{"report_id":"84e1aed4-4e84-4d6f-b8b7-5372e914f5e1","version":6,"status":"done","tags":[],"date":"2025-05-04T19:20:06Z","url":{"schema":"http","addr":"wiki.vrpirates.club/downloads/rookie/rookie_2.34.1_portable.zip","fqdn":"wiki.vrpirates.club","domain":"vrpirates.club","tld":"club"},"ip":{"addr":"185.247.224.87","port":0,"asn":200651,"as":"FlokiNET ehf","country":"Romania","country_code":"RO"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-07-13T19:20:05Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"wiki.vrpirates.club","ip":{"addr":"185.247.224.87","port":443,"asn":200651,"as":"FlokiNET ehf","country":"Romania","country_code":"RO"},"domain_registered":"2020-07-22","domain_rank":0,"first_seen":"2021-10-26T02:47:59Z","last_seen":"2025-05-01T06:26:09.87671Z","alert_count":1,"request_count":1,"received_data":1240442,"sent_data":531,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"f036fcdb20b031d103ddc48a7d4e3fde","sha1":"1122163c4df062887a6943826ed5213242200306","sha256":"a329b31b2fda9f72c907b2688f6ee6d64b2e1a9a0d8efd186b3d64b930550800","sha512":"c0f41b1f7b7f5c249cb6c5f212cd9045bc609b34f1f834e4e596886cff2dd1e525655c502dc6689132899150f0e4d3978be28763c4e7e6fbd93cf9ad62f31728","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":1239996,"url":{"schema":"https","addr":"wiki.vrpirates.club/downloads/rookie/rookie_2.34.1_portable.zip","fqdn":"wiki.vrpirates.club","domain":"vrpirates.club","tld":"club"},"ip":{"addr":"185.247.224.87","port":443,"asn":200651,"as":"FlokiNET ehf","country":"Romania","country_code":"RO"},"archive":[{"path":"Rookie Offline.cmd","filename":"Rookie Offline.cmd","modified":"2024-07-16T13:27:45+02:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":190,"md5":"83b85f3a19c77666117db1dfbbfd782b","sha1":"0003469b6abb4575708d089da7d3c8137e350050","sha256":"5286fc09cbbc098a5da63096676b180bd7fd28dcd96a79f41f4d92784cc262d1","sha512":"f5aec8e0d2c46d174d9c7ede9795b57b555f6a2504ecb14e3d476cd0f949c2fa86058edb77cc7b16e3359dccbfdd945481e4a95022157ae703923977ad955513","alerts":{"urlquery":null,"analyzer":null}},{"path":"AddDefenderExceptions.ps1","filename":"AddDefenderExceptions.ps1","modified":"2025-02-22T15:31:09+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":2688,"md5":"598164f06f8abd143a91d20c0562eb93","sha1":"faaa6d361d5fbd91b8b47b6cbac5e2878ee1fb5d","sha256":"a8cdb6d8b436ddca50fcb94f6a6118e6d3b7f01288f15c676d941ebffde76c37","sha512":"ce85aee218d023a2ef2d797c47de349850d31f4a2753f9070f0e58878338cbe9b42a8db9db3fcc247020bbafded853062743f61bf07c711cbab717b213b9db8d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-04","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"AddDefenderExceptions.ps1","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}}]}},{"path":"CleanupInstall.cmd","filename":"CleanupInstall.cmd","modified":"2024-12-30T13:39:57+01:00","Modified":"","magic":"DOS batch file, ASCII text, with CRLF line terminators","size":627,"md5":"9ae44cebbde4f44c27801bbf93494c1d","sha1":"cdcec49868904ae1af76fd6fd92e93c066da6f93","sha256":"57fc69317de4e7b75a6d45c6037572738f6b48766a6c0d8a47a4f4a4cc533281","sha512":"4f6280da198f2a7852531bf62e2cb3d67bd37ac93408fd2caef46273746f16a7375dbb6a5b5d1ffa254c7c69152e6c784414093672b048601ee478990b2f579b","alerts":{"urlquery":null,"analyzer":null}},{"path":"AndroidSideloader.exe","filename":"AndroidSideloader.exe","modified":"2025-04-13T11:38:28Z","Modified":"","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":4401664,"md5":"552e9c39473ca27a5de66ab0c87aceaa","sha1":"d5ddb02a112b2233074ee257c5cc15c711b09291","sha256":"5fbec60b550076e3436ab83683211f3db39eee46bd14139a18a36b79f929f67e","sha512":"83fb562bfb8712c14d35965eabe3b667b51171e4e9a30113e21f5a5b06f79557b8d4e02d867031955d46b64f7e8bc0062010e8252b040da088e6f02b50907650","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-02","alert":"Scan