fix: add thanks

Author: lockness-Ko

docs/_app/immutable/chunks/5-b5fa75c5.js renamed to docs/_app/immutable/chunks/5-06233c3b.js

@@ -1 +1 @@
-import{_ as r}from"./_page-f0d532c0.js";import{default as t}from"../components/pages/blog/_id_/_page.svelte-42a2a7e6.js";export{t as component,r as shared};
+import{_ as r}from"./_page-886adf02.js";import{default as t}from"../components/pages/blog/_id_/_page.svelte-42a2a7e6.js";export{t as component,r as shared};

docs/_app/immutable/chunks/_page-f0d532c0.js renamed to docs/_app/immutable/chunks/_page-886adf02.js

@@ -1 +1 @@
-import"../../../../chunks/preload-helper-9b728935.js";import{l}from"../../../../chunks/_page-f0d532c0.js";export{l as load};
+import"../../../../chunks/preload-helper-9b728935.js";import{l}from"../../../../chunks/_page-886adf02.js";export{l as load};

docs/_app/immutable/chunks/cs2_malware-26976645.js

@@ -1 +1 @@
-{"version":"1730672550046"}
+{"version":"1730672604860"}

docs/_app/immutable/chunks/cs2_malware-4defdaa3.js

@@ -12,7 +12,7 @@
 
 		<meta http-equiv="content-security-policy" content="">
 		<link href="./_app/immutable/assets/_layout-6a01c3f4.css" rel="stylesheet">
-		<link rel="modulepreload" href="./_app/immutable/start-819b5f8f.js">
+		<link rel="modulepreload" href="./_app/immutable/start-6517c1bc.js">
 		<link rel="modulepreload" href="./_app/immutable/chunks/index-104dd4d8.js">
 		<link rel="modulepreload" href="./_app/immutable/chunks/singletons-9faa82f1.js">
 		<link rel="modulepreload" href="./_app/immutable/chunks/preload-helper-9b728935.js">
@@ -41,7 +41,7 @@
 
 
 		<script type="module" data-sveltekit-hydrate="uds5li">
-			import { start } from "./_app/immutable/start-819b5f8f.js";
+			import { start } from "./_app/immutable/start-6517c1bc.js";
 
 			start({
 				env: {},
@@ -56,7 +56,7 @@
 				},
 				paths: {"base":"","assets":""},
 				target: document.querySelector('[data-sveltekit-hydrate="uds5li"]').parentNode,
-				version: "1730672550046"
+				version: "1730672604860"
 			});
 		</script>
 	</div>

docs/_app/immutable/modules/pages/blog/_id_/_page.ts-1161bc9e.js renamed to docs/_app/immutable/modules/pages/blog/_id_/_page.ts-9c2026a4.js

@@ -12,7 +12,7 @@
 
 		<meta http-equiv="content-security-policy" content="">
 		<link href="./_app/immutable/assets/_layout-6a01c3f4.css" rel="stylesheet">
-		<link rel="modulepreload" href="./_app/immutable/start-819b5f8f.js">
+		<link rel="modulepreload" href="./_app/immutable/start-6517c1bc.js">
 		<link rel="modulepreload" href="./_app/immutable/chunks/index-104dd4d8.js">
 		<link rel="modulepreload" href="./_app/immutable/chunks/singletons-9faa82f1.js">
 		<link rel="modulepreload" href="./_app/immutable/chunks/preload-helper-9b728935.js">
@@ -57,7 +57,7 @@
 
 
 		<script type="module" data-sveltekit-hydrate="rh4anq">
-			import { start } from "./_app/immutable/start-819b5f8f.js";
+			import { start } from "./_app/immutable/start-6517c1bc.js";
 
 			start({
 				env: {},
@@ -72,7 +72,7 @@
 				},
 				paths: {"base":"","assets":""},
 				target: document.querySelector('[data-sveltekit-hydrate="rh4anq"]').parentNode,
-				version: "1730672550046"
+				version: "1730672604860"
 			});
 		</script>
 	<script type="application/json" data-sveltekit-fetched data-url="/api/posts">{"status":200,"statusText":"","headers":{},"body":"[{\"meta\":{\"title\":\"CS2 Malware Announcement\",\"date\":\"2024-11-03\"},\"path\":\"/blog/cs2_malware\"},{\"meta\":{\"title\":\"Malware madness\",\"date\":\"2023-4-24\"},\"path\":\"/blog/more_malware\"},{\"meta\":{\"title\":\"Malware analysis/Honepot stuff.\",\"date\":\"2022-5-5\"},\"path\":\"/blog/malware\"},{\"meta\":{\"title\":\"OP1 firmware reverse engineering\",\"date\":\"sometime\"},\"path\":\"/blog/op1\"}]"}</script></div>

docs/_app/immutable/start-819b5f8f.js renamed to docs/_app/immutable/start-6517c1bc.js

