Overview

overview

10

Static

static

10

7z.dll

windows7-x64

3

7z.dll

windows10-2004-x64

3

7z.exe

windows7-x64

1

7z.exe

windows10-2004-x64

1

AndroidSid...12.exe

windows7-x64

8

AndroidSid...12.exe

windows10-2004-x64

8

Rookie Offline.cmd

windows7-x64

8

Rookie Offline.cmd

windows10-2004-x64

8

Sideloader...er.exe

windows7-x64

3

Sideloader...er.exe

windows10-2004-x64

3

drivers/am...09.dll

windows7-x64

1

drivers/am...09.dll

windows10-2004-x64

1

drivers/am...09.dll

windows7-x64

1

drivers/am...09.dll

windows10-2004-x64

1

drivers/am...r2.dll

windows7-x64

3

drivers/am...r2.dll

windows10-2004-x64

3

drivers/dpInst32.exe

windows7-x64

4

drivers/dpInst32.exe

windows10-2004-x64

4

drivers/dpinst64.exe

windows7-x64

4

drivers/dpinst64.exe

windows10-2004-x64

4

drivers/i3...09.dll

windows7-x64

1

drivers/i3...09.dll

windows10-2004-x64

1

drivers/i3...09.dll

windows7-x64

1

drivers/i3...09.dll

windows10-2004-x64

1

drivers/i3...r2.dll

windows7-x64

4

drivers/i3...r2.dll

windows10-2004-x64

3

rclone/README.html

windows7-x64

1

rclone/README.html

windows10-2004-x64

1

rclone/rclone.ps1

windows7-x64

1

rclone/rclone.ps1

windows10-2004-x64

1

rclone/rclone.exe

windows7-x64

1

rclone/rclone.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    rookie_2.12_portable.zip

  • Size

    33.5MB

  • MD5

    fcc99086c831c8a76033525f8802e578

  • SHA1

    af1476bcc459a09ff22d7d26cef58a0a43dfabab

  • SHA256

    31817a95d1f40b3837977b209496601f39bae6cc986ad2e4b9b22ac39590c09d

  • SHA512

    2b69085ae7115996c274ebb5c82919474bb1dcc330e393d4bcb3035edba706dd3f9c5187b17e19333fd7355ad327b16f1db0ec4d45d0d7d32cf8157a2db80d4e

