{"report_id":"6abe215a-dbad-40c5-8d60-094e1e9fc6ad","version":6,"status":"done","tags":[],"date":"2025-04-01T20:06:25Z","url":{"schema":"http","addr":"mms.alliedmods.net/mmsdrop/2.0/mmsource-2.0.0-git1344-windows.zip","fqdn":"mms.alliedmods.net","domain":"alliedmods.net","tld":"net"},"ip":{"addr":"172.67.73.151","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-10T20:06:23Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"mms.alliedmods.net","ip":{"addr":"104.26.9.106","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2005-10-08","domain_rank":0,"first_seen":"2015-06-26T09:53:33Z","last_seen":"2025-04-01T20:06:02.222033Z","alert_count":0,"request_count":1,"received_data":6671629,"sent_data":533,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"9e13f47c9dde0731b6294c488687e1ca","sha1":"82519a3bbcdb046a0af252db9b784bbeb0f3d4fe","sha256":"1405d1dc59a334ec7970fa994d4b80049a38a2ff50eb36e1a26425d440aed98c","sha512":"138e2afdaf7dd415ce40e2591673a7bea975cabc552bcf458159732c341691585c316bf3ad4e34968c022be4e1841b7cc99dc5d367d9a16eeee41e2f5a8acf23","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":6670697,"url":{"schema":"https","addr":"mms.alliedmods.net/mmsdrop/2.0/mmsource-2.0.0-git1344-windows.zip","fqdn":"mms.alliedmods.net","domain":"alliedmods.net","tld":"net"},"ip":{"addr":"104.26.9.106","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"addons/metamod/bin/metamod.2.bgt.dll","filename":"metamod.2.bgt.dll","modified":"2025-03-16T09:46:45-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"997112855d0ded3012cb58f4d981a7d1","sha1":"25ee2a37a938383fe8da042fba1d0dbe5a2a4b7f","sha256":"93149640deefdc847450f47c5b4725d35b4c4b95e6de23c79a711ddce2f85cd4","sha512":"15147b7a2b9d2c88b5db3c22276cc718dfd27e573b8cb2b6b4ad10576ae73e95be1c75efe2caa7675da9a9e1f62b74c270c9313c2b8a93f97aff60aa25c135a1","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.bgt.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.blade.dll","filename":"metamod.2.blade.dll","modified":"2025-03-16T09:47:11-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"58f2ff672598589ad23eac54b7d18dc2","sha1":"b97fead4257045afc094585ec8bcdfc4f1617c3e","sha256":"e7a2b4877d95a4eef5c77f46e6e1b2a01f072dc8d068cbce5b0b13993e895954","sha512":"2e7a9169e25218a8de0ddbdefc6290975c85393e226bfb4cba28addfc2a51ae7e0db4ee95afe797186bb97abc523be6d13eb9d19428ecc038038a7c0391b3956","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.blade.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.bms.dll","filename":"metamod.2.bms.dll","modified":"2025-03-16T09:47:44-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":287232,"md5":"44dc80cb9174f60e02aa6a31f0c662d8","sha1":"610f325ed9f12938c32962a076f5b1ba10680289","sha256":"6f4482ff1fbc7f4c23c74c1815827e9c02245fc26bda49e76346628eab14757d","sha512":"bb15939c79a809d2e6d3e31805340959da6e28eb8f478e41ab9525e53f8e626a4bde93d22ce16c4b958fb71e223b138fe051f015b0ac6663519621c93fa924b4","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.bms.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.contagion.dll","filename":"metamod.2.contagion.dll","modified":"2025-03-16T09:46:04-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"12dbd32e50a006ddb64487c977e36a9b","sha1":"c186b627a798b1eb030169e117db00bcd28a713b","sha256":"2bf069ef09ca50f177237f619c09c0d4172e6ff11bf98908b440f1d7504a7de7","sha512":"9b34069b945d1699c8cc128462b84b7f77ad3ee94132aae6f55f9128ea9b14b6cf905165d058ee8b352fa6dbd0e4eebdfdd6a369afa83f9e6ab5879d3c7f22a1","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.contagion.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.csgo.dll","filename":"metamod.2.csgo.dll","modified":"2025-03-16T09:46:05-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"bc1936f70128cb2d3a8ad311fa8b8806","sha1":"70665337c971b5c3677c207d0cc5517b0c2bf580","sha256":"20a26d0e816ae85f9bba5e2de0d11f8c226bac9e1b90481cc143e086f3349ba2","sha512":"0920842dfd7be3907ff94504c1a3310a9794d564c1a0d562cd54effc7cc3615bcf4a03255b9d45490f66158d7bf03d2fab26d25011322081d2d21c247cfac75e","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.csgo.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.css.dll","filename":"metamod.2.css.dll","modified":"2025-03-16T09:46:20-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":429568,"md5":"98071f91cf558ec1e9c46766992456ef","sha1":"701ee6704c6ebfcf9cd94f8b89a4864c6f44a58a","sha256":"0e006e2a8f4b98721228b0a20d7a8c0584bc7ffae8acd21291072058784b3f32","sha512":"daae47924ad1059c51d379e317a801cc69628d6589e4111a9464dbd1a1cec9977df75fcd1d6254b8b2164071aa031bbfc68f62f076ebce4fbe3f8d6815388e6d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.css.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.darkm.dll","filename":"metamod.2.darkm.dll","modified":"2025-03-16T09:47:44-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":253440,"md5":"dc436d299b57ddf010919f6be1b66c94","sha1":"e17de3fdc9d135c2f3f5093ad137fdad71b7b0ad","sha256":"b01b4813c268b2c4c2448f742817f80aae35e9c83de236cd96996d086189ee44","sha512":"1184b3054c4f108bb8c9629720f6db4b47c95c634a1982808db0f4946407e4792a05fa6fc2032451c92e24d42b5cf5fc585f9760ba04e88973b00681605420ac","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.darkm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.dods.dll","filename":"metamod.2.dods.dll","modified":"2025-03-16T09:45:52-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":429568,"md5":"c0e008fba9c2c3cdc89822e331514dec","sha1":"880fe45f697af434b685ccd442d1dde7d2843121","sha256":"ca9b898b903f747b03adc416b7b3ecfb589218eafe6437e9be43c6e4d1c25146","sha512":"16adf7d5c784ca175dd6a1446846c3f68058476cb82dab3c737c7c806cb6355b56e4d5f361eb5e1b73796a1f8787202e93b06e03778069b1a7881e68d9fb597f","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.dods.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.doi.dll","filename":"metamod.2.doi.dll","modified":"2025-03-16T09:46:16-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":256512,"md5":"a3749f53c81773fc05b78e6741c4645a","sha1":"4961fda42ba3fb7bc885baca588966d69ec1eadc","sha256":"c34bc7b5fcfd238f294af76f5e67740183100dbcec90c768c3de4761b3896c85","sha512":"712a2f145667d354c9421c12b51fb60ee99b08b84503aba45a7d126e8721bd63e599cbcdecb9d5f221a9530331694d2cfe8e3c8dea28f15e625ea28d46edee73","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.doi.