{"report_id":"4ef34760-3859-4eae-a56f-71a2c687b7ef","version":6,"status":"done","tags":[],"date":"2024-07-28T22:10:19Z","url":{"schema":"http","addr":"github.com/M2TeamArchived/NSudo/releases/download/9.0-Preview1/NSudo_9.0_Preview1_9.0.2676.0.zip","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.4","port":0,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T07:52:52Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"objects.githubusercontent.com","ip":{"addr":"185.199.109.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2014-02-06","domain_rank":134060,"first_seen":"2021-11-01 22:34:29","last_seen":"2024-07-28 19:42:47","alert_count":1,"request_count":1,"received_data":861270,"sent_data":1012,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-07-28 18:17:42","alert_count":0,"request_count":9,"received_data":7984,"sent_data":2943,"comment":"","tags":null,"fingerprints":null},{"fqdn":"github.com","ip":{"addr":"140.82.121.3","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"domain_registered":"2007-10-09","domain_rank":1423,"first_seen":"2016-07-13 12:28:22","last_seen":"2024-07-28 18:50:23","alert_count":0,"request_count":1,"received_data":4118,"sent_data":550,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"3eb9aa45beea34797067b8b66038765f","sha1":"83bc83ca6bd388aec649d5f87be6db9b84cfd94b","sha256":"2a4d3c5847fa9694c050448afaeac6fb3c9f41995c7a2f8ee4cbd015e18909eb","sha512":"7c6a18db2fe9fcabb3b7285f1fabc4886e0b871079651d49246efc222f087313d59fcc3cc4d69e20094f3342f8aba429a2ee8193036c868ecdec30572757e900","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","size":860412,"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/62206642/3c67cec3-1ee5-4338-ab84-a3e229db25c6?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240728%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240728T220953Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=85e9a221b507870155a7a8864ce6f9ed6ac8a46a28152250e73c8305258c6554\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=62206642\u0026response-content-disposition=attachment%3B%20filename%3DNSudo_9.0_Preview1_9.0.2676.0.zip\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.109.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":[{"path":"ARM64/MoPlugin.dll","filename":"MoPlugin.dll","modified":"","Modified":"2021-08-28T18:45:10Z","magic":"PE32+ executable (DLL) (GUI) Aarch64, for MS Windows, 6 sections","size":109568,"md5":"4582f73b9581204be3019e79d76b8ea0","sha1":"c0ea73afb856ec80b10c0d106effdbc81abb4733","sha256":"b8f49f33e4561f4ac7e1789ecce1ad9b104dba463bdffd38191c21cbd16be6ab","sha512":"cf062ad9df247b74e6a7767d990ff0958ccfe81c5f68fdd6c48d83d26a90d64db006fb4c44a881bce74cd94fbfd9323cdf7a0cc66806f9b36e35f723c9c699e3","alerts":{"urlquery":null,"analyzer":null}},{"path":"ARM64/NSudo.json","filename":"NSudo.json","modified":"","Modified":"2020-08-03T03:16:32Z","magic":"Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":211,"md5":"922322fab45a284dbb248760125dfb1c","sha1":"120e77b90baa85287b2ee5bc63ff7dcd149767b5","sha256":"254beac232a7bb20289b0608db5a0ccc69789fb8befe2bf3c76fa09953eea6f5","sha512":"899dc404559518e311343a0a71ef4f88e4820268ff821082400660647259594cb1a088359c75b17f4e0df85ea5ad91e49b3e86f636e95955c2c56f1e667f4aaf","alerts":{"urlquery":null,"analyzer":null}},{"path":"ARM64/NSudoAPI.dll","filename":"NSudoAPI.dll","modified":"","Modified":"2021-08-28T18:44:48Z","magic":"PE32+ executable (DLL) (GUI) Aarch64, for MS Windows, 6 sections","size":32256,"md5":"edb1fd401371bf61a5a4628ecd96c3ab","sha1":"39efb8a92c9add71fd647ade9354167c31b2c12d","sha256":"6d6f65c0e7a5a7e22b99e739216de9d62086c054864f1ad2705e7147c58ddb23","sha512":"827f7b8bb8dd707a8cd27996e484d1f56f702ed3306195cf6ca42d3076dcad3d911d41ba77fa77857bd50457f3b34085565a2be844e0d2e52b0f34aa1dc891f4","alerts":{"urlquery":null,"analyzer":null}},{"path":"ARM64/NSudoAPI.lib","filename":"NSudoAPI.lib","modified":"","Modified":"2021-08-28T18:44:48Z","magic":"current ar archive","size":2142,"md5":"68014cbe004cc9e606dde1746c0d3891","sha1":"e99dcd2741578cf163424d9f026a93dbfea9e064","sha256":"7d2734d2a0ae371a37606b8b096dce024c52f4d4649a005ebb1934068556ea62","sha512":"fd0e953a307fc062353bd8e8e443c69e2d68353a7a7be4bd5a7768490a2caceb5e1f186e63d7e4ea21f0e0d0acb6ef3b3177e3405d7ad277b1f2eb551ab2928f","alerts":{"urlquery":null,"analyzer":null}},{"path":"ARM64/NSudoDM.dll","filename":"NSudoDM.dll","modified":"","Modified":"2021-08-28T18:45:24Z","magic":"PE32+ executable (DLL) (GUI) Aarch64, for MS Windows, 6 sections","size":17920,"md5":"a3a0e2aed7d020cbb4f9d3b26a8e1c8d","sha1":"1751c6093a01ef757adb32325be6ca7e592db352","sha256":"c44e32662b208e4a7335a4f0effb74201f9ff5412f8a9b3f3c4ffdd030f7d1bb","sha512":"b15c30b5d621fb50c5db7e5c72e391ae167674293c506c5cb26abef85ea7f55e173926f36e76ed32ce98edaf724d669ea4badd08dcad08f43a81999cb2e92f10","alerts":{"urlquery":null,"analyzer":null}},{"path":"ARM64/NSudoLC.exe","filename":"NSudoLC.exe","modified":"","Modified":"2021-08-28T18:45:16Z","magic":"PE32+ executable (console) Aarch64, for MS Windows, 6 sections","size":108544,"md5":"a025c4afcccf2eed65eaa8198bec1d43","sha1":"b607e31fb6a6f5c32582030ad9f5a409b3087092","sha256":"c9457a387ea69072cd1efd0b55c2263037c0d2ad1016c60f1cee9bae6d551e38","sha512":"9b1df7e53739a25f9c037879c4686c23f9922c9e5fc3c1d4a16065803b0bd8b62b836a4807d8378b5e428dc29b35dde92276a5f107eaafb3d9f669391c17f1fe","alerts":{"urlquery":null,"analyzer":null}},{"path":"ARM64/NSudoLG.exe","filename":"NSudoLG.exe","modified":"","Modified":"2021-08-28T18:45:18Z","magic":"PE32+ executable (GUI) Aarch64, for MS Windows, 6 sections","size":126976,"md5":"c023269138388e0b726d805cf8423d10","sha1":"d0d638c1e56002fdc9a0c7661cf6bc9bde392222","sha256":"abdf67bdb0b8aae4fccf6e0b64a78fb76df48e32b66fc0f0270f24140141805e","sha512":"5779bdb30e46290c8604e31f4532f37beeeccdfa18758ff6bf8a7c92c8426be62a4e5ba5c29a8733fa8251350d6235039964e6b46a1c8629e6cd8947b1d6ab7c","alerts":{"urlquery":null,"analyzer":null}},{"path":"ARM64/NSudoPluginHost.exe","filename":"NSudoPluginHost.exe","modified":"","Modified":"2021-08-28T18:45:16Z","magic":"PE32+ executable (console) Aarch64, for MS Windows, 6 sections","size":126464,"md5":"a51cc12a709ab0487800a0fed390b3d0","sha1":"771df982d97f9f4d41be415acee4cc7ab898613e","sha256":"59d07d0fc4d91f795f4039694635486a456750d9088e1330970d98d7743bea57","sha512":"b35b1dd62e94679dc725900a031c616453366e9f5cfb53dc34af6316afa1601da29456f0c6ba6601843d3620da0e2c2acc59a58cf7930f522a9e34b63e51a498","alerts":{"urlquery":null,"analyzer":null}},{"path":"License.txt","filename":"License.txt","modified":"","Modified":"2021-05-14T01:22:30Z","magic":"Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2970,"md5":"e1060bad75d78ac64475b5ec71304a33","sha1":"a212eb16fb3bd67e5de50510a4f7f7de9febeb55","sha256":"ff6063b9a4670832e80bde30bac5fe15ff3a3710454bf72d743f085312ba98d9","sha512":"380e9a5e77ff7634120fe3d90a4b56b13ed111b0da70fd9a1a133403d8da3651370a071ff5f38abcb3d65002ab3b7957acfffc684b65a75db5bcb1bd7f9fd6c6","alerts":{"urlquery":null,"analyzer":null}},{"path":"MoPluginReadme.txt","filename":"MoPluginReadme.txt","modified":"","Modified":"2021-08-28T18:51:58Z","magic":"Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":4653,"md5":"d3a2e39d0e248b323fdddac19be569e2","sha1":"e404ca67e011640680b3082a264860dbf9a5cc4b","sha256":"46b1952bd1ecaa3ac86ba91c7468c26f0adf99bfeff80913f9a70a4f4d9f3393","sha512":"0e07aae22d535faae7c58bd9e976ae3fcec7e2f4e39827b6a5a1408aea2db0f5dc7d218d26a109d6d6d46cc22395aba4707e58565ceaab272192085f84c9c107","alerts":{"urlquery":null,"analyzer":null}},{"path":"MoPluginReadme.zh-Hans.txt","filename":"MoPluginReadme.zh-Hans.txt","modified":"","Modified":"2021-08-28T18:55:58Z","magic":"Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":4323,"md5":"a7f9020af6fb39f4c7c96186749b25bf","sha1":"a211f2b4c69c1828d791603d079ac972533fec9d","sha256":"310526afe6d5f37a72efd9e064eff6b2e602bef2d5afc5cfb52e47367a2c83c6","sha512":"ecca07cd0d55006bbbb5da086cb90e8eb2cec8fa22521a0c4a79fab86bad4a86696116df1e9028cf526636a9bdc243a11de8f9f715cae9c609684b638a34032b","alerts":{"urlquery":null,"analyzer":null}},{"path":"People.txt","filename":"People.txt","modified":"","Modified":"2021-08-26T20:59:28Z","magic":"Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":2525,"md5":"fd31ce73229f35a874d0c9eb00054e0b","sha1":"f99fa779766c6630aab9ce664fb66917c3d166ba","sha256":"cd1de6557b8b8c1fc4d4b0922877d49d98b74a9c1c78bbebad3720e84f81ea13","sha512":"0e6ba0535aaba4632646c63b42241736d2e75569470229398cbbff1a16a5df123245b2844c43ed873c9a6be145ad9c975e9ca1315e82a8d82aaac13074e