{"report_id":"88176f88-f92d-44e7-a978-62e3c8022a22","version":6,"status":"done","tags":[],"date":"2025-01-17T15:23:09Z","url":{"schema":"http","addr":"github.com/rlz-ve/x/releases/download/v1.1.2/Xeno-v1.1.2-x64.zip","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.3","port":0,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-03-28T15:23:07Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"github.com","ip":{"addr":"140.82.121.3","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"domain_registered":"2007-10-09","domain_rank":1423,"first_seen":"2016-07-13T12:28:22Z","last_seen":"2025-01-15T02:17:23.86894Z","alert_count":0,"request_count":1,"received_data":4345,"sent_data":518,"comment":"","tags":null,"fingerprints":null},{"fqdn":"objects.githubusercontent.com","ip":{"addr":"185.199.111.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2014-02-06","domain_rank":134060,"first_seen":"2021-11-01T21:34:29Z","last_seen":"2025-01-15T04:21:22.80518Z","alert_count":1,"request_count":1,"received_data":4557091,"sent_data":962,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"f9e3cb826c8013aebb2eab1336d60742","sha1":"72bbb72c8aefeb421e92c41c839c08e0b1cb1756","sha256":"1d2001162fd635210d91f441ed2ba536747a7347b719a49f67429ada56a1395b","sha512":"1bcbd4c270f421de0dbae9078dfd5298fb591d557acd37b993d3119e4ebed95f4a333dfad3ec20980ff605bc47a5faaa227041153790ccf2fd77ebb2992b8fda","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":4556244,"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/883345985/6bd4a331-0517-4cdd-927c-b6746b41f8c0?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20250117%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20250117T152242Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=08d90ca31e53d29451346f1ff1d648d0fdc13ef0aa5a1b3c7ac7ea5e5a7f4ae3\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3DXeno-v1.1.2-x64.zip\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.111.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":[{"path":"Xeno-v1.1.2-x64/autoexec/test.txt","filename":"test.txt","modified":"2024-12-10T20:41:54-05:00","Modified":"","magic":"ASCII text, with no line terminators","size":29,"md5":"649d2f9bbd50814244547e4e140a95e0","sha1":"c7d1725852f659487fd8b70fe7c2c32420732734","sha256":"2bc836b0f80c7100d8125e8c17235e62ffb93929103a64af004ee2eef1b03c92","sha512":"ba058df5f0573884ea2a6c481fa7157cc23959607b1493cc4304bc68358a473dff4bde96e43cd17e0bf82e1fdb01374f0a13719aeddd2127639259b70ce7edb8","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/index.html","filename":"index.html","modified":"2024-11-03T11:37:04-05:00","Modified":"","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (61271), with CRLF line terminators","size":168642,"md5":"001dcbb8f41cdcbf9b4d1e3a0ed4b2d2","sha1":"982a05814546017c40771e59e7677b53d84787e9","sha256":"f1d2c52f2803c29585b81d2eff74c56242d27e9619ee6d38081d5604c5bb1951","sha512":"9a4eba2a9314b6f5851997e1db0ecfae8e40da3443d8a5f9df933ccf6a4d75fc330888c8d14818326e15b3dec9ae2f5f7e73cd08c3822dd7eb0b2d753c8cd8fa","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/base/worker/workerMain.js","filename":"workerMain.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"JavaScript source, ASCII text, with very long lines (1119), with CRLF line terminators","size":136817,"md5":"d0ac5294c58e523cddf25bc6d785fa48","sha1":"1b3661b6db36f1b14fd80dc9a739bfc69c68dfe5","sha256":"e90d1a8f116fa74431117a3ad78dde16dde060a4bf7528dfe3d5a3ad6156504b","sha512":"fea07a1ea5d29a3b4c614248655f4d1ddd94c10c6a6b5c8b428a8b4c0cbec7e7492fa0665c5001e65ce167240ffdfc5ac2c2ed14da3d6f508ae8d8b3c8e8eebb","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/basic-languages/lua/lua.js","filename":"lua.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"JavaScript source, ASCII text, with CRLF line terminators","size":4679,"md5":"eebda1fdd970433750c115eae2f03865","sha1":"3f1a1cddb99dead013eac825eb418241656d4bf0","sha256":"ac729efb3164f48d6b08f74d4b15060c126a30d40fb4cd4fc9cc94f2e19bd7c7","sha512":"8b188f3ae73a14a9318dce9761312d9dd2360ab00ee36e83ca6b74288a109c91770954db7537fd84a76707a1e79528fffc97f3a718bcd924545b469a1363c9cb","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.css","filename":"editor.main.css","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"ASCII text, with very long lines (65249), with CRLF line terminators","size":301375,"md5":"23c7db6e12f6454ef6e7fb98d17924d8","sha1":"06398b44a338db5eeab2d461347334fc69af5af1","sha256":"615824c59ed1e07f5924286e9f02f3120b9064d59e115d3f668a914e07839451","sha512":"5ed3103e4f6640ca71e103e7f3752aca3027d8c563084d519f9d6358018ccdfacd0c4c08b69e510f88effa2b56dce04241ee7f92f3db99d9077b49ed7271d924","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.js","filename":"editor.main.js","modified":"2024-11-05T10:58:32-05:00","Modified":"","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65245), with CRLF line terminators","size":2183400,"md5":"2dc0068cdbc03ce43a75ab0b2df664e2","sha1":"817a209e179466dc8a14e05eb11a6c1b7e3d71eb","sha256":"b604b6148f70fe9db882cce2a7d327b2422ad2f203a805491002a8c564e3c3ff","sha512":"1ce29ed21e027d3552dc05162250bd62d66555f7b9ff48c9c94116d1e696089c32851533e7db30a7507a85b598df8fbf66292904c446536ccd3b2c60209d9d3d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.de.js","filename":"editor.main.nls.de.