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.ep1.dll","filename":"metamod.2.ep1.dll","modified":"2025-03-16T09:46:11-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":253440,"md5":"1c668e46b5a832158453e7fa116f5cd3","sha1":"724e1f31c0b1cf9dff558ab133c5b600232fc8b9","sha256":"199607734a5b2365c138b7942ff82d8dbcfe1627a994dcc8f36fc9aae3ac9767","sha512":"3cee3bfe0994d8b9b285ccf83b4283103fd4a13480dd7dc97d8844380f20e5eb80bab19d288a5c755e9a27a13724783c24611eed8a2642504fdac7c487a1e57a","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.ep1.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.ep2.dll","filename":"metamod.2.ep2.dll","modified":"2025-03-16T09:46:23-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"8a931dea0d6adbb9abf04ba9effb2da2","sha1":"72048a333a1fe2e8fb2a65448b27351a6fbe2127","sha256":"acaa95efdb8104a6fb0fe59f00cbfab2fa239e3169f599b73191761c8547acb5","sha512":"55ecf4080a2fea91e410030cadaaff3d64cff189383f850553835f9be654261ff237d1dcfb72995b530ca93779f1b6033b1a7c20c443f5a828b1b7b8203accb0","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.ep2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.eye.dll","filename":"metamod.2.eye.dll","modified":"2025-03-16T09:45:59-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"bd43567ef91fcf1dcdd1e799a2b973fe","sha1":"782366eabbe723be79d89cf163487704f152583f","sha256":"66eec9648f465b482aa8d1b1c036639113af9b743216cbb8d0f850fd66c04883","sha512":"c3a62c5126dea177fb2e211f7f9b89833a0f85006094fea9f65e9c08ad7a26126d63347bbbbfbaf9603f711edf4017f6de94cc3ec8bfca7ec90cf510bf6acc40","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.eye.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.hl2dm.dll","filename":"metamod.2.hl2dm.dll","modified":"2025-03-16T09:46:28-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":429568,"md5":"7d56eca3667bb563be4df71e59619ba9","sha1":"aef3560d1fe1478d328bb6eca40d2cfc218aa989","sha256":"6ccf1dd40532da82148a5b7ac591d8c8ea039f883182f2c532eb38622148a44a","sha512":"90d8476292528ed8cc7022b1b755ea19330f3839739398e502578306bcdd986218d2abd41d43aa83fd3fc7cbd676a5f6f0739e31305dd8579ecea46d11e83963","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.hl2dm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.insurgency.dll","filename":"metamod.2.insurgency.dll","modified":"2025-03-16T09:46:16-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":256512,"md5":"857ec12d7d9bdf248ee25856f06e9abf","sha1":"72398c250471635b7d2480457a7d7fd785090217","sha256":"4b802a013f58dedcff2d4724021cbc93c9b238d6839284220b1cd044bb74ca52","sha512":"da972b2fa6c9594ec7c70a9408d3f14e7699904a351af8d2f699ff702c96d9879a5529ea581258a239d8f62073d36049fc0d7b7330733315d9809d91f55a4e83","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.insurgency.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.l4d.dll","filename":"metamod.2.l4d.dll","modified":"2025-03-16T09:45:49-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254976,"md5":"3e1a961f194a6d19c37dc8fa2caa5b46","sha1":"4fc0a62bf00ef77269fa510a430a263023f61a33","sha256":"4c26a9b1dc87003bd041aeaba238dd0e897d59d273ca120524937fde4e824289","sha512":"1d2ea828b635ac17073727eb00a5737fcde1d5b82f32189649347611f1e0d066e5ef525ccab8ac82ad2c991871f6a75428f3b2a982fd776c901bd67d2a30a9b5","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.l4d.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.l4d2.dll","filename":"metamod.2.l4d2.dll","modified":"2025-03-16T09:46:21-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":255488,"md5":"20dc860ab6c0a81d2b0fc6f2b343d5f1","sha1":"a0fc3a3cebffa648d46a56116075cb23bfe91fd5","sha256":"e5499cce61ae7247a3f6681c24f307e603bd91e6fe8e7e51743b0d0736c6fa39","sha512":"ff1f1049880dc05823f8ae35dd20d955b86735adcf11163bce03bfa5bb885082e13f4dd719a205c9ffd7e69dc65b0f87dd99f1d4388ed500cb10e584946f9516","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.l4d2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.nd.dll","filename":"metamod.2.nd.dll","modified":"2025-03-16T09:45:55-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"b6eec020bf03bd00dcea8cb752f9fd9f","sha1":"8f3ffd3dc5bb3fae65660c9c7245766e89503b41","sha256":"422fc2bd11d47b48d449056624a6df547c3e50d53a1235083205ea8330269da4","sha512":"d77da46489b3cd197df7e02dfcc0c9a7e8f7e69474ebfb513a32a2250c374ae9e7a4cb845e805b80f617f4c758a811a1ad9308cdfb02d0e7f2958f44797bbab3","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.nd.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.pvkii.dll","filename":"metamod.2.pvkii.dll","modified":"2025-03-16T09:45:53-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":281088,"md5":"e9e2c2919619e8b6c5f64e97182e85bd","sha1":"75f6da0f15b66700588c645d07e7116d7ed61703","sha256":"bfde7d217c8563dc6462f359b4eb43348b5edcb500e3ea73485a39686482bb9f","sha512":"7fca9bacedf678dc1f9a32a915669b55302bd765620065613ac6ce22749f433c12aa495b2884127c759a35aa111f1ffca21660268536d0d35c8ae8bde645ec51","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.pvkii.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.sdk2013.dll","filename":"metamod.2.sdk2013.dll","modified":"2025-03-16T09:46:11-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":257536,"md5":"6fc0477f1ecebd0ef69cf6903c1c5f9b","sha1":"6779eef7780993d4780c38315a7358e702548020","sha256":"34ce0768b70ec18e91031279c233e0d4c6c552c65ff70a91fb64acabfc22b2f0","sha512":"7581e9b9bfa9a9590a8ab8e0a3abe9d8df5f4605b0ce55aca599b708447679c8c52899c8b002f99e91ef8f207eadf2eeb6396397a7a21b12f2e44b748c240f9a","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.sdk2013.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.swarm.dll","filename":"metamod.2.swarm.dll","modified":"2025-03-16T09:46:00-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":269312,"md5":"a2f4b27412e715e9772bf623370c2fc9","sha1":"cb16506eb2922cd981c751d62eadf492cef4ee9a","sha256":"7b5a443414727322ada94ce45e5e293608025a5f37c07dcde8cb7730363431bc","sha512":"f9ab2d772669a4ec9e06ad6ee8303fee01ea5e403eaa1e7b2ce850ca872b9bafac0a0f29b1acf6a7cf1928bc00d151812223de56419d1eb02619d931606cf6b7","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.swarm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.tf2.dll","filename":"metamod.2.tf2.dll","modified":"2025-03-16T09:46:26-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":429568,"md5":"1a521002fc66090244738f7ed8f95b8c","sha1":"a1f1c5c30f6ee3b2defc755c5eeb205e210e969c","sha256":"78500d5b075556f50866c09e9bb9ad4fa872155108ce5ff8ee954b8cd9b054f5","sha512":"34028ae8f7efb335f1e83dd383472283cdd20a1c37faef27a4aab897e98a9f890c29111f4c04de36685c28c6b8ca919bc81c3f43f239c73fde281af4aec689cd","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.tf2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/server.dll","filename":"server.dll","modified":"2025-03-16T09:46:50-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":156160,"md5":"811b2fd6aed04eeb1a814d1d7ebaa974","sha1":"33b4118c780f74b10437ccc422490e70a1e55fb1","sha256":"f1262daf3b9cdae92c2af1034ba49803b42d62b127deb3caf58789534e242a7e","sha512":"77f0f887e2da659f1e451a41e44a374d9da9775188f8589307e720204778c98a1fc70406cae65c3b94ecf4d5b479f021f8a6a81197d7c8e9678c1848aae33f3e","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/server.