320d7","alerts":{"urlquery":null,"analyzer":null}},{"path":"Win32/MoPlugin.dll","filename":"MoPlugin.dll","modified":"","Modified":"2021-08-28T18:45:06Z","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":120832,"md5":"964eb29cab522ed84bfb0fdc83415eee","sha1":"70474ff8ae515addb1243a0ad4bf4cf147a93d78","sha256":"2e7b03ba284fe74ad8479b03d24b9775ee9fca9040fa470379914c648089c06b","sha512":"67299413eab2304066b46b91288902f4d8b22d87746f14a48e0384c7d30db2281e9f585eda0db16f5c5ebc00036d312dfc6705442bbebacb49e62f5fb864ebac","alerts":{"urlquery":null,"analyzer":null}},{"path":"Win32/NSudo.json","filename":"NSudo.json","modified":"","Modified":"2020-08-03T03:16:32Z","magic":"Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":211,"md5":"922322fab45a284dbb248760125dfb1c","sha1":"120e77b90baa85287b2ee5bc63ff7dcd149767b5","sha256":"254beac232a7bb20289b0608db5a0ccc69789fb8befe2bf3c76fa09953eea6f5","sha512":"899dc404559518e311343a0a71ef4f88e4820268ff821082400660647259594cb1a088359c75b17f4e0df85ea5ad91e49b3e86f636e95955c2c56f1e667f4aaf","alerts":{"urlquery":null,"analyzer":null}},{"path":"Win32/NSudoAPI.dll","filename":"NSudoAPI.dll","modified":"","Modified":"2021-08-28T18:44:46Z","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":58368,"md5":"f3b4d339bd862caf762f46ca46012b1a","sha1":"61b1a63a0aed75924bf18915de10692a7fb09233","sha256":"de6deb7483d8c7188dbec858028f077b53f588faedc8cc799e7d546b098618c6","sha512":"cb90f31b46f61008179aab3d78cc978b8523f245c0edd0273696a9fb133744cf25dce91e853474aae6fa3ec10bae2d11698070c7bb2e989b0f6df81b6fac30f0","alerts":{"urlquery":null,"analyzer":null}},{"path":"Win32/NSudoAPI.lib","filename":"NSudoAPI.lib","modified":"","Modified":"2021-08-28T18:44:46Z","magic":"current ar archive","size":2184,"md5":"3da581d1e6e9c850f606a49e440591a5","sha1":"72c5670ed98700e9d404159f9bcd9d86c14d783c","sha256":"8a635fc7f5753d4039abc5b77402a0fe6445684741ef5995805ecc79874084a8","sha512":"fad5ef47635e5fb69d82f0963760f2cfefbf0cc7c8cba344d1df26b7e33db0261a218558c2616370124e79c880d5ef77bfe2783f0b552a29e51f7e21e2fa8cac","alerts":{"urlquery":null,"analyzer":null}},{"path":"Win32/NSudoDM.dll","filename":"NSudoDM.dll","modified":"","Modified":"2021-08-28T18:45:22Z","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 5 sections","size":22528,"md5":"01c05ffcec63e010eec4425c304ed371","sha1":"8d5ed0c3e4ed87f954d57be041e7ee366cd99350","sha256":"11c46cb8f4208fd25c77cdc688204f3252b07b50c481c15454af745652d60784","sha512":"f07768f7b3ff6f4b10bd0b295cdb8371bc598e7ff8f8f130b475fc128a1662ca9f238ceff3eeb6e225840d924416a8000b54b57250e15937e6cc1a18168c8625","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-01-17","alert":"Scan result 1/67","trigger":"11c46cb8f4208fd25c77cdc688204f3252b07b50c481c15454af745652d60784","verdict":"suspicious","severity":"","comment":"suspicious - 1/67","link":"https://www.virustotal.com/gui/file/11c46cb8f4208fd25c77cdc688204f3252b07b50c481c15454af745652d60784","meta":null}]}},{"path":"Win32/NSudoLC.exe","filename":"NSudoLC.exe","modified":"","Modified":"2021-08-28T18:45:12Z","magic":"PE32 executable (console) Intel 80386, for MS Windows, 5 sections","size":130048,"md5":"3360efb5c779c805b7d76fd1e1ee558a","sha1":"97b140d8b86f9570cb34fa962f0ead4ca261112e","sha256":"b75d7eecd4eb970f800113d99b9a05ecbceaae65a1d8c281aaa67a3f0867619e","sha512":"5a30c0d8ff7f40594249908928b3dab95c766bb42ec98be0186f998507480adbb6716d28d3b6b90023121ca756e4eaa227c0aedf1b725bcd3d835dbd252a9dfb","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-04-14","alert":"Scan result 6/70","trigger":"b75d7eecd4eb970f800113d99b9a05ecbceaae65a1d8c281aaa67a3f0867619e","verdict":"suspicious","severity":"","comment":"suspicious - 6/70","link":"https://www.virustotal.com/gui/file/b75d7eecd4eb970f800113d99b9a05ecbceaae65a1d8c281aaa67a3f0867619e","meta":null}]}},{"path":"Win32/NSudoLG.exe","filename":"NSudoLG.exe","modified":"","Modified":"2021-08-28T18:45:12Z","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","size":142848,"md5":"44be11477673baa42c7fa7423e8f4604","sha1":"20ad7ea719e220403574709122f4ecdbafebc1a0","sha256":"bdd9286eaefc70e313748693a0372eaa18de535ffebfae0ef658f88f53073e6f","sha512":"336eb413f600df7ce2e82c653d2f33516926a8e9d434b32015a8e2686e11a61585a0a0699faffa3545022c11f812456a25f1749bfa9841ab23f71dbb826df050","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-07-28","alert":"files - file ~tmp01925d3f.exe","trigger":"Win32/NSudoLG.