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (16089), with CRLF line terminators","size":47200,"md5":"d1fd2fb756c73970b9c5e0ba07bff708","sha1":"470057b3244886dccc9f6074297cc8bc2a9c1b39","sha256":"cb1c3416ff242a738c45c3b2590d7d222b159a95a69ce3b7b8d7c8d18ea70828","sha512":"db2432182ff4c85fcca5093d0e433ed9cf5bed3ea3db9ed82fedc87af4d260e0d0f29ff67f0b8ac78e162586a74998ad082a91e8f9a76717827a83d5b2f775cf","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.es.js","filename":"editor.main.nls.es.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (16082), with CRLF line terminators","size":47589,"md5":"36f546b28ca17ece9f8eb9bcf8344e13","sha1":"d43934b9041587799e332b2f568aa81666227258","sha256":"327437ee3793e9ae0686c78196b459592c282ed2e86f95ce28d32693b76d7654","sha512":"13f8cc23038c07b6840514db4fc7b503b7a38ae1ec3baab44f1bfbded40ac50ae03c05c754f9678eecd0c8fcefab958152b39b731068b8c2c976c4c57e97f36d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.fr.js","filename":"editor.main.nls.fr.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (16773), with CRLF line terminators","size":50986,"md5":"1a29080733878dd44e0c118e84cd0c39","sha1":"60c158e23962b11918f6cae26445fad5b63bc65a","sha256":"6ed837dc1905c06a20d102921ff06a0bda003c5368ed0576bf7e69494e889ae8","sha512":"5cc68cabb583100320d7c875fd7c46f5c618c3968ac2a7c2b60f90ec74b29349a557049c17d5c851cabb54d5ef26cd65e8d2288d70b62ede06ee1762e25dbd60","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.it.js","filename":"editor.main.nls.it.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (17192), with CRLF line terminators","size":49330,"md5":"18e88f58301ad5ae926204507ab99c6b","sha1":"8eb03235312e88b941f3be212c0efa12b24e6d5f","sha256":"4fe2c4420294758883e134bdf7da9e6c2abf631d3a89c765f32f6c1d0f62653c","sha512":"f66283ec4182e9062f9f03a83acb3f2a49b98fb9ef67e48eaf5227236919ca279831b822fcb3ae252cfeafd81d12fe9c89a2843d91ab140a2b79b6bbc1d4f013","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.ja.js","filename":"editor.main.nls.ja.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (7783), with CRLF line terminators","size":53362,"md5":"3bf851cc70f515cbbe1d39da93e4f041","sha1":"88fe6323bbe14b55b6eec078574318e8474be613","sha256":"1f3556ea7233843b9e08b3c97b6727c533d702563e195c2090a438070dc85f0f","sha512":"61ffe9ec3550d2f8dfbc30d7d61327584833bb714a9d2cfc9788449190089dbdeaa293bb9921a43da782e1c36b7d242e13ac052b46210d2e79793626e921169d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.js","filename":"editor.main.nls.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (13654), with CRLF line terminators","size":39314,"md5":"e871d4d9539c26d7d2bf32801ebdecf0","sha1":"711460f619ef09fa23d272d97bfc00593a5319a8","sha256":"5ff0084e6a7eee82a735616239aaf2190ea9d90e89e19340831f3d590828016a","sha512":"b6b9bf96c132db9dfc99d70320231630fc46a8a83f500d8e4f677e2d03206364f2666946f69061dcba2e759f005261dae1ece73e054aa56b8210551bc353cced","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.ko.js","filename":"editor.main.nls.ko.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (8116), with CRLF line terminators","size":47576,"md5":"60fcd422ac97a1b645ff48cb6928f7af","sha1":"da5b57dfbd257720155e303f0e75e263f0e74190","sha256":"98e649fa40d8e2ccfdc212341feb8165a7d7bbec31e8a77d9819ad9474e4b8ba","sha512":"52439f47f1e12ccf37db40f9fa8fa4966579cd6b327cde1768187cd7fdc7ebdd444e1953e29ed09bdced40d764c2e8f7131d44908c00bfd350e856a9df661aa4","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.ru.js","filename":"editor.main.nls.ru.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (16153), with CRLF line terminators","size":77450,"md5":"6e7d5b984917b00f131c47473ce2b866","sha1":"97f94134ff8f73ab48c0635550f2d8054c239c7f","sha256":"1bb069d95a395bf258d1f262814591aa762c4b30529adde32ccbcaa7c7ca508d","sha512":"f2595e7e1812073c50bfa058db3c7918dd8d7a6f0d20a576c68d854a4c61ed74bef3ad5ab23430567065677d737d81c7f17010055a069b9e38b5594d65e882a0","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.zh-cn.js","filename":"editor.main.nls.zh-cn.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (5836), with CRLF line terminators","size":36890,"md5":"05e49314cf801f5d3992b55243690ea7","sha1":"c20fca9f037adf2edec34ccf67a08e56d1d71bbf","sha256":"e9adc8ffca9853ef6e0bd4e955af9f395a570bc7772fc2dac0c0ff241aac864b","sha512":"7d499b41ae9bee2e72b721a49c0d053029624b19af1ede71a4378e14d3f6b407539c18d29422fb8d21681ce7dc160d2f11e80064017f5c8a5f645d6c1a77cc75","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.zh-tw.js","filename":"editor.main.nls.zh-tw.