  • SSDEEP

    786432:5Pv6UOpT7SkwbsngslBPj7svp+Y+RtrJwukjssDgV/8Ism:Bv6UWT7FwgngslNXeowtjDssm

Score
10/10
ransomware

Malware Config

Extracted

Ransom Note
rclone(1) User Manual Nick Craig-Wood Apr 26, 2021 Rclone syncs your files to cloud storage About rclone What can rclone do for you? What features does rclone have? What providers does rclone support? Download Install Donate. About rclone Rclone is a command line program to manage files on cloud storage. It is a feature rich alternative to cloud vendors' web storage interfaces. Over 40 cloud storage products support rclone including S3 object stores, business & consumer file storage services, as well as standard transfer protocols. Rclone has powerful cloud equivalents to the unix commands rsync, cp, mv, mount, ls, ncdu, tree, rm, and cat. Rclone's familiar syntax includes shell pipeline support, and protection. It is used at the command line, in scripts or via its API. Users call rclone "The Swiss army knife of cloud storage", and "Technology indistinguishable from magic". Rclone really looks after your data. It preserves timestamps and verifies checksums at all times. Transfers over limited bandwidth; intermittent connections, or subject to quota can be restarted, from the last good file transferred. You can check the integrity of your files. Where possible, rclone employs server-side transfers to minimise local bandwidth use and transfers from one provider to another without using local disk. Virtual backends wrap local and cloud file systems to apply encryption, caching, compression chunking and joining. Rclone mounts any local, cloud or virtual filesystem as a disk on Windows, macOS, linux and FreeBSD, and also serves these over SFTP, HTTP, WebDAV, FTP and DLNA. Rclone is mature, open source software originally inspired by rsync and written in Go. The friendly support community are familiar with varied use cases. Official Ubuntu, Debian, Fedora, Brew and Chocolatey repos. include rclone. For the latest version downloading from rclone.org is recommended. Rclone is widely used on Linux, Windows and Mac. Third party developers create innovative backup, restore, GUI and business process solutions using the rclone command line or API. Rclone does the heavy lifting of communicating with cloud storage. What can rclone do for you? Rclone helps you: Backup (and encrypt) files to cloud storage Restore (and decrypt) files from cloud storage Mirror cloud data to other cloud services or locally Migrate data to cloud, or between cloud storage vendors Mount multiple, encrypted, cached or diverse cloud storage as a disk Analyse and account for data held on cloud storage using lsf, ljson, size, ncdu Union file systems together to present multiple local and/or cloud file systems as one Features Transfers MD5, SHA1 hashes are checked at all times for file integrity Timestamps are preserved on files Operations can be restarted at any time Can be to and from network, e.g. two different cloud providers Can use multi-threaded downloads to local disk Copy new or changed files to cloud storage Sync (one way) to make a directory identical Move files to cloud storage deleting the local after verification Check hashes and for missing/extra files Mount your cloud storage as a network disk Serve local or remote files over HTTP/WebDav/FTP/SFTP/dlna Experimental Web based GUI Supported providers (There are many others, built on standard protocols such as WebDAV or S3, that work out of the box.) 1Fichier Alibaba Cloud (Aliyun) Object Storage System (OSS) Amazon Drive Amazon S3 Backblaze B2 Box Ceph Citrix ShareFile C14 DigitalOcean Spaces Dreamhost Dropbox Enterprise File Fabric FTP Google Cloud Storage Google Drive Google Photos HDFS HTTP Hubic Jottacloud IBM COS S3 Koofr Mail.ru Cloud Memset Memstore Mega Memory Microsoft Azure Blob Storage Microsoft OneDrive Minio Nextcloud OVH OpenDrive OpenStack Swift Oracle Cloud Storage ownCloud pCloud premiumize.me put.io QingStor Rackspace Cloud Files rsync.net Scaleway Seafile SFTP StackPath SugarSync Tardigrade Tencent Cloud Object Storage (COS) Wasabi WebDAV Yandex Disk Zoho WorkDrive The local filesystem Links Home page GitHub project page for source and bug tracker Rclone Forum Downloads Install Rclone is a Go program and comes as a single binary file. Quickstart Download the relevant binary. Extract the or binary from the archive Run to setup. See rclone config docs for more details. See below for some expanded Linux / macOS instructions. See the Usage section of the docs for how to use rclone, or run . Already installed rclone can be easily updated to the latest version using the rclone selfupdate command. Script installation To install rclone on Linux/macOS/BSD systems, run: For beta installation, run: Note that this script checks the version of rclone installed first and won't re-download if not needed. Linux installation from precompiled binary Fetch and unpack Copy binary file Install manpage Run to setup. See rclone config docs for more details. macOS installation with brew macOS installation from precompiled binary, using curl To avoid problems with macOS gatekeeper enforcing the binary to be signed and notarized it is enough to download with . Download the latest version of rclone. Unzip the download and cd to the extracted folder. Move rclone to your $PATH. You will be prompted for your password. (the command is safe to run, even if the directory already exists). Remove the leftover files. Run to setup. See rclone config docs for more details. macOS installation from precompiled binary, using a web browser When downloading a binary with a web browser, the browser will set the macOS gatekeeper quarantine attribute. Starting from Catalina, when attempting to run , a pop-up will appear saying: The simplest fix is to run Install with docker The rclone maintains a docker image for rclone. These images are autobuilt by docker hub from the rclone source based on a minimal Alpine linux image. The tag will always point to the latest stable release. You can use the tag to get the latest build from master. You can also use version tags, e.g. , or . There are a few command line options to consider when starting an rclone Docker container from the rclone image. You need to mount the host rclone config dir at into the Docker container. Due to the fact that rclone updates tokens inside its config file, and that the update process involves a file rename, you need to mount the whole host rclone config dir, not just the single host rclone config file. You need to mount a host data dir at into the Docker container. By default, the rclone binary inside a Docker container runs with UID=0 (root). As a result, all files created in a run will have UID=0. If your config and data files reside on the host with a non-root UID:GID, you need to pass these on the container start command line. If you want to access the RC interface (either via the API or the Web UI), it is required to set the to in order to connect to it from outside the container. An explanation about why this is necessary is present here. NOTE: Users running this container with the docker network set to should probably set it to listen to localhost only, with as the value for It is possible to use inside a userspace Docker container, and expose the resulting fuse mount to the host. The exact options to do that might vary slightly between hosts. See, e.g. the discussion in this thread. You also need to mount the host and for fuse to work inside the container. Here are some commands tested on an Ubuntu 18.04.3 host: Install from source Make sure you have at least Go go1.13 installed. Download go if necessary. The latest release is recommended. Then This will leave you a checked out version of rclone you can modify and send pull requests with. If you use instead of then the rclone build will have the correct version information in it. You can also build the latest stable rclone with: or the latest version (equivalent to the beta) with These will build the binary in ( by default) after downloading the source to the go module cache. Note - do not use the flag here. This causes go to try to update the dependencies that rclone uses and sometimes these don't work with the current version of