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-28","alert":"Scan result 1/75","trigger":"bdd9286eaefc70e313748693a0372eaa18de535ffebfae0ef658f88f53073e6f","verdict":"suspicious","severity":"","comment":"suspicious - 1/75","link":"https://www.virustotal.com/gui/file/bdd9286eaefc70e313748693a0372eaa18de535ffebfae0ef658f88f53073e6f","meta":null}]}},{"path":"Win32/NSudoPluginHost.exe","filename":"NSudoPluginHost.exe","modified":"","Modified":"2021-08-28T18:45:08Z","magic":"PE32 executable (console) Intel 80386, for MS Windows, 5 sections","size":133632,"md5":"5c37b866005b8be068a770eb43cfdbd0","sha1":"1048a524cf8f177b7a6ba55a34124922ed4d6cac","sha256":"1a6802e68d9bd6d5f82afdd7ce603159d98e2a686ec5a725568b93696b1c0232","sha512":"ad4494dbdd65d38524039e30a6c57128fdce2a68aa622f7df5b5c1659322f95dd8201f8bed82c5841b6d9c363b9becb979010e178b22a4da36ba33435321c1a3","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-27","alert":"Scan result 11/75","trigger":"1a6802e68d9bd6d5f82afdd7ce603159d98e2a686ec5a725568b93696b1c0232","verdict":"malicious","severity":"","comment":"malicious - 11/75","link":"https://www.virustotal.com/gui/file/1a6802e68d9bd6d5f82afdd7ce603159d98e2a686ec5a725568b93696b1c0232","meta":null}]}},{"path":"x64/MoPlugin.dll","filename":"MoPlugin.dll","modified":"","Modified":"2021-08-28T18:45:08Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":151552,"md5":"6ca5613a2922aa18db0fd8447ce4cb72","sha1":"e0891788016091fea74e737e993d9f70b44b00d4","sha256":"7dc57017b56d6e8247138cd71d8acb2401c196321ad1a8097f104e065d537368","sha512":"25cae2ee909a73303d4ede9f866b51f114b82aa9b45cac4435b1b07f8112ad5d86c5b315b6390cf219ed4d6c84b88826bca85ede8639cda04d415121734d4d00","alerts":{"urlquery":null,"analyzer":null}},{"path":"x64/NSudo.json","filename":"NSudo.json","modified":"","Modified":"2020-08-03T03:16:32Z","magic":"Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":211,"md5":"922322fab45a284dbb248760125dfb1c","sha1":"120e77b90baa85287b2ee5bc63ff7dcd149767b5","sha256":"254beac232a7bb20289b0608db5a0ccc69789fb8befe2bf3c76fa09953eea6f5","sha512":"899dc404559518e311343a0a71ef4f88e4820268ff821082400660647259594cb1a088359c75b17f4e0df85ea5ad91e49b3e86f636e95955c2c56f1e667f4aaf","alerts":{"urlquery":null,"analyzer":null}},{"path":"x64/NSudoAPI.dll","filename":"NSudoAPI.dll","modified":"","Modified":"2021-08-28T18:44:54Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":84480,"md5":"9d9a41e709e9b012b6b26730b534f9f0","sha1":"1eaf514857eb7f9f115dbc31769b9956b00754d3","sha256":"4ff01d4497da85db25d24bef8d391180730b1b8846ca905faa6755d98cabc4fd","sha512":"47f6872ea445f2ef310466a53d5298ccde3dec7a3856192d9612f45f3204acf9b10e9a514d20f3cd30cf016adc0ed6d889e168372eb0e3d8e7feaf0a5cb60848","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-03-28","alert":"Scan result 2/71","trigger":"4ff01d4497da85db25d24bef8d391180730b1b8846ca905faa6755d98cabc4fd","verdict":"suspicious","severity":"","comment":"suspicious - 2/71","link":"https://www.virustotal.com/gui/file/4ff01d4497da85db25d24bef8d391180730b1b8846ca905faa6755d98cabc4fd","meta":null}]}},{"path":"x64/NSudoAPI.lib","filename":"NSudoAPI.lib","modified":"","Modified":"2021-08-28T18:44:54Z","magic":"current ar archive","size":2142,"md5":"43f9401418abfec6f70dc64c031c0be6","sha1":"cd478599487d0d1bae5ebbc369e3cd034a04f6eb","sha256":"de1071d950f34eee9a7e5ae9bee9045246ba3082a9e6634907f34f6235cf1859","sha512":"a92d40439abc6554f5bd074fe8adc39f717ef72ca01b7f06b53fa00d29f2e5f88c97fbd7b6e1b94a4ccbb19e97ce39c3383a94dd0366bd0ef8f4995b897a5199","alerts":{"urlquery":null,"analyzer":null}},{"path":"x64/NSudoDM.dll","filename":"NSudoDM.dll","modified":"","Modified":"2021-08-28T18:45:20Z","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections","size":28672,"md5":"4405400efe515575ca6f4f254e402826","sha1":"be3293d0649b231397b110d4a8783ba2d98d8a89","sha256":"380e686050461bb76d5919a05c770a9f5689490efaf17b00bfdcc7811381dc28","sha512":"3d6d225474b63a19c5c5d726e815ceedf598d094e3fbc432561c6afbef91c1f20046b6e91149a60bd309b11a18080fee2acac334f20afc1e4d67445deb060638","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-03-28","alert":"Scan result 