{"report_id":"7cffb849-afb0-4e62-a36f-a721f6aebeb3","version":6,"status":"done","tags":[],"date":"2025-01-20T14:45:13Z","url":{"schema":"http","addr":"xeno-executor.org/Xeno-v1.1.3-x64.zip","fqdn":"xeno-executor.org","domain":"xeno-executor.org","tld":"org"},"ip":{"addr":"172.67.200.90","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-03-31T14:45:11Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"xeno-executor.org","ip":{"addr":"104.21.21.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-01-16","domain_rank":0,"first_seen":"2025-01-20T14:45:13.946645Z","last_seen":"2025-01-20T14:45:13.946645Z","alert_count":1,"request_count":1,"received_data":5001998,"sent_data":491,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"520cabdf6c80e269166844c43015a77b","sha1":"cf0f24a0d2f1c5ccbc3f7076363976809d72cf51","sha256":"1dfcadf8afac3a217d8289f937801c4f85d0855b0697062dbd570eb1c2d1c47c","sha512":"098974b0ef1b4a40c28361af2b2476600a068be4bbe9227fe4f5f425602ba5517e7e4c2ed50e4ba77645790dcce3c4ad6a5452188279f805b9f13ffab596bff7","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":5001066,"url":{"schema":"https","addr":"xeno-executor.org/Xeno-v1.1.3-x64.zip","fqdn":"xeno-executor.org","domain":"xeno-executor.org","tld":"org"},"ip":{"addr":"104.21.21.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"Xeno-v1.1.3-x64/api-ms-win-crt-convert-l1-1-0.dll","filename":"api-ms-win-crt-convert-l1-1-0.dll","modified":"2019-12-07T04:09:10-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections","size":15672,"md5":"c8dbf0ca88facfe87899168a7f7db52c","sha1":"e2cf163ad067b5d3b19908a71ed393711f66cd09","sha256":"94b6e91b93c2202dabd659bff294bee87c22897a30a6b4930b49051c2fb502dc","sha512":"e85c738f5d5a0ae6c3ef75a082712cb3cf2feae4560d316cb110e4eaf3a97d6058d5374da2a5edde39c3114f9aff8a027cbdff8cf49be2425943bac09c39e70b","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-convert-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"Xeno-v1.1.3-x64/api-ms-win-crt-filesystem-l1-1-0.dll","filename":"api-ms-win-crt-filesystem-l1-1-0.dll","modified":"2019-12-07T04:09:10-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections","size":13840,"md5":"42a2a95f1bb940d01f55eb1674a81fe2","sha1":"f982f3bbb4dc3aaaba8df098d1b395846f7cba08","sha256":"51541ec6684b43157a85ea46a42ebed4555be06bed0d0d07ff3ea6377301318d","sha512":"de9a7a1a6a45e2f76105eaeafcc3c29adbff142dcf2586e147417045b897a9dcddec5e1b97acfc5d3fc9c8e3a508dbc3f607bf3df20a7435e74436f94cb056b6","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-filesystem-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"Xeno-v1.1.3-x64/api-ms-win-crt-heap-l1-1-0.dll","filename":"api-ms-win-crt-heap-l1-1-0.dll","modified":"2019-12-07T04:09:10-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections","size":12600,"md5":"98da186fd7d7873c164a51c5d7b77f1a","sha1":"725a8b8fdfbe6a1e85674f4b2a7c0dd08411e00b","sha256":"80139e4caa379d87b1d1dafc23ace71d2b330368115f6314140d4ae59c2a78e8","sha512":"587b49a24cc59d4dcb62b59f379d1c9010196a6551cfc99ffdd931eeb0172618f020863191e530d65ad198e57063c57ba6f70bcf80591304243268ea5513f806","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-heap-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"Xeno-v1.1.3-x64/api-ms-win-crt-locale-l1-1-0.dll","filename":"api-ms-win-crt-locale-l1-1-0.dll","modified":"2019-12-07T04:09:10-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections","size":12088,"md5":"ff48b107b2449a647c64baabd49408a1","sha1":"efb868ba125d9ff08474f02b9483d74c36a13cee","sha256":"7bb8644e565ad4bcfd890f9044bccb4d99953a740e9a500b1f820b2fdc3fc240","sha512":"4da2e4b727e7f31f8bffd680453c451b444bdf217c15cb36e353f8bb5ecb6c6481caa7d848558c7d94cfc2d1bc3551ace11e85ffc8ec7a7b570a59c294ea0216","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-locale-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"Xeno-v1.1.3-x64/api-ms-win-crt-math-l1-1-0.dll","filename":"api-ms-win-crt-math-l1-1-0.dll","modified":"2019-12-07T04:09:10-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections","size":21008,"md5":"e10e077bb06209aedd0d0d378c758f73","sha1":"97a9053a311280678f8ef65dc4e25975c41bd4ee","sha256":"8a7bff1c918539a75c25568db25933d653c003e016fd7791a37186b42bbb7c20","sha512":"571c1fc4192320bd967b603e6cda917a62f4720eb4dcd557ec2913d2558c0cfe68f936198f5809934aaa3a1d6049e8e918eb0e638a7244df5c71ef0c78843191","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-math-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"Xeno-v1.1.3-x64/api-ms-win-crt-runtime-l1-1-0.dll","filename":"api-ms-win-crt-runtime-l1-1-0.dll","modified":"2019-12-07T04:09:10-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections","size":16400,"md5":"f91e1ff896b5616919ac97c7095c513e","sha1":"4ec6eed0bac5a8801db10238c7b3a5d35a87be67","sha256":"07382c0d91dad2bb6ba8bd06ea02f12c57abf7c4e5a70672e9f2954d09a4ffd4","sha512":"6448d6cdfde11e1805b6d381111ea062f681807c9dc54ae890305f287b13b6fb57ef3f4d3b909e56b81c99830c086b5702b46ba0f93e695fce2b87b32fa4b26a","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-runtime-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"Xeno-v1.1.3-x64/api-ms-win-crt-stdio-l1-1-0.dll","filename":"api-ms-win-crt-stdio-l1-1-0.dll","modified":"2019-12-07T04:09:10-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections","size":17960,"md5":"429c26ed27a026442f89c95ff16ce8c2","sha1":"69ed09faae00a980c296546c9b5e6a8d5f978439","sha256":"2a466648affd3d51b944f563bb65046a3da91006a0d90fb2c0b123487a1fc1b3","sha512":"04641164d9e1eb3183db0c406583626011dfe2b2574551c0ac466ebf44165afcd7d8faf356b8268b4fc9a54db20de010a4e4293594ad2e605950aea65636f4e5","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-stdio-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"Xeno-v1.1.3-x64/api-ms-win-crt-string-l1-1-0.dll","filename":"api-ms-win-crt-string-l1-1-0.dll","modified":"2019-12-07T04:09:10-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections","size":18472,"md5":"0f593e50be4715aa8e1f6eb39434edd5","sha1":"1117709f577278717c34365ce879bcd7c956069b","sha256":"bf4ea10be1b64c442ac0ccf4bdf69f6703467176a27e9e14a488d26448a6e179","sha512":"487dcbf7b7f18d62606cb2f05c8feff07e6ecda42e643f5919c6edda66cdb3b8cc393b0d260374f06c10cf54082410fc9f02bd87cc50866bc0c28b0bcec3e658","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-string-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"Xeno-v1.1.3-x64/autoexec/test.txt","filename":"test.txt","modified":"2024-12-10T20:41:54-05:00","Modified":"","magic":"ASCII text, with no line terminators","size":29,"md5":"649d2f9bbd50814244547e4e140a95e0","sha1":"c7d1725852f659487fd8b70fe7c2c32420732734","sha256":"2bc836b0f80c7100d8125e8c17235e62ffb93929103a64af004ee2eef1b03c92","sha512":"ba058df5f0573884ea2a6c481fa7157cc23959607b1493cc4304bc68358a473dff4bde96e43cd17e0bf82e1fdb01374f0a13719aeddd2127639259b70ce7edb8","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/index.html","filename":"index.html","modified":"2024-11-03T11:37:04-05:00","Modified":"","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (61271), with CRLF line terminators","size":168642,"md5":"001dcbb8f41cdcbf9b4d1e3a0ed4b2d2","sha1":"982a05814546017c40771e59e7677b53d84787e9","sha256":"f1d2c52f2803c29585b81d2eff74c56242d27e9619ee6d38081d5604c5bb1951","sha512":"9a4eba2a9314b6f5851997e1db0ecfae8e40da3443d8a5f9df933ccf6a4d75fc330888c8d14818326e15b3dec9ae2f5f7e73cd08c3822dd7eb0b2d753c8cd8fa","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/base/worker/workerMain.js","filename":"workerMain.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"JavaScript source, ASCII text, with very long lines (1119), with CRLF line terminators","size":136817,"md5":"d0ac5294c58e523cddf25bc6d785fa48","sha1":"1b3661b6db36f1b14fd80dc9a739bfc69c68dfe5","sha256":"e90d1a8f116fa74431117a3ad78dde16dde060a4bf7528dfe3d5a3ad6156504b","sha512":"fea07a1ea5d29a3b4c614248655f4d1ddd94c10c6a6b5c8b428a8b4c0cbec7e7492fa0665c5001e65ce167240ffdfc5ac2c2ed14da3d6f508ae8d8b3c8e8eebb","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/basic-languages/lua/lua.js","filename":"lua.