{"report_id":"bb01f328-8dcf-4abb-b33d-5758da307cbf","version":6,"status":"done","tags":[],"date":"2025-05-27T16:53:14Z","url":{"schema":"http","addr":"simpleunlocker.ds1nc.ru/release/simpleunlocker_release.zip","fqdn":"simpleunlocker.ds1nc.ru","domain":"ds1nc.ru","tld":"ru"},"ip":{"addr":"172.67.129.68","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-05T16:53:14Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"simpleunlocker.ds1nc.ru","ip":{"addr":"104.21.1.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2022-10-10","domain_rank":0,"first_seen":"2022-10-19T15:55:30Z","last_seen":"2025-05-18T10:10:10.496202Z","alert_count":1,"request_count":1,"received_data":1095777,"sent_data":526,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"73689b4624afada0ed9e96d36ebd49d9","sha1":"bb37634ab933864c0c188e48431c926631fffcdc","sha256":"d60555269a7aba90ed5826f2d9ad4d71a7ae02e455cdfe72da46af824e51c768","sha512":"e15296c8197136c2ca038176278c237ecee5658452eadc3dc03c60b0772fa0b3cc17c84b753ecb74625a8db551fd1959f4bf2a9547b84064496d28e36628fcc1","magic":"Zip archive data, at least v2.0 to extract, compression method=store","size":1095038,"url":{"schema":"https","addr":"simpleunlocker.ds1nc.ru/release/simpleunlocker_release.zip","fqdn":"simpleunlocker.ds1nc.ru","domain":"ds1nc.ru","tld":"ru"},"ip":{"addr":"104.21.1.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"simpleunlocker_release/bin/AntiGDI.dll","filename":"AntiGDI.dll","modified":"2024-07-01T18:50:55+07:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":22016,"md5":"16168fd88cf4851f75d287cc86913669","sha1":"d32e10ad055f9d24919a2f5688490b02d9f2484a","sha256":"644b699e988e3fbe6e0277659799997054f7db1ef1c8f923444ddfc87f325529","sha512":"9e5df9958e3f91494358c0e8a65367dd25987797f1f20c0c7238dcb33a18087fd9169096bfa8125a85d54d78da45433fe54fe6f218da4104d7dd4202cb242e53","alerts":{"urlquery":null,"analyzer":null}},{"path":"simpleunlocker_release/bin/AntiGDI_Injector.exe","filename":"AntiGDI_Injector.exe","modified":"2024-07-01T18:50:55+07:00","Modified":"","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":7168,"md5":"9505f2e3a19ef13a437d4d403b0242df","sha1":"237b22764c7fa387d8e9e4a97fc7467d17ea3c7f","sha256":"96c54111b24ca7936a883cd2ead040cc8451fe8d3c0ff61a78303f79eba7d20e","sha512":"589e71bbe7f93bf0578779b16d2f713155c83b5b3a36f74dc6e71e90fd57b0ee2250c7022f4c8246b617cc62198655c47bebb4df4f1dce3b383a7b85a7c2ae7e","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-10","alert":"Scan result 1/72","trigger":"96c54111b24ca7936a883cd2ead040cc8451fe8d3c0ff61a78303f79eba7d20e","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/96c54111b24ca7936a883cd2ead040cc8451fe8d3c0ff61a78303f79eba7d20e","meta":null}]}},{"path":"simpleunlocker_release/bin/EasyHook.dll","filename":"EasyHook.dll","modified":"2018-08-03T15:59:30+07:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":52224,"md5":"e1ac4719026481231aa7fea8b4370df3","sha1":"a8a462f57e893ea37282a8ea6038a3f70048b9c2","sha256":"8267ea2acb222dad150199a6c2a3280b4b6cf8a85d7208bf0134719743d47256","sha512":"abb1ca254f15487e4aef77bca9d01d928643c2d40131918c2515fbc50ce13a4fcb916ac7e71d6400611900189700e670f5ac4dec79f0603e086693ae0a482c68","alerts":{"urlquery":null,"analyzer":null}},{"path":"simpleunlocker_release/bin/EasyHook32.dll","filename":"EasyHook32.dll","modified":"2023-01-09T23:41:20+07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":268800,"md5":"96e29840ab54b7098f7c473751a64be4","sha1":"a0c049e48242279a3590849d9e7025d7792b7484","sha256":"1469b54d8c0b8abf370c357d518b2bb68f51b7d49278e5ee2444aa2ea3180fda","sha512":"73dfa8778ec5acc9e95014cf0e4c638847815f7c050c710bef2dc3e42a63772346adc32d4adb0fa2418fc7f3c22c45ce79420d0bf4ab44389dc2c9b74f587d47","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-22","alert":"Scan