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (5745), with CRLF line terminators","size":37442,"md5":"becbf441d95b0bc1565faf47ce9de373","sha1":"f660a8a29dc9861f7ff7e228622d492f1630b873","sha256":"94a7ff81b8ec3217a46bc5cdebe2c6aee98f73e6e902b7d9cf394836d052bbe5","sha512":"feee8ef6e36984309186b8ff491982efe4f144859c3f48d147b26bd61af6af751e013a951e945f02a2057368b485204734f6dc50cd6fca6294426b7fbdbcaa4f","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/loader.js","filename":"loader.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"JavaScript source, ASCII text, with very long lines (1023), with CRLF line terminators","size":30223,"md5":"bc15bb48d4d5c60ce7f16819f4d988c4","sha1":"87c7f328aa357d52b68b2cea0a214365a40cdc36","sha256":"5c3cf09973404ba31d760952f267751ef2bb09f315331d13ca432b65ce2c480b","sha512":"b5d7481773cafd01f3d738949a54e49c166c9a8fea3a150f6f0eed7449176d630991e27544a4e7b23fdad29700ae7fbba5de42f97c69874b6f2ad374194a9853","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/settings.json","filename":"settings.json","modified":"2024-12-09T17:41:31-05:00","Modified":"","magic":"JSON text data","size":160,"md5":"a64b02c0f0cb0b32089d30f70895a569","sha1":"8e602efa81ad229051a980290895a476e68f71df","sha256":"40a5de67445ebb897c8f895f4c8e515964ba06cde4080847642749490bde0581","sha512":"5506899b6442ebe3a8af9a4fb9a452adbd0075c99ac803336bd7bc3e8c2d4d5641ff9d6aba27340e1fff1c2fffbd4d16abaa6ffec5a8baff32c834acb9cc03fe","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/libcrypto-3-x64.dll","filename":"libcrypto-3-x64.dll","modified":"2024-10-23T02:18:42-04:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections","size":5209352,"md5":"54ca3e6afcb3c57c7914c0856d779f2a","sha1":"e37be8d92350aa1f9dd3212015de959faa58aa2f","sha256":"7aed0bc00d2f0ca0de95eaa6461327bd2e4543723a6ca443a7e899738b353b5a","sha512":"e8079e9d4bfa253677a669913f8198882c2eaaf9251f11cfa64eed5597c34ab7c267bed3826ad9f0a83675177a7575af54081852a5a633d999bd13cf873a79e8","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/libssl-3-x64.dll","filename":"libssl-3-x64.dll","modified":"2024-10-23T02:18:45-04:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections","size":1374984,"md5":"d66acb55a9f095a24865c9d883f96fd1","sha1":"cc8cb0a1d460fc0ef5a941bc5cd45e29ca7ef527","sha256":"7ae563b23164ec5994dbc24bce536b33df80c40de5ca97d64fe84a5dac34788e","sha512":"35c04c6f5f66d4585bba8fe48f2b470af7d6e366e9b9cb3ce0712818c5b1504c9e492a4d148164adf28793cc55b2ac58d3df28fb00f94033ddcb6e18ecce0227","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/Microsoft.Web.WebView2.Core.dll","filename":"Microsoft.Web.WebView2.Core.dll","modified":"2024-06-11T05:23:06-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":570856,"md5":"b037ca44fd19b8eedb6d5b9de3e48469","sha1":"1f328389c62cf673b3de97e1869c139d2543494e","sha256":"11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197","sha512":"fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/Microsoft.Web.WebView2.WinForms.dll","filename":"Microsoft.Web.WebView2.WinForms.dll","modified":"2024-06-11T05:22:54-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":38376,"md5":"8153423918c8cbf54b44acec01f1d6c2","sha1":"f0c3c5412b809725e6d4809230adb15cc7d83ad2","sha256":"5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4","sha512":"f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/Microsoft.Web.WebView2.Wpf.dll","filename":"Microsoft.Web.WebView2.Wpf.dll","modified":"2024-06-11T05:22:54-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":51688,"md5":"4a292c5c2abf1aab91dee8eecafe0ab6","sha1":"369e788108e5fb0608a803fa2e5a06690b4464b5","sha256":"b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4","sha512":"ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/Newtonsoft.Json.dll","filename":"Newtonsoft.Json.dll","modified":"2023-03-08T02:09:54-05:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":712464,"md5":"adf3e3eecde20b7c9661e9c47106a14a","sha1":"f3130f7fd4b414b5aec04eb87ed800eb84dd2154","sha256":"22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07","sha512":"6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/runtimes/win-arm64/native/WebView2Loader.dll","filename":"WebView2Loader.dll","modified":"2024-06-11T05:23:06-04:00","Modified":"","magic":"PE32+ executable (DLL) (console) Aarch64, for MS Windows, 7 