{"report_id":"fbbf323f-b88b-4a8f-8d2b-c5f70962bf82","version":6,"status":"done","tags":[],"date":"2025-04-01T20:06:12Z","url":{"schema":"http","addr":"mms.alliedmods.net/mmsdrop/2.0/mmsource-2.0.0-git1328-windows.zip","fqdn":"mms.alliedmods.net","domain":"alliedmods.net","tld":"net"},"ip":{"addr":"104.26.9.106","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-10T20:06:10Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"mms.alliedmods.net","ip":{"addr":"104.26.9.106","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2005-10-08","domain_rank":0,"first_seen":"2015-06-26T09:53:33Z","last_seen":"2025-04-01T20:06:02.222033Z","alert_count":0,"request_count":1,"received_data":5650122,"sent_data":533,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"4174d263bf283c0564e2c1a8c37fbdd2","sha1":"778e5d992a1f7d37f19fc594af5312d6a01e0ab4","sha256":"b1858b7f07e4bfea5870b34eb4440ff8cd8eca4683731ead7b911cfbdbad18fa","sha512":"d55b0e3f86933edac33c6d2476feda338d719464273124977db6a28dd734dc0f531140e7fade1f53418fa81acefb281de6922950777efbea520216a525c44ec2","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":5649188,"url":{"schema":"https","addr":"mms.alliedmods.net/mmsdrop/2.0/mmsource-2.0.0-git1328-windows.zip","fqdn":"mms.alliedmods.net","domain":"alliedmods.net","tld":"net"},"ip":{"addr":"104.26.9.106","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"addons/metamod/bin/metamod.2.bgt.dll","filename":"metamod.2.bgt.dll","modified":"2025-02-18T17:20:25-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"93e3c35bd5756e4084127472f8cfaee9","sha1":"b5773201583646068028de411c67f610802bafa3","sha256":"983308041cb1a6ac3dc3bce6b9ab2bad845a848318fd5f991445ff46936e6ab7","sha512":"b672178fae7c75c6adafe2dbece12388e4184f48f4a17abb8a57722f673b1ce2490410349275d3f45794bca3b12a690a16b5f1eb1cfe66c7bda32339a4305f20","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.bgt.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.blade.dll","filename":"metamod.2.blade.dll","modified":"2025-02-18T17:20:55-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"00bd00ff2e78f3acb13b0142ebcc6e28","sha1":"5b29c124ff54d33259ba27a8caa15d4ff0a0bca8","sha256":"a50c5b4fb7e69876d75725a8aece301d6b5da1473bdefac6b08f38283c41d52a","sha512":"f03fb5363f2c22b5adfece0ea6321b27258f454f576e0c83300a5df395aa00f3dccdf319adbc5886dd156fb24a04acf424c83e2011aae03e8edd8102de7f5bb5","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.blade.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.bms.dll","filename":"metamod.2.bms.dll","modified":"2025-02-18T17:19:50-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":287232,"md5":"be981077832e05b5249295098675501c","sha1":"28194c47577150ba613cbd5977deb6c0f88ee3ef","sha256":"2322eb36cbb9b015619faf54a9f8c434e0464a5a75cedd060f939302b2cd4b6f","sha512":"982f44724d391cfbf5671ab917e21309dcc3c19619ecf08e2e39f4a7a2b1b16908c784d6d9f02275a098c094c55d4bd92eb47064cb70180ff259843e650c923f","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.bms.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.contagion.dll","filename":"metamod.2.contagion.dll","modified":"2025-02-18T17:19:42-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"0a9ebd8498f62e59722693919262efee","sha1":"f841d23fac154b11f2e814b0793b509fb8ae8fb2","sha256":"baffb5887527a08df230e2a0d365c0ba381e008730d5f6efd960fa7b3117b62a","sha512":"7e5c981ed305784a3eaebafd236810a078f1f390c5f03c60d0b80ec45ab64e55906261e972856292a593332fd6cb7675dc33c01da160882c2dc0c5dfd6a382f4","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.contagion.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.csgo.dll","filename":"metamod.2.csgo.dll","modified":"2025-02-18T17:19:34-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"7425fb820cf3318ba2199970311b43fe","sha1":"1a13a6fcb1d0e39ce475d46659659b83dcf10ca4","sha256":"70d8cf3c1c108b025d66020e4c271835394ac4261a100fecbcdc7beaf611f21e","sha512":"e8b7ef21062ad31757362345c2f65f7b59b8f8947bb5a482dce3716144e9b1589cc9ad0e09897aff5b8646854baedd1027a8cdfe5941e0c30aa67d7219defa48","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.csgo.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.css.dll","filename":"metamod.2.css.dll","modified":"2025-02-18T17:19:55-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":256512,"md5":"1a0ab7f4287930224f6ff131ae3cecb5","sha1":"1aa41b6eaa2ff0635b859d1ca85441ca345d7479","sha256":"c3fd8ab29c332cc5fcd2688c6fda7cd69d4c3c82cfa5f02f251e9b32b62102ac","sha512":"83aa95ae9362e0d9b7670a792720294a6ccdc9b134bba9c9c87190a6ba78f348c749b6a90fc3764cc812d00092b9cdc42cd22d4ee6b4907b65f26b94bda717e2","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.css.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.darkm.dll","filename":"metamod.2.darkm.dll","modified":"2025-02-18T17:20:00-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":253440,"md5":"409a9ea80456a276cff4e964e6be3575","sha1":"2dfc3a0785e5cc1f82e330f78262356b7822affa","sha256":"6cac301073f0f3443cda757623a5660d64495d117271dd587b98d3ff419a602b","sha512":"b971928fb51b5f0011e18f71882cd86596a1bf327c72a261855967a49276d6b8e8d0a3e84c06b3eef4a4abb8829568ed48952eb2048952df9fdcdbec04abe5ec","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.darkm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.dods.dll","filename":"metamod.2.dods.dll","modified":"2025-02-18T17:20:08-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":256512,"md5":"eacd93978f6fbec586b81f6da8e86d05","sha1":"78edf002b094e2d035c58727b9460e3c437177b3","sha256":"a514814c78acdd2e327bf39b70ca2eb3dd35cc548ef0a9b1404ca9d2f723bf9b","sha512":"7d122d29564ef05833c801e0edd31af52e40ec73b17c9e33023f13989be63ea2b7f4cae0930cd1e3476b6dd1d92fd31502a591234a921cd08948f6836f0da490","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.dods.