result 1/71","trigger":"1469b54d8c0b8abf370c357d518b2bb68f51b7d49278e5ee2444aa2ea3180fda","verdict":"suspicious","severity":"","comment":"suspicious - 1/71","link":"https://www.virustotal.com/gui/file/1469b54d8c0b8abf370c357d518b2bb68f51b7d49278e5ee2444aa2ea3180fda","meta":null}]}},{"path":"simpleunlocker_release/bin/EasyHook32Svc.exe","filename":"EasyHook32Svc.exe","modified":"2023-01-09T23:41:20+07:00","Modified":"","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":8192,"md5":"62e4b079910db4c8f7435e99ec55d513","sha1":"91006067a3527787d7087c1bd0a27a4d1ad76442","sha256":"39361867b97155b16fe6f16f77b50b97b00393e16e0c23fad8d2e34adb72c8db","sha512":"af3b4446aeba117c03f218b9cb8510f8f3eb0e1d78873eadec042c04387ee4aa5af93d3f66c43115a5a44d7344b192ca57c7f7415c9d88ee0117657620f8bc3e","alerts":{"urlquery":null,"analyzer":null}},{"path":"simpleunlocker_release/bin/EasyHook64.dll","filename":"EasyHook64.dll","modified":"2023-01-09T23:41:20+07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":310272,"md5":"0f1d903e83d1e2fa71a1f957e4a32fd2","sha1":"e3108b67398e4a07a249e1ceb9187458af46d3ad","sha256":"14fbd6b2aa138c279dbcfe592388cbe22d6b261431dd03dedff01277668b0cc3","sha512":"cd1b71bbd8ce95fd06e88750d4fb6e6a8f1413e983bdda8a4c61936cdb9258bcbe1acb2defac86bf56348baf2397409ec2330d96db2077cbee4d452cd393342b","alerts":{"urlquery":null,"analyzer":null}},{"path":"simpleunlocker_release/bin/EasyHook64Svc.exe","filename":"EasyHook64Svc.exe","modified":"2023-01-09T23:41:20+07:00","Modified":"","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":8192,"md5":"8352ad23d90fc8d982fe0fb4ce03ca77","sha1":"ac9d8565f20410118f8d4348469ec22cbb885a24","sha256":"76ae3da1149711aabeda64195e87b1049a58dee6e625ae0688db4596b516c684","sha512":"cea2a4e697bf096af7cad0491e8bff9252baca8eb177c7145be741bde1fb8892b4ecc9dfa08e73ecbb1e055a6ef3fb161d5affcb6f4498060c9213cd73b37722","alerts":{"urlquery":null,"analyzer":null}},{"path":"simpleunlocker_release/bin/EasyLoad32.dll","filename":"EasyLoad32.dll","modified":"2023-01-09T23:41:19+07:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 4 sections","size":7680,"md5":"8dcecd41d98bb951f9e6a2a24c1aa4e1","sha1":"f958af6a15aff9750ffe740e59a654b16abb815d","sha256":"ad26b4df8a73ebdbc526a6940c7a286965fdf4d4b2be72d10bb73e7c88f55e68","sha512":"b27f25b0f59df2f6c579f934fe04a5e1f538602d46c77095e82eab9949df945aac80cae49f2a137fb1e6b525803822171b19e5a345928d9e613872ec973dcd1f","alerts":{"urlquery":null,"analyzer":null}},{"path":"simpleunlocker_release/bin/EasyLoad64.dll","filename":"EasyLoad64.dll","modified":"2023-01-09T23:41:19+07:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows, 4 