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.blade.dll","filename":"metamod.2.blade.dll","modified":"2025-03-16T09:47:17-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":352256,"md5":"47ff130f6d76ba8a55e261a66fe61a10","sha1":"6bc8a6d95e107c04b04f9a269897f19cd572aa2c","sha256":"98ec12f44d46e8cc162447ae8886d08320712714689432f2d86b8ed36ed20304","sha512":"523b4cbec91172b331569ac80f3b55ca62865629470311f3f4ec6e0016aac1392414a91e75c16130e57ab9bac6f4ba013805e2b174ef619f5f4bdae0ff7a8d32","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.blade.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.cs2.dll","filename":"metamod.2.cs2.dll","modified":"2025-03-16T09:46:43-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":1431040,"md5":"8d9155ca8dd4e98849d70d1544eeb3b3","sha1":"bb9b7cca79f88a1242a110e3e589ae9e54d415fe","sha256":"af3bc115a3b7e96d04c9d8cb05c0033563265f624d15d7da32d87e379f60073d","sha512":"bd22b3dad5256fa87056b6a093f92025c15eddfaaa6cd89d5d972b1d1c6969614a793f5e829c994107ef6893407e3b5eb397c29cf5987df068a897f95694c871","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod/bin/win64/metamod.2.css.dll","filename":"metamod.2.css.dll","modified":"2025-03-16T09:47:30-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":566272,"md5":"3c3efdf1840e349e92e39b30d479a7fc","sha1":"55a0b2386d64b2aaf176c16579f1f2d9752bfc65","sha256":"b685c4fe7460bc23476b9fd6a925308fdf036681e523e9d4238fd1fb1ceff97e","sha512":"296766f3a48b383168950d1116e545559966177fde89ec30c29be27c8e5d39506f79df5dd6a887747aa554bdd910976ced22da36893c19bfe766213b7b425a3e","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.css.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.deadlock.dll","filename":"metamod.2.deadlock.dll","modified":"2025-03-16T09:47:39-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":1431040,"md5":"2a18e12c941482d0e8df961b6a617035","sha1":"51ab41865ab987ca49212b29a9df860157959b74","sha256":"f31b9bd86bf7363ab39b91ed7e5d273171a9b9812d0067e32868f7d60f59e400","sha512":"d8a679f31454240eb42d02791b2aae145ce74edf67eba98cc70d4505409553c974671190d97f0422a36c27a439d7bc946976d9acdf3a67e80d726685a35627f4","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod/bin/win64/metamod.2.dods.dll","filename":"metamod.2.dods.dll","modified":"2025-03-16T09:47:32-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":566272,"md5":"396777f91ded7fd527fb62af1ae94862","sha1":"6f606f44fde499d581fdf8870b81c56575ed9605","sha256":"04bbd8eb85b7861739232e3aa530499bf0aa9abffedf0398845ae64abc8b16c3","sha512":"0cada0deb9b6992109c27209cc88a0bc136a40fb6a627ef16aac33749ed8bb269d5ab456c6a444ea03d7074dcd5db3a8264059eb2068fd3bfacd5bae13e0922b","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.dods.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.dota.dll","filename":"metamod.2.dota.dll","modified":"2025-03-16T09:46:41-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":1433600,"md5":"be74caef53df5fcb9cb1a64ee4a2fd8c","sha1":"d25565a5fb322072b60b9c4dcd372636f4b0485b","sha256":"e700613d4baf5c21b64c4e9632c11c544f67642fb776ead8e7d7f73351cbd887","sha512":"f336e7d0b11ceb29cae113b2dfc724f9d0af1a50a00d65cb090c05cbf9bcc1aca42eb57b0a2bc2cbcc0d383e1f6c2836b1c841dc2695ae02ae85d3374c88ae05","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod/bin/win64/metamod.2.hl2dm.dll","filename":"metamod.2.hl2dm.dll","modified":"2025-03-16T09:47:26-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":566272,"md5":"5468ae14abc2e2375ed3005d65badb62","sha1":"bb53ca03373daa6cbc04c9caf6e209b6967bac5b","sha256":"2ab677f7a3b3c58194ebc43a71a7104dbf7b91c9055406a2a4566b8103697a9d","sha512":"29568c6086a019416d24ee1d1f7ec394aaaad440715d09610a73bcea43d106992bdddd0c4ae8a869d11c6439fa255596acae89b3c6f0df29ca42ce85ae4a655c","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.hl2dm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.insurgency.dll","filename":"metamod.2.insurgency.dll","modified":"2025-03-16T09:46:36-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":355328,"md5":"1d481419cc57f4fbeebc2232f2543e41","sha1":"db6b1c9ce8dbcba2c1b6a04384f29698b43950c6","sha256":"a81149f927366f4a36cbe124dd4eb58d817338c3e2c8ec81642298158c00ccb3","sha512":"f5e5cf7d2998a68bcb48ef458f08e4408c0c32c22637302a2ef802be38e0f1c39591586afc1c0aa0ae9f913f5c51872cbbd6165b24c915d7ea835a62d719d6c4","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.insurgency.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.mcv.dll","filename":"metamod.2.mcv.dll","modified":"2025-03-16T09:46:38-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":352768,"md5":"38c2eab0f26aa83fe393dcd3a795e949","sha1":"d07bd76fa2ab4b1f7bc84bfbc68f07c399c10148","sha256":"b406c97e6dbc79e7d1ac837d1c723b9dd9958dcce3c95a1d6823deecbb6956b6","sha512":"6d94e1ab2d7d6a9c5bfea7b1b454c9d68c7a71a87e30603686d9798f6a37cae07a7077337b47795a9b8e448c4f1d82000916185a13edb07b1a986714a9089d37","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.mcv.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.tf2.dll","filename":"metamod.2.tf2.dll","modified":"2025-03-16T09:47:39-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":566272,"md5":"572718044214b112468e4318231b073e","sha1":"16cebd4d89dc5e9c5467c46e3e19fd81ca319824","sha256":"06fba25aa0645c291889937966a71a861554b180701544103b50307fe5b2e5d9","sha512":"ff0e3384518d68e0b560759501025fcc4b4f35c62db28037dc6b8ddf3113357074b72f471617d71f638a53e3e2850749b5df5e43238858bb755202811128db3d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.tf2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/server.dll","filename":"server.dll","modified":"2025-03-16T09:46:50-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":190464,"md5":"736dddb0c45cef3f3c45421c7a4a1cdc","sha1":"d09da0f9af3b55d7335643f566d3829a047c65a1","sha256":"de8f6d4e22e69d40ae7362176d3818bf54c711abd0a85738a8bc8e7f09754870","sha512":"515fd821e15590b29534c4430f13e2cce819df23f80863f7ab6dc4491c7de16cd69f989de50ac9c2106d0fd6512d65ef0299e7851672297d479fd5d0a1227dbd","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/server.