1/71","trigger":"380e686050461bb76d5919a05c770a9f5689490efaf17b00bfdcc7811381dc28","verdict":"suspicious","severity":"","comment":"suspicious - 1/71","link":"https://www.virustotal.com/gui/file/380e686050461bb76d5919a05c770a9f5689490efaf17b00bfdcc7811381dc28","meta":null}]}},{"path":"x64/NSudoLC.exe","filename":"NSudoLC.exe","modified":"","Modified":"2021-08-28T18:45:16Z","magic":"PE32+ executable (console) x86-64, for MS Windows, 6 sections","size":161280,"md5":"e8d3152fbb5c7e8d585ca3adb6caa9a0","sha1":"b0178a9d58978661e6b8d955096bc2df9d6d42a8","sha256":"9e166d334ecc9814e42ecce759c3fa30f350d0aaef68a67cc77e04258be69722","sha512":"97429c0d86e4761abda8067308f63c9bb2cfb9331599ca02204293c77ede18e6df6317764f4cb0d4da932471e039bdb0fd47cb79d055648e6da1519841ba1960","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-25","alert":"Scan result 2/75","trigger":"9e166d334ecc9814e42ecce759c3fa30f350d0aaef68a67cc77e04258be69722","verdict":"suspicious","severity":"","comment":"suspicious - 2/75","link":"https://www.virustotal.com/gui/file/9e166d334ecc9814e42ecce759c3fa30f350d0aaef68a67cc77e04258be69722","meta":null}]}},{"path":"x64/NSudoLG.exe","filename":"NSudoLG.exe","modified":"","Modified":"2021-08-28T18:45:18Z","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 6 sections","size":178176,"md5":"423129ddb24fb923f35b2dd5787b13dd","sha1":"575e57080f33fa87a8d37953e973d20f5ad80cfd","sha256":"5094ad359d8cf6dc5324598605c35f68519cc5af9c7ed5427e02a6b28121e4c7","sha512":"d3f904c944281e9be9788acea9cd31f563c5a764e927bcda7bae6bedcc6ae550c0809e49fd2cf00d9e143281d08522a4f484acc8d90b37111e2c737e91ae21ce","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-07-28","alert":"files - file ~tmp01925d3f.exe","trigger":"x64/NSudoLG.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"x64/NSudoPluginHost.exe","filename":"NSudoPluginHost.exe","modified":"","Modified":"2021-08-28T18:45:14Z","magic":"PE32+ executable (console) x86-64, for MS Windows, 6 sections","size":174592,"md5":"195f5bc708848ebe6eb01b0c4bed3370","sha1":"4b1dc42344f2d0c8bfd90b9303ed0d4aeec8e106","sha256":"6f5cd376e21e422f3b01f762bd2cce248d83037facab80964c9732c2da0bb41f","sha512":"48fe9efc123ce23a7fc1bed021d66f54f6525f87a350a1ea128fe442e94736ae8adaa9cd1cfa5e083c2a631c15944be0c4ba40ec02898b9950aa692ec9d3bd1c","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-07-28","alert":"files - file ~tmp01925d3f.exe","trigger":"Win32/NSudoLG.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-07-28","alert":"files - file ~tmp01925d3f.exe","trigger":"x64/NSudoLG.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-15","alert":"Scan result 11/68","trigger":"2a4d3c5847fa9694c050448afaeac6fb3c9f41995c7a2f8ee4cbd015e18909eb","verdict":"malicious","severity":"","comment":"malicious - 11/68","link":"https://www.virustotal.com/gui/file/2a4d3c5847fa9694c050448afaeac6fb3c9f41995c7a2f8ee4cbd015e18909eb","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-28T22:09:52.8228522Z","timestamp":1722204592822,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"9BDC1A9C47D76DC96134B04996050573491D15A2D8B6BE4157791B9D6F0766C9\"\r\nLast-Modified: Sat, 27 Jul 2024 06:56:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=9335\r\nExpires: Mon, 29 Jul 2024 00:45:27 GMT\r\nDate: Sun, 28 Jul 2024 22:09:52 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"1923cde36555abe065c52a358521a6f5","sha1":"1cfff065ff7d9706aa7142cc99855769a50f642e","sha256":"9bdc1a9c47d76dc96134b04996050573491d15a2d8b6be4157791b9d6f0766c9","sha512":"1c2273b39652094f1d40cdc92cee45d667771c4ed76b8f6c35b83639bb9d48101b080bb3ba585a76c38dd174d1f38cc2878927d25ff660d1aebb2d1b5bf81106","ssdeep":"","tlshash":"f0f005943196740667900d1627fcc1544d21d4f835146491f56c41aa6850fa501cd40e","first_seen":"2024-07-27T17:43:23Z","last_seen":"2024-08-19T15:34:32.866037Z","times_seen":27742,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-28T22:09:52.830302822Z","timestamp":1722204592830,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"504EFFA12A1CA53EAC798BF38EA5A9EDDE08EC398B53C8DE2885A94F133EA845\"\r\nLast-Modified: Sat, 27 Jul 2024 06:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4523\r\nExpires: Sun, 28 Jul 2024 23:25:15 GMT\r\nDate: Sun, 28 Jul 2024 22:09:52 