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"JavaScript source, ASCII text, with CRLF line terminators","size":4679,"md5":"eebda1fdd970433750c115eae2f03865","sha1":"3f1a1cddb99dead013eac825eb418241656d4bf0","sha256":"ac729efb3164f48d6b08f74d4b15060c126a30d40fb4cd4fc9cc94f2e19bd7c7","sha512":"8b188f3ae73a14a9318dce9761312d9dd2360ab00ee36e83ca6b74288a109c91770954db7537fd84a76707a1e79528fffc97f3a718bcd924545b469a1363c9cb","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.css","filename":"editor.main.css","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"ASCII text, with very long lines (65249), with CRLF line terminators","size":301375,"md5":"23c7db6e12f6454ef6e7fb98d17924d8","sha1":"06398b44a338db5eeab2d461347334fc69af5af1","sha256":"615824c59ed1e07f5924286e9f02f3120b9064d59e115d3f668a914e07839451","sha512":"5ed3103e4f6640ca71e103e7f3752aca3027d8c563084d519f9d6358018ccdfacd0c4c08b69e510f88effa2b56dce04241ee7f92f3db99d9077b49ed7271d924","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.js","filename":"editor.main.js","modified":"2024-11-05T10:58:32-05:00","Modified":"","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65245), with CRLF line terminators","size":2183400,"md5":"2dc0068cdbc03ce43a75ab0b2df664e2","sha1":"817a209e179466dc8a14e05eb11a6c1b7e3d71eb","sha256":"b604b6148f70fe9db882cce2a7d327b2422ad2f203a805491002a8c564e3c3ff","sha512":"1ce29ed21e027d3552dc05162250bd62d66555f7b9ff48c9c94116d1e696089c32851533e7db30a7507a85b598df8fbf66292904c446536ccd3b2c60209d9d3d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.de.js","filename":"editor.main.nls.de.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (16089), with CRLF line terminators","size":47200,"md5":"d1fd2fb756c73970b9c5e0ba07bff708","sha1":"470057b3244886dccc9f6074297cc8bc2a9c1b39","sha256":"cb1c3416ff242a738c45c3b2590d7d222b159a95a69ce3b7b8d7c8d18ea70828","sha512":"db2432182ff4c85fcca5093d0e433ed9cf5bed3ea3db9ed82fedc87af4d260e0d0f29ff67f0b8ac78e162586a74998ad082a91e8f9a76717827a83d5b2f775cf","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.es.js","filename":"editor.main.nls.es.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (16082), with CRLF line terminators","size":47589,"md5":"36f546b28ca17ece9f8eb9bcf8344e13","sha1":"d43934b9041587799e332b2f568aa81666227258","sha256":"327437ee3793e9ae0686c78196b459592c282ed2e86f95ce28d32693b76d7654","sha512":"13f8cc23038c07b6840514db4fc7b503b7a38ae1ec3baab44f1bfbded40ac50ae03c05c754f9678eecd0c8fcefab958152b39b731068b8c2c976c4c57e97f36d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.fr.js","filename":"editor.main.nls.fr.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (16773), with CRLF line terminators","size":50986,"md5":"1a29080733878dd44e0c118e84cd0c39","sha1":"60c158e23962b11918f6cae26445fad5b63bc65a","sha256":"6ed837dc1905c06a20d102921ff06a0bda003c5368ed0576bf7e69494e889ae8","sha512":"5cc68cabb583100320d7c875fd7c46f5c618c3968ac2a7c2b60f90ec74b29349a557049c17d5c851cabb54d5ef26cd65e8d2288d70b62ede06ee1762e25dbd60","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.it.js","filename":"editor.main.nls.it.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (17192), with CRLF line terminators","size":49330,"md5":"18e88f58301ad5ae926204507ab99c6b","sha1":"8eb03235312e88b941f3be212c0efa12b24e6d5f","sha256":"4fe2c4420294758883e134bdf7da9e6c2abf631d3a89c765f32f6c1d0f62653c","sha512":"f66283ec4182e9062f9f03a83acb3f2a49b98fb9ef67e48eaf5227236919ca279831b822fcb3ae252cfeafd81d12fe9c89a2843d91ab140a2b79b6bbc1d4f013","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.ja.js","filename":"editor.main.nls.ja.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (7783), with CRLF line terminators","size":53362,"md5":"3bf851cc70f515cbbe1d39da93e4f041","sha1":"88fe6323bbe14b55b6eec078574318e8474be613","sha256":"1f3556ea7233843b9e08b3c97b6727c533d702563e195c2090a438070dc85f0f","sha512":"61ffe9ec3550d2f8dfbc30d7d61327584833bb714a9d2cfc9788449190089dbdeaa293bb9921a43da782e1c36b7d242e13ac052b46210d2e79793626e921169d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.js","filename":"editor.main.nls.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (13654), with CRLF line terminators","size":39314,"md5":"e871d4d9539c26d7d2bf32801ebdecf0","sha1":"711460f619ef09fa23d272d97bfc00593a5319a8","sha256":"5ff0084e6a7eee82a735616239aaf2190ea9d90e89e19340831f3d590828016a","sha512":"b6b9bf96c132db9dfc99d70320231630fc46a8a83f500d8e4f677e2d03206364f2666946f69061dcba2e759f005261dae1ece73e054aa56b8210551bc353cced","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.ko.js","filename":"editor.main.nls.ko.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (8116), with CRLF line terminators","size":47576,"md5":"60fcd422ac97a1b645ff48cb6928f7af","sha1":"da5b57dfbd257720155e303f0e75e263f0e74190","sha256":"98e649fa40d8e2ccfdc212341feb8165a7d7bbec31e8a77d9819ad9474e4b8ba","sha512":"52439f47f1e12ccf37db40f9fa8fa4966579cd6b327cde1768187cd7fdc7ebdd444e1953e29ed09bdced40d764c2e8f7131d44908c00bfd350e856a9df661aa4","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.ru.js","filename":"editor.main.nls.ru.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (16153), with CRLF line terminators","size":77450,"md5":"6e7d5b984917b00f131c47473ce2b866","sha1":"97f94134ff8f73ab48c0635550f2d8054c239c7f","sha256":"1bb069d95a395bf258d1f262814591aa762c4b30529adde32ccbcaa7c7ca508d","sha512":"f2595e7e1812073c50bfa058db3c7918dd8d7a6f0d20a576c68d854a4c61ed74bef3ad5ab23430567065677d737d81c7f17010055a069b9e38b5594d65e882a0","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.zh-cn.js","filename":"editor.main.nls.zh-cn.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (5836), with CRLF line terminators","size":36890,"md5":"05e49314cf801f5d3992b55243690ea7","sha1":"c20fca9f037adf2edec34ccf67a08e56d1d71bbf","sha256":"e9adc8ffca9853ef6e0bd4e955af9f395a570bc7772fc2dac0c0ff241aac864b","sha512":"7d499b41ae9bee2e72b721a49c0d053029624b19af1ede71a4378e14d3f6b407539c18d29422fb8d21681ce7dc160d2f11e80064017f5c8a5f645d6c1a77cc75","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.zh-tw.js","filename":"editor.main.nls.zh-tw.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (5745), with CRLF line terminators","size":37442,"md5":"becbf441d95b0bc1565faf47ce9de373","sha1":"f660a8a29dc9861f7ff7e228622d492f1630b873","sha256":"94a7ff81b8ec3217a46bc5cdebe2c6aee98f73e6e902b7d9cf394836d052bbe5","sha512":"feee8ef6e36984309186b8ff491982efe4f144859c3f48d147b26bd61af6af751e013a951e945f02a2057368b485204734f6dc50cd6fca6294426b7fbdbcaa4f","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/loader.js","filename":"loader.