{"report_id":"18e8a077-0363-41ab-8771-ca9b91cd0314","version":6,"status":"done","tags":[],"date":"2025-05-08T15:16:16Z","url":{"schema":"http","addr":"github.com/OrzScript/RC7-Executor/raw/refs/heads/main/RC7Blue.zip","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.4","port":0,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-17T15:16:14Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"github.com","ip":{"addr":"140.82.121.3","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"domain_registered":"2007-10-09","domain_rank":1423,"first_seen":"2016-07-13T12:28:22Z","last_seen":"2025-05-07T15:08:31.503422Z","alert_count":0,"request_count":1,"received_data":7725711,"sent_data":533,"comment":"","tags":null,"fingerprints":null},{"fqdn":"raw.githubusercontent.com","ip":{"addr":"185.199.109.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2014-02-06","domain_rank":35802,"first_seen":"2014-03-01T07:08:08Z","last_seen":"2025-05-07T21:37:52.190362Z","alert_count":1,"request_count":1,"received_data":7722529,"sent_data":544,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"2319e2b07a6c7c73c9e6d9b63b4d14b5","sha1":"e83f3058517358506bf4215333d62c626d099d4b","sha256":"af2a5dc53f4f8c9fea7daf4efd402062c87fcc6483876556f01e7587c84a511b","sha512":"b8e2e876d92855bfe1da4ea8e98455ef72baae14a303ba2ceab73c5df3b57942835302269859d1ef70f60c5b792be72a7d1e40468617d20ffe02075e2753f957","magic":"Zip archive data, at least v2.0 to extract, compression method=store","size":7721639,"url":{"schema":"https","addr":"raw.githubusercontent.com/OrzScript/RC7-Executor/refs/heads/main/RC7Blue.zip","fqdn":"raw.githubusercontent.com","domain":"raw.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.109.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":[{"path":"RC7 Blue 1.0.9/Auto_In.bmp","filename":"Auto_In.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 30 x 30 x 32, image size 3600, resolution 2834 x 2834 px/m, cbSize 3654, bits offset 54","size":3654,"md5":"9f07eb5ac04d49b394bc94104b6acc5a","sha1":"f63b41bf5c2126d4580a4c202f74c174d3e9bf2e","sha256":"00f98c4a1e4f2e56bc7da32c7f06fbdd41cdbaa73f4146ca4758d1d5abb35ab0","sha512":"e7a1558f54137df52cf91b359141ce8916aebc383fa4f74a36b3b81da0aba72f181ba709fd770524ad74ed07c76d422424098428a64b812e1bd87da137598ce5","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/bin/libcrypto-3-x64.dll","filename":"libcrypto-3-x64.dll","modified":"2025-03-31T23:40:59+02:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":4703232,"md5":"be0f6d1d60e149cedaca33a04963e05f","sha1":"b686e1ed9ae47b8ae803a5d9e912b0e631bc4217","sha256":"81a5fe6cd0ef5b083e5c4bdb6a40a30bfb1b0de15a9dfad459de2d6a36d94f86","sha512":"7b39dd8c70286ec4fe61cb2c3c12062f2dcbdda607c2f14c4f983741026f6aa62b60f9e983204949395cc54b5ebf6426c0f8300e0e385c35c1f2f3847160d7ff","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/bin/libssl-3-x64.dll","filename":"libssl-3-x64.dll","modified":"2025-03-31T23:41:00+02:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":821760,"md5":"733e3b58ee1760a442fec4712848c3ad","sha1":"529206caad19cce2424323bc29a9fb9a4bbd3e76","sha256":"159198cb8e740f9ad5918b51503121fd1b7e70460f6a4f6a6aa27576bbfa31c7","sha512":"10835ff09e35d8acb2739707219905b3ae2870af973d8f80040baeb732eb798fa93ef1bc599ad9898aff8e20ee21aa1f5e5e07340eda205aa938fc001cd83a88","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/bin/xxhash.dll","filename":"xxhash.dll","modified":"2025-03-31T23:41:01+02:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":47616,"md5":"70c514826d9428f184d27f0c8f397404","sha1":"e6b0b1a396de9913004d9bcaa230972686416bb6","sha256":"aff59e91d222b75b3e3ac789baba9e24eff99796261ae5e887ef9e3c28bb3d64","sha512":"168c63cbb54865ca42a884fd974291bcadd9dd8cf8bc1980148214e84498af42a590cb3d3a394765ee0b7d2e337fab6e85ff4f85d9ced97b92b540152202a0a6","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/bin/zstd.dll","filename":"zstd.dll","modified":"2025-03-31T23:41:01+02:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":653824,"md5":"5b96fb0d4e6453680da278f5b7e51a29","sha1":"3c96a29248fa3644de2c653a5d97c1e21b13a769","sha256":"1374391dafd6262795243a58f9fb234be859d940683fe756c64692ca807f0478","sha512":"27d06b7182aa48a81cce18f8f7b1bee054f3a862ccebd77d273a67c6a15e5d0ef5ba8fd7430976f445eb8bff51d290f2bb50061ac7ef448255ba8a18b8baf193","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Button_Clicked.bmp","filename":"Button_Clicked.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 100 x 23 x 24, image size 6900, resolution 2834 x 2834 px/m, cbSize 6954, bits offset 54","size":6954,"md5":"8759f845318b489aff36165644bf8137","sha1":"a9462423ef1692d760165dd3174140fb8e02623c","sha256":"e5fdf18ed7df96dd1574b5b928ecb206a358e71b564cfaeebfbb830ddaf9a7ab","sha512":"0e78647bcfecc924895083f9b71715e0c94817c417620ddeed5ed50bbe2a33897d39896c51dcc51c82e031016d9ba8ad3cef65ee86aec7caade9562783ad40f5","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Button_Hover.bmp","filename":"Button_Hover.