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/metaplugins.ini","filename":"metaplugins.ini","modified":"2023-10-13T10:02:27-07:00","Modified":"","magic":"ASCII text","size":559,"md5":"2672941c14b8e8b0602a66a2e009b2cd","sha1":"ecd52cd0bf1fbe019f18fe8700ef490060165582","sha256":"cacc89c07c5a1bc582c0b9c104b1bb65187b0a61d129efd3b588f74b47915582","sha512":"596b994017465caf1230e7bb4c030daaf3fa672c96a5cb0270462913b1875c57377841004f3c18eb3ba4a43c56673f1f07da79f4ac226f8a881daf2b6e9357fb","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod/README.txt","filename":"README.txt","modified":"2023-10-13T10:02:27-07:00","Modified":"","magic":"ASCII text","size":105,"md5":"70c31e761d79cb7f14ff099145bbb4b3","sha1":"a1d3fd2c268294db2da8308835a953346dbdecc2","sha256":"5d6c93606f41ac384f5b0c92f3c53d3f3530a3f663dd394e1643eda77c8a1d5a","sha512":"6015aa9be515041624d018f918e32c6d413b404efcf707ce29f45c92e646823a35ca8193339fc5363d0908d4f72b52d210cf68136aae5da53112ce52494306a3","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod.vdf","filename":"metamod.vdf","modified":"2023-10-13T10:02:27-07:00","Modified":"","magic":"ASCII text","size":50,"md5":"e473e9ea9aa41146e3351a7fa5fa70dd","sha1":"000054100a43015400f63cb8ac453a20b713d2f0","sha256":"3c7cd307327098cb389ade4b454581f71b33c871cbef4aa07a0f5b70ca3167d8","sha512":"3d02dc2078c376c67e0faad72020d286c9798c0f459c70fc04216928de956579dd89e1aae91d6d4f294f22b3c657804a2375acb0956e6c4eec0502304c22b043","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod_x64.vdf","filename":"metamod_x64.vdf","modified":"2023-10-13T10:02:27-07:00","Modified":"","magic":"ASCII text","size":56,"md5":"dabd4e1d5bd52cadf3a7528a89b29210","sha1":"d238494586cf1ce301e1dbcb7ba8c049d562b099","sha256":"ed88d7783508d91cd2b76502afb64699f485582d1cf8bb13e5be695485cdef4d","sha512":"4e2f62b02ab121e4b0ab02ea75f696437776a91ea59d38553cc171014ab6e33c26821eee557a1d031cbcdd2907b8fd117dc426aa246a3ee81f99a9d2713a2fba","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.bgt.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.blade.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.bms.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.contagion.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.csgo.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.css.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.darkm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.dods.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.doi.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.ep1.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.ep2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.eye.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.hl2dm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.insurgency.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.l4d.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.l4d2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.nd.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.pvkii.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.sdk2013.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.swarm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.tf2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/server.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.blade.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.css.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.dods.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.hl2dm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.insurgency.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.mcv.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.tf2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/server.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"9e13f47c9dde0731b6294c488687e1ca","sha1":"82519a3bbcdb046a0af252db9b784bbeb0f3d4fe","sha256":"1405d1dc59a334ec7970fa994d4b80049a38a2ff50eb36e1a26425d440aed98c","sha512":"138e2afdaf7dd415ce40e2591673a7bea975cabc552bcf458159732c341691585c316bf3ad4e34968c022be4e1841b7cc99dc5d367d9a16eeee41e2f5a8acf23","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":6670697,"url":{"schema":"https","addr":"mms.alliedmods.net/mmsdrop/2.0/mmsource-2.0.0-git1344-windows.zip","fqdn":"mms.alliedmods.net","domain":"alliedmods.net","tld":"net"},"ip":{"addr":"104.26.9.106","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"addons/metamod/bin/metamod.2.bgt.dll","filename":"metamod.2.bgt.dll","modified":"2025-03-16T09:46:45-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"997112855d0ded3012cb58f4d981a7d1","sha1":"25ee2a37a938383fe8da042fba1d0dbe5a2a4b7f","sha256":"93149640deefdc847450f47c5b4725d35b4c4b95e6de23c79a711ddce2f85cd4","sha512":"15147b7a2b9d2c88b5db3c22276cc718dfd27e573b8cb2b6b4ad10576ae73e95be1c75efe2caa7675da9a9e1f62b74c270c9313c2b8a93f97aff60aa25c135a1","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.bgt.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.blade.dll","filename":"metamod.2.blade.dll","modified":"2025-03-16T09:47:11-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"58f2ff672598589ad23eac54b7d18dc2","sha1":"b97fead4257045afc094585ec8bcdfc4f1617c3e","sha256":"e7a2b4877d95a4eef5c77f46e6e1b2a01f072dc8d068cbce5b0b13993e895954","sha512":"2e7a9169e25218a8de0ddbdefc6290975c85393e226bfb4cba28addfc2a51ae7e0db4ee95afe797186bb97abc523be6d13eb9d19428ecc038038a7c0391b3956","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.blade.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.bms.dll","filename":"metamod.2.bms.dll","modified":"2025-03-16T09:47:44-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":287232,"md5":"44dc80cb9174f60e02aa6a31f0c662d8","sha1":"610f325ed9f12938c32962a076f5b1ba10680289","sha256":"6f4482ff1fbc7f4c23c74c1815827e9c02245fc26bda49e76346628eab14757d","sha512":"bb15939c79a809d2e6d3e31805340959da6e28eb8f478e41ab9525e53f8e626a4bde93d22ce16c4b958fb71e223b138fe051f015b0ac6663519621c93fa924b4","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.bms.