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"JavaScript source, ASCII text, with very long lines (1023), with CRLF line terminators","size":30223,"md5":"bc15bb48d4d5c60ce7f16819f4d988c4","sha1":"87c7f328aa357d52b68b2cea0a214365a40cdc36","sha256":"5c3cf09973404ba31d760952f267751ef2bb09f315331d13ca432b65ce2c480b","sha512":"b5d7481773cafd01f3d738949a54e49c166c9a8fea3a150f6f0eed7449176d630991e27544a4e7b23fdad29700ae7fbba5de42f97c69874b6f2ad374194a9853","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/libcrypto-3-x64.dll","filename":"libcrypto-3-x64.dll","modified":"2024-10-23T02:18:42-04:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections","size":5209352,"md5":"54ca3e6afcb3c57c7914c0856d779f2a","sha1":"e37be8d92350aa1f9dd3212015de959faa58aa2f","sha256":"7aed0bc00d2f0ca0de95eaa6461327bd2e4543723a6ca443a7e899738b353b5a","sha512":"e8079e9d4bfa253677a669913f8198882c2eaaf9251f11cfa64eed5597c34ab7c267bed3826ad9f0a83675177a7575af54081852a5a633d999bd13cf873a79e8","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/libssl-3-x64.dll","filename":"libssl-3-x64.dll","modified":"2024-10-23T02:18:45-04:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections","size":1374984,"md5":"d66acb55a9f095a24865c9d883f96fd1","sha1":"cc8cb0a1d460fc0ef5a941bc5cd45e29ca7ef527","sha256":"7ae563b23164ec5994dbc24bce536b33df80c40de5ca97d64fe84a5dac34788e","sha512":"35c04c6f5f66d4585bba8fe48f2b470af7d6e366e9b9cb3ce0712818c5b1504c9e492a4d148164adf28793cc55b2ac58d3df28fb00f94033ddcb6e18ecce0227","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/Microsoft.Web.WebView2.Core.dll","filename":"Microsoft.Web.WebView2.Core.dll","modified":"2024-06-11T05:23:06-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":570856,"md5":"b037ca44fd19b8eedb6d5b9de3e48469","sha1":"1f328389c62cf673b3de97e1869c139d2543494e","sha256":"11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197","sha512":"fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/Microsoft.Web.WebView2.WinForms.dll","filename":"Microsoft.Web.WebView2.WinForms.dll","modified":"2024-06-11T05:22:54-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":38376,"md5":"8153423918c8cbf54b44acec01f1d6c2","sha1":"f0c3c5412b809725e6d4809230adb15cc7d83ad2","sha256":"5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4","sha512":"f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/Microsoft.Web.WebView2.Wpf.dll","filename":"Microsoft.Web.WebView2.Wpf.dll","modified":"2024-06-11T05:22:54-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":51688,"md5":"4a292c5c2abf1aab91dee8eecafe0ab6","sha1":"369e788108e5fb0608a803fa2e5a06690b4464b5","sha256":"b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4","sha512":"ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/msvcp140.dll","filename":"msvcp140.dll","modified":"2024-10-29T06:52:02-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections","size":449640,"md5":"4d157073a891d0832b9b05fb8aca73a8","sha1":"551efcdd93ecafc6b54ebb6f8f38c505d42d61ca","sha256":"718812adb0d669eea9606432202371e358c7de6cdeafeddad222c36ae0d3f263","sha512":"141563450e4cdf44315270360414f339fc3c96ebdaa46e28a1f673237c30f5e94e6da271db67547499c14dc3bd10e39767c3b6a2a3c9cec0a64a11f0263e0c5d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/Newtonsoft.Json.dll","filename":"Newtonsoft.Json.dll","modified":"2023-03-08T02:09:54-05:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":712464,"md5":"adf3e3eecde20b7c9661e9c47106a14a","sha1":"f3130f7fd4b414b5aec04eb87ed800eb84dd2154","sha256":"22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07","sha512":"6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/runtimes/win-arm64/native/WebView2Loader.dll","filename":"WebView2Loader.dll","modified":"2024-06-11T05:23:06-04:00","Modified":"","magic":"PE32+ executable (DLL) (console) Aarch64, for MS Windows, 7 sections","size":140248,"md5":"8f2648cd543236ef1b4856715731e069","sha1":"c269e906556c160201fe229b9f6f3dde26888ac4","sha256":"77152af4472dc7741901ba69ce3a670992546eb2f5eda3db7fee135ee0037de0","sha512":"26bd06330e690dc73534ec2c54cd75149c0e96cbcfb34b9012532223db51d98b37b8b5c507d8d1a9b3829ea49493981d79cc1e5aaaa5b0d4b796a72f4420f2cc","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.3-x64/runtimes/win-arm64/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"Xeno-v1.1.3-x64/runtimes/win-x64/native/WebView2Loader.dll","filename":"WebView2Loader.dll","modified":"2024-06-11T05:22:54-04:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 10 sections","size":165336,"md5":"c5f0c46e91f354c58ecec864614157d7","sha1":"cb6f85c0b716b4fc3810deb3eb9053beb07e803c","sha256":"465a7ddfb3a0da4c3965daf2ad6ac7548513f42329b58aebc337311c10ea0a6f","sha512":"287756078aa08130907bd8601b957e9e006cef9f5c6765df25cfaa64ddd0fff7d92ffa11f10a00a4028687f3220efda8c64008dbcf205bedae5da296e3896e91","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.3-x64/runtimes/win-x64/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"Xeno-v1.1.3-x64/runtimes/win-x86/native/WebView2Loader.dll","filename":"WebView2Loader.dll","modified":"2024-06-11T05:23:16-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections","size":116200,"md5":"9d7744e15bb8e3d005079b18979c8544","sha1":"7b326c96e5f3f6baaf6e9390b119a4ffb3df2c64","sha256":"cc2f661aac9c05646933f717e629a69be93d8d06803066289d6dc1105aac6cd2","sha512":"732fd17714ec5ef0afd8f17d06adc895e93bea4585b6b1dabcf95c3fbe808e7b31a19c13cccfac0b30cd425cf96926749a0373a861f55fa8db442430803f4a25","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.3-x64/runtimes/win-x86/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"Xeno-v1.1.3-x64/scripts/Dex.lua","filename":"Dex.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, ASCII text, with very long lines (467), with CRLF line terminators","size":420163,"md5":"e37374a8aa47cf8ac6d56901436e199f","sha1":"5d62f5db07614f3b548702faa4f7a06e235c9b12","sha256":"47cc5f1102fda0eba76b9570a1b943326f2170f270d5280e1f8dd5723c43fc14","sha512":"efee19e8109a48d49f099dd1767c722935123c4ea4d6e0ab905703e16fcb7196d31c45826d4398a5b7249e686ca90db3f671416909ce3440d4709edf1bd55775","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/scripts/Infinite Yield.lua","filename":"Infinite Yield.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","size":480320,"md5":"a8c69257b0db73b3e531d62cd872bc8b","sha1":"60c80decdad7e16869134a8c11a056298c628da6","sha256":"46b69f4be7ded4ac60c39255cfcd39357be8dcee7e60ad34ca53d909aa6e509a","sha512":"35d4211fb76971e3d6918a85ed57a0c4dbb51843b87f5f8a4568e5facfdb44627c111130c78eb7821f7a644a652bdc28caad9350bf8b317dc223aa13a23e6dca","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/scripts/Sine Wave.lua","filename":"Sine Wave.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, ASCII text, with CRLF line terminators","size":1071,"md5":"0bbb2aebfadc119226992045dcaa30b4","sha1":"6939f7c1f4fa7ac0f81e9dabef32fdb24d120e72","sha256":"a5f5aca3ac216ac9040d0425eb52b1465674d8cd79d928474562d9a644ff4f0b","sha512":"b433ad6f5d365c58e2260588fae7a3cbecbfe734daff125ce18b6673c629c1b6bccd6142ea49c2c77d57dbe9ab2d02b2897fd2d7c592d524952a62348715bbf8","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/scripts/Spinning Donut.lua","filename":"Spinning Donut.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, ASCII text, with CRLF line terminators","size":1751,"md5":"967403f0ecb43917e841a085851b732d","sha1":"b09f3bef3e9fe87970b48db46529c611c302db16","sha256":"cb1a35b6ae394e479b97aa1f946ca21b8794dd0d60b08b85bf89fa5b35a4d8da","sha512":"34e83a25f330243faf86b62923a873a9104fa62f756a66074905f7980475581eded0a92cd88b6beba9b6424fb7f2a9cd743627871f80d51ff36c39f28ccb29b3","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/scripts/UNCCheckEnv.lua","filename":"UNCCheckEnv.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","size":29161,"md5":"b76726d10354343d9af5c268e40b47c4","sha1":"7103c78071be0c65c8b3a217168cf7909aef748e","sha256":"e8d53406c916b8e827c65c8f00d8a18b1379e693fd0379e8116e749bdf860cf5","sha512":"5caffd8a06058e890fe4ae35430539281cf53fa791221189f0f6660778a83fa42cc3e5374ce06ff325420d92006c2bfe1003f1486714e889964075da66b046eb","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/vcruntime140.dll","filename":"vcruntime140.dll","modified":"2024-10-29T06:47:40-04:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 8 sections","size":120432,"md5":"943fc74c2e39fe803d828ccfa7e62409","sha1":"4e55d591111316027ae4402dfdfcf8815d541727","sha256":"da72e6677bd1bcd01c453c1998aaa19aeaf6659f4774cf6848409da8232a95b2","sha512":"96e9f32e89aee6faea6e5a3edc411f467f13b35ee42dd6f071723daeba57f611dbd4ff2735be26bb94223b5ec4ee1dffedf8dc744b936c32a27d17b471e37dcf","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/vcruntime140_1.dll","filename":"vcruntime140_1.dll","modified":"2024-10-29T06:47:38-04:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 6 