rclone. Installation with Ansible This can be done with Stefan Weichinger's ansible role. Instructions into your local roles-directory add the role to the hosts you want rclone installed to: Configure First, you'll need to configure rclone. As the object storage systems have quite complicated authentication these are kept in a config file. (See the entry for how to find the config file and choose its location.) The easiest way to make the config is to run rclone with the config option: See the following for detailed instructions for 1Fichier Alias Amazon Drive Amazon S3 Backblaze B2 Box Cache Chunker - transparently splits large files for other remotes Citrix ShareFile Compress Crypt - to encrypt other remotes DigitalOcean Spaces Dropbox Enterprise File Fabric FTP Google Cloud Storage Google Drive Google Photos HDFS HTTP Hubic Jottacloud / GetSky.no Koofr Mail.ru Cloud Mega Memory Microsoft Azure Blob Storage Microsoft OneDrive OpenStack Swift / Rackspace Cloudfiles / Memset Memstore OpenDrive Pcloud premiumize.me put.io QingStor Seafile SFTP SugarSync Tardigrade Union WebDAV Yandex Disk Zoho WorkDrive The local filesystem Usage Rclone syncs a directory tree from one storage system to another. Its syntax is like this Source and destination paths are specified by the name you gave the storage system in the config file then the sub path, e.g. "drive:myfolder" to look at "myfolder" in Google drive. You can define as many storage paths as you like in the config file. Please use the / flag while learning rclone to avoid accidental data loss. Subcommands rclone uses a system of subcommands. For example rclone config Enter an interactive configuration session. Synopsis Enter an interactive configuration session where you can setup new remotes and manage existing ones. You may also set or remove a password to protect your configuration. Options See the global flags page for global options not listed here. SEE ALSO rclone - Show help for rclone commands, flags and backends. rclone config create - Create a new remote with name, type and options. rclone config delete - Delete an existing remote . rclone config disconnect - Disconnects user from remote rclone config dump - Dump the config file as JSON. rclone config edit - Enter an interactive configuration session. rclone config file - Show path of configuration file in use. rclone config password - Update password in an existing remote. rclone config providers - List in JSON format all the providers and options. rclone config reconnect - Re-authenticates user with remote. rclone config show - Print (decrypted) config file, or the config for a single remote. rclone config update - Update options in an existing remote. rclone config userinfo - Prints info about logged in user of remote. rclone copy Copy files from source to dest, skipping already copied. Synopsis Copy the source to the destination. Doesn't transfer unchanged files, testing by size and modification time or MD5SUM. Doesn't delete files from the destination. Note that it is always the contents of the directory that is synced, not the directory so when source:path is a directory, it's the contents of source:path that are copied, not the directory name and contents. If dest:path doesn't exist, it is created and the source:path contents go there. For example Let's say there are two files in sourcepath This copies them to Not to If you are familiar with , rclone always works as if you had written a trailing - meaning "copy the contents of this directory". This applies to all commands and whether you are talking about the source or destination. See the --no-traverse option for controlling whether rclone lists the destination directory or not. Supplying this option when copying a small number of files into a large destination can speed transfers up greatly. For example, if you have many files in /path/to/src but only a few of them change every day, you can copy all the files which have changed recently very efficiently like this: Note: Use the / flag to view real-time transfer statistics. Note: Use the or the / flag to test without copying anything. Options See the global flags page for global options not listed here. SEE ALSO rclone - Show help for rclone commands, flags and backends. rclone sync Make source and dest identical, modifying destination only. Synopsis Sync the source to the destination, changing the destination only. Doesn't transfer unchanged files, testing by size and modification time or MD5SUM. Destination is updated to match source, including deleting files if necessary (except duplicate objects, see below). Important: Since this can cause data loss, test first with the or the / flag. Note that files in the destination won't be deleted if there were any errors at any point. Duplicate objects (files with the same name, on those providers that support it) are also not yet handled. It is always the contents of the directory that is synced, not the directory so when source:path is a directory, it's the contents of source:path that are copied, not the directory name and contents. See extended explanation in the command above if unsure. If dest:path doesn't exist, it is created and the source:path contents go there. Note: Use the / flag to view real-time transfer statistics Note: Use the command to deal with "Duplicate object/directory found in source/destination - ignoring" errors. See this forum post for more info. Options See the global flags page for global options not listed here. SEE ALSO rclone - Show help for rclone commands, flags and backends. rclone move Move files from source to dest. Synopsis Moves the contents of the source directory to the destination directory. Rclone will error if the source and destination overlap and the remote does not support a server-side directory move operation. If no filters are in use and if possible this will server-side move into . After this will no longer exist. Otherwise for each file in selected by the filters (if any) this will move it into . If possible a server-side move will be used, otherwise it will copy it (server-side if possible) into then delete the original (if no errors on copy) in . If you want to delete empty source directories after move, use the --delete-empty-src-dirs flag. See the --no-traverse option for controlling whether rclone lists the destination directory or not. Supplying this option when moving a small number of files into a large destination can speed transfers up greatly. Important: Since this can cause data loss, test first with the or the / flag. Note: Use the / flag to view real-time transfer statistics. Options See the global flags page for global options not listed here. SEE ALSO rclone - Show help for rclone commands, flags and backends. rclone delete Remove the files in path. Synopsis Remove the files in path. Unlike it obeys include/exclude filters so can be used to selectively delete files. only deletes files but leaves the directory structure alone. If you want to delete a directory and all of its contents use the command. If you supply the flag, it will remove all empty directories along with it. You can also use the separate command or to delete empty directories only. For example, to delete all files bigger than 100MBytes, you may first want to check what would be deleted (use either): Then proceed with the actual delete: That reads "delete everything with a minimum size of 100 MB", hence delete all files bigger than 100MBytes. Important: Since this can cause data loss, test first with the or the / flag. Options See the global flags page for global options not listed here. SEE ALSO rclone - Show help for rclone commands, flags and backends. rclone purge Remove the path and all of its contents. Synopsis Remove the path and all of its contents. Note that this does not obey include/exclude filters - everything will be removed. Use the command if you want to selectively delete files. To delete empty directories only, use command or . Important: Since this can cause data loss, test first with the or the / flag. Options See the global flags page for global options not listed here. SEE ALSO rclone - Show help for rclone commands, flags and backends. rclone mkdir Make the path if it doesn't already exist. Options See the global fla