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.contagion.dll","filename":"metamod.2.contagion.dll","modified":"2025-03-16T09:46:04-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"12dbd32e50a006ddb64487c977e36a9b","sha1":"c186b627a798b1eb030169e117db00bcd28a713b","sha256":"2bf069ef09ca50f177237f619c09c0d4172e6ff11bf98908b440f1d7504a7de7","sha512":"9b34069b945d1699c8cc128462b84b7f77ad3ee94132aae6f55f9128ea9b14b6cf905165d058ee8b352fa6dbd0e4eebdfdd6a369afa83f9e6ab5879d3c7f22a1","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.contagion.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.csgo.dll","filename":"metamod.2.csgo.dll","modified":"2025-03-16T09:46:05-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"bc1936f70128cb2d3a8ad311fa8b8806","sha1":"70665337c971b5c3677c207d0cc5517b0c2bf580","sha256":"20a26d0e816ae85f9bba5e2de0d11f8c226bac9e1b90481cc143e086f3349ba2","sha512":"0920842dfd7be3907ff94504c1a3310a9794d564c1a0d562cd54effc7cc3615bcf4a03255b9d45490f66158d7bf03d2fab26d25011322081d2d21c247cfac75e","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.csgo.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.css.dll","filename":"metamod.2.css.dll","modified":"2025-03-16T09:46:20-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":429568,"md5":"98071f91cf558ec1e9c46766992456ef","sha1":"701ee6704c6ebfcf9cd94f8b89a4864c6f44a58a","sha256":"0e006e2a8f4b98721228b0a20d7a8c0584bc7ffae8acd21291072058784b3f32","sha512":"daae47924ad1059c51d379e317a801cc69628d6589e4111a9464dbd1a1cec9977df75fcd1d6254b8b2164071aa031bbfc68f62f076ebce4fbe3f8d6815388e6d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.css.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.darkm.dll","filename":"metamod.2.darkm.dll","modified":"2025-03-16T09:47:44-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":253440,"md5":"dc436d299b57ddf010919f6be1b66c94","sha1":"e17de3fdc9d135c2f3f5093ad137fdad71b7b0ad","sha256":"b01b4813c268b2c4c2448f742817f80aae35e9c83de236cd96996d086189ee44","sha512":"1184b3054c4f108bb8c9629720f6db4b47c95c634a1982808db0f4946407e4792a05fa6fc2032451c92e24d42b5cf5fc585f9760ba04e88973b00681605420ac","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.darkm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.dods.dll","filename":"metamod.2.dods.dll","modified":"2025-03-16T09:45:52-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":429568,"md5":"c0e008fba9c2c3cdc89822e331514dec","sha1":"880fe45f697af434b685ccd442d1dde7d2843121","sha256":"ca9b898b903f747b03adc416b7b3ecfb589218eafe6437e9be43c6e4d1c25146","sha512":"16adf7d5c784ca175dd6a1446846c3f68058476cb82dab3c737c7c806cb6355b56e4d5f361eb5e1b73796a1f8787202e93b06e03778069b1a7881e68d9fb597f","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.dods.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.doi.dll","filename":"metamod.2.doi.dll","modified":"2025-03-16T09:46:16-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":256512,"md5":"a3749f53c81773fc05b78e6741c4645a","sha1":"4961fda42ba3fb7bc885baca588966d69ec1eadc","sha256":"c34bc7b5fcfd238f294af76f5e67740183100dbcec90c768c3de4761b3896c85","sha512":"712a2f145667d354c9421c12b51fb60ee99b08b84503aba45a7d126e8721bd63e599cbcdecb9d5f221a9530331694d2cfe8e3c8dea28f15e625ea28d46edee73","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.doi.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.ep1.dll","filename":"metamod.2.ep1.dll","modified":"2025-03-16T09:46:11-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":253440,"md5":"1c668e46b5a832158453e7fa116f5cd3","sha1":"724e1f31c0b1cf9dff558ab133c5b600232fc8b9","sha256":"199607734a5b2365c138b7942ff82d8dbcfe1627a994dcc8f36fc9aae3ac9767","sha512":"3cee3bfe0994d8b9b285ccf83b4283103fd4a13480dd7dc97d8844380f20e5eb80bab19d288a5c755e9a27a13724783c24611eed8a2642504fdac7c487a1e57a","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.ep1.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.ep2.dll","filename":"metamod.2.ep2.dll","modified":"2025-03-16T09:46:23-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"8a931dea0d6adbb9abf04ba9effb2da2","sha1":"72048a333a1fe2e8fb2a65448b27351a6fbe2127","sha256":"acaa95efdb8104a6fb0fe59f00cbfab2fa239e3169f599b73191761c8547acb5","sha512":"55ecf4080a2fea91e410030cadaaff3d64cff189383f850553835f9be654261ff237d1dcfb72995b530ca93779f1b6033b1a7c20c443f5a828b1b7b8203accb0","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.ep2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.eye.dll","filename":"metamod.2.eye.dll","modified":"2025-03-16T09:45:59-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"bd43567ef91fcf1dcdd1e799a2b973fe","sha1":"782366eabbe723be79d89cf163487704f152583f","sha256":"66eec9648f465b482aa8d1b1c036639113af9b743216cbb8d0f850fd66c04883","sha512":"c3a62c5126dea177fb2e211f7f9b89833a0f85006094fea9f65e9c08ad7a26126d63347bbbbfbaf9603f711edf4017f6de94cc3ec8bfca7ec90cf510bf6acc40","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.eye.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.hl2dm.dll","filename":"metamod.2.hl2dm.dll","modified":"2025-03-16T09:46:28-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":429568,"md5":"7d56eca3667bb563be4df71e59619ba9","sha1":"aef3560d1fe1478d328bb6eca40d2cfc218aa989","sha256":"6ccf1dd40532da82148a5b7ac591d8c8ea039f883182f2c532eb38622148a44a","sha512":"90d8476292528ed8cc7022b1b755ea19330f3839739398e502578306bcdd986218d2abd41d43aa83fd3fc7cbd676a5f6f0739e31305dd8579ecea46d11e83963","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.hl2dm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.insurgency.dll","filename":"metamod.2.insurgency.dll","modified":"2025-03-16T09:46:16-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":256512,"md5":"857ec12d7d9bdf248ee25856f06e9abf","sha1":"72398c250471635b7d2480457a7d7fd785090217","sha256":"4b802a013f58dedcff2d4724021cbc93c9b238d6839284220b1cd044bb74ca52","sha512":"da972b2fa6c9594ec7c70a9408d3f14e7699904a351af8d2f699ff702c96d9879a5529ea581258a239d8f62073d36049fc0d7b7330733315d9809d91f55a4e83","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.insurgency.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.l4d.dll","filename":"metamod.2.l4d.dll","modified":"2025-03-16T09:45:49-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254976,"md5":"3e1a961f194a6d19c37dc8fa2caa5b46","sha1":"4fc0a62bf00ef77269fa510a430a263023f61a33","sha256":"4c26a9b1dc87003bd041aeaba238dd0e897d59d273ca120524937fde4e824289","sha512":"1d2ea828b635ac17073727eb00a5737fcde1d5b82f32189649347611f1e0d066e5ef525ccab8ac82ad2c991871f6a75428f3b2a982fd776c901bd67d2a30a9b5","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.l4d.