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.doi.dll","filename":"metamod.2.doi.dll","modified":"2025-02-18T17:19:46-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":256512,"md5":"68457cce531b047fc410e6b862906d0e","sha1":"dc685a26a3fe5cc68c1a677de5464e34e964988a","sha256":"0cc1eb17b05304fb10e412f756cc0673c8ce5c79965e102c8ab39d8548adb5f2","sha512":"ff0ebc86b112b1b1cc6d0a382dc5890ec4210badc8c2e6bc68f035be0b89531c8c5e263f8dbe0a9cb59a899e8393bcc15e6e81ed2fa1a347d43b25e1b8f0bff9","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.doi.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.ep1.dll","filename":"metamod.2.ep1.dll","modified":"2025-02-18T17:19:46-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":253440,"md5":"6c10e2440b909ec8bc8f44c403b777ce","sha1":"de5d6340bec0f94292ddc3e0457ee73817ac48bc","sha256":"1c2c6eb189013dc6553cb70d7e621b4ced53d4b2c43ce6cbf41845e9d84b3712","sha512":"de7e9647b72d9370ce07037ae7511e48ae95e980e521ccff6d89863cff4227c26de6b4ef7db04d4f8c2d65e69f918fde56782f534ddb9bc7233d672db6f6abd3","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.ep1.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.ep2.dll","filename":"metamod.2.ep2.dll","modified":"2025-02-18T17:19:58-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"c17e01e2a97279ccdaa2aa91d5ecf397","sha1":"75514806b12822b263490777744035ac98840d13","sha256":"3a533a566022d75246a183ab14757773a6dcd7e7e691896fb10789dfb9eb980f","sha512":"66dda938be859e520a768b0ee370191c994d284238e915c63e24b7a7f65f2e038c6999b322a0ef4e17281a4c45f0b20d85f85354a90777f58ce75bcd383be1d4","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.ep2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.eye.dll","filename":"metamod.2.eye.dll","modified":"2025-02-18T17:19:38-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"957da5e90837353123b5083efa0baffa","sha1":"20e221931923cca969da201b6b886d567e510647","sha256":"bde373c277c74fe3c7270d1cd182a99ab26a589ad0fcefa932033e116038474e","sha512":"3f757741793da3036ef8cce9ef0c0dd836a0f4b3a490b5d9901fa125bd038313cba72b14294132bb887a95955eb6fae69c9a36a5e1f98a6dac5f92f43cea71d7","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.eye.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.hl2dm.dll","filename":"metamod.2.hl2dm.dll","modified":"2025-02-18T17:20:02-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":333312,"md5":"2e0b98979c0f0253533279450d0fd383","sha1":"ebea62a15102e6a505498f873d42e655a1421d7b","sha256":"da4897b0ae9876dec1fe97de04cb6e1070751a66fbf0daf1958c23e1764932e4","sha512":"53b7396e718e8f25687f55dc985a2fd0ed99e1e31ddc088fac64fa34dc36c3f7a164c1dd90a9f3d8ed87d6a589c46155950c96d72c50bfaedbe23fdb98988385","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.hl2dm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.insurgency.dll","filename":"metamod.2.insurgency.dll","modified":"2025-02-18T17:19:48-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":256512,"md5":"69c72c004fd999d70b04641158c528a4","sha1":"51e100dcb91f68e1e28e93f1568c6dcf609679c9","sha256":"ada458432f1625f91ca08ee0b63cb4c64ec171207fd88f9ebe45bb6b674a80ca","sha512":"515f8e883f9f02b9964877b3e408a3896b2f03f27edc996298d4395ac33fe72396978210d7af5113a5f939c796a38597c393dc3fcb7df1fc54fe47953ae2d218","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.insurgency.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.l4d.dll","filename":"metamod.2.l4d.dll","modified":"2025-02-18T17:20:04-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254976,"md5":"182854a7ed7fa93ba468ddeee5666991","sha1":"92b6c1ed4c03ad55ff2ad85843e144ab61eeb4cd","sha256":"f178b354787d3b46a70f680e795919d5333a661f1584515405e4c0949382bc63","sha512":"d4c9e797743dc01b3f58667c3290aad1e27037cfd67126a91de1a450777494c95ae15d04b2d1bccea450176b0b855f8282afb37b1681115313188c45b7e0b516","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.l4d.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.l4d2.dll","filename":"metamod.2.l4d2.dll","modified":"2025-02-18T17:19:54-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":255488,"md5":"d045ca23953efbdeb30758681f564c3f","sha1":"6e558077d02af6c9fd671ef650fabde18db3fe27","sha256":"073f5c73025fdef3962ad0b723f7f08d15585f5529f496172cfb36268f045099","sha512":"04442dec3e9338fa54652b06bc96ca3484e27d1675952e23d5b2e4d8c4ada2980c452bec31ce9921742cbdef549ea7ea61f3c74547988cab67275fac4a72c6ed","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.l4d2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.nd.dll","filename":"metamod.2.nd.dll","modified":"2025-02-18T17:19:38-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"8956ace89db2247f401dc941aa7ecf8a","sha1":"44e5dc2b0f5f7906a4f73713aaee4cbc31a82106","sha256":"ef528dd28b04f00894d6618348802c743484494e56c3ff3ce365443d0fc41496","sha512":"ef99811e18c0851a2f28ad8f1c25588b2c4837652628ec75f02dd7a0a6f88fa5bdad3d6e01ffa3ae1d3f76b1b240048350007184293444a0070e8eb66b17a8d6","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.nd.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.pvkii.dll","filename":"metamod.2.pvkii.dll","modified":"2025-02-18T17:19:47-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":281088,"md5":"b47e2923218726d45a46bae2c653f907","sha1":"99bf17f1b950690badc7d2da2b9bdc7cafa8e2ed","sha256":"ebc62fba2c3c31d040cce92fea4dff5a5bc58bdf7075f1aaab1a8bffd04d25ba","sha512":"bcce030b65ac4e7feda9899253af7ca99dc23254f98530432c2a02ebac5a28126d6be6724fe87ef8ff86ef06e2163ada55cbbd9bd8a30b032263e3c8810206b8","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.pvkii.