@@ -13,16 +13,16 @@
 		<meta http-equiv="content-security-policy" content="">
 		<link href="../_app/immutable/assets/_layout-6a01c3f4.css" rel="stylesheet">
 		<link href="../_app/immutable/assets/_page-cc4ed907.css" rel="stylesheet">
-		<link rel="modulepreload" href="../_app/immutable/start-819b5f8f.js">
+		<link rel="modulepreload" href="../_app/immutable/start-6517c1bc.js">
 		<link rel="modulepreload" href="../_app/immutable/chunks/index-104dd4d8.js">
 		<link rel="modulepreload" href="../_app/immutable/chunks/singletons-9faa82f1.js">
 		<link rel="modulepreload" href="../_app/immutable/chunks/preload-helper-9b728935.js">
 		<link rel="modulepreload" href="../_app/immutable/components/pages/_layout.svelte-85bcf2f0.js">
 		<link rel="modulepreload" href="../_app/immutable/modules/pages/_layout.ts-b8ee4d7c.js">
 		<link rel="modulepreload" href="../_app/immutable/chunks/_layout-1daba58d.js">
 		<link rel="modulepreload" href="../_app/immutable/components/pages/blog/_id_/_page.svelte-42a2a7e6.js">
-		<link rel="modulepreload" href="../_app/immutable/modules/pages/blog/_id_/_page.ts-1161bc9e.js">
-		<link rel="modulepreload" href="../_app/immutable/chunks/_page-f0d532c0.js">
+		<link rel="modulepreload" href="../_app/immutable/modules/pages/blog/_id_/_page.ts-9c2026a4.js">
+		<link rel="modulepreload" href="../_app/immutable/chunks/_page-886adf02.js">
 	</head>
 	<body>
 		<div style="display: contents">
@@ -44,7 +44,8 @@ <h2>UPDATE!!!</h2>
 <p>04/11
 We’ve discovered it persists in people’s Exodus wallets by using DLL Search-order hijacking.
 This DLL will be at <code>%LOCALAPPDATA%\exodus\app-24.41.6\profapi.dll</code>, or a similar <code>app-</code> directory.
-To remove the persistence, remove this file</p>
+To remove the persistence, remove this file
+<strong>Thanks to cayenne6561 for finding this!</strong></p>
 <h2>What we know</h2>
 <p><strong>Key Points</strong></p>
 <ul><li>The malware is an Exodus Wallet Stealer, <strong>which we are calling ExoTickler</strong>.</li>
@@ -87,8 +88,8 @@ <h2>FAQ</h2>
 </main>
 
 
-		<script type="module" data-sveltekit-hydrate="re92r1">
-			import { start } from "../_app/immutable/start-819b5f8f.js";
+		<script type="module" data-sveltekit-hydrate="1nt1xr2">
+			import { start } from "../_app/immutable/start-6517c1bc.js";
 
 			start({
 				env: {},
@@ -102,8 +103,8 @@ <h2>FAQ</h2>
 					form: null
 				},
 				paths: {"base":"","assets":""},
-				target: document.querySelector('[data-sveltekit-hydrate="re92r1"]').parentNode,
-				version: "1730672550046"
+				target: document.querySelector('[data-sveltekit-hydrate="1nt1xr2"]').parentNode,
+				version: "1730672604860"
 			});
 		</script>
 	</div>