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.l4d2.dll","filename":"metamod.2.l4d2.dll","modified":"2025-03-16T09:46:21-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":255488,"md5":"20dc860ab6c0a81d2b0fc6f2b343d5f1","sha1":"a0fc3a3cebffa648d46a56116075cb23bfe91fd5","sha256":"e5499cce61ae7247a3f6681c24f307e603bd91e6fe8e7e51743b0d0736c6fa39","sha512":"ff1f1049880dc05823f8ae35dd20d955b86735adcf11163bce03bfa5bb885082e13f4dd719a205c9ffd7e69dc65b0f87dd99f1d4388ed500cb10e584946f9516","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.l4d2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.nd.dll","filename":"metamod.2.nd.dll","modified":"2025-03-16T09:45:55-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"b6eec020bf03bd00dcea8cb752f9fd9f","sha1":"8f3ffd3dc5bb3fae65660c9c7245766e89503b41","sha256":"422fc2bd11d47b48d449056624a6df547c3e50d53a1235083205ea8330269da4","sha512":"d77da46489b3cd197df7e02dfcc0c9a7e8f7e69474ebfb513a32a2250c374ae9e7a4cb845e805b80f617f4c758a811a1ad9308cdfb02d0e7f2958f44797bbab3","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.nd.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.pvkii.dll","filename":"metamod.2.pvkii.dll","modified":"2025-03-16T09:45:53-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":281088,"md5":"e9e2c2919619e8b6c5f64e97182e85bd","sha1":"75f6da0f15b66700588c645d07e7116d7ed61703","sha256":"bfde7d217c8563dc6462f359b4eb43348b5edcb500e3ea73485a39686482bb9f","sha512":"7fca9bacedf678dc1f9a32a915669b55302bd765620065613ac6ce22749f433c12aa495b2884127c759a35aa111f1ffca21660268536d0d35c8ae8bde645ec51","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.pvkii.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.sdk2013.dll","filename":"metamod.2.sdk2013.dll","modified":"2025-03-16T09:46:11-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":257536,"md5":"6fc0477f1ecebd0ef69cf6903c1c5f9b","sha1":"6779eef7780993d4780c38315a7358e702548020","sha256":"34ce0768b70ec18e91031279c233e0d4c6c552c65ff70a91fb64acabfc22b2f0","sha512":"7581e9b9bfa9a9590a8ab8e0a3abe9d8df5f4605b0ce55aca599b708447679c8c52899c8b002f99e91ef8f207eadf2eeb6396397a7a21b12f2e44b748c240f9a","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.sdk2013.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.swarm.dll","filename":"metamod.2.swarm.dll","modified":"2025-03-16T09:46:00-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":269312,"md5":"a2f4b27412e715e9772bf623370c2fc9","sha1":"cb16506eb2922cd981c751d62eadf492cef4ee9a","sha256":"7b5a443414727322ada94ce45e5e293608025a5f37c07dcde8cb7730363431bc","sha512":"f9ab2d772669a4ec9e06ad6ee8303fee01ea5e403eaa1e7b2ce850ca872b9bafac0a0f29b1acf6a7cf1928bc00d151812223de56419d1eb02619d931606cf6b7","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.swarm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.tf2.dll","filename":"metamod.2.tf2.dll","modified":"2025-03-16T09:46:26-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":429568,"md5":"1a521002fc66090244738f7ed8f95b8c","sha1":"a1f1c5c30f6ee3b2defc755c5eeb205e210e969c","sha256":"78500d5b075556f50866c09e9bb9ad4fa872155108ce5ff8ee954b8cd9b054f5","sha512":"34028ae8f7efb335f1e83dd383472283cdd20a1c37faef27a4aab897e98a9f890c29111f4c04de36685c28c6b8ca919bc81c3f43f239c73fde281af4aec689cd","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.tf2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/server.dll","filename":"server.dll","modified":"2025-03-16T09:46:50-07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":156160,"md5":"811b2fd6aed04eeb1a814d1d7ebaa974","sha1":"33b4118c780f74b10437ccc422490e70a1e55fb1","sha256":"f1262daf3b9cdae92c2af1034ba49803b42d62b127deb3caf58789534e242a7e","sha512":"77f0f887e2da659f1e451a41e44a374d9da9775188f8589307e720204778c98a1fc70406cae65c3b94ecf4d5b479f021f8a6a81197d7c8e9678c1848aae33f3e","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/server.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.blade.dll","filename":"metamod.2.blade.dll","modified":"2025-03-16T09:47:17-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":352256,"md5":"47ff130f6d76ba8a55e261a66fe61a10","sha1":"6bc8a6d95e107c04b04f9a269897f19cd572aa2c","sha256":"98ec12f44d46e8cc162447ae8886d08320712714689432f2d86b8ed36ed20304","sha512":"523b4cbec91172b331569ac80f3b55ca62865629470311f3f4ec6e0016aac1392414a91e75c16130e57ab9bac6f4ba013805e2b174ef619f5f4bdae0ff7a8d32","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.blade.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.cs2.dll","filename":"metamod.2.cs2.dll","modified":"2025-03-16T09:46:43-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":1431040,"md5":"8d9155ca8dd4e98849d70d1544eeb3b3","sha1":"bb9b7cca79f88a1242a110e3e589ae9e54d415fe","sha256":"af3bc115a3b7e96d04c9d8cb05c0033563265f624d15d7da32d87e379f60073d","sha512":"bd22b3dad5256fa87056b6a093f92025c15eddfaaa6cd89d5d972b1d1c6969614a793f5e829c994107ef6893407e3b5eb397c29cf5987df068a897f95694c871","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod/bin/win64/metamod.2.css.dll","filename":"metamod.2.css.dll","modified":"2025-03-16T09:47:30-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":566272,"md5":"3c3efdf1840e349e92e39b30d479a7fc","sha1":"55a0b2386d64b2aaf176c16579f1f2d9752bfc65","sha256":"b685c4fe7460bc23476b9fd6a925308fdf036681e523e9d4238fd1fb1ceff97e","sha512":"296766f3a48b383168950d1116e545559966177fde89ec30c29be27c8e5d39506f79df5dd6a887747aa554bdd910976ced22da36893c19bfe766213b7b425a3e","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.css.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.deadlock.dll","filename":"metamod.2.deadlock.dll","modified":"2025-03-16T09:47:39-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":1431040,"md5":"2a18e12c941482d0e8df961b6a617035","sha1":"51ab41865ab987ca49212b29a9df860157959b74","sha256":"f31b9bd86bf7363ab39b91ed7e5d273171a9b9812d0067e32868f7d60f59e400","sha512":"d8a679f31454240eb42d02791b2aae145ce74edf67eba98cc70d4505409553c974671190d97f0422a36c27a439d7bc946976d9acdf3a67e80d726685a35627f4","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod/bin/win64/metamod.2.dods.dll","filename":"metamod.2.dods.dll","modified":"2025-03-16T09:47:32-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":566272,"md5":"396777f91ded7fd527fb62af1ae94862","sha1":"6f606f44fde499d581fdf8870b81c56575ed9605","sha256":"04bbd8eb85b7861739232e3aa530499bf0aa9abffedf0398845ae64abc8b16c3","sha512":"0cada0deb9b6992109c27209cc88a0bc136a40fb6a627ef16aac33749ed8bb269d5ab456c6a444ea03d7074dcd5db3a8264059eb2068fd3bfacd5bae13e0922b","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.dods.