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 100 x 23 x 24, image size 6900, resolution 2834 x 2834 px/m, cbSize 6954, bits offset 54","size":6954,"md5":"ed334aedea57b65dca00b5f1ba986bb0","sha1":"17e410e7c67accc1d6c74d301ca5dd2431df196c","sha256":"78b3603bfe1f490eaa197d5e8fdbdeabb7a9760ab011d2765a8e587147badcfe","sha512":"2ebcc70753b4e985256019151312db0262e45816d25625f3f3c8596aa22d5ffcbd7de719d270706fc36abd204eccaaa971ae75063a68bc7ccf1d6152874692df","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Button_Idle.bmp","filename":"Button_Idle.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 100 x 23 x 24, image size 6900, resolution 2834 x 2834 px/m, cbSize 6954, bits offset 54","size":6954,"md5":"3c8984ad92bad20ba68b4f48f69bca6b","sha1":"d932e8bd3bd2b2889d54a591a21cfbee68a5ebdf","sha256":"8998836c529bb40c3cc628a24ee45c48b756d7ab3090f88dd63432205231df75","sha512":"fa2b8b89678d107cea386b9450ad44300c65b3d07bd4cad34ae966b2a5fd625dc98f2539283ab904cf1cf57ed647bf350b954049e43bcf47c710d4302431f8ac","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/FastColoredTextBox.dll","filename":"FastColoredTextBox.dll","modified":"2025-04-02T09:16:26+02:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":320000,"md5":"896e676b61d15acec71bc4c485671c80","sha1":"84981eb280b8540a6683323db19e8eecfc99b36e","sha256":"b0c3346465beed4577868fda38cc51365dd2ed7867a5a6036e564bcb8ccfb45f","sha512":"18b8e5e8bb842fab9fc2c2608711a3d77a555692216eb9b0fb8b3d2a5c6308ab1a09cd12234aef3a5dd3d6bcdd0d55ba297ee3c737a97e6b01f7eabcd1dbad28","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Google_Drive_In.bmp","filename":"Google_Drive_In.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 30 x 30 x 32, image size 3600, resolution 2834 x 2834 px/m, cbSize 3654, bits offset 54","size":3654,"md5":"1ae4f60c0a13638d3cfaffe6bc2abc56","sha1":"cd9b47de13faa6ac02af6e4590c0905661f0dfce","sha256":"dae5f2c2407bec70d7d8732d22397446d688554a752aac28ba7cefee00f1d23a","sha512":"aa1f3dbc060257256bafc89480cbbc6cdead3fddbdceff925a336bda184cefa1b4282056e86699dca673e826fcd3b824537b97857fe986894b40445a704801c5","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Hide_Save.bmp","filename":"Hide_Save.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 39 x 328 x 24, image size 39360, resolution 2834 x 2834 px/m, cbSize 39414, bits offset 54","size":39414,"md5":"e05249b657dbeefe92757f2fabccc0d2","sha1":"184c6ae7375eb05924322100473fda8705c412d9","sha256":"76efa94e990ff30f56da27bec0fac812360b0c88638052ab962cb464bf20a94f","sha512":"5d21fb253abe24513a1a2d182907869f2ad95bc464803dbc82d4b9db744ff8f2d68a7047b67cfe812b83045910e0ad51024daaadcc0495052f38287eb909205d","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Hide_Side.bmp","filename":"Hide_Side.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 39 x 328 x 24, image size 39360, resolution 2834 x 2834 px/m, cbSize 39414, bits offset 54","size":39414,"md5":"e05249b657dbeefe92757f2fabccc0d2","sha1":"184c6ae7375eb05924322100473fda8705c412d9","sha256":"76efa94e990ff30f56da27bec0fac812360b0c88638052ab962cb464bf20a94f","sha512":"5d21fb253abe24513a1a2d182907869f2ad95bc464803dbc82d4b9db744ff8f2d68a7047b67cfe812b83045910e0ad51024daaadcc0495052f38287eb909205d","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Injector.exe","filename":"Injector.exe","modified":"2025-05-08T13:13:11+02:00","Modified":"","magic":"PE32+ executable (console) x86-64, for MS Windows, 10 sections","size":3855872,"md5":"f30930e1e01e44a73ffa6077d48d9fef","sha1":"06ddd69e2104019aa07ffd9e585bac2ce8600a12","sha256":"68c29f136bd1656ebaf4eb0c75fd3948ad511bb173970963d5197a84c866c0cd","sha512":"5753b1b20153e8366e8152c32c049866e37f5c4199222c3d96d13d9caf9e30ea1b783d912fd9037dd1d446400d1129521867fe3d5b90685b43f35bb1622de1cb","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-08","alert":"Scan result 19/66","trigger":"68c29f136bd1656ebaf4eb0c75fd3948ad511bb173970963d5197a84c866c0cd","verdict":"malicious","severity":"","comment":"malicious - 19/66","link":"https://www.virustotal.com/gui/file/68c29f136bd1656ebaf4eb0c75fd3948ad511bb173970963d5197a84c866c0cd","meta":null}]}},{"path":"RC7 Blue 1.0.9/Krystal_In.bmp","filename":"Krystal_In.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 30 x 30 x 32, image size 3600, resolution 2834 x 2834 px/m, cbSize 3654, bits offset 54","size":3654,"md5":"6c7ed9d60ffeedaebea4fe2a085b6681","sha1":"7ad6a0d8b1ccba3d9480ddbd11260fe82d0cb21d","sha256":"b9c5de2aadd85aaade2436e57bee3997fe4be682983f866d2e644d7c329ea189","sha512":"fb338f14dc2555581a7a090d0a0c416bd6bc45a9868159d22f10234cb553a23504d7a20254057f7876c9641d75c332908a8b895dae38cc28193e15a3719e0223","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/MainUI.bmp","filename":"MainUI.