docs/_app/version.json

@@ -13,16 +13,16 @@
 		<meta http-equiv="content-security-policy" content="">
 		<link href="../_app/immutable/assets/_layout-6a01c3f4.css" rel="stylesheet">
 		<link href="../_app/immutable/assets/_page-cc4ed907.css" rel="stylesheet">
-		<link rel="modulepreload" href="../_app/immutable/start-819b5f8f.js">
+		<link rel="modulepreload" href="../_app/immutable/start-6517c1bc.js">
 		<link rel="modulepreload" href="../_app/immutable/chunks/index-104dd4d8.js">
 		<link rel="modulepreload" href="../_app/immutable/chunks/singletons-9faa82f1.js">
 		<link rel="modulepreload" href="../_app/immutable/chunks/preload-helper-9b728935.js">
 		<link rel="modulepreload" href="../_app/immutable/components/pages/_layout.svelte-85bcf2f0.js">
 		<link rel="modulepreload" href="../_app/immutable/modules/pages/_layout.ts-b8ee4d7c.js">
 		<link rel="modulepreload" href="../_app/immutable/chunks/_layout-1daba58d.js">
 		<link rel="modulepreload" href="../_app/immutable/components/pages/blog/_id_/_page.svelte-42a2a7e6.js">
-		<link rel="modulepreload" href="../_app/immutable/modules/pages/blog/_id_/_page.ts-1161bc9e.js">
-		<link rel="modulepreload" href="../_app/immutable/chunks/_page-f0d532c0.js">
+		<link rel="modulepreload" href="../_app/immutable/modules/pages/blog/_id_/_page.ts-9c2026a4.js">
+		<link rel="modulepreload" href="../_app/immutable/chunks/_page-886adf02.js">
 	</head>
 	<body>
 		<div style="display: contents">
@@ -67,7 +67,7 @@ <h2>&gt; Mirai sample - 5/5/22</h2>
 
 
 		<script type="module" data-sveltekit-hydrate="14vnhgt">
-			import { start } from "../_app/immutable/start-819b5f8f.js";
+			import { start } from "../_app/immutable/start-6517c1bc.js";
 
 			start({
 				env: {},
@@ -82,7 +82,7 @@ <h2>&gt; Mirai sample - 5/5/22</h2>
 				},
 				paths: {"base":"","assets":""},
 				target: document.querySelector('[data-sveltekit-hydrate="14vnhgt"]').parentNode,
-				version: "1730672550046"
+				version: "1730672604860"
 			});
 		</script>
 	</div>

docs/about.html

@@ -13,16 +13,16 @@
 		<meta http-equiv="content-security-policy" content="">
 		<link href="../_app/immutable/assets/_layout-6a01c3f4.css" rel="stylesheet">
 		<link href="../_app/immutable/assets/_page-cc4ed907.css" rel="stylesheet">
-		<link rel="modulepreload" href="../_app/immutable/start-819b5f8f.js">
+		<link rel="modulepreload" href="../_app/immutable/start-6517c1bc.js">
 		<link rel="modulepreload" href="../_app/immutable/chunks/index-104dd4d8.js">
 		<link rel="modulepreload" href="../_app/immutable/chunks/singletons-9faa82f1.js">
 		<link rel="modulepreload" href="../_app/immutable/chunks/preload-helper-9b728935.js">
 		<link rel="modulepreload" href="../_app/immutable/components/pages/_layout.svelte-85bcf2f0.js">
 		<link rel="modulepreload" href="../_app/immutable/modules/pages/_layout.ts-b8ee4d7c.js">
 		<link rel="modulepreload" href="../_app/immutable/chunks/_layout-1daba58d.js">
 		<link rel="modulepreload" href="../_app/immutable/components/pages/blog/_id_/_page.svelte-42a2a7e6.js">
-		<link rel="modulepreload" href="../_app/immutable/modules/pages/blog/_id_/_page.ts-1161bc9e.js">
-		<link rel="modulepreload" href="../_app/immutable/chunks/_page-f0d532c0.js">
+		<link rel="modulepreload" href="../_app/immutable/modules/pages/blog/_id_/_page.ts-9c2026a4.js">
+		<link rel="modulepreload" href="../_app/immutable/chunks/_page-886adf02.js">
 	</head>
 	<body>
 		<div style="display: contents">
@@ -91,7 +91,7 @@ <h2>Tor Shenanigans</h2>
 