sections","size":7680,"md5":"bfae38591215e8c2161795219a57135c","sha1":"c5366a86cf70a6dfb5d197618b7b2ca53a42578c","sha256":"960c791d60da56641cea12f4ae5c764e28ccbfb736854a8efd5065152064c52d","sha512":"7e6aa1a6b65792d8c2bc31aad53cb2b2db520adeb3efbb9f2dc4efb63254ad20d3c9700c40ebd36ecf4b63435512ab4c24e87560e0761d86965c893e512be8fc","alerts":{"urlquery":null,"analyzer":null}},{"path":"simpleunlocker_release/bin/su_updater.exe","filename":"su_updater.exe","modified":"2024-07-01T18:50:56+07:00","Modified":"","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":219648,"md5":"4273a495e9cac52adf54d133b86bd236","sha1":"c38e51b78bc768cf06b34d6a72323b08a3416f34","sha256":"19ad20c7f4b426d1ef6db5dff33a5e570e2efbe7d5f5938cee09b76754a80614","sha512":"a3ec6146442369d8eba25fe0ca9e4daff42268631dd3b7aed6ed30f71d925c8167481481315344f21caefa9903bd697840059b27cc2abe345c286c740f9e978d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-04-06","alert":"Scan result 8/72","trigger":"19ad20c7f4b426d1ef6db5dff33a5e570e2efbe7d5f5938cee09b76754a80614","verdict":"suspicious","severity":"","comment":"suspicious - 8/72","link":"https://www.virustotal.com/gui/file/19ad20c7f4b426d1ef6db5dff33a5e570e2efbe7d5f5938cee09b76754a80614","meta":null}]}},{"path":"simpleunlocker_release/ReadMe.txt","filename":"ReadMe.txt","modified":"2024-07-01T20:30:31+07:00","Modified":"","magic":"Unicode text, UTF-8 text, with CRLF line terminators","size":3535,"md5":"da818edcdadbcf5b0a1c264390d9e8ae","sha1":"e8285a09c7255d67e713ce97b7557a53ef81cde1","sha256":"27c2298919d915f3cbd6568abd4ef7875170a4498b5db0022c1e903ce74fa98c","sha512":"6e5bde877d9f1c9ebe6d32b9564f282ca079b2cbc29983a6fd2ffc15182a86b613c43d4d01180c36efac9e20a9b9eb896e1801f90169af86edb5d127c98aaeaf","alerts":{"urlquery":null,"analyzer":null}},{"path":"simpleunlocker_release/SU.exe","filename":"SU.exe","modified":"2024-07-01T20:26:56+07:00","Modified":"","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":1249280,"md5":"9511c17b84820a6cc8454b8671cfed6d","sha1":"7b28df51e108091736875dfb1a180717001b5fb8","sha256":"8026210881cef9f0998fe3f338f35ac3b1ff92d6a794776cdc995d5df37ef70c","sha512":"3a0b5d018ef94c09fcfd30976a7cf16efeca770fd7eff98cc2a619bd30ee120cf157b784a266372eb348f16e29909841ada8acaffdad910243a7c7aa6c2893d5","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-19","alert":"Scan result 9/72","trigger":"8026210881cef9f0998fe3f338f35ac3b1ff92d6a794776cdc995d5df37ef70c","verdict":"suspicious","severity":"","comment":"suspicious - 9/72","link":"https://www.virustotal.com/gui/file/8026210881cef9f0998fe3f338f35ac3b1ff92d6a794776cdc995d5df37ef70c","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-21","alert":"Scan result 8/67","trigger":"d60555269a7aba90ed5826f2d9ad4d71a7ae02e455cdfe72da46af824e51c768","verdict":"suspicious","severity":"","comment":"suspicious - 8/67","link":"https://www.virustotal.com/gui/file/d60555269a7aba90ed5826f2d9ad4d71a7ae02e455cdfe72da46af824e51c768","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"73689b4624afada0ed9e96d36ebd49d9","sha1":"bb37634ab933864c0c188e48431c926631fffcdc","sha256":"d60555269a7aba90ed5826f2d9ad4d71a7ae02e455cdfe72da46af824e51c768","sha512":"e15296c8197136c2ca038176278c237ecee5658452eadc3dc03c60b0772fa0b3cc17c84b753ecb74625a8db551fd1959f4bf2a9547b84064496d28e36628fcc1","magic":"Zip archive data, at least v2.0 to extract, compression method=store","size":1095038,"url":{"schema":"https","addr":"simpleunlocker.ds1nc.ru/release/simpleunlocker_release.zip","fqdn":"simpleunlocker.ds1nc.ru","domain":"ds1nc.ru","tld":"ru"},"ip":{"addr":"104.21.1.