a73d86c891b48501f61cf63c82e0331ab0d477f85ecd8291","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/zoomout16.png","filename":"zoomout16.png","modified":"2024-12-19T15:05:12+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4776,"md5":"3bc2b680436888ba99ed11a64b376431","sha1":"693d6018c976f0275841efea6e4296b76ab4eafe","sha256":"87584a36e7196804645cbdd65fb811103fa3e74fbc73098af77eae7e7456cf37","sha512":"9822baf114c2a2417ed13c95303146c8ac887a7a57a16d24e03c1a6e295e2782e5891d51ef5b8dbb8e0e00bf0cf12230d584d9e4f749852d100c6869a6886d05","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/zoomout16_altered.png","filename":"zoomout16_altered.png","modified":"2024-12-19T15:05:31+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4783,"md5":"23609b2d7f41f82cf2bea4d6c5aaa59e","sha1":"e874925e5715b821e72a420f19b9fcc1c2148e18","sha256":"855127e42a887d6a36ec47f955538a8e6b614cff18c9c250471637caf77e4202","sha512":"bf231f235717392b0dfbb8390f9be8d7c1e8c820f6e9bc65404195791dd1bb6b62e5a6a5152ef5791d8d71cfedcb61c9cfe52b79152abe8a626fa4906d537ca1","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/zoomout19.png","filename":"zoomout19.png","modified":"2024-12-19T17:29:20+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4802,"md5":"864058d764a34c13626feab35103240d","sha1":"8bca913ff2d0eb199325f814c86434a72cd1a32e","sha256":"492183607bfc39f46112deb568a6ac794088987117bf4f92eec0300fee01fc90","sha512":"72a16fab28fe33f6b18461be6279ae5c277dc0510f934699696ec777f47a84c277153cba2456c1e97cde131c7f999fb47a1794fb9ee4e356d2c0fc11494dc2ab","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/media/zoomout19_altered.png","filename":"zoomout19_altered.png","modified":"2024-12-19T17:29:51+01:00","Modified":"","magic":"PNG image data, 200 x 38, 8-bit/color RGB, non-interlaced","size":4803,"md5":"e2aa98d4c194612a35c3396939c64069","sha1":"1f91759485ba79c1b85db9a9f8a34e8d8b0e72ea","sha256":"7db7fbf38c22d06fcc29c42f09a18171976111b019fb8a4419f476a29b776fb2","sha512":"9a714ca51d1aeace697f6508ae57e74bf0af9aba0ef9bfd95622bdca97dc3ebb59a8095447a11021ba78b1671439b8a1426212a2fa6ad4d5eed65e5620f1c641","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/ViGEmBusX/allow_virtualGamepadPoe2exe_to_start_always_as_admin","filename":"allow_virtualGamepadPoe2exe_to_start_always_as_admin","modified":"2025-01-16T20:22:46+01:00","Modified":"","magic":"","size":0,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/ViGEmBusX/ViGEmWrapper.dll","filename":"ViGEmWrapper.dll","modified":"2021-03-07T22:33:25+01:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":44032,"md5":"9053d4747feb614cbe4947d80231f791","sha1":"ec7e0487e22942951d949826ac907080056d8108","sha256":"9828b5e6c7a5c8e3d684d8c048e14b0cc567d07f2a649b926e31126a4d6d45db","sha512":"bd787e9bf503007a3fb70a7756af9e4e2aaee9c0852f06430aaa1354bd26889fbe0a7589bc35d168ec70b89a04ae7388ab75f37aca6af2eeb60e49ef47748e07","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/dependencies/ViGEmBusX/virtualGamepadPoe2.exe","filename":"virtualGamepadPoe2.exe","modified":"2024-12-29T19:55:02+01:00","Modified":"","magic":"PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows, 3 sections","size":669184,"md5":"b5ca63be02cd2fae400c434b2d6d9726","sha1":"d78d7d6433c99d87b531f6291c719289bdde1d16","sha256":"9ffdb6f9be255084e8225b04fe156a1254a1807a1fbf18821ea20064e3aae847","sha512":"f39b24c134670c84f97d87379dfc02fead8f966b7a34c12e828dbb9f8c9796cc40f1da82eb29b83267b73d5f3bdaa696679ff4a83c9a72add0825a4287ccf143","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-12","alert":"Scan result 5/72","trigger":"9ffdb6f9be255084e8225b04fe156a1254a1807a1fbf18821ea20064e3aae847","verdict":"suspicious","severity":"","comment":"suspicious - 