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.sdk2013.dll","filename":"metamod.2.sdk2013.dll","modified":"2025-02-18T17:19:39-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":257536,"md5":"875791d5da019b41757714d4dd771f04","sha1":"8ac106e66578ba18c9aaf6400f217f0efe466c9b","sha256":"4ae307150427b203b4f9b42f642bcd6f5ef35eca96c93d87e433b88822d219ce","sha512":"37373363b8cfa03c9c77608541cb458a908f181eb64a5621cc800f1cd8f2e32b830c2a22bab3fec758ab493cfe27b19f86b8c2f04375bc450e45c35b7e224739","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.sdk2013.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.swarm.dll","filename":"metamod.2.swarm.dll","modified":"2025-02-18T17:20:04-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":269312,"md5":"e00d3a0969044b8459f48d6d0366a850","sha1":"02ab86eb72200c95f17063696574abe34abe3849","sha256":"1b85cbe4787f8ae8e1cd9eecaa2356475a45c87dd0a8594819833cf1ee57c8e9","sha512":"1514bfc172d78cbbb30ad7d4a4f61b5b45ba86e6043cdbc6528585bd53929c11a0546636009a949e45ee5beac91ac205ed51110459e5799e07d9ec4de7534828","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.swarm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.tf2.dll","filename":"metamod.2.tf2.dll","modified":"2025-02-18T17:19:31-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":333312,"md5":"c1bfe9bd33eab3dd0fc60605874805fe","sha1":"d966137b621a02a6fb8fa280687356a314b3205a","sha256":"d29d710efb6887137c9b558ae5dfb1dba73404adb9cd76850c94ae370eb152d0","sha512":"df17a954bb837baa096d5117b1404736514b553ea50081d445b9c9aecfc92c205c870071ad1cfbf3079f1b4f9bd493064fc54fdfc385658e659b4ac9ca82e7cb","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.tf2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/server.dll","filename":"server.dll","modified":"2025-02-18T17:20:24-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":156160,"md5":"e47103874eaa45fabd3297865d821d0e","sha1":"fb27fda7b232642e8b4bca2bb0b1adb67402bf8c","sha256":"ce143bf6c42b8a21667e6d7f78fff424b0c64c15fbc641a7a57d6dcdccfab6db","sha512":"20a301eedf828d5b3b602391fb410e92b6f7a67f215e2b350f5865f5b9351726b3020ce6825d48a9df142de64ff748930ce356324d9f66a35192a5edd9eb2677","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/server.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.blade.dll","filename":"metamod.2.blade.dll","modified":"2025-02-18T17:20:53-08:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":352256,"md5":"8b3197a6b9315c6024e0521558fba873","sha1":"4831ab29d3462e2d374a193c7823a5609ac87b73","sha256":"651a8819ade809feb6021a4e9db780c2207a510c266466328b1f0987881281ee","sha512":"21aa8506e54541897be2498fd0bb0f47da2ce8e0dc9dfa01a69f4e24dd2a8ddc503204922ef0065f00aa8bd9eed05080b05407062c1281a5723af9d5aff7e387","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.blade.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.cs2.dll","filename":"metamod.2.cs2.dll","modified":"2025-02-18T17:20:17-08:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":1431040,"md5":"ac7e7f7e39bebdbadd6e522b0d3a574e","sha1":"fb422ff963b7a4db0e8015ad3bcae07f72b45bb2","sha256":"7bb6d9fa4003bada3970002e58c44f73ad34ba777cb2cc5298a0d954057f439e","sha512":"d6aa343f6e505015d7e65f8542d6e06ad0bb4b45dddb5293df7a599fdbfdb4385c475356b5fa06ce880efe9181fd08b1da77d46f445f46ed929ebfd5091e1afe","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod/bin/win64/metamod.2.deadlock.dll","filename":"metamod.2.deadlock.dll","modified":"2025-02-18T17:20:57-08:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":1431040,"md5":"08fa2c0a494d3e0c37f503a600f7c700","sha1":"702ced3333e1a97db2038fcb23b4ed3881b34a02","sha256":"5b4f3bb38060067ea65c346f9260bbf99e310517223db5b88d40689511539503","sha512":"da9917d98fd37e9ba260d3c3b354ca8dab426812b2c57dd4e0337d5a37873c4958137b74a2f5c865f60d4e549099febb08c50396660500c771e16ea6c6bff79f","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod/bin/win64/metamod.2.dota.dll","filename":"metamod.2.dota.dll","modified":"2025-02-18T17:20:21-08:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":1433600,"md5":"9dcf8ad9b9d63f9a79b8556b55f71989","sha1":"2526cd7a6a9a7611153c40a95251b83cf45596df","sha256":"dc1d12342b18ca2f1402879ba2d04dec061945d100408cc8eed39d2b6d76aca2","sha512":"cf0369920799b4087d2002f322c241a3afc182bfd3c1cc4675c569990d4cafb60fc6bda686f50c1d49f1c6c57613323220768cc71e967bab26241645dfac71b2","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod/bin/win64/metamod.2.insurgency.dll","filename":"metamod.2.insurgency.dll","modified":"2025-02-18T17:20:11-08:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":355328,"md5":"249dcc611c733550524e165b530dce38","sha1":"951138cdc8fc57cb6ea1fdba073e4e9182b0abf8","sha256":"363a45ef931796f3017d0b6b7ad38758bcf6db995dc903b07421ff9175a6f19c","sha512":"ba8576c358d660134394584e7251269db42c6af2af89b1d082890261912b42f044f566198a05f51509357203c138dbc3c7300d30266e0233d97f6f27069d32ef","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.insurgency.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.mcv.dll","filename":"metamod.2.mcv.dll","modified":"2025-02-18T17:20:15-08:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":352768,"md5":"6854dcc8e3e70aa352b9e91db0c04ffc","sha1":"5e7d67080960e93f1fba85ab793ca2171e64b3d5","sha256":"6c0f467354b8f136c79c812b901fb732e858e85d00603de1886344c394e3874b","sha512":"cb63c0d450d1571c5179ec3ac53d90891890aee5922ff7632194425dd0e45ebd3283b20e3a2920d4ab9e5e79a796e120526f44b3b31061bb659f832d45d55279","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.mcv.