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 98/2000 and newer format, 339 x 328 x 32, cbSize 444906, bits offset 138","size":444906,"md5":"3eaefdfb19287629348295c14cc7c8d2","sha1":"c2ce386fdf59798e7525ffc3742cfe65ddf6411c","sha256":"d94eb1486b039fa6dbb02ec1a55c9939309d4a1891c15744949b3616b2307fbc","sha512":"3eec939a99007ce41b005ea1dca558c0925c823108c3e3e1962c832bedc51b8d56168176693d08f0fc705840d68e90829fc8d909f7f325ba63bb617d3a0b8337","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/RC7Executor.deps.json","filename":"RC7Executor.deps.json","modified":"2025-04-28T23:43:28+02:00","Modified":"","magic":"JSON text data","size":1375,"md5":"db0b912e550766e0ff764986d5037f4a","sha1":"91cf60c53b8b333bcda2bdc08d8832608de3c760","sha256":"ace4cf4a3040180e6bbe5bfbe8ce97649ecc240ec7dab3d0c1d302b656ed513e","sha512":"aeb7956bd5752500e3e68150dbb28ab7de312c4121e9ce97b1de1515443ff395b56e9fa33bfdaa17d5ef23d55d4fe8c8ceafe812c9143b12dc27e5fd8f9aa807","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/RC7Executor.dll","filename":"RC7Executor.dll","modified":"2025-04-28T23:43:28+02:00","Modified":"","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":384512,"md5":"6cab6f780666097fb44a3eef7e07d619","sha1":"1846b72010238e6d42aa0f2d630588732ee5ba33","sha256":"085d8b8094c2a419c5b6e6772c93534a98f4e8ec213b8be454634f2ef3c1cb8b","sha512":"eccacf021522d2b6232589a1786174c909ae3c71043b8531b02e7358ac80f1f40e6fc719af7f229c8572d2594c804a48181b8415ce578d0fd09648344615210a","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-08","alert":"Scan result 1/72","trigger":"085d8b8094c2a419c5b6e6772c93534a98f4e8ec213b8be454634f2ef3c1cb8b","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/085d8b8094c2a419c5b6e6772c93534a98f4e8ec213b8be454634f2ef3c1cb8b","meta":null}]}},{"path":"RC7 Blue 1.0.9/RC7Executor.exe","filename":"RC7Executor.exe","modified":"2025-04-28T23:43:28+02:00","Modified":"","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 6 sections","size":139264,"md5":"d8d5e7dffabf89ae6601dab2ddca1210","sha1":"41215c7a9654a5ded4a00a572679ba291538dfc3","sha256":"bb48fb57618ebd27d810702b9eef99b5fa3608a58b4db05d13a2bb6dad105f8f","sha512":"4bd91620b5e70d654149af703b6e08a6280ef2fddca6b56806a73c02e70a2929821c6d3a1f6b4c11016d8f724300eb9e9e61809a14e7ddaffc8efe86b260a973","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/RC7Executor.pdb","filename":"RC7Executor.pdb","modified":"2025-04-28T23:43:28+02:00","Modified":"","magic":"Microsoft Roslyn C# debugging symbols version 1.0","size":23976,"md5":"250937a1fcbfabb9b0dfac14d05ae6b0","sha1":"e958bed7dc4304e8eed3430e24b8051dac0a516e","sha256":"c6fcc5c8f3615dc9c45e41a228202b6ae09c1e23188c3fda42b2abcd293503ba","sha512":"70c5c412e51c3920beb6fa864951fe9e160957fcc5e9892693035cd17a1533efd41e5c7d0712e39f0b158289ea843a3aa42a14f205b67c348f3bd37271bdd35b","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/RC7Executor.runtimeconfig.json","filename":"RC7Executor.runtimeconfig.json","modified":"2025-04-11T22:55:37+02:00","Modified":"","magic":"JSON text data","size":515,"md5":"e0f6f18f9b152bc2d8c710b0214805d6","sha1":"ae3d39e59fd6edc05792a76cdf4f02a637f52e29","sha256":"89ad1ea5c9c20b6b266547ef27c0ae3840cab5642d3c2aedf06b7026245671dd","sha512":"80a6a9ff925bd1ba6f57fa1f7dd40de962001af97f8c2477d0b502728e23b6f412c74134e33efb36ccfeb08bbbeb678beb7e2e52fad24a763967eba8cf09b29e","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Save_In.bmp","filename":"Save_In.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 30 x 30 x 32, image size 3600, resolution 2834 x 2834 px/m, cbSize 3654, bits offset 54","size":3654,"md5":"a41c69985152925a91e105323ce0277c","sha1":"67e990a5645bf2f2b82429fe803104564816556e","sha256":"bf388a821cea8d5592d291ae721b4cf5e7e4628dc7cc88d5b3a829c36dcc9d87","sha512":"7b4f6ce91e2511bd58a67b64073e08b3b09ac3382170248540ca6c32ab18511a835ad1356b563821c975129692741e5318ec2351874cc4d812b71b036e36b4b1","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/S_Button_Click.bmp","filename":"S_Button_Click.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 95 x 25 x 32, image size 9500, resolution 2834 x 2834 px/m, cbSize 9554, bits offset 54","size":9554,"md5":"ad70b99c9a861ebd16ff54254d20fa3b","sha1":"6d317df172eab8f1c2930c5c0169d08558eeb5a7","sha256":"71316f9824522bf7bd10bb0392b2f5ff6fd524762fe69514ae0cb30582670530","sha512":"8507a88211204aef7fa5148f2514520715b20bf148ecd3403de4e7f35dd0fba2d6d9a0a686e5ebb65664535316f6f21f883a4f571df76a4960961e07ef95c2b1","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/S_Button_Hover.bmp","filename":"S_Button_Hover.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 95 x 25 x 32, image size 9500, resolution 2834 x 2834 px/m, cbSize 9554, bits offset 54","size":9554,"md5":"bdb036cd54ff291e3193edf460587bb5","sha1":"d2da06d8d041ef3b5870338380aceffeed547be9","sha256":"48465771877114b587c0e44026e34cfd38731248e89c5655c8aba6daeeca3c11","sha512":"0586132d8a2e9a7efb4c8b4fffae05c48987b55edd57b577eef31a8ac57512abfb280bac08ed051844246058ce80d7b094e1a9f477f8f785e706f850ab8c1841","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/S_Button_Idle.bmp","filename":"S_Button_Idle.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 95 x 25 x 32, image size 9500, resolution 2834 x 2834 px/m, cbSize 9554, bits offset 54","size":9554,"md5":"85b62f3297228256b13668ca2fb3f1e2","sha1":"106c4a9ca28fdabd397c82a3b7173b6e2d05f6bd","sha256":"15cf2db423623ce6890d743300dbd273eb7489da67840db2a345edef8ada8f25","sha512":"f4f099b4ae7a6fa760fc2ce3d5802d97401d566ca869c98e52fe194a2c279dc1328d5f03177ffa885cfc9e06538d60171bfd579a1d31c4420b41bb1cadb68d19","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/TextBox.bmp","filename":"TextBox.