sections","size":140248,"md5":"8f2648cd543236ef1b4856715731e069","sha1":"c269e906556c160201fe229b9f6f3dde26888ac4","sha256":"77152af4472dc7741901ba69ce3a670992546eb2f5eda3db7fee135ee0037de0","sha512":"26bd06330e690dc73534ec2c54cd75149c0e96cbcfb34b9012532223db51d98b37b8b5c507d8d1a9b3829ea49493981d79cc1e5aaaa5b0d4b796a72f4420f2cc","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-17","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.2-x64/runtimes/win-arm64/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"Xeno-v1.1.2-x64/runtimes/win-x64/native/WebView2Loader.dll","filename":"WebView2Loader.dll","modified":"2024-06-11T05:22:54-04:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 10 sections","size":165336,"md5":"c5f0c46e91f354c58ecec864614157d7","sha1":"cb6f85c0b716b4fc3810deb3eb9053beb07e803c","sha256":"465a7ddfb3a0da4c3965daf2ad6ac7548513f42329b58aebc337311c10ea0a6f","sha512":"287756078aa08130907bd8601b957e9e006cef9f5c6765df25cfaa64ddd0fff7d92ffa11f10a00a4028687f3220efda8c64008dbcf205bedae5da296e3896e91","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-17","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.2-x64/runtimes/win-x64/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"Xeno-v1.1.2-x64/runtimes/win-x86/native/WebView2Loader.dll","filename":"WebView2Loader.dll","modified":"2024-06-11T05:23:16-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections","size":116200,"md5":"9d7744e15bb8e3d005079b18979c8544","sha1":"7b326c96e5f3f6baaf6e9390b119a4ffb3df2c64","sha256":"cc2f661aac9c05646933f717e629a69be93d8d06803066289d6dc1105aac6cd2","sha512":"732fd17714ec5ef0afd8f17d06adc895e93bea4585b6b1dabcf95c3fbe808e7b31a19c13cccfac0b30cd425cf96926749a0373a861f55fa8db442430803f4a25","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-17","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.2-x64/runtimes/win-x86/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"Xeno-v1.1.2-x64/scripts/Dex.lua","filename":"Dex.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, ASCII text, with very long lines (467), with CRLF line terminators","size":420163,"md5":"e37374a8aa47cf8ac6d56901436e199f","sha1":"5d62f5db07614f3b548702faa4f7a06e235c9b12","sha256":"47cc5f1102fda0eba76b9570a1b943326f2170f270d5280e1f8dd5723c43fc14","sha512":"efee19e8109a48d49f099dd1767c722935123c4ea4d6e0ab905703e16fcb7196d31c45826d4398a5b7249e686ca90db3f671416909ce3440d4709edf1bd55775","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/scripts/Infinite Yield.lua","filename":"Infinite Yield.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","size":480320,"md5":"a8c69257b0db73b3e531d62cd872bc8b","sha1":"60c80decdad7e16869134a8c11a056298c628da6","sha256":"46b69f4be7ded4ac60c39255cfcd39357be8dcee7e60ad34ca53d909aa6e509a","sha512":"35d4211fb76971e3d6918a85ed57a0c4dbb51843b87f5f8a4568e5facfdb44627c111130c78eb7821f7a644a652bdc28caad9350bf8b317dc223aa13a23e6dca","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/scripts/Sine Wave.lua","filename":"Sine Wave.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, ASCII text, with CRLF line terminators","size":1071,"md5":"0bbb2aebfadc119226992045dcaa30b4","sha1":"6939f7c1f4fa7ac0f81e9dabef32fdb24d120e72","sha256":"a5f5aca3ac216ac9040d0425eb52b1465674d8cd79d928474562d9a644ff4f0b","sha512":"b433ad6f5d365c58e2260588fae7a3cbecbfe734daff125ce18b6673c629c1b6bccd6142ea49c2c77d57dbe9ab2d02b2897fd2d7c592d524952a62348715bbf8","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/scripts/Spinning Donut.lua","filename":"Spinning Donut.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, ASCII text, with CRLF line terminators","size":1751,"md5":"967403f0ecb43917e841a085851b732d","sha1":"b09f3bef3e9fe87970b48db46529c611c302db16","sha256":"cb1a35b6ae394e479b97aa1f946ca21b8794dd0d60b08b85bf89fa5b35a4d8da","sha512":"34e83a25f330243faf86b62923a873a9104fa62f756a66074905f7980475581eded0a92cd88b6beba9b6424fb7f2a9cd743627871f80d51ff36c39f28ccb29b3","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/scripts/UNCCheckEnv.lua","filename":"UNCCheckEnv.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","size":29161,"md5":"b76726d10354343d9af5c268e40b47c4","sha1":"7103c78071be0c65c8b3a217168cf7909aef748e","sha256":"e8d53406c916b8e827c65c8f00d8a18b1379e693fd0379e8116e749bdf860cf5","sha512":"5caffd8a06058e890fe4ae35430539281cf53fa791221189f0f6660778a83fa42cc3e5374ce06ff325420d92006c2bfe1003f1486714e889964075da66b046eb","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/Xeno.dll","filename":"Xeno.dll","modified":"2025-01-15T18:26:52-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 6 sections","size":1320960,"md5":"0b29d40637697c5e495e82ac1f1b6a6c","sha1":"13866b66684fdcef42a756615b13feb11338eeb2","sha256":"eaf2af3853a6c6702f730ce223bd6e7a8ceaf258288286cdb532f6dd76e6e362","sha512":"737b5386422bb1521a293a3ef0e036e68bf53b42fd305386ea66e43e030cd5f11f0bef65a79d27d5de15e972c9f0c25fcdf8d555dd97e629307e2f9fd1ab6f46","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-17","alert":"Scan result 1/71","trigger":"eaf2af3853a6c6702f730ce223bd6e7a8ceaf258288286cdb532f6dd76e6e362","verdict":"suspicious","severity":"","comment":"suspicious - 1/71","link":"https://www.virustotal.com/gui/file/eaf2af3853a6c6702f730ce223bd6e7a8ceaf258288286cdb532f6dd76e6e362","meta":null}]}},{"path":"Xeno-v1.1.2-x64/Xeno.exe","filename":"Xeno.exe","modified":"2025-01-15T18:23:35-05:00","Modified":"","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 6 sections","size":143360,"md5":"f0d6a8ef8299c5f15732a011d90b0be1","sha1":"5d2e6cc0bd4f1e810808f2a284f6c2a30b21edcf","sha256":"326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b","sha512":"5b9f1517949a7fa9fdb7413146632d21a4208dc92823b673af85963ae5cc7f827b3ba27f3e9c5554c45e726ad159aac77d30306acc3559bd8712534e41ff0f27","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-17","alert":"Scan result 1/72","trigger":"326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b","meta":null}]}},{"path":"Xeno-v1.1.2-x64/XenoUI.deps.json","filename":"XenoUI.deps.json","modified":"2025-01-15T18:23:35-05:00","Modified":"","magic":"JSON text data","size":2608,"md5":"f264dff8b12b6341b6bb97f9cea46324","sha1":"f8f19c048eacb31fb11b88d2a14b02cb3b7dbd74","sha256":"16b09c4fa7b6b3b75ded9a5ea854ad0b1b88288969376c94de1546cd02a82905","sha512":"4c69f803f0c48cff3da3b862dcad62b5c29af197f83d52cbf176c91e16752f883aea5ccb264aec66c2af179e038b5cf98439561ce08ffd31fc8b385486c67b93","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/XenoUI.dll","filename":"XenoUI.dll","modified":"2025-01-15T18:23:35-05:00","Modified":"","magic":"PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows, 2 sections","size":97792,"md5":"4c43b60b21dccd1dc9c14c0fa7f07a2d","sha1":"b99e120631bd2868a80ec642a7c787eef93fc075","sha256":"4af0cd671c0448dcc2fee2ce1b8845ea2f7c240cfb331220cdb59041947a3e4a","sha512":"746abd0e59878cd70d34383f363a457c5f8e22c1fd303dcd7999d1c800a432ead770935ed901a18d2dc04f3c87235c59bf758fa8034cdfea9ac1233e884681d1","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-17","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.2-x64/XenoUI.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-15","alert":"Scan result 1/70","trigger":"4af0cd671c0448dcc2fee2ce1b8845ea2f7c240cfb331220cdb59041947a3e4a","verdict":"suspicious","severity":"","comment":"suspicious - 1/70","link":"https://www.virustotal.com/gui/file/4af0cd671c0448dcc2fee2ce1b8845ea2f7c240cfb331220cdb59041947a3e4a","meta":null}]}},{"path":"Xeno-v1.1.2-x64/XenoUI.runtimeconfig.json","filename":"XenoUI.runtimeconfig.json","modified":"2025-01-15T18:23:35-05:00","Modified":"","magic":"JSON text data","size":515,"md5":"e0f6f18f9b152bc2d8c710b0214805d6","sha1":"ae3d39e59fd6edc05792a76cdf4f02a637f52e29","sha256":"89ad1ea5c9c20b6b266547ef27c0ae3840cab5642d3c2aedf06b7026245671dd","sha512":"80a6a9ff925bd1ba6f57fa1f7dd40de962001af97f8c2477d0b502728e23b6f412c74134e33efb36ccfeb08bbbeb678beb7e2e52fad24a763967eba8cf09b29e","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-17","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.2-x64/runtimes/win-arm64/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-17","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.2-x64/runtimes/win-x64/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-17","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.2-x64/runtimes/win-x86/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-17","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.2-x64/XenoUI.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-17","alert":"Scan result 2/65","trigger":"1d2001162fd635210d91f441ed2ba536747a7347b719a49f67429ada56a1395b","verdict":"suspicious","severity":"","comment":"suspicious - 2/65","link":"https://www.virustotal.com/gui/file/1d2001162fd635210d91f441ed2ba536747a7347b719a49f67429ada56a1395b","meta":null}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"f9e3cb826c8013aebb2eab1336d60742","sha1":"72bbb72c8aefeb421e92c41c839c08e0b1cb1756","sha256":"1d2001162fd635210d91f441ed2ba536747a7347b719a49f67429ada56a1395b","sha512":"1bcbd4c270f421de0dbae9078dfd5298fb591d557acd37b993d3119e4ebed95f4a333dfad3ec20980ff605bc47a5faaa227041153790ccf2fd77ebb2992b8fda","magic":"Zip archive data, at least v1.0 to extract, compression method=store","size":4556244,"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/883345985/6bd4a331-0517-4cdd-927c-b6746b41f8c0?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20250117%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20250117T152242Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=08d90ca31e53d29451346f1ff1d648d0fdc13ef0aa5a1b3c7ac7ea5e5a7f4ae3\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3DXeno-v1.1.2-x64.zip\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.111.