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.dota.dll","filename":"metamod.2.dota.dll","modified":"2025-03-16T09:46:41-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":1433600,"md5":"be74caef53df5fcb9cb1a64ee4a2fd8c","sha1":"d25565a5fb322072b60b9c4dcd372636f4b0485b","sha256":"e700613d4baf5c21b64c4e9632c11c544f67642fb776ead8e7d7f73351cbd887","sha512":"f336e7d0b11ceb29cae113b2dfc724f9d0af1a50a00d65cb090c05cbf9bcc1aca42eb57b0a2bc2cbcc0d383e1f6c2836b1c841dc2695ae02ae85d3374c88ae05","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod/bin/win64/metamod.2.hl2dm.dll","filename":"metamod.2.hl2dm.dll","modified":"2025-03-16T09:47:26-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":566272,"md5":"5468ae14abc2e2375ed3005d65badb62","sha1":"bb53ca03373daa6cbc04c9caf6e209b6967bac5b","sha256":"2ab677f7a3b3c58194ebc43a71a7104dbf7b91c9055406a2a4566b8103697a9d","sha512":"29568c6086a019416d24ee1d1f7ec394aaaad440715d09610a73bcea43d106992bdddd0c4ae8a869d11c6439fa255596acae89b3c6f0df29ca42ce85ae4a655c","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.hl2dm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.insurgency.dll","filename":"metamod.2.insurgency.dll","modified":"2025-03-16T09:46:36-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":355328,"md5":"1d481419cc57f4fbeebc2232f2543e41","sha1":"db6b1c9ce8dbcba2c1b6a04384f29698b43950c6","sha256":"a81149f927366f4a36cbe124dd4eb58d817338c3e2c8ec81642298158c00ccb3","sha512":"f5e5cf7d2998a68bcb48ef458f08e4408c0c32c22637302a2ef802be38e0f1c39591586afc1c0aa0ae9f913f5c51872cbbd6165b24c915d7ea835a62d719d6c4","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.insurgency.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.mcv.dll","filename":"metamod.2.mcv.dll","modified":"2025-03-16T09:46:38-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":352768,"md5":"38c2eab0f26aa83fe393dcd3a795e949","sha1":"d07bd76fa2ab4b1f7bc84bfbc68f07c399c10148","sha256":"b406c97e6dbc79e7d1ac837d1c723b9dd9958dcce3c95a1d6823deecbb6956b6","sha512":"6d94e1ab2d7d6a9c5bfea7b1b454c9d68c7a71a87e30603686d9798f6a37cae07a7077337b47795a9b8e448c4f1d82000916185a13edb07b1a986714a9089d37","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.mcv.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.tf2.dll","filename":"metamod.2.tf2.dll","modified":"2025-03-16T09:47:39-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":566272,"md5":"572718044214b112468e4318231b073e","sha1":"16cebd4d89dc5e9c5467c46e3e19fd81ca319824","sha256":"06fba25aa0645c291889937966a71a861554b180701544103b50307fe5b2e5d9","sha512":"ff0e3384518d68e0b560759501025fcc4b4f35c62db28037dc6b8ddf3113357074b72f471617d71f638a53e3e2850749b5df5e43238858bb755202811128db3d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.tf2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/server.dll","filename":"server.dll","modified":"2025-03-16T09:46:50-07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":190464,"md5":"736dddb0c45cef3f3c45421c7a4a1cdc","sha1":"d09da0f9af3b55d7335643f566d3829a047c65a1","sha256":"de8f6d4e22e69d40ae7362176d3818bf54c711abd0a85738a8bc8e7f09754870","sha512":"515fd821e15590b29534c4430f13e2cce819df23f80863f7ab6dc4491c7de16cd69f989de50ac9c2106d0fd6512d65ef0299e7851672297d479fd5d0a1227dbd","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/server.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/metaplugins.ini","filename":"metaplugins.ini","modified":"2023-10-13T10:02:27-07:00","Modified":"","magic":"ASCII text","size":559,"md5":"2672941c14b8e8b0602a66a2e009b2cd","sha1":"ecd52cd0bf1fbe019f18fe8700ef490060165582","sha256":"cacc89c07c5a1bc582c0b9c104b1bb65187b0a61d129efd3b588f74b47915582","sha512":"596b994017465caf1230e7bb4c030daaf3fa672c96a5cb0270462913b1875c57377841004f3c18eb3ba4a43c56673f1f07da79f4ac226f8a881daf2b6e9357fb","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod/README.txt","filename":"README.txt","modified":"2023-10-13T10:02:27-07:00","Modified":"","magic":"ASCII text","size":105,"md5":"70c31e761d79cb7f14ff099145bbb4b3","sha1":"a1d3fd2c268294db2da8308835a953346dbdecc2","sha256":"5d6c93606f41ac384f5b0c92f3c53d3f3530a3f663dd394e1643eda77c8a1d5a","sha512":"6015aa9be515041624d018f918e32c6d413b404efcf707ce29f45c92e646823a35ca8193339fc5363d0908d4f72b52d210cf68136aae5da53112ce52494306a3","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod.vdf","filename":"metamod.vdf","modified":"2023-10-13T10:02:27-07:00","Modified":"","magic":"ASCII text","size":50,"md5":"e473e9ea9aa41146e3351a7fa5fa70dd","sha1":"000054100a43015400f63cb8ac453a20b713d2f0","sha256":"3c7cd307327098cb389ade4b454581f71b33c871cbef4aa07a0f5b70ca3167d8","sha512":"3d02dc2078c376c67e0faad72020d286c9798c0f459c70fc04216928de956579dd89e1aae91d6d4f294f22b3c657804a2375acb0956e6c4eec0502304c22b043","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod_x64.vdf","filename":"metamod_x64.vdf","modified":"2023-10-13T10:02:27-07:00","Modified":"","magic":"ASCII text","size":56,"md5":"dabd4e1d5bd52cadf3a7528a89b29210","sha1":"d238494586cf1ce301e1dbcb7ba8c049d562b099","sha256":"ed88d7783508d91cd2b76502afb64699f485582d1cf8bb13e5be695485cdef4d","sha512":"4e2f62b02ab121e4b0ab02ea75f696437776a91ea59d38553cc171014ab6e33c26821eee557a1d031cbcdd2907b8fd117dc426aa246a3ee81f99a9d2713a2fba","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.bgt.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.blade.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.bms.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.contagion.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.csgo.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.css.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.darkm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.dods.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.doi.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.ep1.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.ep2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.eye.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.hl2dm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.insurgency.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.l4d.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.l4d2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.nd.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.pvkii.