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 156 x 24 x 32, image size 14978, resolution 2834 x 2834 px/m, cbSize 15032, bits offset 54","size":15032,"md5":"3d9fb26550a36867be46862587faf3b1","sha1":"f2d1339431c373690c9d5dd8e890521dfd9cae89","sha256":"28bd719fd8c671f1584322b5616704de6ee7903a517e9c3c6f3f013fa21b6d7a","sha512":"d18e0809f6d4a50b36605298252d7ab1ae186c6807fb53fb5689ac011c06b87eb374f02785fd18c8cae96a9fee5df432709eab95f1130743d3f678e8378a08cf","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Vanity.dll","filename":"Vanity.dll","modified":"2025-05-08T13:13:20+02:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":2372608,"md5":"4d46530581c85171f6a8cafee4114e0f","sha1":"e693c6de60a8499abf99e9051e54b16bfd4e2cf8","sha256":"40f136206519b7b0a85a21d509c17b17414c80b3e60c569fcd6a46ac64ccdcc9","sha512":"a3c83ef8d39086f08aeccf58b794c15667f13934646eb98079a3b8eea4e8f1f6a26ed0ca6fc004eb802d4e70bb45c89a78f281bde4522111c73691fa645d818c","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-08","alert":"Scan result 4/72","trigger":"40f136206519b7b0a85a21d509c17b17414c80b3e60c569fcd6a46ac64ccdcc9","verdict":"suspicious","severity":"","comment":"suspicious - 4/72","link":"https://www.virustotal.com/gui/file/40f136206519b7b0a85a21d509c17b17414c80b3e60c569fcd6a46ac64ccdcc9","meta":null}]}},{"path":"RC7 Blue 1.0.9/VanityAPI.dll","filename":"VanityAPI.dll","modified":"2025-05-08T13:13:20+02:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":7168,"md5":"0d0915cd4570ca53951491ce93f6ec2d","sha1":"3a10585dce76d370e84a16d20318271bee7f552d","sha256":"693684aa104ec1b84b28d2a8b204c818c051017a9cedfd2c385dce5f9bc7f75d","sha512":"ec50368a1811e6be353b3038aec5bea5ad5be71197be3402f218c1c75f890e433f8fcc5697f660eca4cbd88a041066a2449179c138964424d6e8b02ff116e551","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Wofly_In.bmp","filename":"Wofly_In.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 30 x 30 x 32, image size 3600, resolution 2834 x 2834 px/m, cbSize 3654, bits offset 54","size":3654,"md5":"36633e5febc8075f1af181eb5b3a601b","sha1":"3e80048eddc7412a98736897fbe9692af1d06901","sha256":"26db94c12df8da5e86728f7986f1e4445799fb4dd5878c34e0943b0b35a5219c","sha512":"c2b63bd401d6114f77a8ea127886a1bbf3eef2a31e38484353c3ef8dbf7c7c29d4309285b266b5fa2c73852b51d282a5d88aceb04822a32b7f5e2e444397ce51","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/WordWrap_In.bmp","filename":"WordWrap_In.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 30 x 30 x 32, image size 3600, resolution 2834 x 2834 px/m, cbSize 3654, bits offset 54","size":3654,"md5":"e1c9ad4741f1529680e7c226e5723640","sha1":"70b423c23248b003cd375ccae25a9d8ec74d7ceb","sha256":"149cbaaebb23cc8daf1662b977c8da01b604074a480411038c40620910d88f5c","sha512":"add5d47b539d47c8721f448895a402318dee18137d7cf07a090851cd3893f93a3c1ec44064364ed646785dec3aa4a2412dedfd4128960349eaf711df4442fda6","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-08","alert":"Scan result 13/65","trigger":"af2a5dc53f4f8c9fea7daf4efd402062c87fcc6483876556f01e7587c84a511b","verdict":"malicious","severity":"","comment":"malicious - 13/65","link":"https://www.virustotal.com/gui/file/af2a5dc53f4f8c9fea7daf4efd402062c87fcc6483876556f01e7587c84a511b","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"2319e2b07a6c7c73c9e6d9b63b4d14b5","sha1":"e83f3058517358506bf4215333d62c626d099d4b","sha256":"af2a5dc53f4f8c9fea7daf4efd402062c87fcc6483876556f01e7587c84a511b","sha512":"b8e2e876d92855bfe1da4ea8e98455ef72baae14a303ba2ceab73c5df3b57942835302269859d1ef70f60c5b792be72a7d1e40468617d20ffe02075e2753f957","magic":"Zip archive data, at least v2.0 to extract, compression method=store","size":7721639,"url":{"schema":"https","addr":"raw.githubusercontent.com/OrzScript/RC7-Executor/refs/heads/main/RC7Blue.zip","fqdn":"raw.githubusercontent.com","domain":"raw.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.109.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":[{"path":"RC7 Blue 1.0.9/Auto_In.bmp","filename":"Auto_In.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 30 x 30 x 32, image size 3600, resolution 2834 x 2834 px/m, cbSize 3654, bits offset 