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.tf2.dll","filename":"metamod.2.tf2.dll","modified":"2025-02-18T17:20:12-08:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":459776,"md5":"4f53e02273a640b69e6dd5ae19c5a04b","sha1":"d999f30ee663c495bd327ce829e75b6bd8e9b2e6","sha256":"75bf8dc04f4f5c15992470ef5e6df0dd1b6bb6a4f1573fb75a95734e55b584b6","sha512":"60a2a485bdac1938f33477a41ed95547cc3b9816dc5a0f032242e5e4ed9e3451b760792af6e737ea11da56f5535dafb627f723675af0a13d199b70aff17b1ce1","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.tf2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/server.dll","filename":"server.dll","modified":"2025-02-18T17:20:48-08:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":190464,"md5":"526e11cdc12e84311fc95b69cea73b8e","sha1":"0f11f81233ad72d492d05c1d7c95874553f4b484","sha256":"226f8b3fb26bcfd375163ebbabd65169968ec9eca285161f31a24d07794849f3","sha512":"1ef99c44ce1fca263161b66db2c2754682ab9829b6efa8579c50ad66f9da293c35152cfd48d8d90d5e3359fa38b696b3e101b2fcbafe383f2292ae78f60fd7e4","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/server.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/metaplugins.ini","filename":"metaplugins.ini","modified":"2023-10-13T10:02:27-07:00","Modified":"","magic":"ASCII text","size":559,"md5":"2672941c14b8e8b0602a66a2e009b2cd","sha1":"ecd52cd0bf1fbe019f18fe8700ef490060165582","sha256":"cacc89c07c5a1bc582c0b9c104b1bb65187b0a61d129efd3b588f74b47915582","sha512":"596b994017465caf1230e7bb4c030daaf3fa672c96a5cb0270462913b1875c57377841004f3c18eb3ba4a43c56673f1f07da79f4ac226f8a881daf2b6e9357fb","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod/README.txt","filename":"README.txt","modified":"2023-10-13T10:02:27-07:00","Modified":"","magic":"ASCII text","size":105,"md5":"70c31e761d79cb7f14ff099145bbb4b3","sha1":"a1d3fd2c268294db2da8308835a953346dbdecc2","sha256":"5d6c93606f41ac384f5b0c92f3c53d3f3530a3f663dd394e1643eda77c8a1d5a","sha512":"6015aa9be515041624d018f918e32c6d413b404efcf707ce29f45c92e646823a35ca8193339fc5363d0908d4f72b52d210cf68136aae5da53112ce52494306a3","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod.vdf","filename":"metamod.vdf","modified":"2023-10-13T10:02:27-07:00","Modified":"","magic":"ASCII text","size":50,"md5":"e473e9ea9aa41146e3351a7fa5fa70dd","sha1":"000054100a43015400f63cb8ac453a20b713d2f0","sha256":"3c7cd307327098cb389ade4b454581f71b33c871cbef4aa07a0f5b70ca3167d8","sha512":"3d02dc2078c376c67e0faad72020d286c9798c0f459c70fc04216928de956579dd89e1aae91d6d4f294f22b3c657804a2375acb0956e6c4eec0502304c22b043","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod_x64.vdf","filename":"metamod_x64.vdf","modified":"2023-10-13T10:02:27-07:00","Modified":"","magic":"ASCII text","size":56,"md5":"dabd4e1d5bd52cadf3a7528a89b29210","sha1":"d238494586cf1ce301e1dbcb7ba8c049d562b099","sha256":"ed88d7783508d91cd2b76502afb64699f485582d1cf8bb13e5be695485cdef4d","sha512":"4e2f62b02ab121e4b0ab02ea75f696437776a91ea59d38553cc171014ab6e33c26821eee557a1d031cbcdd2907b8fd117dc426aa246a3ee81f99a9d2713a2fba","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.bgt.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.blade.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.bms.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.contagion.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.csgo.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.css.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.darkm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.dods.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.doi.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.ep1.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.ep2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.eye.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.hl2dm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.insurgency.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.l4d.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.l4d2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.nd.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.pvkii.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.sdk2013.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.swarm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.tf2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/server.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.blade.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.insurgency.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.mcv.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.tf2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/server.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"4174d263bf283c0564e2c1a8c37fbdd2","sha1":"778e5d992a1f7d37f19fc594af5312d6a01e0ab4","sha256":"b1858b7f07e4bfea5870b34eb4440ff8cd8eca4683731ead7b911cfbdbad18fa","sha512":"d55b0e3f86933edac33c6d2476feda338d719464273124977db6a28dd734dc0f531140e7fade1f53418fa81acefb281de6922950777efbea520216a525c44ec2","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":5649188,"url":{"schema":"https","addr":"mms.alliedmods.net/mmsdrop/2.0/mmsource-2.0.0-git1328-windows.zip","fqdn":"mms.alliedmods.net","domain":"alliedmods.net","tld":"net"},"ip":{"addr":"104.26.9.106","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"addons/metamod/bin/metamod.2.bgt.dll","filename":"metamod.2.bgt.dll","modified":"2025-02-18T17:20:25-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"93e3c35bd5756e4084127472f8cfaee9","sha1":"b5773201583646068028de411c67f610802bafa3","sha256":"983308041cb1a6ac3dc3bce6b9ab2bad845a848318fd5f991445ff46936e6ab7","sha512":"b672178fae7c75c6adafe2dbece12388e4184f48f4a17abb8a57722f673b1ce2490410349275d3f45794bca3b12a690a16b5f1eb1cfe66c7bda32339a4305f20","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.bgt.