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"simpleunlocker_release/bin/AntiGDI.dll","filename":"AntiGDI.dll","modified":"2024-07-01T18:50:55+07:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":22016,"md5":"16168fd88cf4851f75d287cc86913669","sha1":"d32e10ad055f9d24919a2f5688490b02d9f2484a","sha256":"644b699e988e3fbe6e0277659799997054f7db1ef1c8f923444ddfc87f325529","sha512":"9e5df9958e3f91494358c0e8a65367dd25987797f1f20c0c7238dcb33a18087fd9169096bfa8125a85d54d78da45433fe54fe6f218da4104d7dd4202cb242e53","alerts":{"urlquery":null,"analyzer":null}},{"path":"simpleunlocker_release/bin/AntiGDI_Injector.exe","filename":"AntiGDI_Injector.exe","modified":"2024-07-01T18:50:55+07:00","Modified":"","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":7168,"md5":"9505f2e3a19ef13a437d4d403b0242df","sha1":"237b22764c7fa387d8e9e4a97fc7467d17ea3c7f","sha256":"96c54111b24ca7936a883cd2ead040cc8451fe8d3c0ff61a78303f79eba7d20e","sha512":"589e71bbe7f93bf0578779b16d2f713155c83b5b3a36f74dc6e71e90fd57b0ee2250c7022f4c8246b617cc62198655c47bebb4df4f1dce3b383a7b85a7c2ae7e","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-10","alert":"Scan result 1/72","trigger":"96c54111b24ca7936a883cd2ead040cc8451fe8d3c0ff61a78303f79eba7d20e","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/96c54111b24ca7936a883cd2ead040cc8451fe8d3c0ff61a78303f79eba7d20e","meta":null}]}},{"path":"simpleunlocker_release/bin/EasyHook.dll","filename":"EasyHook.dll","modified":"2018-08-03T15:59:30+07:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":52224,"md5":"e1ac4719026481231aa7fea8b4370df3","sha1":"a8a462f57e893ea37282a8ea6038a3f70048b9c2","sha256":"8267ea2acb222dad150199a6c2a3280b4b6cf8a85d7208bf0134719743d47256","sha512":"abb1ca254f15487e4aef77bca9d01d928643c2d40131918c2515fbc50ce13a4fcb916ac7e71d6400611900189700e670f5ac4dec79f0603e086693ae0a482c68","alerts":{"urlquery":null,"analyzer":null}},{"path":"simpleunlocker_release/bin/EasyHook32.dll","filename":"EasyHook32.dll","modified":"2023-01-09T23:41:20+07:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":268800,"md5":"96e29840ab54b7098f7c473751a64be4","sha1":"a0c049e48242279a3590849d9e7025d7792b7484","sha256":"1469b54d8c0b8abf370c357d518b2bb68f51b7d49278e5ee2444aa2ea3180fda","sha512":"73dfa8778ec5acc9e95014cf0e4c638847815f7c050c710bef2dc3e42a63772346adc32d4adb0fa2418fc7f3c22c45ce79420d0bf4ab44389dc2c9b74f587d47","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-22","alert":"Scan result 1/71","trigger":"1469b54d8c0b8abf370c357d518b2bb68f51b7d49278e5ee2444aa2ea3180fda","verdict":"suspicious","severity":"","comment":"suspicious - 1/71","link":"https://www.virustotal.com/gui/file/1469b54d8c0b8abf370c357d518b2bb68f51b7d49278e5ee2444aa2ea3180fda","meta":null}]}},{"path":"simpleunlocker_release/bin/EasyHook32Svc.exe","filename":"EasyHook32Svc.exe","modified":"2023-01-09T23:41:20+07:00","Modified":"","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":8192,"md5":"62e4b079910db4c8f7435e99ec55d513","sha1":"91006067a3527787d7087c1bd0a27a4d1ad76442","sha256":"39361867b97155b16fe6f16f77b50b97b00393e16e0c23fad8d2e34adb72c8db","sha512":"af3b4446aeba117c03f218b9cb8510f8f3eb0e1d78873eadec042c04387ee4aa5af93d3f66c43115a5a44d7344b192ca57c7f7415c9d88ee0117657620f8bc3e","alerts":{"urlquery":null,"analyzer":null}},{"path":"simpleunlocker_release/bin/EasyHook64.dll","filename":"EasyHook64.dll","modified":"2023-01-09T23:41:20+07:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":310272,"md5":"0f1d903e83d1e2fa71a1f957e4a32fd2","sha1":"e3108b67398e4a07a249e1ceb9187458af46d3ad","sha256":"14fbd6b2aa138c279dbcfe592388cbe22d6b261431dd03dedff01277668b0cc3","sha512":"cd1b71bbd8ce95fd06e88750d4fb6e6a8f1413e983bdda8a4c61936cdb9258bcbe1acb2defac86bf56348baf2397409ec2330