sections","size":49744,"md5":"05052be2c36166ff9646d7d00bb7413f","sha1":"d8d7c4b322d76e3a7b591024c62f15934979fe40","sha256":"26e470b29bed3d873e0c328186e53f95e9edbfe0b0fd0cda44743a0b1a04a828","sha512":"0460cc66d06df9a2941607473f3eccfd909f2adab53a3328fadcedd1b194b388eca738c2c6c2e193de33606925fbed1fe39efa160015128e93f5e3a03c62170d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/workspace/dex/deps_version.dat","filename":"deps_version.dat","modified":"2025-01-17T21:08:12-05:00","Modified":"","magic":"ASCII text","size":40,"md5":"7ef3ab2f25955388d147b6797d04387c","sha1":"fd5a1664f632e69534046491caae06e1069dbd3d","sha256":"33dbd0d46cc823729efc8f0682d2dd0ee214515c445ed76beb97a63719e81003","sha512":"d5bd68999b31c69ceb618a9ab6081908f6459b9fcf40b47d46917d7538e590ee2fa1cfd238bc13204582e1572c47848699bcd6b59fe8dbcc35abbd58f090b9ad","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/workspace/dex/rbx_api.dat","filename":"rbx_api.dat","modified":"2025-01-17T21:08:13-05:00","Modified":"","magic":"JSON text data","size":4070157,"md5":"c31c192974d091badb971fde16825795","sha1":"2d72dace0c277e6c94a361576dea524627b7278a","sha256":"02276f872886a6bc29e2e05a2e551a8c92c0e1745276520f4203d52a15679856","sha512":"2267bf393ca8da01a20497fbab8583b4839bc6b7f8cfdbc40707242b78f38c3ae1947e9e4fa8986099ceecdd58017569d0d4144824210a584a5972f4ed76688f","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/workspace/dex/rbx_rmd.dat","filename":"rbx_rmd.dat","modified":"2025-01-17T21:08:13-05:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":357709,"md5":"b4839a4dd884609ab4a0100bc1bb74d6","sha1":"48cd50dc34781cf4968db423b949b18d21d354b2","sha256":"494d8ba722f5ad862967651576ae720624bf8a01cbbcb81dde4056cc4761d2aa","sha512":"23241bf1ae7ccc04c26f72267c58cb8d9f228c694401738f4bcc53e31cd06d09b91cd49d3324d4e23375898c55304cd877a0f44cbe19490413000c27d9d62b1d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/workspace/IY_FE.iy","filename":"IY_FE.iy","modified":"2025-01-15T18:40:15-05:00","Modified":"","magic":"JSON text data","size":539,"md5":"291d5636a434c4f1ceb0f3f776c2a51f","sha1":"ae287e08f71c522a72812f0dace94b8ffb569341","sha256":"73bb58ba5b81960caf5a8e66675cc89b5761b77db99c6ceb9435f7211d400452","sha512":"7dab8034f85aef1b2b7a86cc8220ebdbb95a3f083d1565e1cff38414367aa69fc597a11aaba11dbef411e13fbfb285855d9c46ae59738f6e88c22dd55c81a743","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/Xeno.dll","filename":"Xeno.dll","modified":"2025-01-19T16:19:26-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 6 sections","size":1303040,"md5":"66e8a6978c77e6b2f390f33d25bf7f01","sha1":"b2b8bb5802da4035799794c62339ed65d4e112e4","sha256":"eb9613002b39c02a2fc07d02ba99c162eac1a9c02596ab20a73a7bc1a64cbf48","sha512":"5adfec69cb3e384997810dd15b428007c1aaa5bfaf2f6445a34178dd82099097e0d9fd678138382113ada0df4fa08619e75661369b6b9703e2ef45aabd7650b0","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-20","alert":"Scan result 2/72","trigger":"eb9613002b39c02a2fc07d02ba99c162eac1a9c02596ab20a73a7bc1a64cbf48","verdict":"suspicious","severity":"","comment":"suspicious - 2/72","link":"https://www.virustotal.com/gui/file/eb9613002b39c02a2fc07d02ba99c162eac1a9c02596ab20a73a7bc1a64cbf48","meta":null}]}},{"path":"Xeno-v1.1.3-x64/Xeno.exe","filename":"Xeno.exe","modified":"2025-01-17T21:21:44-05:00","Modified":"","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 6 sections","size":143360,"md5":"f0d6a8ef8299c5f15732a011d90b0be1","sha1":"5d2e6cc0bd4f1e810808f2a284f6c2a30b21edcf","sha256":"326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b","sha512":"5b9f1517949a7fa9fdb7413146632d21a4208dc92823b673af85963ae5cc7f827b3ba27f3e9c5554c45e726ad159aac77d30306acc3559bd8712534e41ff0f27","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-20","alert":"Scan result 1/71","trigger":"326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b","verdict":"suspicious","severity":"","comment":"suspicious - 1/71","link":"https://www.virustotal.com/gui/file/326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b","meta":null}]}},{"path":"Xeno-v1.1.3-x64/XenoUI.deps.json","filename":"XenoUI.deps.json","modified":"2025-01-17T21:21:45-05:00","Modified":"","magic":"JSON text data","size":2608,"md5":"f264dff8b12b6341b6bb97f9cea46324","sha1":"f8f19c048eacb31fb11b88d2a14b02cb3b7dbd74","sha256":"16b09c4fa7b6b3b75ded9a5ea854ad0b1b88288969376c94de1546cd02a82905","sha512":"4c69f803f0c48cff3da3b862dcad62b5c29af197f83d52cbf176c91e16752f883aea5ccb264aec66c2af179e038b5cf98439561ce08ffd31fc8b385486c67b93","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/XenoUI.dll","filename":"XenoUI.dll","modified":"2025-01-19T16:19:59-05:00","Modified":"","magic":"PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows, 2 sections","size":97792,"md5":"8a0f97c09c4a713e0b2679e90ced44d4","sha1":"e3e06aef78b52e7b764d0e7d8fd906c54c90048c","sha256":"1f041667be5eba5def7efb76d50b9ee4c4988fb8f1e6a1758710b8f73104ba3a","sha512":"06534538d6ba8d8bc8f2528a5bccb8675ee6e65c2f3d79321388c926f926387bdc59b9f247a79f73b804954b2aafeb49b6b53f703bab0a73e573f201ebe5a22d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/XenoUI.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-19","alert":"Scan result 1/72","trigger":"1f041667be5eba5def7efb76d50b9ee4c4988fb8f1e6a1758710b8f73104ba3a","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/1f041667be5eba5def7efb76d50b9ee4c4988fb8f1e6a1758710b8f73104ba3a","meta":null}]}},{"path":"Xeno-v1.1.3-x64/XenoUI.runtimeconfig.json","filename":"XenoUI.runtimeconfig.json","modified":"2025-01-17T21:21:45-05:00","Modified":"","magic":"JSON text data","size":515,"md5":"e0f6f18f9b152bc2d8c710b0214805d6","sha1":"ae3d39e59fd6edc05792a76cdf4f02a637f52e29","sha256":"89ad1ea5c9c20b6b266547ef27c0ae3840cab5642d3c2aedf06b7026245671dd","sha512":"80a6a9ff925bd1ba6f57fa1f7dd40de962001af97f8c2477d0b502728e23b6f412c74134e33efb36ccfeb08bbbeb678beb7e2e52fad24a763967eba8cf09b29e","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-convert-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-filesystem-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-heap-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-locale-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-math-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-runtime-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-stdio-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-string-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.3-x64/runtimes/win-arm64/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.3-x64/runtimes/win-x64/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.3-x64/runtimes/win-x86/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/XenoUI.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-20","alert":"Scan result 2/65","trigger":"1dfcadf8afac3a217d8289f937801c4f85d0855b0697062dbd570eb1c2d1c47c","verdict":"suspicious","severity":"","comment":"suspicious - 2/65","link":"https://www.virustotal.com/gui/file/1dfcadf8afac3a217d8289f937801c4f85d0855b0697062dbd570eb1c2d1c47c","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"520cabdf6c80e269166844c43015a77b","sha1":"cf0f24a0d2f1c5ccbc3f7076363976809d72cf51","sha256":"1dfcadf8afac3a217d8289f937801c4f85d0855b0697062dbd570eb1c2d1c47c","sha512":"098974b0ef1b4a40c28361af2b2476600a068be4bbe9227fe4f5f425602ba5517e7e4c2ed50e4ba77645790dcce3c4ad6a5452188279f805b9f13ffab596bff7","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":5001066,"url":{"schema":"https","addr":"xeno-executor.org/Xeno-v1.1.3-x64.zip","fqdn":"xeno-executor.org","domain":"xeno-executor.org","tld":"org"},"ip":{"addr":"104.21.21.