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.sdk2013.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.swarm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.tf2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/server.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.blade.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.css.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.dods.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.hl2dm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.insurgency.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.mcv.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.tf2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/server.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"mms.alliedmods.net/mmsdrop/2.0/mmsource-2.0.0-git1344-windows.zip","fqdn":"mms.alliedmods.net","domain":"alliedmods.net","tld":"net"},"ip":{"addr":"104.26.9.106","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-01T20:05:59.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"alliedmods.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 08 Mar 2025 11:47:08 GMT","end":"Fri, 06 Jun 2025 12:46:43 GMT"},"fingerprint":{"sha1":"DA:1F:EC:3E:B9:9F:44:A5:B0:CF:EF:14:76:7C:7A:CA:03:8C:9A:AA","sha256":"90:A5:0A:D7:CD:DA:E3:A4:76:7A:AF:67:99:7F:1D:3A:A9:D8:63:40:2A:9E:80:B7:41:B7:C3:C9:D7:90:AB:7D"}}},"request":{"raw":"GET /mmsdrop/2.0/mmsource-2.0.0-git1344-windows.zip HTTP/1.1\r\nHost: mms.alliedmods.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":2354,"data":"{\"sensor_data\":\"3;0;1;2048;3424818;/qc/JI/I/dEMZvK+kWzrJ2AOA/EuHgvIal9OOwQpJ9k=;214,0,0,13,54,0;D\\\"aij\\\"yWlAXxnS3]{\\\"e|L)\\\"!TO+(N\\\"\u003c_qf\\\"\u0026s@RF\\\"OQ`f\\\"g%UVVp@v\\\"P41\\\"C@N\\\"(3.\\\"eG1!\u00267w\\\"\\\"+\\\"F(I\\\")\\\"vr\\\"S\\\"||q\\\"t\\\"mqtJ!|oy2IUym1+~K+E@zI=\u0026(#+ 3ts4s!4m\u003cDNNR :]^~qyW\u003eOU:wiTf]mgl`S)o{2x_cXu)Xv9JvblE\u003eHZG| y*-1@OFEse%:q_pj3H}7ix@BRD/Q`M/+~?H_ivzubDp\u0026tYlxDZ\u003cL.\u003cz|9{k)ZI\u0026#0EP vFEI3 B]VOhsKc:bHc=DRWR\\\"8\\\"FVs\\\"c(2=5yXID+xvZ\\\"j_v?+Ky;%MOqm@9jx\u003e9e3bp~nC1C`;,s~//=DYQI7a0\u003c=\\\"!GC\\\"}Zc\\\"|9s\u0026A\\\"xo@\\\"b,rL4\\\"2L\\\"TE(IJFsk7a?X;Uu-_J+Q%[|eE8})@,wr/4qS]^}\u003c!|vM|(Z3t\u003c}hzZ q~h;BR/f8=T9t+*XU7:k7x@hh.b,9vJyoKR\u003e9xmF\\\",\\\"lNi\\\"m1jxfBJr?[rKAPoI $mmGQ\u003etWM2Lu{]gItwt(fAyKN;1zETBDTFHB]ANUA0`QEb0NY[@U51@yQuqJ`,9\\\"\\\"Z\\\"D^D\\\"g\\\" de_\u0026\\\"5!Z\\\"7o\\\"rKa~$x\\\"`N2\\\"YdRyd\\\"O=O\\\"b^);-gjRO3/iMlK2A_\\\"\u0026oy\\\"Z\\\"ve-pi7hmtJq_;\u003e\\\"vKu\\\",J3\\\"a.hpcqn=#RM\\\"177\\\"\u0026#]2|NlM\\\"F@)\\\"z\\\"][E\\\"t\\\"crF\\\"9@DK?\\\"G]d\\\"O1 .4/)(\\\"eQF\\\"kBp}r\\\"?Ro\\\"!1(x^8)-c, nV\\\":AKHeAw2G\\\"dg\\\"ea\u003cZ)\u003eRYf\\\"u=]\\\"Q\\\"Y7\u003eMVta2wbt,y\u003cUn%N6Q3yCyA5t\u003cnB[xs]Z5{\u003cSTIv1Xp\\\"k\\\";1A\\\"(q\\\"U`bKx\u003e}ro\\\",9hkT\\\"pO@u.\\\"u,*l\\\"@gKsMTcdQ\\\"F+\\\"hl,1SVf`o\u003eKfEn]}m?LJ\u003c\\\"G~M^\\\"*Sznt3Fv~;ZUTtSOq|\\\"A$*$#\\\"/~\u003c\\\":jngf\\\"E@]zFV5I\\\"y9G\\\"Mw}%D\\\"N zB\\\"E\\\"\u003em~%^?HLm-l/c\\\"^\\\"+36\\\"~\\\":h2uYM4.n[+Zg|gHIY3FtD3b6_~-N-q%4jC\u003eggeT4)P2;`B7JP1?8eCsW.Ve{ZUl#X4\u003e}yco[S#`yK\u0026j,DkH)^M/m?l2Q5,LkT}wrzhn_Z6\u0026=gXTk*h1!bY(wN0Nl[O|\u003e5^nakjse{N=S\u0026v|8X4}pMF*#[DO}+tBmX:D9ZInamGJn;B\u003cf4\\\"O\\\"vhc\\\"Q\u003eP~t\\\"2eWV\\\"}66;NcZ\\\"\\\"D\\\"}Y8\\\" zYQ8@I.E{u\\\"C,\\\"6\\\"{NQqyH\u003e/5n;e\\\"cJ2\u003c;5w@~cEyo;nAKFSj%?U`# %^5BS6e[BX[VPf]M.gy4qGUFotJT\u0026-TKU:w6D/bXNj`( -ozK7IbN3@Fkw#Dp)xmwlE\\\"oP97\\\"k\\\"1(?B\\\"qYu\\\"iWd\\\"hF=\\\"31`\\\"I1{KYB+,\\\";5W\\\"N\\\"\\\"9\\\".\u003eE\\\"p\\\"I@{kWt9c[yZ-]i.{`b3_EG_\u0026`:#{A]\u0026_O\u00262|YIT${l4.\\\"D\\\"$=_\\\"i}?RkPOaG8\\\"EI=\\\"h6x(gvhg[$fhh\\\"\\\"L\\\"x7b\\\"a\\\"\\\"z\\\".1Y\\\"\u0026F:J.;j(;/5Es\\\"V$-\\\"~Bu\\\"$\\\"\\\"2\\\"0\u0026.\\\"R6WO(\\\";-O\\\"RH0By$;S)U.Z;Uxr!`?\u003cUp\\\"}VW\\\"O\\\"mC\\\"r5_\\\"QFi4\\\"mKx^t@?NKSp}aHB$wmgH@q/mJ\u003el2C|M8oW+g%bp#jXq:f?2#.owYW._\\\";\\\"Gf+\\\"M\\\"35XC#w`~`b#e\u0026ILG^\\\"m\\\":j^\\\"o\\\"\\\"VsH\\\"L\u003e \\\"%\\\"\\\")R8\\\"NlL\\\"aSDWW\\\"6l\\\"Wr]Zv\\\"jKZ\\\"7ii|hqn]X1N.$z\\\"la2\\\"^6}3L/!@\\\"6cm\\\"m\\\"\\\")\\\"{PI\\\"G]cNJIZZ:akUSEv zUrfNQ.Ybp:6_@Tb=tgS\\\"V2+\\\"DL8\\\"A\\\"\\\"v\\\"UQ/\\\"[X:S1\\\"O~4\\\"9\\\"ri\\\"x\\\"*Qc\\\"C\u003ci6BHY\u0026sSk`!\\\"\\\"e\\\"vL\\\"D\\\"Y\\\"X\\\"l\u0026?\\\"P\\\"eaN)DS8r\\\"QgP\\\"Xii\\\"qIYubABVwnU_\\\"0UXg\\\"]\\\"(v\\\"HNQ\\\"hVw#\\\"$aq\u003cu\\\"ig3\\\"T\\\"\\\"T\\\"rzW\\\"\u003cX9j65\\\",]{e_\\\"#n\u0026\\\",m;\\\";N!Vw\\\"Pm+t\\\"f\\\"\\\"N\\\"Kbs\\\"q\\\"0\\\"$w4\\\"O5Q\\\"m2v+r(\\\"l!{o0jf\\\"\u003c\\\"\\\"o\\\"9Lb\\\"8\\\"K\\\"es,\\\"lFl\\\"e\u0026Cs \\\"z=yl\\\"M\\\"\\\"/ck\\\"6Xi\\\"Ru! CN\u003cd\\\"hV7\\\"Y\\\"%\\\"F]$\"}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 01 Apr 2025 20:05:59 GMT\r\ncontent-type: application/zip\r\ncontent-length: 6670697\r\nlast-modified: Sun, 16 Mar 2025 16:49:17 GMT\r\netag: \"65c969-6307873d47ba4\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=aXcxoFTLye64svTsdmw4UBT1Z6MAfgKakSVzI2R%2FOmu1fO2XhKBsREM%2FYAfNguSA209igNQEC3ZbOALtHtXDawPIBifW%2Fzfflzx4Lk%2BJ3Lt%2Bt8vDOpmFvFRRAHV1rFsy0Ubu2Q%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 929ab4587cbc0b45-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=6679\u0026min_rtt=525\u0026rtt_var=11468\u0026sent=8\u0026recv=12\u0026lost=0\u0026retrans=0\u0026sent_bytes=3208\u0026recv_bytes=1160\u0026delivery_rate=32556\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=a73a4b848420cfbd\u0026ts=385\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6670697,"size_decoded":0,"mime_type":"application/zip","magic":"Zip archive data, at least v1.0 to extract, compression method=store","md5":"9e13f47c9dde0731b6294c488687e1ca","sha1":"82519a3bbcdb046a0af252db9b784bbeb0f3d4fe","sha256":"1405d1dc59a334ec7970fa994d4b80049a38a2ff50eb36e1a26425d440aed98c","sha512":"138e2afdaf7dd415ce40e2591673a7bea975cabc552bcf458159732c341691585c316bf3ad4e34968c022be4e1841b7cc99dc5d367d9a16eeee41e2f5a8acf23","ssdeep":"196608:rjRHZUgYhWeVrvygC/n+CyCpAnfZon47BugpqUJ:rjRHmphWexygCPcCpAnfmn477pq6","tlshash":"ce6633b6ada089c9d12f173347f6b01543bc46d084948274d14c8a98ebfe66bb3c6ed7","first_seen":"2025-04-01T20:06:33.956307Z","last_seen":"2025-04-01T20:06:33.956307Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1767,"timings":{"blocked":130,"dns":1,"connect":2,"send":0,"wait":242,"receive":1242,"ssl":145},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}