5/72","link":"https://www.virustotal.com/gui/file/9ffdb6f9be255084e8225b04fe156a1254a1807a1fbf18821ea20064e3aae847","meta":null}]}},{"path":"3.5/KeyListController.txt","filename":"KeyListController.txt","modified":"2024-12-27T00:47:33+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":211,"md5":"6023c3148f2373bc3dbab898cd1b2578","sha1":"0225406af9631ff1cdb56f2593827876c0df3c33","sha256":"9d18c569f16c6a031fdf4f0452741acb66fba8b6392f2fa012f6bd4e22613e45","sha512":"1d2733c38955162059ac34d1ea1bb942604c045543c824e42e42e9429b6640ea4ffbe367ca24a79a13802e733e971d2b64c8ddeb202656e9d2a91a6b973433d9","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/main.exe","filename":"main.exe","modified":"2025-01-16T22:02:26+01:00","Modified":"","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 5 sections","size":2968576,"md5":"f771ac1aa4ca4c29805090a8162108b1","sha1":"b39c7bf066fcef76779f75b0aa17a1679f8a1860","sha256":"d2e768b0efb8ec996d403adada6d77823cbf1c38404efb94f7f996b139939e14","sha512":"416794de7b959541617722bda5b9cd006494166aa1f5d7623e86acef891a795e88f9cd01b8f56f071361c213743911558dcbbb22eadb524fd831856a27a1bbea","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-16","alert":"meth_stackstrings","trigger":"3.5/main.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_stackstrings","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"00000000000000000000000000000000","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"71fe67dc-8cb3-4b1f-8eb8-7b2e0933e0b4"}}]}},{"path":"3.5/readme.txt","filename":"readme.txt","modified":"2025-01-16T20:24:51+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":652,"md5":"d94e31975e5b0f7a680a8dee793b5246","sha1":"5cd980e397900f9052664a8f23cec0dfa43f813e","sha256":"2865b46cb9f7c8922551da1f7eb66358cc83e880bf64d1db884644fe1fde5b5f","sha512":"610d304f268193da9b2a3623fbb880e38a3d0105550df84cd9c2a7769c0c80d8072b5fed7121f251a9003bb7fc4ca75c1dd40b49df155e10db54db245fcd0503","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/scripts/HYBRID__THREAD__UTILITY.AHK","filename":"HYBRID__THREAD__UTILITY.AHK","modified":"2025-01-04T21:04:47+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":2277,"md5":"f835d9c2c0b586148af88afd0456316b","sha1":"df3daa4091bb46ba4e6ba8577577b0b9fbb9226c","sha256":"ff250b75d7c8054def4423d38177ff7e467a9065e055a756e4997dcf921b2502","sha512":"bc226aad5ad608d0c8007281dad7fe14d4c901765ae88379d8442164d9cd20f3b58d3ac6d911b5678758aa0491ae77497b56245be5c734a461f9f40c36d56160","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/scripts/LOWLIFE__THREAD__TEMPORALRIFT.AHK","filename":"LOWLIFE__THREAD__TEMPORALRIFT.AHK","modified":"2025-01-04T21:04:05+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":864,"md5":"6a68b839213cdb1a0d31b3f4ed80a39b","sha1":"24e6bad239c49aa62bf282d9ef67b11882dd74c9","sha256":"483a24b7ca9dc0cb851f35a44a7777cd11632e206b2f9635f4befc533a78837f","sha512":"968d5aebb8ba843e2343dff315a61b44f181e8d47f81001ff367ad9c67814b511e8939d95dc1f0bdaa1606411e40b61f335e88efe42395946407f613aff61094","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/scripts/MOM__THREAD__UTILITY.AHK","filename":"MOM__THREAD__UTILITY.AHK","modified":"2025-01-04T21:04:14+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":2251,"md5":"1eeffd9dd5a1d54e1750fc02a95da97e","sha1":"ea759274ecb976fa9f9513f20a72689d713ee46b","sha256":"2e1c1c7fedba8e9630bc6f5ad79744a3f9fe50ed2437fd4761c28baa01531e76","sha512":"fcb6f8f77c5b9855830729296416847ebfa53df3e554fa089fc8a72c25922e7b615e2e1f477efa1be28c8b5b085194ac02cd3b53c212fa782ac0e7c6566c7eef","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/scripts/readme.txt","filename":"readme.txt","modified":"2024-12-29T19:56:01+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":826,"md5":"e0eb170be3c64b780d58c5e3cf294453","sha1":"b5c03576a14446a490031d3fa834384863fc894a","sha256":"fb0a6aef136cbccfb1065a5fbda98e11bbd4e5bc21d456b95cdcf1a91ac1196a","sha512":"cc3348c2f24e400c97e504925bb5b228fd651672d65b02ac011a5b00dee93b4585e6bd267912279cc7d4ebe74546ce319f26eced3c4e7b41bb0109a1f828ffea","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/updater.exe","filename":"updater.exe","modified":"2025-01-16T20:36:20+01:00","Modified":"","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 5 sections","size":2805760,"md5":"92749280fa7b89bb2c69dffbcec01c69","sha1":"150912a49dcb996f2dd300229b41aeb0c469e380","sha256":"e44c9c84f315ea9167bc6ceb000f3d00b4f7a6039b46d3b29b6fa294d65263a3","sha512":"245ccc88017fd2c37625fc90647d2f4e01abfbd91f4298ff51f3408caeea842f331240fb55bfb19c2b2fbc6fa8ba1dcdc22329d7ea91800c71ead109c60c5fdb","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-16","alert":"meth_stackstrings","trigger":"3.5/updater.