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"Xeno-v1.1.3-x64/api-ms-win-crt-convert-l1-1-0.dll","filename":"api-ms-win-crt-convert-l1-1-0.dll","modified":"2019-12-07T04:09:10-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections","size":15672,"md5":"c8dbf0ca88facfe87899168a7f7db52c","sha1":"e2cf163ad067b5d3b19908a71ed393711f66cd09","sha256":"94b6e91b93c2202dabd659bff294bee87c22897a30a6b4930b49051c2fb502dc","sha512":"e85c738f5d5a0ae6c3ef75a082712cb3cf2feae4560d316cb110e4eaf3a97d6058d5374da2a5edde39c3114f9aff8a027cbdff8cf49be2425943bac09c39e70b","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-convert-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"Xeno-v1.1.3-x64/api-ms-win-crt-filesystem-l1-1-0.dll","filename":"api-ms-win-crt-filesystem-l1-1-0.dll","modified":"2019-12-07T04:09:10-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections","size":13840,"md5":"42a2a95f1bb940d01f55eb1674a81fe2","sha1":"f982f3bbb4dc3aaaba8df098d1b395846f7cba08","sha256":"51541ec6684b43157a85ea46a42ebed4555be06bed0d0d07ff3ea6377301318d","sha512":"de9a7a1a6a45e2f76105eaeafcc3c29adbff142dcf2586e147417045b897a9dcddec5e1b97acfc5d3fc9c8e3a508dbc3f607bf3df20a7435e74436f94cb056b6","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-filesystem-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"Xeno-v1.1.3-x64/api-ms-win-crt-heap-l1-1-0.dll","filename":"api-ms-win-crt-heap-l1-1-0.dll","modified":"2019-12-07T04:09:10-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections","size":12600,"md5":"98da186fd7d7873c164a51c5d7b77f1a","sha1":"725a8b8fdfbe6a1e85674f4b2a7c0dd08411e00b","sha256":"80139e4caa379d87b1d1dafc23ace71d2b330368115f6314140d4ae59c2a78e8","sha512":"587b49a24cc59d4dcb62b59f379d1c9010196a6551cfc99ffdd931eeb0172618f020863191e530d65ad198e57063c57ba6f70bcf80591304243268ea5513f806","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-heap-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"Xeno-v1.1.3-x64/api-ms-win-crt-locale-l1-1-0.dll","filename":"api-ms-win-crt-locale-l1-1-0.dll","modified":"2019-12-07T04:09:10-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections","size":12088,"md5":"ff48b107b2449a647c64baabd49408a1","sha1":"efb868ba125d9ff08474f02b9483d74c36a13cee","sha256":"7bb8644e565ad4bcfd890f9044bccb4d99953a740e9a500b1f820b2fdc3fc240","sha512":"4da2e4b727e7f31f8bffd680453c451b444bdf217c15cb36e353f8bb5ecb6c6481caa7d848558c7d94cfc2d1bc3551ace11e85ffc8ec7a7b570a59c294ea0216","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-locale-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"Xeno-v1.1.3-x64/api-ms-win-crt-math-l1-1-0.dll","filename":"api-ms-win-crt-math-l1-1-0.dll","modified":"2019-12-07T04:09:10-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections","size":21008,"md5":"e10e077bb06209aedd0d0d378c758f73","sha1":"97a9053a311280678f8ef65dc4e25975c41bd4ee","sha256":"8a7bff1c918539a75c25568db25933d653c003e016fd7791a37186b42bbb7c20","sha512":"571c1fc4192320bd967b603e6cda917a62f4720eb4dcd557ec2913d2558c0cfe68f936198f5809934aaa3a1d6049e8e918eb0e638a7244df5c71ef0c78843191","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-math-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"Xeno-v1.1.3-x64/api-ms-win-crt-runtime-l1-1-0.dll","filename":"api-ms-win-crt-runtime-l1-1-0.dll","modified":"2019-12-07T04:09:10-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections","size":16400,"md5":"f91e1ff896b5616919ac97c7095c513e","sha1":"4ec6eed0bac5a8801db10238c7b3a5d35a87be67","sha256":"07382c0d91dad2bb6ba8bd06ea02f12c57abf7c4e5a70672e9f2954d09a4ffd4","sha512":"6448d6cdfde11e1805b6d381111ea062f681807c9dc54ae890305f287b13b6fb57ef3f4d3b909e56b81c99830c086b5702b46ba0f93e695fce2b87b32fa4b26a","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-runtime-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"Xeno-v1.1.3-x64/api-ms-win-crt-stdio-l1-1-0.dll","filename":"api-ms-win-crt-stdio-l1-1-0.dll","modified":"2019-12-07T04:09:10-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections","size":17960,"md5":"429c26ed27a026442f89c95ff16ce8c2","sha1":"69ed09faae00a980c296546c9b5e6a8d5f978439","sha256":"2a466648affd3d51b944f563bb65046a3da91006a0d90fb2c0b123487a1fc1b3","sha512":"04641164d9e1eb3183db0c406583626011dfe2b2574551c0ac466ebf44165afcd7d8faf356b8268b4fc9a54db20de010a4e4293594ad2e605950aea65636f4e5","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-stdio-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"Xeno-v1.1.3-x64/api-ms-win-crt-string-l1-1-0.dll","filename":"api-ms-win-crt-string-l1-1-0.dll","modified":"2019-12-07T04:09:10-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 2 sections","size":18472,"md5":"0f593e50be4715aa8e1f6eb39434edd5","sha1":"1117709f577278717c34365ce879bcd7c956069b","sha256":"bf4ea10be1b64c442ac0ccf4bdf69f6703467176a27e9e14a488d26448a6e179","sha512":"487dcbf7b7f18d62606cb2f05c8feff07e6ecda42e643f5919c6edda66cdb3b8cc393b0d260374f06c10cf54082410fc9f02bd87cc50866bc0c28b0bcec3e658","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-string-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}}]}},{"path":"Xeno-v1.1.3-x64/autoexec/test.txt","filename":"test.txt","modified":"2024-12-10T20:41:54-05:00","Modified":"","magic":"ASCII text, with no line terminators","size":29,"md5":"649d2f9bbd50814244547e4e140a95e0","sha1":"c7d1725852f659487fd8b70fe7c2c32420732734","sha256":"2bc836b0f80c7100d8125e8c17235e62ffb93929103a64af004ee2eef1b03c92","sha512":"ba058df5f0573884ea2a6c481fa7157cc23959607b1493cc4304bc68358a473dff4bde96e43cd17e0bf82e1fdb01374f0a13719aeddd2127639259b70ce7edb8","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/index.html","filename":"index.html","modified":"2024-11-03T11:37:04-05:00","Modified":"","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (61271), with CRLF line terminators","size":168642,"md5":"001dcbb8f41cdcbf9b4d1e3a0ed4b2d2","sha1":"982a05814546017c40771e59e7677b53d84787e9","sha256":"f1d2c52f2803c29585b81d2eff74c56242d27e9619ee6d38081d5604c5bb1951","sha512":"9a4eba2a9314b6f5851997e1db0ecfae8e40da3443d8a5f9df933ccf6a4d75fc330888c8d14818326e15b3dec9ae2f5f7e73cd08c3822dd7eb0b2d753c8cd8fa","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/base/worker/workerMain.js","filename":"workerMain.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"JavaScript source, ASCII text, with very long lines (1119), with CRLF line terminators","size":136817,"md5":"d0ac5294c58e523cddf25bc6d785fa48","sha1":"1b3661b6db36f1b14fd80dc9a739bfc69c68dfe5","sha256":"e90d1a8f116fa74431117a3ad78dde16dde060a4bf7528dfe3d5a3ad6156504b","sha512":"fea07a1ea5d29a3b4c614248655f4d1ddd94c10c6a6b5c8b428a8b4c0cbec7e7492fa0665c5001e65ce167240ffdfc5ac2c2ed14da3d6f508ae8d8b3c8e8eebb","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/basic-languages/lua/lua.js","filename":"lua.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"JavaScript source, ASCII text, with CRLF line terminators","size":4679,"md5":"eebda1fdd970433750c115eae2f03865","sha1":"3f1a1cddb99dead013eac825eb418241656d4bf0","sha256":"ac729efb3164f48d6b08f74d4b15060c126a30d40fb4cd4fc9cc94f2e19bd7c7","sha512":"8b188f3ae73a14a9318dce9761312d9dd2360ab00ee36e83ca6b74288a109c91770954db7537fd84a76707a1e79528fffc97f3a718bcd924545b469a1363c9cb","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.css","filename":"editor.main.css","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"ASCII text, with very long lines (65249), with CRLF line terminators","size":301375,"md5":"23c7db6e12f6454ef6e7fb98d17924d8","sha1":"06398b44a338db5eeab2d461347334fc69af5af1","sha256":"615824c59ed1e07f5924286e9f02f3120b9064d59e115d3f668a914e07839451","sha512":"5ed3103e4f6640ca71e103e7f3752aca3027d8c563084d519f9d6358018ccdfacd0c4c08b69e510f88effa2b56dce04241ee7f92f3db99d9077b49ed7271d924","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.js","filename":"editor.main.js","modified":"2024-11-05T10:58:32-05:00","Modified":"","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65245), with CRLF line terminators","size":2183400,"md5":"2dc0068cdbc03ce43a75ab0b2df664e2","sha1":"817a209e179466dc8a14e05eb11a6c1b7e3d71eb","sha256":"b604b6148f70fe9db882cce2a7d327b2422ad2f203a805491002a8c564e3c3ff","sha512":"1ce29ed21e027d3552dc05162250bd62d66555f7b9ff48c9c94116d1e696089c32851533e7db30a7507a85b598df8fbf66292904c446536ccd3b2c60209d9d3d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.de.js","filename":"editor.main.nls.de.