54","size":3654,"md5":"9f07eb5ac04d49b394bc94104b6acc5a","sha1":"f63b41bf5c2126d4580a4c202f74c174d3e9bf2e","sha256":"00f98c4a1e4f2e56bc7da32c7f06fbdd41cdbaa73f4146ca4758d1d5abb35ab0","sha512":"e7a1558f54137df52cf91b359141ce8916aebc383fa4f74a36b3b81da0aba72f181ba709fd770524ad74ed07c76d422424098428a64b812e1bd87da137598ce5","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/bin/libcrypto-3-x64.dll","filename":"libcrypto-3-x64.dll","modified":"2025-03-31T23:40:59+02:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":4703232,"md5":"be0f6d1d60e149cedaca33a04963e05f","sha1":"b686e1ed9ae47b8ae803a5d9e912b0e631bc4217","sha256":"81a5fe6cd0ef5b083e5c4bdb6a40a30bfb1b0de15a9dfad459de2d6a36d94f86","sha512":"7b39dd8c70286ec4fe61cb2c3c12062f2dcbdda607c2f14c4f983741026f6aa62b60f9e983204949395cc54b5ebf6426c0f8300e0e385c35c1f2f3847160d7ff","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/bin/libssl-3-x64.dll","filename":"libssl-3-x64.dll","modified":"2025-03-31T23:41:00+02:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":821760,"md5":"733e3b58ee1760a442fec4712848c3ad","sha1":"529206caad19cce2424323bc29a9fb9a4bbd3e76","sha256":"159198cb8e740f9ad5918b51503121fd1b7e70460f6a4f6a6aa27576bbfa31c7","sha512":"10835ff09e35d8acb2739707219905b3ae2870af973d8f80040baeb732eb798fa93ef1bc599ad9898aff8e20ee21aa1f5e5e07340eda205aa938fc001cd83a88","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/bin/xxhash.dll","filename":"xxhash.dll","modified":"2025-03-31T23:41:01+02:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":47616,"md5":"70c514826d9428f184d27f0c8f397404","sha1":"e6b0b1a396de9913004d9bcaa230972686416bb6","sha256":"aff59e91d222b75b3e3ac789baba9e24eff99796261ae5e887ef9e3c28bb3d64","sha512":"168c63cbb54865ca42a884fd974291bcadd9dd8cf8bc1980148214e84498af42a590cb3d3a394765ee0b7d2e337fab6e85ff4f85d9ced97b92b540152202a0a6","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/bin/zstd.dll","filename":"zstd.dll","modified":"2025-03-31T23:41:01+02:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":653824,"md5":"5b96fb0d4e6453680da278f5b7e51a29","sha1":"3c96a29248fa3644de2c653a5d97c1e21b13a769","sha256":"1374391dafd6262795243a58f9fb234be859d940683fe756c64692ca807f0478","sha512":"27d06b7182aa48a81cce18f8f7b1bee054f3a862ccebd77d273a67c6a15e5d0ef5ba8fd7430976f445eb8bff51d290f2bb50061ac7ef448255ba8a18b8baf193","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Button_Clicked.bmp","filename":"Button_Clicked.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 100 x 23 x 24, image size 6900, resolution 2834 x 2834 px/m, cbSize 6954, bits offset 54","size":6954,"md5":"8759f845318b489aff36165644bf8137","sha1":"a9462423ef1692d760165dd3174140fb8e02623c","sha256":"e5fdf18ed7df96dd1574b5b928ecb206a358e71b564cfaeebfbb830ddaf9a7ab","sha512":"0e78647bcfecc924895083f9b71715e0c94817c417620ddeed5ed50bbe2a33897d39896c51dcc51c82e031016d9ba8ad3cef65ee86aec7caade9562783ad40f5","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Button_Hover.bmp","filename":"Button_Hover.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 100 x 23 x 24, image size 6900, resolution 2834 x 2834 px/m, cbSize 6954, bits offset 54","size":6954,"md5":"ed334aedea57b65dca00b5f1ba986bb0","sha1":"17e410e7c67accc1d6c74d301ca5dd2431df196c","sha256":"78b3603bfe1f490eaa197d5e8fdbdeabb7a9760ab011d2765a8e587147badcfe","sha512":"2ebcc70753b4e985256019151312db0262e45816d25625f3f3c8596aa22d5ffcbd7de719d270706fc36abd204eccaaa971ae75063a68bc7ccf1d6152874692df","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Button_Idle.bmp","filename":"Button_Idle.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 100 x 23 x 24, image size 6900, resolution 2834 x 2834 px/m, cbSize 6954, bits offset 54","size":6954,"md5":"3c8984ad92bad20ba68b4f48f69bca6b","sha1":"d932e8bd3bd2b2889d54a591a21cfbee68a5ebdf","sha256":"8998836c529bb40c3cc628a24ee45c48b756d7ab3090f88dd63432205231df75","sha512":"fa2b8b89678d107cea386b9450ad44300c65b3d07bd4cad34ae966b2a5fd625dc98f2539283ab904cf1cf57ed647bf350b954049e43bcf47c710d4302431f8ac","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/FastColoredTextBox.dll","filename":"FastColoredTextBox.dll","modified":"2025-04-02T09:16:26+02:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":320000,"md5":"896e676b61d15acec71bc4c485671c80","sha1":"84981eb280b8540a6683323db19e8eecfc99b36e","sha256":"b0c3346465beed4577868fda38cc51365dd2ed7867a5a6036e564bcb8ccfb45f","sha512":"18b8e5e8bb842fab9fc2c2608711a3d77a555692216eb9b0fb8b3d2a5c6308ab1a09cd12234aef3a5dd3d6bcdd0d55ba297ee3c737a97e6b01f7eabcd1dbad28","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Google_Drive_In.bmp","filename":"Google_Drive_In.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 30 x 30 x 32, image size 3600, resolution 2834 x 2834 px/m, cbSize 3654, bits offset 54","size":3654,"md5":"1ae4f60c0a13638d3cfaffe6bc2abc56","sha1":"cd9b47de13faa6ac02af6e4590c0905661f0dfce","sha256":"dae5f2c2407bec70d7d8732d22397446d688554a752aac28ba7cefee00f1d23a","sha512":"aa1f3dbc060257256bafc89480cbbc6cdead3fddbdceff925a336bda184cefa1b4282056e86699dca673e826fcd3b824537b97857fe986894b40445a704801c5","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Hide_Save.bmp","filename":"Hide_Save.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 39 x 328 x 24, image size 39360, resolution 2834 x 2834 px/m, cbSize 39414, bits offset 54","size":39414,"md5":"e05249b657dbeefe92757f2fabccc0d2","sha1":"184c6ae7375eb05924322100473fda8705c412d9","sha256":"76efa94e990ff30f56da27bec0fac812360b0c88638052ab962cb464bf20a94f","sha512":"5d21fb253abe24513a1a2d182907869f2ad95bc464803dbc82d4b9db744ff8f2d68a7047b67cfe812b83045910e0ad51024daaadcc0495052f38287eb909205d","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Hide_Side.bmp","filename":"Hide_Side.