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":[{"path":"Xeno-v1.1.2-x64/autoexec/test.txt","filename":"test.txt","modified":"2024-12-10T20:41:54-05:00","Modified":"","magic":"ASCII text, with no line terminators","size":29,"md5":"649d2f9bbd50814244547e4e140a95e0","sha1":"c7d1725852f659487fd8b70fe7c2c32420732734","sha256":"2bc836b0f80c7100d8125e8c17235e62ffb93929103a64af004ee2eef1b03c92","sha512":"ba058df5f0573884ea2a6c481fa7157cc23959607b1493cc4304bc68358a473dff4bde96e43cd17e0bf82e1fdb01374f0a13719aeddd2127639259b70ce7edb8","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/index.html","filename":"index.html","modified":"2024-11-03T11:37:04-05:00","Modified":"","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (61271), with CRLF line terminators","size":168642,"md5":"001dcbb8f41cdcbf9b4d1e3a0ed4b2d2","sha1":"982a05814546017c40771e59e7677b53d84787e9","sha256":"f1d2c52f2803c29585b81d2eff74c56242d27e9619ee6d38081d5604c5bb1951","sha512":"9a4eba2a9314b6f5851997e1db0ecfae8e40da3443d8a5f9df933ccf6a4d75fc330888c8d14818326e15b3dec9ae2f5f7e73cd08c3822dd7eb0b2d753c8cd8fa","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/base/worker/workerMain.js","filename":"workerMain.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"JavaScript source, ASCII text, with very long lines (1119), with CRLF line terminators","size":136817,"md5":"d0ac5294c58e523cddf25bc6d785fa48","sha1":"1b3661b6db36f1b14fd80dc9a739bfc69c68dfe5","sha256":"e90d1a8f116fa74431117a3ad78dde16dde060a4bf7528dfe3d5a3ad6156504b","sha512":"fea07a1ea5d29a3b4c614248655f4d1ddd94c10c6a6b5c8b428a8b4c0cbec7e7492fa0665c5001e65ce167240ffdfc5ac2c2ed14da3d6f508ae8d8b3c8e8eebb","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/basic-languages/lua/lua.js","filename":"lua.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"JavaScript source, ASCII text, with CRLF line terminators","size":4679,"md5":"eebda1fdd970433750c115eae2f03865","sha1":"3f1a1cddb99dead013eac825eb418241656d4bf0","sha256":"ac729efb3164f48d6b08f74d4b15060c126a30d40fb4cd4fc9cc94f2e19bd7c7","sha512":"8b188f3ae73a14a9318dce9761312d9dd2360ab00ee36e83ca6b74288a109c91770954db7537fd84a76707a1e79528fffc97f3a718bcd924545b469a1363c9cb","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.css","filename":"editor.main.css","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"ASCII text, with very long lines (65249), with CRLF line terminators","size":301375,"md5":"23c7db6e12f6454ef6e7fb98d17924d8","sha1":"06398b44a338db5eeab2d461347334fc69af5af1","sha256":"615824c59ed1e07f5924286e9f02f3120b9064d59e115d3f668a914e07839451","sha512":"5ed3103e4f6640ca71e103e7f3752aca3027d8c563084d519f9d6358018ccdfacd0c4c08b69e510f88effa2b56dce04241ee7f92f3db99d9077b49ed7271d924","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.js","filename":"editor.main.js","modified":"2024-11-05T10:58:32-05:00","Modified":"","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65245), with CRLF line terminators","size":2183400,"md5":"2dc0068cdbc03ce43a75ab0b2df664e2","sha1":"817a209e179466dc8a14e05eb11a6c1b7e3d71eb","sha256":"b604b6148f70fe9db882cce2a7d327b2422ad2f203a805491002a8c564e3c3ff","sha512":"1ce29ed21e027d3552dc05162250bd62d66555f7b9ff48c9c94116d1e696089c32851533e7db30a7507a85b598df8fbf66292904c446536ccd3b2c60209d9d3d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.de.js","filename":"editor.main.nls.de.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (16089), with CRLF line terminators","size":47200,"md5":"d1fd2fb756c73970b9c5e0ba07bff708","sha1":"470057b3244886dccc9f6074297cc8bc2a9c1b39","sha256":"cb1c3416ff242a738c45c3b2590d7d222b159a95a69ce3b7b8d7c8d18ea70828","sha512":"db2432182ff4c85fcca5093d0e433ed9cf5bed3ea3db9ed82fedc87af4d260e0d0f29ff67f0b8ac78e162586a74998ad082a91e8f9a76717827a83d5b2f775cf","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.es.js","filename":"editor.main.nls.es.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (16082), with CRLF line terminators","size":47589,"md5":"36f546b28ca17ece9f8eb9bcf8344e13","sha1":"d43934b9041587799e332b2f568aa81666227258","sha256":"327437ee3793e9ae0686c78196b459592c282ed2e86f95ce28d32693b76d7654","sha512":"13f8cc23038c07b6840514db4fc7b503b7a38ae1ec3baab44f1bfbded40ac50ae03c05c754f9678eecd0c8fcefab958152b39b731068b8c2c976c4c57e97f36d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.fr.js","filename":"editor.main.nls.fr.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (16773), with CRLF line terminators","size":50986,"md5":"1a29080733878dd44e0c118e84cd0c39","sha1":"60c158e23962b11918f6cae26445fad5b63bc65a","sha256":"6ed837dc1905c06a20d102921ff06a0bda003c5368ed0576bf7e69494e889ae8","sha512":"5cc68cabb583100320d7c875fd7c46f5c618c3968ac2a7c2b60f90ec74b29349a557049c17d5c851cabb54d5ef26cd65e8d2288d70b62ede06ee1762e25dbd60","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.it.js","filename":"editor.main.nls.it.