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (16089), with CRLF line terminators","size":47200,"md5":"d1fd2fb756c73970b9c5e0ba07bff708","sha1":"470057b3244886dccc9f6074297cc8bc2a9c1b39","sha256":"cb1c3416ff242a738c45c3b2590d7d222b159a95a69ce3b7b8d7c8d18ea70828","sha512":"db2432182ff4c85fcca5093d0e433ed9cf5bed3ea3db9ed82fedc87af4d260e0d0f29ff67f0b8ac78e162586a74998ad082a91e8f9a76717827a83d5b2f775cf","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.es.js","filename":"editor.main.nls.es.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (16082), with CRLF line terminators","size":47589,"md5":"36f546b28ca17ece9f8eb9bcf8344e13","sha1":"d43934b9041587799e332b2f568aa81666227258","sha256":"327437ee3793e9ae0686c78196b459592c282ed2e86f95ce28d32693b76d7654","sha512":"13f8cc23038c07b6840514db4fc7b503b7a38ae1ec3baab44f1bfbded40ac50ae03c05c754f9678eecd0c8fcefab958152b39b731068b8c2c976c4c57e97f36d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.fr.js","filename":"editor.main.nls.fr.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (16773), with CRLF line terminators","size":50986,"md5":"1a29080733878dd44e0c118e84cd0c39","sha1":"60c158e23962b11918f6cae26445fad5b63bc65a","sha256":"6ed837dc1905c06a20d102921ff06a0bda003c5368ed0576bf7e69494e889ae8","sha512":"5cc68cabb583100320d7c875fd7c46f5c618c3968ac2a7c2b60f90ec74b29349a557049c17d5c851cabb54d5ef26cd65e8d2288d70b62ede06ee1762e25dbd60","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.it.js","filename":"editor.main.nls.it.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (17192), with CRLF line terminators","size":49330,"md5":"18e88f58301ad5ae926204507ab99c6b","sha1":"8eb03235312e88b941f3be212c0efa12b24e6d5f","sha256":"4fe2c4420294758883e134bdf7da9e6c2abf631d3a89c765f32f6c1d0f62653c","sha512":"f66283ec4182e9062f9f03a83acb3f2a49b98fb9ef67e48eaf5227236919ca279831b822fcb3ae252cfeafd81d12fe9c89a2843d91ab140a2b79b6bbc1d4f013","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.ja.js","filename":"editor.main.nls.ja.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (7783), with CRLF line terminators","size":53362,"md5":"3bf851cc70f515cbbe1d39da93e4f041","sha1":"88fe6323bbe14b55b6eec078574318e8474be613","sha256":"1f3556ea7233843b9e08b3c97b6727c533d702563e195c2090a438070dc85f0f","sha512":"61ffe9ec3550d2f8dfbc30d7d61327584833bb714a9d2cfc9788449190089dbdeaa293bb9921a43da782e1c36b7d242e13ac052b46210d2e79793626e921169d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.js","filename":"editor.main.nls.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (13654), with CRLF line terminators","size":39314,"md5":"e871d4d9539c26d7d2bf32801ebdecf0","sha1":"711460f619ef09fa23d272d97bfc00593a5319a8","sha256":"5ff0084e6a7eee82a735616239aaf2190ea9d90e89e19340831f3d590828016a","sha512":"b6b9bf96c132db9dfc99d70320231630fc46a8a83f500d8e4f677e2d03206364f2666946f69061dcba2e759f005261dae1ece73e054aa56b8210551bc353cced","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.ko.js","filename":"editor.main.nls.ko.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (8116), with CRLF line terminators","size":47576,"md5":"60fcd422ac97a1b645ff48cb6928f7af","sha1":"da5b57dfbd257720155e303f0e75e263f0e74190","sha256":"98e649fa40d8e2ccfdc212341feb8165a7d7bbec31e8a77d9819ad9474e4b8ba","sha512":"52439f47f1e12ccf37db40f9fa8fa4966579cd6b327cde1768187cd7fdc7ebdd444e1953e29ed09bdced40d764c2e8f7131d44908c00bfd350e856a9df661aa4","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.ru.js","filename":"editor.main.nls.ru.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (16153), with CRLF line terminators","size":77450,"md5":"6e7d5b984917b00f131c47473ce2b866","sha1":"97f94134ff8f73ab48c0635550f2d8054c239c7f","sha256":"1bb069d95a395bf258d1f262814591aa762c4b30529adde32ccbcaa7c7ca508d","sha512":"f2595e7e1812073c50bfa058db3c7918dd8d7a6f0d20a576c68d854a4c61ed74bef3ad5ab23430567065677d737d81c7f17010055a069b9e38b5594d65e882a0","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.zh-cn.js","filename":"editor.main.nls.zh-cn.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (5836), with CRLF line terminators","size":36890,"md5":"05e49314cf801f5d3992b55243690ea7","sha1":"c20fca9f037adf2edec34ccf67a08e56d1d71bbf","sha256":"e9adc8ffca9853ef6e0bd4e955af9f395a570bc7772fc2dac0c0ff241aac864b","sha512":"7d499b41ae9bee2e72b721a49c0d053029624b19af1ede71a4378e14d3f6b407539c18d29422fb8d21681ce7dc160d2f11e80064017f5c8a5f645d6c1a77cc75","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/editor/editor.main.nls.zh-tw.js","filename":"editor.main.nls.zh-tw.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (5745), with CRLF line terminators","size":37442,"md5":"becbf441d95b0bc1565faf47ce9de373","sha1":"f660a8a29dc9861f7ff7e228622d492f1630b873","sha256":"94a7ff81b8ec3217a46bc5cdebe2c6aee98f73e6e902b7d9cf394836d052bbe5","sha512":"feee8ef6e36984309186b8ff491982efe4f144859c3f48d147b26bd61af6af751e013a951e945f02a2057368b485204734f6dc50cd6fca6294426b7fbdbcaa4f","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/bin/Monaco/vs/loader.js","filename":"loader.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"JavaScript source, ASCII text, with very long lines (1023), with CRLF line terminators","size":30223,"md5":"bc15bb48d4d5c60ce7f16819f4d988c4","sha1":"87c7f328aa357d52b68b2cea0a214365a40cdc36","sha256":"5c3cf09973404ba31d760952f267751ef2bb09f315331d13ca432b65ce2c480b","sha512":"b5d7481773cafd01f3d738949a54e49c166c9a8fea3a150f6f0eed7449176d630991e27544a4e7b23fdad29700ae7fbba5de42f97c69874b6f2ad374194a9853","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/libcrypto-3-x64.dll","filename":"libcrypto-3-x64.dll","modified":"2024-10-23T02:18:42-04:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections","size":5209352,"md5":"54ca3e6afcb3c57c7914c0856d779f2a","sha1":"e37be8d92350aa1f9dd3212015de959faa58aa2f","sha256":"7aed0bc00d2f0ca0de95eaa6461327bd2e4543723a6ca443a7e899738b353b5a","sha512":"e8079e9d4bfa253677a669913f8198882c2eaaf9251f11cfa64eed5597c34ab7c267bed3826ad9f0a83675177a7575af54081852a5a633d999bd13cf873a79e8","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/libssl-3-x64.dll","filename":"libssl-3-x64.dll","modified":"2024-10-23T02:18:45-04:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections","size":1374984,"md5":"d66acb55a9f095a24865c9d883f96fd1","sha1":"cc8cb0a1d460fc0ef5a941bc5cd45e29ca7ef527","sha256":"7ae563b23164ec5994dbc24bce536b33df80c40de5ca97d64fe84a5dac34788e","sha512":"35c04c6f5f66d4585bba8fe48f2b470af7d6e366e9b9cb3ce0712818c5b1504c9e492a4d148164adf28793cc55b2ac58d3df28fb00f94033ddcb6e18ecce0227","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/Microsoft.Web.WebView2.Core.dll","filename":"Microsoft.Web.WebView2.Core.dll","modified":"2024-06-11T05:23:06-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":570856,"md5":"b037ca44fd19b8eedb6d5b9de3e48469","sha1":"1f328389c62cf673b3de97e1869c139d2543494e","sha256":"11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197","sha512":"fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/Microsoft.Web.WebView2.WinForms.dll","filename":"Microsoft.Web.WebView2.WinForms.dll","modified":"2024-06-11T05:22:54-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":38376,"md5":"8153423918c8cbf54b44acec01f1d6c2","sha1":"f0c3c5412b809725e6d4809230adb15cc7d83ad2","sha256":"5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4","sha512":"f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/Microsoft.Web.WebView2.Wpf.dll","filename":"Microsoft.Web.WebView2.Wpf.dll","modified":"2024-06-11T05:22:54-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":51688,"md5":"4a292c5c2abf1aab91dee8eecafe0ab6","sha1":"369e788108e5fb0608a803fa2e5a06690b4464b5","sha256":"b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4","sha512":"ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/msvcp140.dll","filename":"msvcp140.dll","modified":"2024-10-29T06:52:02-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections","size":449640,"md5":"4d157073a891d0832b9b05fb8aca73a8","sha1":"551efcdd93ecafc6b54ebb6f8f38c505d42d61ca","sha256":"718812adb0d669eea9606432202371e358c7de6cdeafeddad222c36ae0d3f263","sha512":"141563450e4cdf44315270360414f339fc3c96ebdaa46e28a1f673237c30f5e94e6da271db67547499c14dc3bd10e39767c3b6a2a3c9cec0a64a11f0263e0c5d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/Newtonsoft.Json.dll","filename":"Newtonsoft.Json.dll","modified":"2023-03-08T02:09:54-05:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":712464,"md5":"adf3e3eecde20b7c9661e9c47106a14a","sha1":"f3130f7fd4b414b5aec04eb87ed800eb84dd2154","sha256":"22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07","sha512":"6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/runtimes/win-arm64/native/WebView2Loader.dll","filename":"WebView2Loader.dll","modified":"2024-06-11T05:23:06-04:00","Modified":"","magic":"PE32+ executable (DLL) (console) Aarch64, for MS Windows, 7 sections","size":140248,"md5":"8f2648cd543236ef1b4856715731e069","sha1":"c269e906556c160201fe229b9f6f3dde26888ac4","sha256":"77152af4472dc7741901ba69ce3a670992546eb2f5eda3db7fee135ee0037de0","sha512":"26bd06330e690dc73534ec2c54cd75149c0e96cbcfb34b9012532223db51d98b37b8b5c507d8d1a9b3829ea49493981d79cc1e5aaaa5b0d4b796a72f4420f2cc","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.3-x64/runtimes/win-arm64/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"Xeno-v1.1.3-x64/runtimes/win-x64/native/WebView2Loader.dll","filename":"WebView2Loader.dll","modified":"2024-06-11T05:22:54-04:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 10 sections","size":165336,"md5":"c5f0c46e91f354c58ecec864614157d7","sha1":"cb6f85c0b716b4fc3810deb3eb9053beb07e803c","sha256":"465a7ddfb3a0da4c3965daf2ad6ac7548513f42329b58aebc337311c10ea0a6f","sha512":"287756078aa08130907bd8601b957e9e006cef9f5c6765df25cfaa64ddd0fff7d92ffa11f10a00a4028687f3220efda8c64008dbcf205bedae5da296e3896e91","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.3-x64/runtimes/win-x64/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"Xeno-v1.1.3-x64/runtimes/win-x86/native/WebView2Loader.dll","filename":"WebView2Loader.dll","modified":"2024-06-11T05:23:16-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections","size":116200,"md5":"9d7744e15bb8e3d005079b18979c8544","sha1":"7b326c96e5f3f6baaf6e9390b119a4ffb3df2c64","sha256":"cc2f661aac9c05646933f717e629a69be93d8d06803066289d6dc1105aac6cd2","sha512":"732fd17714ec5ef0afd8f17d06adc895e93bea4585b6b1dabcf95c3fbe808e7b31a19c13cccfac0b30cd425cf96926749a0373a861f55fa8db442430803f4a25","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.3-x64/runtimes/win-x86/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"Xeno-v1.1.3-x64/scripts/Dex.lua","filename":"Dex.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, ASCII text, with very long lines (467), with CRLF line terminators","size":420163,"md5":"e37374a8aa47cf8ac6d56901436e199f","sha1":"5d62f5db07614f3b548702faa4f7a06e235c9b12","sha256":"47cc5f1102fda0eba76b9570a1b943326f2170f270d5280e1f8dd5723c43fc14","sha512":"efee19e8109a48d49f099dd1767c722935123c4ea4d6e0ab905703e16fcb7196d31c45826d4398a5b7249e686ca90db3f671416909ce3440d4709edf1bd55775","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/scripts/Infinite Yield.lua","filename":"Infinite Yield.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","size":480320,"md5":"a8c69257b0db73b3e531d62cd872bc8b","sha1":"60c80decdad7e16869134a8c11a056298c628da6","sha256":"46b69f4be7ded4ac60c39255cfcd39357be8dcee7e60ad34ca53d909aa6e509a","sha512":"35d4211fb76971e3d6918a85ed57a0c4dbb51843b87f5f8a4568e5facfdb44627c111130c78eb7821f7a644a652bdc28caad9350bf8b317dc223aa13a23e6dca","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/scripts/Sine Wave.lua","filename":"Sine Wave.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, ASCII text, with CRLF line terminators","size":1071,"md5":"0bbb2aebfadc119226992045dcaa30b4","sha1":"6939f7c1f4fa7ac0f81e9dabef32fdb24d120e72","sha256":"a5f5aca3ac216ac9040d0425eb52b1465674d8cd79d928474562d9a644ff4f0b","sha512":"b433ad6f5d365c58e2260588fae7a3cbecbfe734daff125ce18b6673c629c1b6bccd6142ea49c2c77d57dbe9ab2d02b2897fd2d7c592d524952a62348715bbf8","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/scripts/Spinning Donut.lua","filename":"Spinning Donut.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, ASCII text, with CRLF line terminators","size":1751,"md5":"967403f0ecb43917e841a085851b732d","sha1":"b09f3bef3e9fe87970b48db46529c611c302db16","sha256":"cb1a35b6ae394e479b97aa1f946ca21b8794dd0d60b08b85bf89fa5b35a4d8da","sha512":"34e83a25f330243faf86b62923a873a9104fa62f756a66074905f7980475581eded0a92cd88b6beba9b6424fb7f2a9cd743627871f80d51ff36c39f28ccb29b3","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/scripts/UNCCheckEnv.lua","filename":"UNCCheckEnv.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","size":29161,"md5":"b76726d10354343d9af5c268e40b47c4","sha1":"7103c78071be0c65c8b3a217168cf7909aef748e","sha256":"e8d53406c916b8e827c65c8f00d8a18b1379e693fd0379e8116e749bdf860cf5","sha512":"5caffd8a06058e890fe4ae35430539281cf53fa791221189f0f6660778a83fa42cc3e5374ce06ff325420d92006c2bfe1003f1486714e889964075da66b046eb","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/vcruntime140.dll","filename":"vcruntime140.dll","modified":"2024-10-29T06:47:40-04:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 8 sections","size":120432,"md5":"943fc74c2e39fe803d828ccfa7e62409","sha1":"4e55d591111316027ae4402dfdfcf8815d541727","sha256":"da72e6677bd1bcd01c453c1998aaa19aeaf6659f4774cf6848409da8232a95b2","sha512":"96e9f32e89aee6faea6e5a3edc411f467f13b35ee42dd6f071723daeba57f611dbd4ff2735be26bb94223b5ec4ee1dffedf8dc744b936c32a27d17b471e37dcf","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/vcruntime140_1.dll","filename":"vcruntime140_1.dll","modified":"2024-10-29T06:47:38-04:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 6 sections","size":49744,"md5":"05052be2c36166ff9646d7d00bb7413f","sha1":"d8d7c4b322d76e3a7b591024c62f15934979fe40","sha256":"26e470b29bed3d873e0c328186e53f95e9edbfe0b0fd0cda44743a0b1a04a828","sha512":"0460cc66d06df9a2941607473f3eccfd909f2adab53a3328fadcedd1b194b388eca738c2c6c2e193de33606925fbed1fe39efa160015128e93f5e3a03c62170d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/workspace/dex/deps_version.dat","filename":"deps_version.dat","modified":"2025-01-17T21:08:12-05:00","Modified":"","magic":"ASCII text","size":40,"md5":"7ef3ab2f25955388d147b6797d04387c","sha1":"fd5a1664f632e69534046491caae06e1069dbd3d","sha256":"33dbd0d46cc823729efc8f0682d2dd0ee214515c445ed76beb97a63719e81003","sha512":"d5bd68999b31c69ceb618a9ab6081908f6459b9fcf40b47d46917d7538e590ee2fa1cfd238bc13204582e1572c47848699bcd6b59fe8dbcc35abbd58f090b9ad","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/workspace/dex/rbx_api.dat","filename":"rbx_api.dat","modified":"2025-01-17T21:08:13-05:00","Modified":"","magic":"JSON text data","size":4070157,"md5":"c31c192974d091badb971fde16825795","sha1":"2d72dace0c277e6c94a361576dea524627b7278a","sha256":"02276f872886a6bc29e2e05a2e551a8c92c0e1745276520f4203d52a15679856","sha512":"2267bf393ca8da01a20497fbab8583b4839bc6b7f8cfdbc40707242b78f38c3ae1947e9e4fa8986099ceecdd58017569d0d4144824210a584a5972f4ed76688f","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/workspace/dex/rbx_rmd.dat","filename":"rbx_rmd.dat","modified":"2025-01-17T21:08:13-05:00","Modified":"","magic":"ASCII text, with CRLF line terminators","size":357709,"md5":"b4839a4dd884609ab4a0100bc1bb74d6","sha1":"48cd50dc34781cf4968db423b949b18d21d354b2","sha256":"494d8ba722f5ad862967651576ae720624bf8a01cbbcb81dde4056cc4761d2aa","sha512":"23241bf1ae7ccc04c26f72267c58cb8d9f228c694401738f4bcc53e31cd06d09b91cd49d3324d4e23375898c55304cd877a0f44cbe19490413000c27d9d62b1d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/workspace/IY_FE.iy","filename":"IY_FE.iy","modified":"2025-01-15T18:40:15-05:00","Modified":"","magic":"JSON