 
 		<script type="module" data-sveltekit-hydrate="13i6clz">
-			import { start } from "../_app/immutable/start-819b5f8f.js";
+			import { start } from "../_app/immutable/start-6517c1bc.js";
 
 			start({
 				env: {},
@@ -106,7 +106,7 @@ <h2>Tor Shenanigans</h2>
 				},
 				paths: {"base":"","assets":""},
 				target: document.querySelector('[data-sveltekit-hydrate="13i6clz"]').parentNode,
-				version: "1730672550046"
+				version: "1730672604860"
 			});
 		</script>
 	</div>

docs/blog.html

@@ -13,16 +13,16 @@
 		<meta http-equiv="content-security-policy" content="">
 		<link href="../_app/immutable/assets/_layout-6a01c3f4.css" rel="stylesheet">
 		<link href="../_app/immutable/assets/_page-cc4ed907.css" rel="stylesheet">
-		<link rel="modulepreload" href="../_app/immutable/start-819b5f8f.js">
+		<link rel="modulepreload" href="../_app/immutable/start-6517c1bc.js">
 		<link rel="modulepreload" href="../_app/immutable/chunks/index-104dd4d8.js">
 		<link rel="modulepreload" href="../_app/immutable/chunks/singletons-9faa82f1.js">
 		<link rel="modulepreload" href="../_app/immutable/chunks/preload-helper-9b728935.js">
 		<link rel="modulepreload" href="../_app/immutable/components/pages/_layout.svelte-85bcf2f0.js">
 		<link rel="modulepreload" href="../_app/immutable/modules/pages/_layout.ts-b8ee4d7c.js">
 		<link rel="modulepreload" href="../_app/immutable/chunks/_layout-1daba58d.js">
 		<link rel="modulepreload" href="../_app/immutable/components/pages/blog/_id_/_page.svelte-42a2a7e6.js">
-		<link rel="modulepreload" href="../_app/immutable/modules/pages/blog/_id_/_page.ts-1161bc9e.js">
-		<link rel="modulepreload" href="../_app/immutable/chunks/_page-f0d532c0.js">
+		<link rel="modulepreload" href="../_app/immutable/modules/pages/blog/_id_/_page.ts-9c2026a4.js">
+		<link rel="modulepreload" href="../_app/immutable/chunks/_page-886adf02.js">
 	</head>
 	<body>
 		<div style="display: contents">
@@ -74,7 +74,7 @@ <h3>&gt; random interesting things</h3>
 
 
 		<script type="module" data-sveltekit-hydrate="torf3j">
-			import { start } from "../_app/immutable/start-819b5f8f.js";
+			import { start } from "../_app/immutable/start-6517c1bc.js";
 
 			start({
 				env: {},
@@ -89,7 +89,7 @@ <h3>&gt; random interesting things</h3>
 				},
 				paths: {"base":"","assets":""},
 				target: document.querySelector('[data-sveltekit-hydrate="torf3j"]').parentNode,
-				version: "1730672550046"
+				version: "1730672604860"
 			});
 		</script>
 	</div>

docs/blog/cs2_malware.html

@@ -12,7 +12,7 @@
 
 		<meta http-equiv="content-security-policy" content="">
 		<link href="./_app/immutable/assets/_layout-6a01c3f4.css" rel="stylesheet">
-		<link rel="modulepreload" href="./_app/immutable/start-819b5f8f.js">
+		<link rel="modulepreload" href="./_app/immutable/start-6517c1bc.js">
 		<link rel="modulepreload" href="./_app/immutable/chunks/index-104dd4d8.js">
 		<link rel="modulepreload" href="./_app/immutable/chunks/singletons-9faa82f1.js">
 		<link rel="modulepreload" href="./_app/immutable/chunks/preload-helper-9b728935.js">
@@ -46,7 +46,7 @@
 
 
 		<script type="module" data-sveltekit-hydrate="1qzjl2b">
-			import { start } from "./_app/immutable/start-819b5f8f.js";
+			import { start } from "./_app/immutable/start-6517c1bc.js";
 
 			start({
 				env: {},
@@ -61,7 +61,7 @@
 				},
 				paths: {"base":"","assets":""},
 				target: document.querySelector('[data-sveltekit-hydrate="1qzjl2b"]').parentNode,
-				version: "1730672550046"
+				version: "1730672604860"
 			});
 		</script>
 	</div>

docs/blog/malware.html

@@ -12,7 +12,7 @@
 
 		<meta http-equiv="content-security-policy" content="">
 		<link href="./_app/immutable/assets/_layout-6a01c3f4.css" rel="stylesheet">
-		<link rel="modulepreload" href="./_app/immutable/start-819b5f8f.js">
+		<link rel="modulepreload" href="./_app/immutable/start-6517c1bc.js">
 		<link rel="modulepreload" href="./_app/immutable/chunks/index-104dd4d8.js">
 		<link rel="modulepreload" href="./_app/immutable/chunks/singletons-9faa82f1.js">
 		<link rel="modulepreload" href="./_app/immutable/chunks/preload-helper-9b728935.js">
@@ -46,7 +46,7 @@ <h2>Facts about this website:</h2>
 