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"2d61bb5b56bc4df48e399a14ebeea8ca","sha1":"60814ad62b84875481a3fc851280f608dbc0b4f6","sha256":"504effa12a1ca53eac798bf38ea5a9edde08ec398b53c8de2885a94f133ea845","sha512":"d1c9ba23ad9aeb5bd5baeb3a3b024c0215e1a8b8cf36e41e85d155b10bd2bfe97c8f80d6edee2de56cd2f467239848a31db9e214a7ac09eee9d5ece047f14849","ssdeep":"","tlshash":"a9f0c089e6b83d607574290591f1c236092469b4381658d369d01fd678527a044cc5dc","first_seen":"2024-07-27T11:03:53Z","last_seen":"2024-08-19T15:36:31.225644Z","times_seen":17205,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-28T22:09:53.185657874Z","timestamp":1722204593185,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"D5E5DFE382059E479448FBD9ADC4D0130F6FA669A454173C6FBC377F23397312\"\r\nLast-Modified: Sat, 27 Jul 2024 06:26:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4909\r\nExpires: Sun, 28 Jul 2024 23:31:42 GMT\r\nDate: Sun, 28 Jul 2024 22:09:53 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"b4e7d529107c1c5044860fb7b56942ca","sha1":"dceacb49fd49caaa8aaa4e403f2516696467fe24","sha256":"d5e5dfe382059e479448fbd9adc4d0130f6fa669a454173c6fbc377f23397312","sha512":"a42fd798e5f48e4ff4d3921a657f36da889938d8aac9531999baeb875a5afd9b326a74b4425d88cf8c466e9e6418c6fd834435cd1a65e7bd1da7b9ad48337f02","ssdeep":"","tlshash":"36f00e2512af3e10fb7113001bfaeb352c10be9e74049fb099400ae2b454bfb18c5428","first_seen":"2024-07-27T08:37:54Z","last_seen":"2024-08-19T15:37:41.96363Z","times_seen":14830,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-28T22:09:53.455876586Z","timestamp":1722204593455,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"7D7DF3345B5736CCCE59D0996A373C2CCC915B51D725A47131936CB170207467\"\r\nLast-Modified: Sat, 27 Jul 2024 06:27:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=19287\r\nExpires: Mon, 29 Jul 2024 03:31:20 GMT\r\nDate: Sun, 28 Jul 2024 22:09:53 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"0b1ec2ddc6f2bdcb53c4a68f0dadfffa","sha1":"6e2cca0a8a8c68f778c60628583b1c944c3cc2fc","sha256":"7d7df3345b5736ccce59d0996a373c2ccc915b51d725a47131936cb170207467","sha512":"ac8d7b2da92e34d87d0a3a67d1ef18e17f84b7712d83afcb177c4f49f8c5cbbd361d2fd5cc516663220816d7643d1b9cc29ae8d8ccaca2ed959d0f0f6ccb4c73","ssdeep":"","tlshash":"8cf0059105b9f892767185211ef8d62c59609c9d38119cc650c083d13062bde14d4184","first_seen":"2024-07-27T21:53:53Z","last_seen":"2024-08-19T15:33:25.893956Z","times_seen":17718,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"github.com/M2TeamArchived/NSudo/releases/download/9.0-Preview1/NSudo_9.0_Preview1_9.0.2676.0.zip","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.3","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-28T22:09:53.226Z","timestamp":1722204593226,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"github.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 07 Mar 2024 00:00:00 GMT","end":"Fri, 07 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"E7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0","sha256":"FD:6E:9B:0E:F3:98:BC:D9:04:C3:B2:EC:16:7A:7B:0F:DA:72:01:C9:03:C5:3A:6A:6A:E5:D0:41:43:63:EF:65"}}},"request":{"raw":"GET /M2TeamArchived/NSudo/releases/download/9.0-Preview1/NSudo_9.0_Preview1_9.0.2676.0.zip HTTP/1.1\r\nHost: github.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: GitHub.com\r\ndate: Sun, 28 Jul 2024 22:09:53 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With\r\nlocation: https://objects.githubusercontent.com/github-production-release-asset-2e65be/62206642/3c67cec3-1ee5-4338-ab84-a3e229db25c6?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240728%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240728T220953Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=85e9a221b507870155a7a8864ce6f9ed6ac8a46a28152250e73c8305258c6554\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=62206642\u0026response-content-disposition=attachment%3B%20filename%3DNSudo_9.0_Preview1_9.0.2676.0.zip\u0026response-content-type=application%2Foctet-stream\r\ncache-control: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nx-frame-options: deny\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/\r\ncontent-length: 0\r\nx-github-request-id: 405B:1A5586:A067FC:A433BA:66A6C1B1\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":413,"timings":{"blocked":132,"dns":1,"connect":20,"send":0,"wait":148,"receive":0,"ssl":109},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/62206642/3c67cec3-1ee5-4338-ab84-a3e229db25c6?