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.blade.dll","filename":"metamod.2.blade.dll","modified":"2025-02-18T17:20:55-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"00bd00ff2e78f3acb13b0142ebcc6e28","sha1":"5b29c124ff54d33259ba27a8caa15d4ff0a0bca8","sha256":"a50c5b4fb7e69876d75725a8aece301d6b5da1473bdefac6b08f38283c41d52a","sha512":"f03fb5363f2c22b5adfece0ea6321b27258f454f576e0c83300a5df395aa00f3dccdf319adbc5886dd156fb24a04acf424c83e2011aae03e8edd8102de7f5bb5","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.blade.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.bms.dll","filename":"metamod.2.bms.dll","modified":"2025-02-18T17:19:50-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":287232,"md5":"be981077832e05b5249295098675501c","sha1":"28194c47577150ba613cbd5977deb6c0f88ee3ef","sha256":"2322eb36cbb9b015619faf54a9f8c434e0464a5a75cedd060f939302b2cd4b6f","sha512":"982f44724d391cfbf5671ab917e21309dcc3c19619ecf08e2e39f4a7a2b1b16908c784d6d9f02275a098c094c55d4bd92eb47064cb70180ff259843e650c923f","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.bms.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.contagion.dll","filename":"metamod.2.contagion.dll","modified":"2025-02-18T17:19:42-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"0a9ebd8498f62e59722693919262efee","sha1":"f841d23fac154b11f2e814b0793b509fb8ae8fb2","sha256":"baffb5887527a08df230e2a0d365c0ba381e008730d5f6efd960fa7b3117b62a","sha512":"7e5c981ed305784a3eaebafd236810a078f1f390c5f03c60d0b80ec45ab64e55906261e972856292a593332fd6cb7675dc33c01da160882c2dc0c5dfd6a382f4","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.contagion.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.csgo.dll","filename":"metamod.2.csgo.dll","modified":"2025-02-18T17:19:34-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"7425fb820cf3318ba2199970311b43fe","sha1":"1a13a6fcb1d0e39ce475d46659659b83dcf10ca4","sha256":"70d8cf3c1c108b025d66020e4c271835394ac4261a100fecbcdc7beaf611f21e","sha512":"e8b7ef21062ad31757362345c2f65f7b59b8f8947bb5a482dce3716144e9b1589cc9ad0e09897aff5b8646854baedd1027a8cdfe5941e0c30aa67d7219defa48","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.csgo.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.css.dll","filename":"metamod.2.css.dll","modified":"2025-02-18T17:19:55-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":256512,"md5":"1a0ab7f4287930224f6ff131ae3cecb5","sha1":"1aa41b6eaa2ff0635b859d1ca85441ca345d7479","sha256":"c3fd8ab29c332cc5fcd2688c6fda7cd69d4c3c82cfa5f02f251e9b32b62102ac","sha512":"83aa95ae9362e0d9b7670a792720294a6ccdc9b134bba9c9c87190a6ba78f348c749b6a90fc3764cc812d00092b9cdc42cd22d4ee6b4907b65f26b94bda717e2","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.css.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.darkm.dll","filename":"metamod.2.darkm.dll","modified":"2025-02-18T17:20:00-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":253440,"md5":"409a9ea80456a276cff4e964e6be3575","sha1":"2dfc3a0785e5cc1f82e330f78262356b7822affa","sha256":"6cac301073f0f3443cda757623a5660d64495d117271dd587b98d3ff419a602b","sha512":"b971928fb51b5f0011e18f71882cd86596a1bf327c72a261855967a49276d6b8e8d0a3e84c06b3eef4a4abb8829568ed48952eb2048952df9fdcdbec04abe5ec","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.darkm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.dods.dll","filename":"metamod.2.dods.dll","modified":"2025-02-18T17:20:08-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":256512,"md5":"eacd93978f6fbec586b81f6da8e86d05","sha1":"78edf002b094e2d035c58727b9460e3c437177b3","sha256":"a514814c78acdd2e327bf39b70ca2eb3dd35cc548ef0a9b1404ca9d2f723bf9b","sha512":"7d122d29564ef05833c801e0edd31af52e40ec73b17c9e33023f13989be63ea2b7f4cae0930cd1e3476b6dd1d92fd31502a591234a921cd08948f6836f0da490","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.dods.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.doi.dll","filename":"metamod.2.doi.dll","modified":"2025-02-18T17:19:46-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":256512,"md5":"68457cce531b047fc410e6b862906d0e","sha1":"dc685a26a3fe5cc68c1a677de5464e34e964988a","sha256":"0cc1eb17b05304fb10e412f756cc0673c8ce5c79965e102c8ab39d8548adb5f2","sha512":"ff0ebc86b112b1b1cc6d0a382dc5890ec4210badc8c2e6bc68f035be0b89531c8c5e263f8dbe0a9cb59a899e8393bcc15e6e81ed2fa1a347d43b25e1b8f0bff9","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.doi.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.ep1.dll","filename":"metamod.2.ep1.dll","modified":"2025-02-18T17:19:46-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":253440,"md5":"6c10e2440b909ec8bc8f44c403b777ce","sha1":"de5d6340bec0f94292ddc3e0457ee73817ac48bc","sha256":"1c2c6eb189013dc6553cb70d7e621b4ced53d4b2c43ce6cbf41845e9d84b3712","sha512":"de7e9647b72d9370ce07037ae7511e48ae95e980e521ccff6d89863cff4227c26de6b4ef7db04d4f8c2d65e69f918fde56782f534ddb9bc7233d672db6f6abd3","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.ep1.