d96db2077cbee4d452cd393342b","alerts":{"urlquery":null,"analyzer":null}},{"path":"simpleunlocker_release/bin/EasyHook64Svc.exe","filename":"EasyHook64Svc.exe","modified":"2023-01-09T23:41:20+07:00","Modified":"","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":8192,"md5":"8352ad23d90fc8d982fe0fb4ce03ca77","sha1":"ac9d8565f20410118f8d4348469ec22cbb885a24","sha256":"76ae3da1149711aabeda64195e87b1049a58dee6e625ae0688db4596b516c684","sha512":"cea2a4e697bf096af7cad0491e8bff9252baca8eb177c7145be741bde1fb8892b4ecc9dfa08e73ecbb1e055a6ef3fb161d5affcb6f4498060c9213cd73b37722","alerts":{"urlquery":null,"analyzer":null}},{"path":"simpleunlocker_release/bin/EasyLoad32.dll","filename":"EasyLoad32.dll","modified":"2023-01-09T23:41:19+07:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 4 sections","size":7680,"md5":"8dcecd41d98bb951f9e6a2a24c1aa4e1","sha1":"f958af6a15aff9750ffe740e59a654b16abb815d","sha256":"ad26b4df8a73ebdbc526a6940c7a286965fdf4d4b2be72d10bb73e7c88f55e68","sha512":"b27f25b0f59df2f6c579f934fe04a5e1f538602d46c77095e82eab9949df945aac80cae49f2a137fb1e6b525803822171b19e5a345928d9e613872ec973dcd1f","alerts":{"urlquery":null,"analyzer":null}},{"path":"simpleunlocker_release/bin/EasyLoad64.dll","filename":"EasyLoad64.dll","modified":"2023-01-09T23:41:19+07:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows, 4 sections","size":7680,"md5":"bfae38591215e8c2161795219a57135c","sha1":"c5366a86cf70a6dfb5d197618b7b2ca53a42578c","sha256":"960c791d60da56641cea12f4ae5c764e28ccbfb736854a8efd5065152064c52d","sha512":"7e6aa1a6b65792d8c2bc31aad53cb2b2db520adeb3efbb9f2dc4efb63254ad20d3c9700c40ebd36ecf4b63435512ab4c24e87560e0761d86965c893e512be8fc","alerts":{"urlquery":null,"analyzer":null}},{"path":"simpleunlocker_release/bin/su_updater.exe","filename":"su_updater.exe","modified":"2024-07-01T18:50:56+07:00","Modified":"","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":219648,"md5":"4273a495e9cac52adf54d133b86bd236","sha1":"c38e51b78bc768cf06b34d6a72323b08a3416f34","sha256":"19ad20c7f4b426d1ef6db5dff33a5e570e2efbe7d5f5938cee09b76754a80614","sha512":"a3ec6146442369d8eba25fe0ca9e4daff42268631dd3b7aed6ed30f71d925c8167481481315344f21caefa9903bd697840059b27cc2abe345c286c740f9e978d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-04-06","alert":"Scan result 8/72","trigger":"19ad20c7f4b426d1ef6db5dff33a5e570e2efbe7d5f5938cee09b76754a80614","verdict":"suspicious","severity":"","comment":"suspicious - 8/72","link":"https://www.virustotal.com/gui/file/19ad20c7f4b426d1ef6db5dff33a5e570e2efbe7d5f5938cee09b76754a80614","meta":null}]}},{"path":"simpleunlocker_release/ReadMe.txt","filename":"ReadMe.txt","modified":"2024-07-01T20:30:31+07:00","Modified":"","magic":"Unicode text, UTF-8 text, with CRLF line terminators","size":3535,"md5":"da818edcdadbcf5b0a1c264390d9e8ae","sha1":"e8285a09c7255d67e713ce97b7557a53ef81cde1","sha256":"27c2298919d915f3cbd6568abd4ef7875170a4498b5db0022c1e903ce74fa98c","sha512":"6e5bde877d9f1c9ebe6d32b9564f282ca079b2cbc29983a6fd2ffc15182a86b613c43d4d01180c36efac9e20a9b9eb896e1801f90169af86edb5d127c98aaeaf","alerts":{"urlquery":null,"analyzer":null}},{"path":"simpleunlocker_release/SU.exe","filename":"SU.exe","modified":"2024-07-01T20:26:56+07:00","Modified":"","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":1249280,"md5":"9511c17b84820a6cc8454b8671cfed6d","sha1":"7b28df51e108091736875dfb1a180717001b5fb8","sha256":"8026210881cef9f0998fe3f338f35ac3b1ff92d6a794776cdc995d5df37ef70c","sha512":"3a0b5d018ef94c09fcfd30976a7cf16efeca770fd7eff98cc2a619bd30ee120cf157b784a266372eb348f16e29909841ada8acaffdad910243a7c7aa6c2893d5","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-19","alert":"Scan