text data","size":539,"md5":"291d5636a434c4f1ceb0f3f776c2a51f","sha1":"ae287e08f71c522a72812f0dace94b8ffb569341","sha256":"73bb58ba5b81960caf5a8e66675cc89b5761b77db99c6ceb9435f7211d400452","sha512":"7dab8034f85aef1b2b7a86cc8220ebdbb95a3f083d1565e1cff38414367aa69fc597a11aaba11dbef411e13fbfb285855d9c46ae59738f6e88c22dd55c81a743","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/Xeno.dll","filename":"Xeno.dll","modified":"2025-01-19T16:19:26-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 6 sections","size":1303040,"md5":"66e8a6978c77e6b2f390f33d25bf7f01","sha1":"b2b8bb5802da4035799794c62339ed65d4e112e4","sha256":"eb9613002b39c02a2fc07d02ba99c162eac1a9c02596ab20a73a7bc1a64cbf48","sha512":"5adfec69cb3e384997810dd15b428007c1aaa5bfaf2f6445a34178dd82099097e0d9fd678138382113ada0df4fa08619e75661369b6b9703e2ef45aabd7650b0","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-20","alert":"Scan result 2/72","trigger":"eb9613002b39c02a2fc07d02ba99c162eac1a9c02596ab20a73a7bc1a64cbf48","verdict":"suspicious","severity":"","comment":"suspicious - 2/72","link":"https://www.virustotal.com/gui/file/eb9613002b39c02a2fc07d02ba99c162eac1a9c02596ab20a73a7bc1a64cbf48","meta":null}]}},{"path":"Xeno-v1.1.3-x64/Xeno.exe","filename":"Xeno.exe","modified":"2025-01-17T21:21:44-05:00","Modified":"","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 6 sections","size":143360,"md5":"f0d6a8ef8299c5f15732a011d90b0be1","sha1":"5d2e6cc0bd4f1e810808f2a284f6c2a30b21edcf","sha256":"326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b","sha512":"5b9f1517949a7fa9fdb7413146632d21a4208dc92823b673af85963ae5cc7f827b3ba27f3e9c5554c45e726ad159aac77d30306acc3559bd8712534e41ff0f27","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-20","alert":"Scan result 1/71","trigger":"326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b","verdict":"suspicious","severity":"","comment":"suspicious - 1/71","link":"https://www.virustotal.com/gui/file/326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b","meta":null}]}},{"path":"Xeno-v1.1.3-x64/XenoUI.deps.json","filename":"XenoUI.deps.json","modified":"2025-01-17T21:21:45-05:00","Modified":"","magic":"JSON text data","size":2608,"md5":"f264dff8b12b6341b6bb97f9cea46324","sha1":"f8f19c048eacb31fb11b88d2a14b02cb3b7dbd74","sha256":"16b09c4fa7b6b3b75ded9a5ea854ad0b1b88288969376c94de1546cd02a82905","sha512":"4c69f803f0c48cff3da3b862dcad62b5c29af197f83d52cbf176c91e16752f883aea5ccb264aec66c2af179e038b5cf98439561ce08ffd31fc8b385486c67b93","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.3-x64/XenoUI.dll","filename":"XenoUI.dll","modified":"2025-01-19T16:19:59-05:00","Modified":"","magic":"PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows, 2 sections","size":97792,"md5":"8a0f97c09c4a713e0b2679e90ced44d4","sha1":"e3e06aef78b52e7b764d0e7d8fd906c54c90048c","sha256":"1f041667be5eba5def7efb76d50b9ee4c4988fb8f1e6a1758710b8f73104ba3a","sha512":"06534538d6ba8d8bc8f2528a5bccb8675ee6e65c2f3d79321388c926f926387bdc59b9f247a79f73b804954b2aafeb49b6b53f703bab0a73e573f201ebe5a22d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/XenoUI.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-19","alert":"Scan result 1/72","trigger":"1f041667be5eba5def7efb76d50b9ee4c4988fb8f1e6a1758710b8f73104ba3a","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/1f041667be5eba5def7efb76d50b9ee4c4988fb8f1e6a1758710b8f73104ba3a","meta":null}]}},{"path":"Xeno-v1.1.3-x64/XenoUI.runtimeconfig.json","filename":"XenoUI.runtimeconfig.json","modified":"2025-01-17T21:21:45-05:00","Modified":"","magic":"JSON text data","size":515,"md5":"e0f6f18f9b152bc2d8c710b0214805d6","sha1":"ae3d39e59fd6edc05792a76cdf4f02a637f52e29","sha256":"89ad1ea5c9c20b6b266547ef27c0ae3840cab5642d3c2aedf06b7026245671dd","sha512":"80a6a9ff925bd1ba6f57fa1f7dd40de962001af97f8c2477d0b502728e23b6f412c74134e33efb36ccfeb08bbbeb678beb7e2e52fad24a763967eba8cf09b29e","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-convert-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-filesystem-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-heap-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-locale-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-math-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-runtime-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-stdio-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/api-ms-win-crt-string-l1-1-0.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.3-x64/runtimes/win-arm64/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.3-x64/runtimes/win-x64/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.3-x64/runtimes/win-x86/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-20","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.3-x64/XenoUI.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-20","alert":"Scan result 2/65","trigger":"1dfcadf8afac3a217d8289f937801c4f85d0855b0697062dbd570eb1c2d1c47c","verdict":"suspicious","severity":"","comment":"suspicious - 2/65","link":"https://www.virustotal.com/gui/file/1dfcadf8afac3a217d8289f937801c4f85d0855b0697062dbd570eb1c2d1c47c","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"xeno-executor.org/Xeno-v1.1.3-x64.zip","fqdn":"xeno-executor.org","domain":"xeno-executor.org","tld":"org"},"ip":{"addr":"104.21.21.211","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-01-20T14:44:45.549Z","timestamp":1737384285549,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xeno-executor.org","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 17 Jan 2025 08:06:37 GMT","end":"Thu, 17 Apr 2025 09:00:14 GMT"},"fingerprint":{"sha1":"4E:A5:BF:25:C4:75:10:62:D5:04:39:6B:0E:2C:5B:BD:93:19:51:C8","sha256":"7D:E5:44:47:F9:AA:F5:77:6C:EB:13:63:7A:0A:C2:76:15:13:8A:53:D1:03:4A:D4:7F:18:DD:79:F3:3D:8C:0F"}}},"request":{"raw":"GET /Xeno-v1.1.3-x64.zip HTTP/1.1\r\nHost: xeno-executor.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 20 Jan 2025 14:44:45 GMT\r\ncontent-type: application/zip\r\ncontent-length: 5001066\r\nlast-modified: Mon, 20 Jan 2025 09:11:36 GMT\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=ewznyiFj6CX4eZK52PhiHcmhliaFXG1XL%2BCdlly4PN0tcpF%2FHQbLSntFqHEOS5GrjXsq8E57ex7cmPbQbsxdlTkrbZpPBeMkrXBIo5t%2BDeA%2BC0nLBLhEsRaiJZKiZEghSEtg9Q%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 904fd828ee95b524-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=5999\u0026min_rtt=431\u0026rtt_var=10979\u0026sent=7\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3295\u0026recv_bytes=1262\u0026delivery_rate=4492244\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=fc53a78ac48ae5e5\u0026ts=288\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5001066,"size_decoded":5001066,"mime_type":"application/zip","magic":"Zip archive data, at least v1.0 to extract, compression method=store","md5":"520cabdf6c80e269166844c43015a77b","sha1":"cf0f24a0d2f1c5ccbc3f7076363976809d72cf51","sha256":"1dfcadf8afac3a217d8289f937801c4f85d0855b0697062dbd570eb1c2d1c47c","sha512":"098974b0ef1b4a40c28361af2b2476600a068be4bbe9227fe4f5f425602ba5517e7e4c2ed50e4ba77645790dcce3c4ad6a5452188279f805b9f13ffab596bff7","ssdeep":"98304:baD6OMy3rm+twdjTmDh/BRFQNM74slPUDtgo8/ihgu/DAA75aoJg3:mDUyb9tWjTml/3bZUpnUu/kCaoJg3","tlshash":"1e3633ca0ad707b2d65da4ffd1e23e279144ad4b6372cab44dc92b1edab099005f2cc5","first_seen":"2025-01-19T22:03:09.913511Z","last_seen":"2025-01-26T08:24:16.200834Z","times_seen":10,"resource_available":false,"data":null}},"time_used":843,"timings":{"blocked":39,"dns":11,"connect":1,"send":0,"wait":269,"receive":499,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-20","alert":"Scan result 2/65","trigger":"1dfcadf8afac3a217d8289f937801c4f85d0855b0697062dbd570eb1c2d1c47c","verdict":"suspicious","severity":"","comment":"suspicious - 2/65","link":"https://www.virustotal.com/gui/file/1dfcadf8afac3a217d8289f937801c4f85d0855b0697062dbd570eb1c2d1c47c","meta":null}],"urlquery":null}}]}