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 39 x 328 x 24, image size 39360, resolution 2834 x 2834 px/m, cbSize 39414, bits offset 54","size":39414,"md5":"e05249b657dbeefe92757f2fabccc0d2","sha1":"184c6ae7375eb05924322100473fda8705c412d9","sha256":"76efa94e990ff30f56da27bec0fac812360b0c88638052ab962cb464bf20a94f","sha512":"5d21fb253abe24513a1a2d182907869f2ad95bc464803dbc82d4b9db744ff8f2d68a7047b67cfe812b83045910e0ad51024daaadcc0495052f38287eb909205d","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Injector.exe","filename":"Injector.exe","modified":"2025-05-08T13:13:11+02:00","Modified":"","magic":"PE32+ executable (console) x86-64, for MS Windows, 10 sections","size":3855872,"md5":"f30930e1e01e44a73ffa6077d48d9fef","sha1":"06ddd69e2104019aa07ffd9e585bac2ce8600a12","sha256":"68c29f136bd1656ebaf4eb0c75fd3948ad511bb173970963d5197a84c866c0cd","sha512":"5753b1b20153e8366e8152c32c049866e37f5c4199222c3d96d13d9caf9e30ea1b783d912fd9037dd1d446400d1129521867fe3d5b90685b43f35bb1622de1cb","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-08","alert":"Scan result 19/66","trigger":"68c29f136bd1656ebaf4eb0c75fd3948ad511bb173970963d5197a84c866c0cd","verdict":"malicious","severity":"","comment":"malicious - 19/66","link":"https://www.virustotal.com/gui/file/68c29f136bd1656ebaf4eb0c75fd3948ad511bb173970963d5197a84c866c0cd","meta":null}]}},{"path":"RC7 Blue 1.0.9/Krystal_In.bmp","filename":"Krystal_In.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 30 x 30 x 32, image size 3600, resolution 2834 x 2834 px/m, cbSize 3654, bits offset 54","size":3654,"md5":"6c7ed9d60ffeedaebea4fe2a085b6681","sha1":"7ad6a0d8b1ccba3d9480ddbd11260fe82d0cb21d","sha256":"b9c5de2aadd85aaade2436e57bee3997fe4be682983f866d2e644d7c329ea189","sha512":"fb338f14dc2555581a7a090d0a0c416bd6bc45a9868159d22f10234cb553a23504d7a20254057f7876c9641d75c332908a8b895dae38cc28193e15a3719e0223","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/MainUI.bmp","filename":"MainUI.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 98/2000 and newer format, 339 x 328 x 32, cbSize 444906, bits offset 138","size":444906,"md5":"3eaefdfb19287629348295c14cc7c8d2","sha1":"c2ce386fdf59798e7525ffc3742cfe65ddf6411c","sha256":"d94eb1486b039fa6dbb02ec1a55c9939309d4a1891c15744949b3616b2307fbc","sha512":"3eec939a99007ce41b005ea1dca558c0925c823108c3e3e1962c832bedc51b8d56168176693d08f0fc705840d68e90829fc8d909f7f325ba63bb617d3a0b8337","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/RC7Executor.deps.json","filename":"RC7Executor.deps.json","modified":"2025-04-28T23:43:28+02:00","Modified":"","magic":"JSON text data","size":1375,"md5":"db0b912e550766e0ff764986d5037f4a","sha1":"91cf60c53b8b333bcda2bdc08d8832608de3c760","sha256":"ace4cf4a3040180e6bbe5bfbe8ce97649ecc240ec7dab3d0c1d302b656ed513e","sha512":"aeb7956bd5752500e3e68150dbb28ab7de312c4121e9ce97b1de1515443ff395b56e9fa33bfdaa17d5ef23d55d4fe8c8ceafe812c9143b12dc27e5fd8f9aa807","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/RC7Executor.dll","filename":"RC7Executor.dll","modified":"2025-04-28T23:43:28+02:00","Modified":"","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":384512,"md5":"6cab6f780666097fb44a3eef7e07d619","sha1":"1846b72010238e6d42aa0f2d630588732ee5ba33","sha256":"085d8b8094c2a419c5b6e6772c93534a98f4e8ec213b8be454634f2ef3c1cb8b","sha512":"eccacf021522d2b6232589a1786174c909ae3c71043b8531b02e7358ac80f1f40e6fc719af7f229c8572d2594c804a48181b8415ce578d0fd09648344615210a","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-08","alert":"Scan result 1/72","trigger":"085d8b8094c2a419c5b6e6772c93534a98f4e8ec213b8be454634f2ef3c1cb8b","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/085d8b8094c2a419c5b6e6772c93534a98f4e8ec213b8be454634f2ef3c1cb8b","meta":null}]}},{"path":"RC7 Blue 1.0.9/RC7Executor.exe","filename":"RC7Executor.exe","modified":"2025-04-28T23:43:28+02:00","Modified":"","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 6 sections","size":139264,"md5":"d8d5e7dffabf89ae6601dab2ddca1210","sha1":"41215c7a9654a5ded4a00a572679ba291538dfc3","sha256":"bb48fb57618ebd27d810702b9eef99b5fa3608a58b4db05d13a2bb6dad105f8f","sha512":"4bd91620b5e70d654149af703b6e08a6280ef2fddca6b56806a73c02e70a2929821c6d3a1f6b4c11016d8f724300eb9e9e61809a14e7ddaffc8efe86b260a973","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/RC7Executor.pdb","filename":"RC7Executor.pdb","modified":"2025-04-28T23:43:28+02:00","Modified":"","magic":"Microsoft Roslyn C# debugging symbols version 1.0","size":23976,"md5":"250937a1fcbfabb9b0dfac14d05ae6b0","sha1":"e958bed7dc4304e8eed3430e24b8051dac0a516e","sha256":"c6fcc5c8f3615dc9c45e41a228202b6ae09c1e23188c3fda42b2abcd293503ba","sha512":"70c5c412e51c3920beb6fa864951fe9e160957fcc5e9892693035cd17a1533efd41e5c7d0712e39f0b158289ea843a3aa42a14f205b67c348f3bd37271bdd35b","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/RC7Executor.runtimeconfig.json","filename":"RC7Executor.runtimeconfig.json","modified":"2025-04-11T22:55:37+02:00","Modified":"","magic":"JSON text data","size":515,"md5":"e0f6f18f9b152bc2d8c710b0214805d6","sha1":"ae3d39e59fd6edc05792a76cdf4f02a637f52e29","sha256":"89ad1ea5c9c20b6b266547ef27c0ae3840cab5642d3c2aedf06b7026245671dd","sha512":"80a6a9ff925bd1ba6f57fa1f7dd40de962001af97f8c2477d0b502728e23b6f412c74134e33efb36ccfeb08bbbeb678beb7e2e52fad24a763967eba8cf09b29e","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Save_In.bmp","filename":"Save_In.