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.ep2.dll","filename":"metamod.2.ep2.dll","modified":"2025-02-18T17:19:58-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"c17e01e2a97279ccdaa2aa91d5ecf397","sha1":"75514806b12822b263490777744035ac98840d13","sha256":"3a533a566022d75246a183ab14757773a6dcd7e7e691896fb10789dfb9eb980f","sha512":"66dda938be859e520a768b0ee370191c994d284238e915c63e24b7a7f65f2e038c6999b322a0ef4e17281a4c45f0b20d85f85354a90777f58ce75bcd383be1d4","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.ep2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.eye.dll","filename":"metamod.2.eye.dll","modified":"2025-02-18T17:19:38-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"957da5e90837353123b5083efa0baffa","sha1":"20e221931923cca969da201b6b886d567e510647","sha256":"bde373c277c74fe3c7270d1cd182a99ab26a589ad0fcefa932033e116038474e","sha512":"3f757741793da3036ef8cce9ef0c0dd836a0f4b3a490b5d9901fa125bd038313cba72b14294132bb887a95955eb6fae69c9a36a5e1f98a6dac5f92f43cea71d7","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.eye.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.hl2dm.dll","filename":"metamod.2.hl2dm.dll","modified":"2025-02-18T17:20:02-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":333312,"md5":"2e0b98979c0f0253533279450d0fd383","sha1":"ebea62a15102e6a505498f873d42e655a1421d7b","sha256":"da4897b0ae9876dec1fe97de04cb6e1070751a66fbf0daf1958c23e1764932e4","sha512":"53b7396e718e8f25687f55dc985a2fd0ed99e1e31ddc088fac64fa34dc36c3f7a164c1dd90a9f3d8ed87d6a589c46155950c96d72c50bfaedbe23fdb98988385","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.hl2dm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.insurgency.dll","filename":"metamod.2.insurgency.dll","modified":"2025-02-18T17:19:48-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":256512,"md5":"69c72c004fd999d70b04641158c528a4","sha1":"51e100dcb91f68e1e28e93f1568c6dcf609679c9","sha256":"ada458432f1625f91ca08ee0b63cb4c64ec171207fd88f9ebe45bb6b674a80ca","sha512":"515f8e883f9f02b9964877b3e408a3896b2f03f27edc996298d4395ac33fe72396978210d7af5113a5f939c796a38597c393dc3fcb7df1fc54fe47953ae2d218","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.insurgency.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.l4d.dll","filename":"metamod.2.l4d.dll","modified":"2025-02-18T17:20:04-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254976,"md5":"182854a7ed7fa93ba468ddeee5666991","sha1":"92b6c1ed4c03ad55ff2ad85843e144ab61eeb4cd","sha256":"f178b354787d3b46a70f680e795919d5333a661f1584515405e4c0949382bc63","sha512":"d4c9e797743dc01b3f58667c3290aad1e27037cfd67126a91de1a450777494c95ae15d04b2d1bccea450176b0b855f8282afb37b1681115313188c45b7e0b516","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.l4d.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.l4d2.dll","filename":"metamod.2.l4d2.dll","modified":"2025-02-18T17:19:54-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":255488,"md5":"d045ca23953efbdeb30758681f564c3f","sha1":"6e558077d02af6c9fd671ef650fabde18db3fe27","sha256":"073f5c73025fdef3962ad0b723f7f08d15585f5529f496172cfb36268f045099","sha512":"04442dec3e9338fa54652b06bc96ca3484e27d1675952e23d5b2e4d8c4ada2980c452bec31ce9921742cbdef549ea7ea61f3c74547988cab67275fac4a72c6ed","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.l4d2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.nd.dll","filename":"metamod.2.nd.dll","modified":"2025-02-18T17:19:38-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":254464,"md5":"8956ace89db2247f401dc941aa7ecf8a","sha1":"44e5dc2b0f5f7906a4f73713aaee4cbc31a82106","sha256":"ef528dd28b04f00894d6618348802c743484494e56c3ff3ce365443d0fc41496","sha512":"ef99811e18c0851a2f28ad8f1c25588b2c4837652628ec75f02dd7a0a6f88fa5bdad3d6e01ffa3ae1d3f76b1b240048350007184293444a0070e8eb66b17a8d6","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.nd.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.pvkii.dll","filename":"metamod.2.pvkii.dll","modified":"2025-02-18T17:19:47-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":281088,"md5":"b47e2923218726d45a46bae2c653f907","sha1":"99bf17f1b950690badc7d2da2b9bdc7cafa8e2ed","sha256":"ebc62fba2c3c31d040cce92fea4dff5a5bc58bdf7075f1aaab1a8bffd04d25ba","sha512":"bcce030b65ac4e7feda9899253af7ca99dc23254f98530432c2a02ebac5a28126d6be6724fe87ef8ff86ef06e2163ada55cbbd9bd8a30b032263e3c8810206b8","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.pvkii.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.sdk2013.dll","filename":"metamod.2.sdk2013.dll","modified":"2025-02-18T17:19:39-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":257536,"md5":"875791d5da019b41757714d4dd771f04","sha1":"8ac106e66578ba18c9aaf6400f217f0efe466c9b","sha256":"4ae307150427b203b4f9b42f642bcd6f5ef35eca96c93d87e433b88822d219ce","sha512":"37373363b8cfa03c9c77608541cb458a908f181eb64a5621cc800f1cd8f2e32b830c2a22bab3fec758ab493cfe27b19f86b8c2f04375bc450e45c35b7e224739","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.sdk2013.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.swarm.dll","filename":"metamod.2.swarm.dll","modified":"2025-02-18T17:20:04-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":269312,"md5":"e00d3a0969044b8459f48d6d0366a850","sha1":"02ab86eb72200c95f17063696574abe34abe3849","sha256":"1b85cbe4787f8ae8e1cd9eecaa2356475a45c87dd0a8594819833cf1ee57c8e9","sha512":"1514bfc172d78cbbb30ad7d4a4f61b5b45ba86e6043cdbc6528585bd53929c11a0546636009a949e45ee5beac91ac205ed51110459e5799e07d9ec4de7534828","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.swarm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/metamod.2.tf2.dll","filename":"metamod.2.tf2.dll","modified":"2025-02-18T17:19:31-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":333312,"md5":"c1bfe9bd33eab3dd0fc60605874805fe","sha1":"d966137b621a02a6fb8fa280687356a314b3205a","sha256":"d29d710efb6887137c9b558ae5dfb1dba73404adb9cd76850c94ae370eb152d0","sha512":"df17a954bb837baa096d5117b1404736514b553ea50081d445b9c9aecfc92c205c870071ad1cfbf3079f1b4f9bd493064fc54fdfc385658e659b4ac9ca82e7cb","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.tf2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/server.dll","filename":"server.dll","modified":"2025-02-18T17:20:24-08:00","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":156160,"md5":"e47103874eaa45fabd3297865d821d0e","sha1":"fb27fda7b232642e8b4bca2bb0b1adb67402bf8c","sha256":"ce143bf6c42b8a21667e6d7f78fff424b0c64c15fbc641a7a57d6dcdccfab6db","sha512":"20a301eedf828d5b3b602391fb410e92b6f7a67f215e2b350f5865f5b9351726b3020ce6825d48a9df142de64ff748930ce356324d9f66a35192a5edd9eb2677","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/server.