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_stackstrings","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"00000000000000000000000000000000","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"71fe67dc-8cb3-4b1f-8eb8-7b2e0933e0b4"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-13","alert":"Scan result 18/72","trigger":"e44c9c84f315ea9167bc6ceb000f3d00b4f7a6039b46d3b29b6fa294d65263a3","verdict":"malicious","severity":"","comment":"malicious - 18/72","link":"https://www.virustotal.com/gui/file/e44c9c84f315ea9167bc6ceb000f3d00b4f7a6039b46d3b29b6fa294d65263a3","meta":null}]}},{"path":"3.5/__THREAD__KEYSTATE.AHK","filename":"__THREAD__KEYSTATE.AHK","modified":"2025-01-04T21:08:15+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":1412,"md5":"322cdeade33a350d6135a293ea3ec74a","sha1":"63dbadff06cd556cc0d9eeaf97cd20155fb6e281","sha256":"09559421bf21675cf7ae0768535dd894d586aae055a4ba7d4ff6e868de7de153","sha512":"1c52ce9423ae2cb6877474f91815713ebf985cf4519059fab7651dfa2697b2714b2afd04a7e5ce1e089abf9d645b58efe54379aac6f24f41c5fe0384b94266b8","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/__THREAD__TEMPORALRIFT.AHK","filename":"__THREAD__TEMPORALRIFT.AHK","modified":"2025-01-04T21:06:37+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":1545,"md5":"d8e7b05615ab3a0316bda2de8ecf1d70","sha1":"21909b7c8c78e5efe35f87683feaea9b27012621","sha256":"3698e5b0bb9548051371d34101d774b3840ece55437d560adbd85a21c63f6c92","sha512":"3958c81b51d99b7bb8d62449f6e5dbb4b2fd8f7b3071063daa576ffdb5475a5fea475ff5e818df6c93442f03cb58392956d5dc89adcbaad4a39b9a240c9a8284","alerts":{"urlquery":null,"analyzer":null}},{"path":"3.5/__THREAD__UTILITY.AHK","filename":"__THREAD__UTILITY.AHK","modified":"2025-01-04T21:13:57+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":2993,"md5":"9211adbfaeb2d655bbedb4e2870b1f93","sha1":"9e1c10fe595f8132ff2cb91e92cab1ba8bd7e81d","sha256":"fade9b404aeb84cd3253f994236e7706e18fe633c3a6bb27c7ac7dd0edf690f0","sha512":"ab938acc42e193687333ce2a15cb199a9f037a70bf1f9f8a2e543f713a2be5cf8ef07442a3f076858319b927261631de2210d43eb00a364b208215fd0b048d7e","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-16","alert":"Detect pe file that no import table","trigger":"3.5/dependencies/LibGGPK3/PatchBundle3.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-16","alert":"Detect pe file that no import table","trigger":"3.5/dependencies/LibGGPK3/PatchBundledGGPK3.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-16","alert":"meth_stackstrings","trigger":"3.5/main.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_stackstrings","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"00000000000000000000000000000000","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"71fe67dc-8cb3-4b1f-8eb8-7b2e0933e0b4"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-16","alert":"meth_stackstrings","trigger":"3.5/updater.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_stackstrings","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"00000000000000000000000000000000","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"71fe67dc-8cb3-4b1f-8eb8-7b2e0933e0b4"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"github.com/KintaroEB/POE-2-Assistance/raw/refs/heads/main/3.5.zip","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.4","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-01-16T21:12:46.804Z","timestamp":1737061966804,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"github.