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 30 x 30 x 32, image size 3600, resolution 2834 x 2834 px/m, cbSize 3654, bits offset 54","size":3654,"md5":"a41c69985152925a91e105323ce0277c","sha1":"67e990a5645bf2f2b82429fe803104564816556e","sha256":"bf388a821cea8d5592d291ae721b4cf5e7e4628dc7cc88d5b3a829c36dcc9d87","sha512":"7b4f6ce91e2511bd58a67b64073e08b3b09ac3382170248540ca6c32ab18511a835ad1356b563821c975129692741e5318ec2351874cc4d812b71b036e36b4b1","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/S_Button_Click.bmp","filename":"S_Button_Click.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 95 x 25 x 32, image size 9500, resolution 2834 x 2834 px/m, cbSize 9554, bits offset 54","size":9554,"md5":"ad70b99c9a861ebd16ff54254d20fa3b","sha1":"6d317df172eab8f1c2930c5c0169d08558eeb5a7","sha256":"71316f9824522bf7bd10bb0392b2f5ff6fd524762fe69514ae0cb30582670530","sha512":"8507a88211204aef7fa5148f2514520715b20bf148ecd3403de4e7f35dd0fba2d6d9a0a686e5ebb65664535316f6f21f883a4f571df76a4960961e07ef95c2b1","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/S_Button_Hover.bmp","filename":"S_Button_Hover.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 95 x 25 x 32, image size 9500, resolution 2834 x 2834 px/m, cbSize 9554, bits offset 54","size":9554,"md5":"bdb036cd54ff291e3193edf460587bb5","sha1":"d2da06d8d041ef3b5870338380aceffeed547be9","sha256":"48465771877114b587c0e44026e34cfd38731248e89c5655c8aba6daeeca3c11","sha512":"0586132d8a2e9a7efb4c8b4fffae05c48987b55edd57b577eef31a8ac57512abfb280bac08ed051844246058ce80d7b094e1a9f477f8f785e706f850ab8c1841","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/S_Button_Idle.bmp","filename":"S_Button_Idle.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 95 x 25 x 32, image size 9500, resolution 2834 x 2834 px/m, cbSize 9554, bits offset 54","size":9554,"md5":"85b62f3297228256b13668ca2fb3f1e2","sha1":"106c4a9ca28fdabd397c82a3b7173b6e2d05f6bd","sha256":"15cf2db423623ce6890d743300dbd273eb7489da67840db2a345edef8ada8f25","sha512":"f4f099b4ae7a6fa760fc2ce3d5802d97401d566ca869c98e52fe194a2c279dc1328d5f03177ffa885cfc9e06538d60171bfd579a1d31c4420b41bb1cadb68d19","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/TextBox.bmp","filename":"TextBox.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 156 x 24 x 32, image size 14978, resolution 2834 x 2834 px/m, cbSize 15032, bits offset 54","size":15032,"md5":"3d9fb26550a36867be46862587faf3b1","sha1":"f2d1339431c373690c9d5dd8e890521dfd9cae89","sha256":"28bd719fd8c671f1584322b5616704de6ee7903a517e9c3c6f3f013fa21b6d7a","sha512":"d18e0809f6d4a50b36605298252d7ab1ae186c6807fb53fb5689ac011c06b87eb374f02785fd18c8cae96a9fee5df432709eab95f1130743d3f678e8378a08cf","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Vanity.dll","filename":"Vanity.dll","modified":"2025-05-08T13:13:20+02:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":2372608,"md5":"4d46530581c85171f6a8cafee4114e0f","sha1":"e693c6de60a8499abf99e9051e54b16bfd4e2cf8","sha256":"40f136206519b7b0a85a21d509c17b17414c80b3e60c569fcd6a46ac64ccdcc9","sha512":"a3c83ef8d39086f08aeccf58b794c15667f13934646eb98079a3b8eea4e8f1f6a26ed0ca6fc004eb802d4e70bb45c89a78f281bde4522111c73691fa645d818c","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-08","alert":"Scan result 4/72","trigger":"40f136206519b7b0a85a21d509c17b17414c80b3e60c569fcd6a46ac64ccdcc9","verdict":"suspicious","severity":"","comment":"suspicious - 4/72","link":"https://www.virustotal.com/gui/file/40f136206519b7b0a85a21d509c17b17414c80b3e60c569fcd6a46ac64ccdcc9","meta":null}]}},{"path":"RC7 Blue 1.0.9/VanityAPI.dll","filename":"VanityAPI.dll","modified":"2025-05-08T13:13:20+02:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":7168,"md5":"0d0915cd4570ca53951491ce93f6ec2d","sha1":"3a10585dce76d370e84a16d20318271bee7f552d","sha256":"693684aa104ec1b84b28d2a8b204c818c051017a9cedfd2c385dce5f9bc7f75d","sha512":"ec50368a1811e6be353b3038aec5bea5ad5be71197be3402f218c1c75f890e433f8fcc5697f660eca4cbd88a041066a2449179c138964424d6e8b02ff116e551","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/Wofly_In.bmp","filename":"Wofly_In.