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.blade.dll","filename":"metamod.2.blade.dll","modified":"2025-02-18T17:20:53-08:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":352256,"md5":"8b3197a6b9315c6024e0521558fba873","sha1":"4831ab29d3462e2d374a193c7823a5609ac87b73","sha256":"651a8819ade809feb6021a4e9db780c2207a510c266466328b1f0987881281ee","sha512":"21aa8506e54541897be2498fd0bb0f47da2ce8e0dc9dfa01a69f4e24dd2a8ddc503204922ef0065f00aa8bd9eed05080b05407062c1281a5723af9d5aff7e387","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.blade.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.cs2.dll","filename":"metamod.2.cs2.dll","modified":"2025-02-18T17:20:17-08:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":1431040,"md5":"ac7e7f7e39bebdbadd6e522b0d3a574e","sha1":"fb422ff963b7a4db0e8015ad3bcae07f72b45bb2","sha256":"7bb6d9fa4003bada3970002e58c44f73ad34ba777cb2cc5298a0d954057f439e","sha512":"d6aa343f6e505015d7e65f8542d6e06ad0bb4b45dddb5293df7a599fdbfdb4385c475356b5fa06ce880efe9181fd08b1da77d46f445f46ed929ebfd5091e1afe","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod/bin/win64/metamod.2.deadlock.dll","filename":"metamod.2.deadlock.dll","modified":"2025-02-18T17:20:57-08:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":1431040,"md5":"08fa2c0a494d3e0c37f503a600f7c700","sha1":"702ced3333e1a97db2038fcb23b4ed3881b34a02","sha256":"5b4f3bb38060067ea65c346f9260bbf99e310517223db5b88d40689511539503","sha512":"da9917d98fd37e9ba260d3c3b354ca8dab426812b2c57dd4e0337d5a37873c4958137b74a2f5c865f60d4e549099febb08c50396660500c771e16ea6c6bff79f","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod/bin/win64/metamod.2.dota.dll","filename":"metamod.2.dota.dll","modified":"2025-02-18T17:20:21-08:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":1433600,"md5":"9dcf8ad9b9d63f9a79b8556b55f71989","sha1":"2526cd7a6a9a7611153c40a95251b83cf45596df","sha256":"dc1d12342b18ca2f1402879ba2d04dec061945d100408cc8eed39d2b6d76aca2","sha512":"cf0369920799b4087d2002f322c241a3afc182bfd3c1cc4675c569990d4cafb60fc6bda686f50c1d49f1c6c57613323220768cc71e967bab26241645dfac71b2","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod/bin/win64/metamod.2.insurgency.dll","filename":"metamod.2.insurgency.dll","modified":"2025-02-18T17:20:11-08:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":355328,"md5":"249dcc611c733550524e165b530dce38","sha1":"951138cdc8fc57cb6ea1fdba073e4e9182b0abf8","sha256":"363a45ef931796f3017d0b6b7ad38758bcf6db995dc903b07421ff9175a6f19c","sha512":"ba8576c358d660134394584e7251269db42c6af2af89b1d082890261912b42f044f566198a05f51509357203c138dbc3c7300d30266e0233d97f6f27069d32ef","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.insurgency.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.mcv.dll","filename":"metamod.2.mcv.dll","modified":"2025-02-18T17:20:15-08:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":352768,"md5":"6854dcc8e3e70aa352b9e91db0c04ffc","sha1":"5e7d67080960e93f1fba85ab793ca2171e64b3d5","sha256":"6c0f467354b8f136c79c812b901fb732e858e85d00603de1886344c394e3874b","sha512":"cb63c0d450d1571c5179ec3ac53d90891890aee5922ff7632194425dd0e45ebd3283b20e3a2920d4ab9e5e79a796e120526f44b3b31061bb659f832d45d55279","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.mcv.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/metamod.2.tf2.dll","filename":"metamod.2.tf2.dll","modified":"2025-02-18T17:20:12-08:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":459776,"md5":"4f53e02273a640b69e6dd5ae19c5a04b","sha1":"d999f30ee663c495bd327ce829e75b6bd8e9b2e6","sha256":"75bf8dc04f4f5c15992470ef5e6df0dd1b6bb6a4f1573fb75a95734e55b584b6","sha512":"60a2a485bdac1938f33477a41ed95547cc3b9816dc5a0f032242e5e4ed9e3451b760792af6e737ea11da56f5535dafb627f723675af0a13d199b70aff17b1ce1","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.tf2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/bin/win64/server.dll","filename":"server.dll","modified":"2025-02-18T17:20:48-08:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 7 sections","size":190464,"md5":"526e11cdc12e84311fc95b69cea73b8e","sha1":"0f11f81233ad72d492d05c1d7c95874553f4b484","sha256":"226f8b3fb26bcfd375163ebbabd65169968ec9eca285161f31a24d07794849f3","sha512":"1ef99c44ce1fca263161b66db2c2754682ab9829b6efa8579c50ad66f9da293c35152cfd48d8d90d5e3359fa38b696b3e101b2fcbafe383f2292ae78f60fd7e4","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/server.