result 9/72","trigger":"8026210881cef9f0998fe3f338f35ac3b1ff92d6a794776cdc995d5df37ef70c","verdict":"suspicious","severity":"","comment":"suspicious - 9/72","link":"https://www.virustotal.com/gui/file/8026210881cef9f0998fe3f338f35ac3b1ff92d6a794776cdc995d5df37ef70c","meta":null}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-21","alert":"Scan result 8/67","trigger":"d60555269a7aba90ed5826f2d9ad4d71a7ae02e455cdfe72da46af824e51c768","verdict":"suspicious","severity":"","comment":"suspicious - 8/67","link":"https://www.virustotal.com/gui/file/d60555269a7aba90ed5826f2d9ad4d71a7ae02e455cdfe72da46af824e51c768","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"simpleunlocker.ds1nc.ru/release/simpleunlocker_release.zip","fqdn":"simpleunlocker.ds1nc.ru","domain":"ds1nc.ru","tld":"ru"},"ip":{"addr":"104.21.1.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-05-27T16:52:42.074Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ds1nc.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 17 May 2025 08:51:07 GMT","end":"Fri, 15 Aug 2025 09:49:42 GMT"},"fingerprint":{"sha1":"FA:2A:FC:22:4B:9B:6F:7D:EF:FE:AC:5B:8A:D2:6F:C0:7F:3C:D6:98","sha256":"97:29:00:EA:19:96:1B:26:D5:0D:1E:0D:37:FE:19:3A:BF:37:DE:D3:F8:94:BA:24:96:DF:B3:8E:B2:28:43:6C"}}},"request":{"raw":"GET /release/simpleunlocker_release.zip HTTP/1.1\r\nHost: simpleunlocker.ds1nc.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 27 May 2025 16:52:42 GMT\r\ncontent-type: application/zip\r\ncontent-length: 1095038\r\nserver: cloudflare\r\nlast-modified: Mon, 01 Jul 2024 14:18:35 GMT\r\netag: \"6682babb-10b57e\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public, must-revalidate\r\naccept-ranges: bytes\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Vy93p6Kn7CfmzCWOthiWyKrCKtMZfoz9xVAlBG334b6RX%2BGBNIZ2mTZWbWMrKOfYqcJsuje%2FNg2T%2F%2B500SriI2PC0Rdqbww0e9o2IMjMd7JW8blvCg%3D%3D\"}]}\r\ncf-ray: 946706335f560b3d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1095038,"size_decoded":0,"mime_type":"application/zip","magic":"Zip archive data, at least v2.0 to extract, compression method=store","md5":"73689b4624afada0ed9e96d36ebd49d9","sha1":"bb37634ab933864c0c188e48431c926631fffcdc","sha256":"d60555269a7aba90ed5826f2d9ad4d71a7ae02e455cdfe72da46af824e51c768","sha512":"e15296c8197136c2ca038176278c237ecee5658452eadc3dc03c60b0772fa0b3cc17c84b753ecb74625a8db551fd1959f4bf2a9547b84064496d28e36628fcc1","ssdeep":"24576:8+FC84VT/W2aJLq//5Pb9GHC+31ZyEjz7NhrWQKUc8Sqiv3/Ns0:8L3Vjv2Ls/5z9GTlZj7OQKUc8S7lD","tlshash":"b33533a67b5f442ded1a6f322610bb2356b129f7c947105deb92b3b2090cebf4061de4","first_seen":"2024-07-17T17:40:14Z","last_seen":"2025-05-29T14:44:19.033905Z","times_seen":9,"resource_available":false,"data":null}},"time_used":636,"timings":{"blocked":67,"dns":12,"connect":6,"send":0,"wait":296,"receive":206,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-05-21","alert":"Scan result 8/67","trigger":"d60555269a7aba90ed5826f2d9ad4d71a7ae02e455cdfe72da46af824e51c768","verdict":"suspicious","severity":"","comment":"suspicious - 8/67","link":"https://www.virustotal.com/gui/file/d60555269a7aba90ed5826f2d9ad4d71a7ae02e455cdfe72da46af824e51c768","meta":null}],"urlquery":null}}]}