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (17192), with CRLF line terminators","size":49330,"md5":"18e88f58301ad5ae926204507ab99c6b","sha1":"8eb03235312e88b941f3be212c0efa12b24e6d5f","sha256":"4fe2c4420294758883e134bdf7da9e6c2abf631d3a89c765f32f6c1d0f62653c","sha512":"f66283ec4182e9062f9f03a83acb3f2a49b98fb9ef67e48eaf5227236919ca279831b822fcb3ae252cfeafd81d12fe9c89a2843d91ab140a2b79b6bbc1d4f013","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.ja.js","filename":"editor.main.nls.ja.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (7783), with CRLF line terminators","size":53362,"md5":"3bf851cc70f515cbbe1d39da93e4f041","sha1":"88fe6323bbe14b55b6eec078574318e8474be613","sha256":"1f3556ea7233843b9e08b3c97b6727c533d702563e195c2090a438070dc85f0f","sha512":"61ffe9ec3550d2f8dfbc30d7d61327584833bb714a9d2cfc9788449190089dbdeaa293bb9921a43da782e1c36b7d242e13ac052b46210d2e79793626e921169d","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.js","filename":"editor.main.nls.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (13654), with CRLF line terminators","size":39314,"md5":"e871d4d9539c26d7d2bf32801ebdecf0","sha1":"711460f619ef09fa23d272d97bfc00593a5319a8","sha256":"5ff0084e6a7eee82a735616239aaf2190ea9d90e89e19340831f3d590828016a","sha512":"b6b9bf96c132db9dfc99d70320231630fc46a8a83f500d8e4f677e2d03206364f2666946f69061dcba2e759f005261dae1ece73e054aa56b8210551bc353cced","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.ko.js","filename":"editor.main.nls.ko.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (8116), with CRLF line terminators","size":47576,"md5":"60fcd422ac97a1b645ff48cb6928f7af","sha1":"da5b57dfbd257720155e303f0e75e263f0e74190","sha256":"98e649fa40d8e2ccfdc212341feb8165a7d7bbec31e8a77d9819ad9474e4b8ba","sha512":"52439f47f1e12ccf37db40f9fa8fa4966579cd6b327cde1768187cd7fdc7ebdd444e1953e29ed09bdced40d764c2e8f7131d44908c00bfd350e856a9df661aa4","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.ru.js","filename":"editor.main.nls.ru.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (16153), with CRLF line terminators","size":77450,"md5":"6e7d5b984917b00f131c47473ce2b866","sha1":"97f94134ff8f73ab48c0635550f2d8054c239c7f","sha256":"1bb069d95a395bf258d1f262814591aa762c4b30529adde32ccbcaa7c7ca508d","sha512":"f2595e7e1812073c50bfa058db3c7918dd8d7a6f0d20a576c68d854a4c61ed74bef3ad5ab23430567065677d737d81c7f17010055a069b9e38b5594d65e882a0","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.zh-cn.js","filename":"editor.main.nls.zh-cn.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (5836), with CRLF line terminators","size":36890,"md5":"05e49314cf801f5d3992b55243690ea7","sha1":"c20fca9f037adf2edec34ccf67a08e56d1d71bbf","sha256":"e9adc8ffca9853ef6e0bd4e955af9f395a570bc7772fc2dac0c0ff241aac864b","sha512":"7d499b41ae9bee2e72b721a49c0d053029624b19af1ede71a4378e14d3f6b407539c18d29422fb8d21681ce7dc160d2f11e80064017f5c8a5f645d6c1a77cc75","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/editor/editor.main.nls.zh-tw.js","filename":"editor.main.nls.zh-tw.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"Unicode text, UTF-8 text, with very long lines (5745), with CRLF line terminators","size":37442,"md5":"becbf441d95b0bc1565faf47ce9de373","sha1":"f660a8a29dc9861f7ff7e228622d492f1630b873","sha256":"94a7ff81b8ec3217a46bc5cdebe2c6aee98f73e6e902b7d9cf394836d052bbe5","sha512":"feee8ef6e36984309186b8ff491982efe4f144859c3f48d147b26bd61af6af751e013a951e945f02a2057368b485204734f6dc50cd6fca6294426b7fbdbcaa4f","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/Monaco/vs/loader.js","filename":"loader.js","modified":"2024-09-08T19:51:16-04:00","Modified":"","magic":"JavaScript source, ASCII text, with very long lines (1023), with CRLF line terminators","size":30223,"md5":"bc15bb48d4d5c60ce7f16819f4d988c4","sha1":"87c7f328aa357d52b68b2cea0a214365a40cdc36","sha256":"5c3cf09973404ba31d760952f267751ef2bb09f315331d13ca432b65ce2c480b","sha512":"b5d7481773cafd01f3d738949a54e49c166c9a8fea3a150f6f0eed7449176d630991e27544a4e7b23fdad29700ae7fbba5de42f97c69874b6f2ad374194a9853","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/bin/settings.json","filename":"settings.json","modified":"2024-12-09T17:41:31-05:00","Modified":"","magic":"JSON text data","size":160,"md5":"a64b02c0f0cb0b32089d30f70895a569","sha1":"8e602efa81ad229051a980290895a476e68f71df","sha256":"40a5de67445ebb897c8f895f4c8e515964ba06cde4080847642749490bde0581","sha512":"5506899b6442ebe3a8af9a4fb9a452adbd0075c99ac803336bd7bc3e8c2d4d5641ff9d6aba27340e1fff1c2fffbd4d16abaa6ffec5a8baff32c834acb9cc03fe","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/libcrypto-3-x64.dll","filename":"libcrypto-3-x64.dll","modified":"2024-10-23T02:18:42-04:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections","size":5209352,"md5":"54ca3e6afcb3c57c7914c0856d779f2a","sha1":"e37be8d92350aa1f9dd3212015de959faa58aa2f","sha256":"7aed0bc00d2f0ca0de95eaa6461327bd2e4543723a6ca443a7e899738b353b5a","sha512":"e8079e9d4bfa253677a669913f8198882c2eaaf9251f11cfa64eed5597c34ab7c267bed3826ad9f0a83675177a7575af54081852a5a633d999bd13cf873a79e8","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/libssl-3-x64.dll","filename":"libssl-3-x64.dll","modified":"2024-10-23T02:18:45-04:00","Modified":"","magic":"PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 