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240728%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240728T220953Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=85e9a221b507870155a7a8864ce6f9ed6ac8a46a28152250e73c8305258c6554\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=62206642\u0026response-content-disposition=attachment%3B%20filename%3DNSudo_9.0_Preview1_9.0.2676.0.zip\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.109.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-07-28T22:09:53.516Z","timestamp":1722204593516,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":"GitHub, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 Mar 2024 00:00:00 GMT","end":"Fri, 14 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28","sha256":"09:01:0C:CE:9B:72:21:55:C7:E6:86:B0:77:39:D3:D2:DC:06:05:DE:A1:A4:98:4A:0B:96:5E:18:77:77:26:B5"}}},"request":{"raw":"GET /github-production-release-asset-2e65be/62206642/3c67cec3-1ee5-4338-ab84-a3e229db25c6?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240728%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240728T220953Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=85e9a221b507870155a7a8864ce6f9ed6ac8a46a28152250e73c8305258c6554\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=62206642\u0026response-content-disposition=attachment%3B%20filename%3DNSudo_9.0_Preview1_9.0.2676.0.zip\u0026response-content-type=application%2Foctet-stream HTTP/1.1\r\nHost: objects.githubusercontent.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/octet-stream\r\nlast-modified: Wed, 08 Dec 2021 05:28:31 GMT\r\netag: \"0x8D9BA0B92C3CE2E\"\r\nserver: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0\r\nx-ms-request-id: 8bebe51a-401e-002b-43d5-d96199000000\r\nx-ms-version: 2020-10-02\r\nx-ms-creation-time: Wed, 08 Dec 2021 05:28:31 GMT\r\nx-ms-blob-content-md5: PrmqRb7qNHlwZ7i2YDh2Xw==\r\nx-ms-lease-status: unlocked\r\nx-ms-lease-state: available\r\nx-ms-blob-type: BlockBlob\r\ncontent-disposition: attachment; filename=NSudo_9.0_Preview1_9.0.2676.0.zip\r\nx-ms-server-encrypted: true\r\nvia: 1.1 varnish, 1.1 varnish\r\nfastly-restarts: 1\r\naccept-ranges: bytes\r\nage: 0\r\ndate: Sun, 28 Jul 2024 22:09:54 GMT\r\nx-served-by: cache-iad-kjyo7100174-IAD, cache-hel1410033-HEL\r\nx-cache: HIT, MISS\r\nx-cache-hits: 65, 0\r\nx-timer: S1722204594.558823,VS0,VE100\r\ncontent-length: 860412\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":860412,"size_decoded":860412,"mime_type":"application/octet-stream","magic":"Zip archive data, at least v2.0 to extract, compression method=deflate","md5":"3eb9aa45beea34797067b8b66038765f","sha1":"83bc83ca6bd388aec649d5f87be6db9b84cfd94b","sha256":"2a4d3c5847fa9694c050448afaeac6fb3c9f41995c7a2f8ee4cbd015e18909eb","sha512":"7c6a18db2fe9fcabb3b7285f1fabc4886e0b871079651d49246efc222f087313d59fcc3cc4d69e20094f3342f8aba429a2ee8193036c868ecdec30572757e900","ssdeep":"24576:5+wxf8ADs0nmMfypFYHm9khHDx2YKRLAU6aMoC:nBdDHfypCHXj2YK6doC","tlshash":"f80523cb5f6504649246abf823973ef153a73ab6369685cf5e046bc41230de8078dfca","first_seen":"2023-07-10T09:33:06Z","last_seen":"2025-05-12T12:21:15.935102Z","times_seen":20,"resource_available":false,"data":null}},"time_used":738,"timings":{"blocked":37,"dns":1,"connect":13,"send":0,"wait":507,"receive":157,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-07-15","alert":"Scan result 11/68","trigger":"2a4d3c5847fa9694c050448afaeac6fb3c9f41995c7a2f8ee4cbd015e18909eb","verdict":"malicious","severity":"","comment":"malicious - 11/68","link":"https://www.virustotal.com/gui/file/2a4d3c5847fa9694c050448afaeac6fb3c9f41995c7a2f8ee4cbd015e18909eb","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-28T22:09:55.364375347Z","timestamp":1722204595364,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"310CA992570F568ED449D579727A026E44E75F4DD6A609897A3FBA0BC7CBCE57\"\r\nLast-Modified: Sat, 27 Jul 2024 06:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4634\r\nExpires: Sun, 28 Jul 2024 23:27:09 GMT\r\nDate: Sun, 28 Jul 2024 22:09:55 