 
 		<script type="module" data-sveltekit-hydrate="fhbj5c">
-			import { start } from "./_app/immutable/start-819b5f8f.js";
+			import { start } from "./_app/immutable/start-6517c1bc.js";
 
 			start({
 				env: {},
@@ -61,7 +61,7 @@ <h2>Facts about this website:</h2>
 				},
 				paths: {"base":"","assets":""},
 				target: document.querySelector('[data-sveltekit-hydrate="fhbj5c"]').parentNode,
-				version: "1730672550046"
+				version: "1730672604860"
 			});
 		</script>
 	</div>

docs/blog/more_malware.html

@@ -1,6 +1,6 @@
 {
   "node_modules/@sveltejs/kit/src/runtime/client/start.js": {
-    "file": "_app/immutable/start-819b5f8f.js",
+    "file": "_app/immutable/start-6517c1bc.js",
     "src": "node_modules/@sveltejs/kit/src/runtime/client/start.js",
     "isEntry": true,
     "imports": [
@@ -98,12 +98,12 @@
     ]
   },
   "src/routes/blog/[id]/+page.ts": {
-    "file": "_app/immutable/modules/pages/blog/_id_/_page.ts-1161bc9e.js",
+    "file": "_app/immutable/modules/pages/blog/_id_/_page.ts-9c2026a4.js",
     "src": "src/routes/blog/[id]/+page.ts",
     "isEntry": true,
     "imports": [
       "_preload-helper-9b728935.js",
-      "__page-f0d532c0.js"
+      "__page-886adf02.js"
     ]
   },
   "_singletons-9faa82f1.js": {
@@ -124,8 +124,8 @@
   "__page-69b2005d.js": {
     "file": "_app/immutable/chunks/_page-69b2005d.js"
   },
-  "__page-f0d532c0.js": {
-    "file": "_app/immutable/chunks/_page-f0d532c0.js",
+  "__page-886adf02.js": {
+    "file": "_app/immutable/chunks/_page-886adf02.js",
     "imports": [
       "_preload-helper-9b728935.js"
     ],
@@ -179,11 +179,11 @@
     ]
   },
   ".svelte-kit/generated/nodes/5.js": {
-    "file": "_app/immutable/chunks/5-b5fa75c5.js",
+    "file": "_app/immutable/chunks/5-06233c3b.js",
     "src": ".svelte-kit/generated/nodes/5.js",
     "isDynamicEntry": true,
     "imports": [
-      "__page-f0d532c0.js",
+      "__page-886adf02.js",
       "src/routes/blog/[id]/+page.svelte"
     ]
   },
@@ -196,7 +196,7 @@
     ]
   },
   "src/routes/blog/cs2_malware.md": {
-    "file": "_app/immutable/chunks/cs2_malware-4defdaa3.js",
+    "file": "_app/immutable/chunks/cs2_malware-26976645.js",
     "src": "src/routes/blog/cs2_malware.md",
     "isDynamicEntry": true,
     "imports": [
@@ -227,12 +227,12 @@
       "_index-104dd4d8.js"
     ]
   },
-  "src/routes/blog/[id]/+page.css": {
-    "file": "_app/immutable/assets/_page-cc4ed907.css",
-    "src": "src/routes/blog/[id]/+page.css"
-  },
   "src/routes/+layout.css": {
     "file": "_app/immutable/assets/_layout-6a01c3f4.css",
     "src": "src/routes/+layout.css"
+  },
+  "src/routes/blog/[id]/+page.css": {
+    "file": "_app/immutable/assets/_page-cc4ed907.css",
+    "src": "src/routes/blog/[id]/+page.css"
   }
 }

docs/blog/op1.html

@@ -13,6 +13,7 @@ date: "2024-11-03"
 We've discovered it persists in people's Exodus wallets by using DLL Search-order hijacking.
 This DLL will be at `%LOCALAPPDATA%\exodus\app-24.41.6\profapi.dll`, or a similar `app-` directory.
 To remove the persistence, remove this file
+**Thanks to cayenne6561 for finding this!**
 
 ## What we know