Signatures

Files

  • rookie_2.12_portable.zip
    .zip
  • 7z.dll
    .dll windows x64

    690a5f89ac47af02792a4314ab879b34


    Headers

    Imports

    Exports

    Sections

  • 7z.exe
    .exe windows x64

    0408a51244506e2a400d2ada3d549f12


    Headers

    Imports

    Sections

  • AndroidSideloader 2.12.exe
    .exe windows x64


    Headers

    Sections

  • Rookie Offline.cmd
  • Sideloader Launcher.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • drivers/amd64/NOTICE.txt
  • drivers/amd64/WUDFUpdate_01009.dll
    .dll windows x64

    2d556b4fd0343868b288619b2a5c9d8b


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • drivers/amd64/WdfCoInstaller01009.dll
    .dll windows x64

    70497fec79daa5f71de3b34faee686a5


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • drivers/amd64/winusbcoinstaller2.dll
    .dll windows x64

    8248dad30db39242289209dc3ff9aa66


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • drivers/android_winusb.inf
  • drivers/androidwinusb86.cat
  • drivers/androidwinusba64.cat
  • drivers/dpInst32.exe
    .exe windows x86

    3ab7cc62e4963955ad408cd420cd8ef1


    Code Sign

    Headers

    Imports

    Sections

  • drivers/dpinst64.exe
    .exe windows x64

    3eacb9638877275335da4b58e52824f8


    Code Sign

    Headers

    Imports

    Sections

  • drivers/i386/NOTICE.txt
  • drivers/i386/WUDFUpdate_01009.dll
    .dll windows x86

    30448524ab936448298b5c1294b1bbbc


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • drivers/i386/WdfCoInstaller01009.dll
    .dll windows x86

    a17af54bf9d379152b9c377204b35eb9


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • drivers/i386/winusbcoinstaller2.dll
    .dll windows x86

    8346f3fd2848988fb391cc309c0dbe66


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • drivers/source.properties
  • nouns/nouns.txt
  • rclone/README.html
    .html
  • rclone/README.txt
  • rclone/hash.txt
  • rclone/rclone.1
    .ps1
  • rclone/rclone.exe
    .exe windows x64

    f42ff1ef15a23ca4dd23d78dc0962f09


    Headers

    Imports

    Sections

  • rclone/vrp.download.config