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"addons/metamod/metaplugins.ini","filename":"metaplugins.ini","modified":"2023-10-13T10:02:27-07:00","Modified":"","magic":"ASCII text","size":559,"md5":"2672941c14b8e8b0602a66a2e009b2cd","sha1":"ecd52cd0bf1fbe019f18fe8700ef490060165582","sha256":"cacc89c07c5a1bc582c0b9c104b1bb65187b0a61d129efd3b588f74b47915582","sha512":"596b994017465caf1230e7bb4c030daaf3fa672c96a5cb0270462913b1875c57377841004f3c18eb3ba4a43c56673f1f07da79f4ac226f8a881daf2b6e9357fb","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod/README.txt","filename":"README.txt","modified":"2023-10-13T10:02:27-07:00","Modified":"","magic":"ASCII text","size":105,"md5":"70c31e761d79cb7f14ff099145bbb4b3","sha1":"a1d3fd2c268294db2da8308835a953346dbdecc2","sha256":"5d6c93606f41ac384f5b0c92f3c53d3f3530a3f663dd394e1643eda77c8a1d5a","sha512":"6015aa9be515041624d018f918e32c6d413b404efcf707ce29f45c92e646823a35ca8193339fc5363d0908d4f72b52d210cf68136aae5da53112ce52494306a3","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod.vdf","filename":"metamod.vdf","modified":"2023-10-13T10:02:27-07:00","Modified":"","magic":"ASCII text","size":50,"md5":"e473e9ea9aa41146e3351a7fa5fa70dd","sha1":"000054100a43015400f63cb8ac453a20b713d2f0","sha256":"3c7cd307327098cb389ade4b454581f71b33c871cbef4aa07a0f5b70ca3167d8","sha512":"3d02dc2078c376c67e0faad72020d286c9798c0f459c70fc04216928de956579dd89e1aae91d6d4f294f22b3c657804a2375acb0956e6c4eec0502304c22b043","alerts":{"urlquery":null,"analyzer":null}},{"path":"addons/metamod_x64.vdf","filename":"metamod_x64.vdf","modified":"2023-10-13T10:02:27-07:00","Modified":"","magic":"ASCII text","size":56,"md5":"dabd4e1d5bd52cadf3a7528a89b29210","sha1":"d238494586cf1ce301e1dbcb7ba8c049d562b099","sha256":"ed88d7783508d91cd2b76502afb64699f485582d1cf8bb13e5be695485cdef4d","sha512":"4e2f62b02ab121e4b0ab02ea75f696437776a91ea59d38553cc171014ab6e33c26821eee557a1d031cbcdd2907b8fd117dc426aa246a3ee81f99a9d2713a2fba","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.bgt.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.blade.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.bms.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.contagion.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.csgo.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.css.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.darkm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.dods.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.doi.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.ep1.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.ep2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.eye.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.hl2dm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.insurgency.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.l4d.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.l4d2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.nd.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.pvkii.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.sdk2013.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.swarm.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/metamod.2.tf2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/server.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.blade.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.insurgency.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.mcv.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/metamod.2.tf2.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-04-01","alert":"files - file ~tmp01925d3f.exe","trigger":"addons/metamod/bin/win64/server.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"mms.alliedmods.net/mmsdrop/2.0/mmsource-2.0.0-git1328-windows.zip","fqdn":"mms.alliedmods.net","domain":"alliedmods.net","tld":"net"},"ip":{"addr":"104.26.9.106","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-04-01T20:05:48.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"alliedmods.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 08 Mar 2025 11:47:08 GMT","end":"Fri, 06 Jun 2025 12:46:43 GMT"},"fingerprint":{"sha1":"DA:1F:EC:3E:B9:9F:44:A5:B0:CF:EF:14:76:7C:7A:CA:03:8C:9A:AA","sha256":"90:A5:0A:D7:CD:DA:E3:A4:76:7A:AF:67:99:7F:1D:3A:A9:D8:63:40:2A:9E:80:B7:41:B7:C3:C9:D7:90:AB:7D"}}},"request":{"raw":"GET /mmsdrop/2.0/mmsource-2.0.0-git1328-windows.zip HTTP/1.1\r\nHost: mms.alliedmods.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 01 Apr 2025 20:05:48 GMT\r\ncontent-type: application/zip\r\ncontent-length: 5649188\r\nlast-modified: Wed, 19 Feb 2025 01:23:02 GMT\r\netag: \"563324-62e749939d040\"\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=LQmXYdc01hPold%2FlE3JQvmc%2Fx92pQFlazrdxJkCQd6LOfEV%2FfYRsQwEsbBKwdR7LSkz4h45MNlDqWpGzdC4uV1Yf3JaSrNfU%2FToByRgIGwFKRb6VHKzK8Xf7yeXyLg1iFn6%2Biw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 929ab41098fd0b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=5625\u0026min_rtt=501\u0026rtt_var=10130\u0026sent=7\u0026recv=12\u0026lost=0\u0026retrans=0\u0026sent_bytes=3283\u0026recv_bytes=1291\u0026delivery_rate=5838709\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=5a503eb33a466732\u0026ts=317\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5649188,"size_decoded":0,"mime_type":"application/zip","magic":"Zip archive data, at least v1.0 to extract, compression method=store","md5":"4174d263bf283c0564e2c1a8c37fbdd2","sha1":"778e5d992a1f7d37f19fc594af5312d6a01e0ab4","sha256":"b1858b7f07e4bfea5870b34eb4440ff8cd8eca4683731ead7b911cfbdbad18fa","sha512":"d55b0e3f86933edac33c6d2476feda338d719464273124977db6a28dd734dc0f531140e7fade1f53418fa81acefb281de6922950777efbea520216a525c44ec2","ssdeep":"98304:E+rzVMAPCVEbqukagADdbAdVwkUAfC2xLL0bd07qT260vMSpfFZug/9bWX:E+rzCsBbq1ag05ATHfC2xLQ5PT0vMoLo","tlshash":"f3463321fa5866d361a16f3068e03d456b7e7b405fd4510ac4a5c083e4eb6b4e38befb","first_seen":"2025-04-01T20:06:19.594763Z","last_seen":"2025-04-01T20:06:19.594763Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1804,"timings":{"blocked":64,"dns":4,"connect":1,"send":0,"wait":251,"receive":1401,"ssl":43},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}