result 37/71","trigger":"5fbec60b550076e3436ab83683211f3db39eee46bd14139a18a36b79f929f67e","verdict":"malicious","severity":"","comment":"malicious - 37/71","link":"https://www.virustotal.com/gui/file/5fbec60b550076e3436ab83683211f3db39eee46bd14139a18a36b79f929f67e","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-04","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"AddDefenderExceptions.ps1","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-04-30","alert":"Scan result 35/65","trigger":"a329b31b2fda9f72c907b2688f6ee6d64b2e1a9a0d8efd186b3d64b930550800","verdict":"malicious","severity":"","comment":"malicious - 35/65","link":"https://www.virustotal.com/gui/file/a329b31b2fda9f72c907b2688f6ee6d64b2e1a9a0d8efd186b3d64b930550800","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"f036fcdb20b031d103ddc48a7d4e3fde","sha1":"1122163c4df062887a6943826ed5213242200306","sha256":"a329b31b2fda9f72c907b2688f6ee6d64b2e1a9a0d8efd186b3d64b930550800","sha512":"c0f41b1f7b7f5c249cb6c5f212cd9045bc609b34f1f834e4e596886cff2dd1e525655c502dc6689132899150f0e4d3978be28763c4e7e6fbd93cf9ad62f31728","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":1239996,"url":{"schema":"https","addr":"wiki.vrpirates.club/downloads/rookie/rookie_2.34.1_portable.zip","fqdn":"wiki.vrpirates.club","domain":"vrpirates.club","tld":"club"},"ip":{"addr":"185.247.224.87","port":443,"asn":200651,"as":"FlokiNET ehf","country":"Romania","country_code":"RO"},"archive":[{"path":"Rookie Offline.cmd","filename":"Rookie Offline.cmd","modified":"2024-07-16T13:27:45+02:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":190,"md5":"83b85f3a19c77666117db1dfbbfd782b","sha1":"0003469b6abb4575708d089da7d3c8137e350050","sha256":"5286fc09cbbc098a5da63096676b180bd7fd28dcd96a79f41f4d92784cc262d1","sha512":"f5aec8e0d2c46d174d9c7ede9795b57b555f6a2504ecb14e3d476cd0f949c2fa86058edb77cc7b16e3359dccbfdd945481e4a95022157ae703923977ad955513","alerts":{"urlquery":null,"analyzer":null}},{"path":"AddDefenderExceptions.ps1","filename":"AddDefenderExceptions.ps1","modified":"2025-02-22T15:31:09+01:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":2688,"md5":"598164f06f8abd143a91d20c0562eb93","sha1":"faaa6d361d5fbd91b8b47b6cbac5e2878ee1fb5d","sha256":"a8cdb6d8b436ddca50fcb94f6a6118e6d3b7f01288f15c676d941ebffde76c37","sha512":"ce85aee218d023a2ef2d797c47de349850d31f4a2753f9070f0e58878338cbe9b42a8db9db3fcc247020bbafded853062743f61bf07c711cbab717b213b9db8d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-04","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"AddDefenderExceptions.ps1","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}}]}},{"path":"CleanupInstall.cmd","filename":"CleanupInstall.cmd","modified":"2024-12-30T13:39:57+01:00","Modified":"","magic":"DOS batch file, ASCII text, with CRLF line terminators","size":627,"md5":"9ae44cebbde4f44c27801bbf93494c1d","sha1":"cdcec49868904ae1af76fd6fd92e93c066da6f93","sha256":"57fc69317de4e7b75a6d45c6037572738f6b48766a6c0d8a47a4f4a4cc533281","sha512":"4f6280da198f2a7852531bf62e2cb3d67bd37ac93408fd2caef46273746f16a7375dbb6a5b5d1ffa254c7c69152e6c784414093672b048601ee478990b2f579b","alerts":{"urlquery":null,"analyzer":null}},{"path":"AndroidSideloader.exe","filename":"AndroidSideloader.exe","modified":"2025-04-13T11:38:28Z","Modified":"","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":4401664,"md5":"552e9c39473ca27a5de66ab0c87aceaa","sha1":"d5ddb02a112b2233074ee257c5cc15c711b09291","sha256":"5fbec60b550076e3436ab83683211f3db39eee46bd14139a18a36b79f929f67e","sha512":"83fb562bfb8712c14d35965eabe3b667b51171e4e9a30113e21f5a5b06f79557b8d4e02d867031955d46b64f7e8bc0062010e8252b040da088e6f02b50907650","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-02","alert":"Scan