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 07 Mar 2024 00:00:00 GMT","end":"Fri, 07 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"E7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0","sha256":"FD:6E:9B:0E:F3:98:BC:D9:04:C3:B2:EC:16:7A:7B:0F:DA:72:01:C9:03:C5:3A:6A:6A:E5:D0:41:43:63:EF:65"}}},"request":{"raw":"GET /KintaroEB/POE-2-Assistance/raw/refs/heads/main/3.5.zip HTTP/1.1\r\nHost: github.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: GitHub.com\r\ndate: Thu, 16 Jan 2025 21:12:47 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With\r\naccess-control-allow-origin: \r\nlocation: https://raw.githubusercontent.com/KintaroEB/POE-2-Assistance/refs/heads/main/3.5.zip\r\ncache-control: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nx-frame-options: deny\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/\r\ncontent-length: 0\r\nx-github-request-id: 425A:1FFAF7:2A183A:2B1DD6:6789764E\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/zip","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-14T01:33:42.567327Z","times_seen":16400444,"resource_available":true,"data":null}},"time_used":555,"timings":{"blocked":94,"dns":1,"connect":25,"send":0,"wait":362,"receive":1,"ssl":70},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"raw.githubusercontent.com/KintaroEB/POE-2-Assistance/refs/heads/main/3.5.zip","fqdn":"raw.githubusercontent.com","domain":"raw.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.108.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-01-16T21:12:47.270Z","timestamp":1737061967270,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":"GitHub, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 Mar 2024 00:00:00 GMT","end":"Fri, 14 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28","sha256":"09:01:0C:CE:9B:72:21:55:C7:E6:86:B0:77:39:D3:D2:DC:06:05:DE:A1:A4:98:4A:0B:96:5E:18:77:77:26:B5"}}},"request":{"raw":"GET /KintaroEB/POE-2-Assistance/refs/heads/main/3.5.zip HTTP/1.1\r\nHost: raw.githubusercontent.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=300\r\ncontent-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox\r\ncontent-type: application/zip\r\netag: W/\"c3a35527f1767f23f9b9e25ef05a83313e78e1d5299fafb200fb5fecc7a0edc6\"\r\nstrict-transport-security: max-age=31536000\r\nx-content-type-options: nosniff\r\nx-frame-options: deny\r\nx-xss-protection: 1; mode=block\r\nx-github-request-id: 73AC:222449:7D7E0:820BB:6789764E\r\naccept-ranges: bytes\r\ndate: Thu, 16 Jan 2025 21:12:47 GMT\r\nvia: 1.1 varnish\r\nx-served-by: cache-hel1410029-HEL\r\nx-cache: MISS\r\nx-cache-hits: 0\r\nx-timer: S1737061967.351323,VS0,VE345\r\nvary: Authorization,Accept-Encoding,Origin\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-fastly-request-id: e708d319047b3a73d8aa4e8359f42ff991d89966\r\nexpires: Thu, 16 Jan 2025 21:17:47 GMT\r\nsource-age: 0\r\ncontent-length: 7682081\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7682081,"size_decoded":7682081,"mime_type":"application/zip","magic":"Zip archive data, at least v1.0 to extract, compression method=store","md5":"da9dd381752c0b132de9b266b1fbd5ce","sha1":"a6337af0e934662c18685ef7759ec7c34f49bc09","sha256":"eef82834ce64d09570d752de77f56d3750c2de4a720f1b827c7b667b0faf8985","sha512":"cda107b7bfa72c93cac3fd9b9475b6d5ea4177e98d21f735c0dd2446b873de8c5463684902ec7112622a55d8c19237b036d5f762e562953401bf048a28f93f10","ssdeep":"196608:9uzj2e2neu/rlqP/g5B4ykIO6XPs7hoL4ZicvLsl7upVv:9uzj0euzl77TOHhoUiL7upt","tlshash":"b976338ab6ebb3a2d62ff97c7eb703c213da9b0612b0416911e415ce15622c5d7d32dc","first_seen":"2025-01-16T21:13:28.672676Z","last_seen":"2025-01-20T11:09:38.286284Z","times_seen":3,"resource_available":false,"data":null}},"time_used":1197,"timings":{"blocked":63,"dns":1,"connect":26,"send":0,"wait":372,"receive":699,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}