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 30 x 30 x 32, image size 3600, resolution 2834 x 2834 px/m, cbSize 3654, bits offset 54","size":3654,"md5":"36633e5febc8075f1af181eb5b3a601b","sha1":"3e80048eddc7412a98736897fbe9692af1d06901","sha256":"26db94c12df8da5e86728f7986f1e4445799fb4dd5878c34e0943b0b35a5219c","sha512":"c2b63bd401d6114f77a8ea127886a1bbf3eef2a31e38484353c3ef8dbf7c7c29d4309285b266b5fa2c73852b51d282a5d88aceb04822a32b7f5e2e444397ce51","alerts":{"urlquery":null,"analyzer":null}},{"path":"RC7 Blue 1.0.9/WordWrap_In.bmp","filename":"WordWrap_In.bmp","modified":"2025-02-06T20:17:16+01:00","Modified":"","magic":"PC bitmap, Windows 3.x format, 30 x 30 x 32, image size 3600, resolution 2834 x 2834 px/m, cbSize 3654, bits offset 54","size":3654,"md5":"e1c9ad4741f1529680e7c226e5723640","sha1":"70b423c23248b003cd375ccae25a9d8ec74d7ceb","sha256":"149cbaaebb23cc8daf1662b977c8da01b604074a480411038c40620910d88f5c","sha512":"add5d47b539d47c8721f448895a402318dee18137d7cf07a090851cd3893f93a3c1ec44064364ed646785dec3aa4a2412dedfd4128960349eaf711df4442fda6","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-08","alert":"Scan result 13/65","trigger":"af2a5dc53f4f8c9fea7daf4efd402062c87fcc6483876556f01e7587c84a511b","verdict":"malicious","severity":"","comment":"malicious - 13/65","link":"https://www.virustotal.com/gui/file/af2a5dc53f4f8c9fea7daf4efd402062c87fcc6483876556f01e7587c84a511b","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"github.com/OrzScript/RC7-Executor/raw/refs/heads/main/RC7Blue.zip","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.3","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-08T15:15:41.474Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"github.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Thu, 05 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A","sha256":"B8:BB:81:87:68:33:87:39:42:04:5A:8D:F8:F0:62:19:E0:06:02:EB:CB:43:84:C7:AB:C2:4F:18:37:9C:87:F5"}}},"request":{"raw":"GET /OrzScript/RC7-Executor/raw/refs/heads/main/RC7Blue.zip HTTP/1.1\r\nHost: github.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Thu, 08 May 2025 15:15:41 GMT\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 0\r\nvary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame,Accept-Encoding, Accept, X-Requested-With\r\naccess-control-allow-origin: \r\nlocation: https://raw.githubusercontent.com/OrzScript/RC7-Executor/refs/heads/main/RC7Blue.zip\r\ncache-control: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nx-frame-options: deny\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/\r\nserver: github.com\r\nx-github-request-id: 7E79:21DAE2:D4C173:D91CFC:681CCA9D\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":7721639,"size_decoded":0,"mime_type":"application/zip","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T18:47:00.89111Z","times_seen":13342615,"resource_available":true,"data":null}},"time_used":569,"timings":{"blocked":91,"dns":4,"connect":21,"send":0,"wait":386,"receive":0,"ssl":64},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"raw.githubusercontent.com/OrzScript/RC7-Executor/refs/heads/main/RC7Blue.zip","fqdn":"raw.githubusercontent.com","domain":"raw.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.109.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-08T15:15:41.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Sat, 07 Mar 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91","sha256":"7D:11:22:EA:96:98:52:34:1E:8D:D9:2B:CC:0C:7E:CC:00:96:30:D1:4D:A7:34:D7:CA:42:D5:B5:4A:2B:20:97"}}},"request":{"raw":"GET /OrzScript/RC7-Executor/refs/heads/main/RC7Blue.zip HTTP/1.1\r\nHost: raw.githubusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: max-age=300\r\ncontent-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox\r\ncontent-type: application/zip\r\netag: W/\"216f0c152d6ff07924664e15171689c4d8378637c17375819560a318ec1daf2a\"\r\nstrict-transport-security: max-age=31536000\r\nx-content-type-options: nosniff\r\nx-frame-options: deny\r\nx-xss-protection: 1; mode=block\r\nx-github-request-id: 8CBE:141E12:250BE0:286790:681CCA9B\r\naccept-ranges: bytes\r\ndate: Thu, 08 May 2025 15:15:42 GMT\r\nvia: 1.1 varnish\r\nx-served-by: cache-hel1410025-HEL\r\nx-cache: MISS\r\nx-cache-hits: 0\r\nx-timer: S1746717342.014349,VS0,VE309\r\nvary: Authorization,Accept-Encoding,Origin\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nx-fastly-request-id: f906c5ca22c0e80d4cc0a2b95cb2cf7a688d8e6f\r\nexpires: Thu, 08 May 2025 15:20:42 GMT\r\nsource-age: 0\r\ncontent-length: 7721639\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7721639,"size_decoded":0,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=store","md5":"2319e2b07a6c7c73c9e6d9b63b4d14b5","sha1":"e83f3058517358506bf4215333d62c626d099d4b","sha256":"af2a5dc53f4f8c9fea7daf4efd402062c87fcc6483876556f01e7587c84a511b","sha512":"b8e2e876d92855bfe1da4ea8e98455ef72baae14a303ba2ceab73c5df3b57942835302269859d1ef70f60c5b792be72a7d1e40468617d20ffe02075e2753f957","ssdeep":"196608:rdIglYoN7fJPuJtbc3NQBuO/e4aNgQlh0ORW1t:rdzYoN7fUY3NGuOWFMout","tlshash":"c57633876d7a8de6ebdee17399c4c9a8bfc383d79b621004170156f0ab39d4b46634c2","first_seen":"2025-05-08T15:16:31.342092Z","last_seen":"2025-05-08T15:32:06.810432Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1178,"timings":{"blocked":45,"dns":5,"connect":14,"send":0,"wait":324,"receive":763,"ssl":24},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-08","alert":"Scan result 13/65","trigger":"af2a5dc53f4f8c9fea7daf4efd402062c87fcc6483876556f01e7587c84a511b","verdict":"malicious","severity":"","comment":"malicious - 13/65","link":"https://www.virustotal.com/gui/file/af2a5dc53f4f8c9fea7daf4efd402062c87fcc6483876556f01e7587c84a511b","meta":null}],"urlquery":null}}]}