result 37/71","trigger":"5fbec60b550076e3436ab83683211f3db39eee46bd14139a18a36b79f929f67e","verdict":"malicious","severity":"","comment":"malicious - 37/71","link":"https://www.virustotal.com/gui/file/5fbec60b550076e3436ab83683211f3db39eee46bd14139a18a36b79f929f67e","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-05-04","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"AddDefenderExceptions.ps1","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-04-30","alert":"Scan result 35/65","trigger":"a329b31b2fda9f72c907b2688f6ee6d64b2e1a9a0d8efd186b3d64b930550800","verdict":"malicious","severity":"","comment":"malicious - 35/65","link":"https://www.virustotal.com/gui/file/a329b31b2fda9f72c907b2688f6ee6d64b2e1a9a0d8efd186b3d64b930550800","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"wiki.vrpirates.club/downloads/rookie/rookie_2.34.1_portable.zip","fqdn":"wiki.vrpirates.club","domain":"vrpirates.club","tld":"club"},"ip":{"addr":"185.247.224.87","port":443,"asn":200651,"as":"FlokiNET ehf","country":"Romania","country_code":"RO"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-04T19:19:33.240Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wiki.vrpirates.club","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Tue, 01 Apr 2025 00:00:00 GMT","end":"Mon, 30 Jun 2025 23:59:59 GMT"},"fingerprint":{"sha1":"4B:7F:E2:C5:8A:5E:0C:B5:35:29:2B:4E:8F:FF:99:7C:6F:77:92:A8","sha256":"58:64:94:FA:32:16:44:CF:1B:4A:21:9E:57:E2:B0:59:1D:D4:4C:B3:B6:39:CD:71:6B:0B:93:49:1D:70:11:08"}}},"request":{"raw":"GET /downloads/rookie/rookie_2.34.1_portable.zip HTTP/1.1\r\nHost: wiki.vrpirates.club\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-ua-compatible: IE=edge\r\ncontent-language: en\r\ncontent-disposition: attachment; filename=rookie_2.34.1_portable.zip\r\ncontent-type: application/zip\r\naccept-ranges: bytes\r\ncache-control: public, max-age=0\r\nlast-modified: Sun, 13 Apr 2025 09:40:01 GMT\r\netag: W/\"12ebbc-1962e852b69\"\r\ncontent-length: 1239996\r\ndate: Sun, 04 May 2025 19:19:33 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1239996,"size_decoded":0,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"f036fcdb20b031d103ddc48a7d4e3fde","sha1":"1122163c4df062887a6943826ed5213242200306","sha256":"a329b31b2fda9f72c907b2688f6ee6d64b2e1a9a0d8efd186b3d64b930550800","sha512":"c0f41b1f7b7f5c249cb6c5f212cd9045bc609b34f1f834e4e596886cff2dd1e525655c502dc6689132899150f0e4d3978be28763c4e7e6fbd93cf9ad62f31728","ssdeep":"24576:sEmcQbN+tx7S69X2mRoHb2aAy4waMNggIqjTLlGGdc4HJAOH74M:stN+tlvhZWH5AywgIqJBdc4HJAOH74M","tlshash":"95453348edfe1879c842967b3163033578e4b87ab7a2bfb595c133d924b1a6368c7047","first_seen":"2025-04-14T10:39:59.595078Z","last_seen":"2025-05-28T15:11:45.416881Z","times_seen":12,"resource_available":false,"data":null}},"time_used":1224,"timings":{"blocked":399,"dns":5,"connect":54,"send":0,"wait":102,"receive":324,"ssl":334},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-04-30","alert":"Scan result 35/65","trigger":"a329b31b2fda9f72c907b2688f6ee6d64b2e1a9a0d8efd186b3d64b930550800","verdict":"malicious","severity":"","comment":"malicious - 35/65","link":"https://www.virustotal.com/gui/file/a329b31b2fda9f72c907b2688f6ee6d64b2e1a9a0d8efd186b3d64b930550800","meta":null}],"urlquery":null}}]}