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"fe86340c305817b173f7c0f3f59c795b","sha1":"bae41a5fad9f6cf6e13281eb7d567d6103f292b3","sha256":"310ca992570f568ed449d579727a026e44e75f4dd6a609897a3fba0bc7cbce57","sha512":"aead2ac0e45f187f797ed266c8b5b3b6eb6706c61947647d3db4eb6450d431b2353e524f58c542d751dce06d118f2f5e7bba85b60651ff94536869afa590c581","ssdeep":"","tlshash":"0df00e1211f97662a3740a1b3caee2380d18b6ac318a7ef4f1e043f5643679a12c0088","first_seen":"2024-07-27T11:05:01Z","last_seen":"2024-08-19T15:36:31.273261Z","times_seen":26985,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-28T22:09:55.366117569Z","timestamp":1722204595366,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"310CA992570F568ED449D579727A026E44E75F4DD6A609897A3FBA0BC7CBCE57\"\r\nLast-Modified: Sat, 27 Jul 2024 06:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4634\r\nExpires: Sun, 28 Jul 2024 23:27:09 GMT\r\nDate: Sun, 28 Jul 2024 22:09:55 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"fe86340c305817b173f7c0f3f59c795b","sha1":"bae41a5fad9f6cf6e13281eb7d567d6103f292b3","sha256":"310ca992570f568ed449d579727a026e44e75f4dd6a609897a3fba0bc7cbce57","sha512":"aead2ac0e45f187f797ed266c8b5b3b6eb6706c61947647d3db4eb6450d431b2353e524f58c542d751dce06d118f2f5e7bba85b60651ff94536869afa590c581","ssdeep":"","tlshash":"0df00e1211f97662a3740a1b3caee2380d18b6ac318a7ef4f1e043f5643679a12c0088","first_seen":"2024-07-27T11:05:01Z","last_seen":"2024-08-19T15:36:31.273261Z","times_seen":26985,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-28T22:09:55.368053341Z","timestamp":1722204595368,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"310CA992570F568ED449D579727A026E44E75F4DD6A609897A3FBA0BC7CBCE57\"\r\nLast-Modified: Sat, 27 Jul 2024 06:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4634\r\nExpires: Sun, 28 Jul 2024 23:27:09 GMT\r\nDate: Sun, 28 Jul 2024 22:09:55 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"fe86340c305817b173f7c0f3f59c795b","sha1":"bae41a5fad9f6cf6e13281eb7d567d6103f292b3","sha256":"310ca992570f568ed449d579727a026e44e75f4dd6a609897a3fba0bc7cbce57","sha512":"aead2ac0e45f187f797ed266c8b5b3b6eb6706c61947647d3db4eb6450d431b2353e524f58c542d751dce06d118f2f5e7bba85b60651ff94536869afa590c581","ssdeep":"","tlshash":"0df00e1211f97662a3740a1b3caee2380d18b6ac318a7ef4f1e043f5643679a12c0088","first_seen":"2024-07-27T11:05:01Z","last_seen":"2024-08-19T15:36:31.273261Z","times_seen":26985,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-28T22:09:55.370015889Z","timestamp":1722204595370,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"310CA992570F568ED449D579727A026E44E75F4DD6A609897A3FBA0BC7CBCE57\"\r\nLast-Modified: Sat, 27 Jul 2024 06:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4634\r\nExpires: Sun, 28 Jul 2024 23:27:09 GMT\r\nDate: Sun, 28 Jul 2024 22:09:55 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"fe86340c305817b173f7c0f3f59c795b","sha1":"bae41a5fad9f6cf6e13281eb7d567d6103f292b3","sha256":"310ca992570f568ed449d579727a026e44e75f4dd6a609897a3fba0bc7cbce57","sha512":"aead2ac0e45f187f797ed266c8b5b3b6eb6706c61947647d3db4eb6450d431b2353e524f58c542d751dce06d118f2f5e7bba85b60651ff94536869afa590c581","ssdeep":"","tlshash":"0df00e1211f97662a3740a1b3caee2380d18b6ac318a7ef4f1e043f5643679a12c0088","first_seen":"2024-07-27T11:05:01Z","last_seen":"2024-08-19T15:36:31.273261Z","times_seen":26985,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-07-28T22:09:55.370924247Z","timestamp":1722204595370,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"310CA992570F568ED449D579727A026E44E75F4DD6A609897A3FBA0BC7CBCE57\"\r\nLast-Modified: Sat, 27 Jul 2024 06:58:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=4634\r\nExpires: Sun, 28 Jul 2024 23:27:09 GMT\r\nDate: Sun, 28 Jul 2024 22:09:55 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"fe86340c305817b173f7c0f3f59c795b","sha1":"bae41a5fad9f6cf6e13281eb7d567d6103f292b3","sha256":"310ca992570f568ed449d579727a026e44e75f4dd6a609897a3fba0bc7cbce57","sha512":"aead2ac0e45f187f797ed266c8b5b3b6eb6706c61947647d3db4eb6450d431b2353e524f58c542d751dce06d118f2f5e7bba85b60651ff94536869afa590c581","ssdeep":"","tlshash":"0df00e1211f97662a3740a1b3caee2380d18b6ac318a7ef4f1e043f5643679a12c0088","first_seen":"2024-07-27T11:05:01Z","last_seen":"2024-08-19T15:36:31.273261Z","times_seen":26985,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}