8 sections","size":1374984,"md5":"d66acb55a9f095a24865c9d883f96fd1","sha1":"cc8cb0a1d460fc0ef5a941bc5cd45e29ca7ef527","sha256":"7ae563b23164ec5994dbc24bce536b33df80c40de5ca97d64fe84a5dac34788e","sha512":"35c04c6f5f66d4585bba8fe48f2b470af7d6e366e9b9cb3ce0712818c5b1504c9e492a4d148164adf28793cc55b2ac58d3df28fb00f94033ddcb6e18ecce0227","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/Microsoft.Web.WebView2.Core.dll","filename":"Microsoft.Web.WebView2.Core.dll","modified":"2024-06-11T05:23:06-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":570856,"md5":"b037ca44fd19b8eedb6d5b9de3e48469","sha1":"1f328389c62cf673b3de97e1869c139d2543494e","sha256":"11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197","sha512":"fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/Microsoft.Web.WebView2.WinForms.dll","filename":"Microsoft.Web.WebView2.WinForms.dll","modified":"2024-06-11T05:22:54-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":38376,"md5":"8153423918c8cbf54b44acec01f1d6c2","sha1":"f0c3c5412b809725e6d4809230adb15cc7d83ad2","sha256":"5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4","sha512":"f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/Microsoft.Web.WebView2.Wpf.dll","filename":"Microsoft.Web.WebView2.Wpf.dll","modified":"2024-06-11T05:22:54-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":51688,"md5":"4a292c5c2abf1aab91dee8eecafe0ab6","sha1":"369e788108e5fb0608a803fa2e5a06690b4464b5","sha256":"b628d6133bf57b7482a49aa158e45b078df73ee7d33137ac1336d24ac67ed1b4","sha512":"ca22adfff9789730e4c02343e320d80b8466cfc5a15f662cefe376b7ee29dea571004c1c26cd3f50c0d24e646f2b36b53fa86835678f46f335d65eec52431cde","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/Newtonsoft.Json.dll","filename":"Newtonsoft.Json.dll","modified":"2023-03-08T02:09:54-05:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":712464,"md5":"adf3e3eecde20b7c9661e9c47106a14a","sha1":"f3130f7fd4b414b5aec04eb87ed800eb84dd2154","sha256":"22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07","sha512":"6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/runtimes/win-arm64/native/WebView2Loader.dll","filename":"WebView2Loader.dll","modified":"2024-06-11T05:23:06-04:00","Modified":"","magic":"PE32+ executable (DLL) (console) Aarch64, for MS Windows, 7 sections","size":140248,"md5":"8f2648cd543236ef1b4856715731e069","sha1":"c269e906556c160201fe229b9f6f3dde26888ac4","sha256":"77152af4472dc7741901ba69ce3a670992546eb2f5eda3db7fee135ee0037de0","sha512":"26bd06330e690dc73534ec2c54cd75149c0e96cbcfb34b9012532223db51d98b37b8b5c507d8d1a9b3829ea49493981d79cc1e5aaaa5b0d4b796a72f4420f2cc","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-17","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.2-x64/runtimes/win-arm64/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"Xeno-v1.1.2-x64/runtimes/win-x64/native/WebView2Loader.dll","filename":"WebView2Loader.dll","modified":"2024-06-11T05:22:54-04:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 10 sections","size":165336,"md5":"c5f0c46e91f354c58ecec864614157d7","sha1":"cb6f85c0b716b4fc3810deb3eb9053beb07e803c","sha256":"465a7ddfb3a0da4c3965daf2ad6ac7548513f42329b58aebc337311c10ea0a6f","sha512":"287756078aa08130907bd8601b957e9e006cef9f5c6765df25cfaa64ddd0fff7d92ffa11f10a00a4028687f3220efda8c64008dbcf205bedae5da296e3896e91","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-17","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.2-x64/runtimes/win-x64/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"Xeno-v1.1.2-x64/runtimes/win-x86/native/WebView2Loader.dll","filename":"WebView2Loader.dll","modified":"2024-06-11T05:23:16-04:00","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections","size":116200,"md5":"9d7744e15bb8e3d005079b18979c8544","sha1":"7b326c96e5f3f6baaf6e9390b119a4ffb3df2c64","sha256":"cc2f661aac9c05646933f717e629a69be93d8d06803066289d6dc1105aac6cd2","sha512":"732fd17714ec5ef0afd8f17d06adc895e93bea4585b6b1dabcf95c3fbe808e7b31a19c13cccfac0b30cd425cf96926749a0373a861f55fa8db442430803f4a25","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-17","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.2-x64/runtimes/win-x86/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"Xeno-v1.1.2-x64/scripts/Dex.lua","filename":"Dex.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, ASCII text, with very long lines (467), with CRLF line terminators","size":420163,"md5":"e37374a8aa47cf8ac6d56901436e199f","sha1":"5d62f5db07614f3b548702faa4f7a06e235c9b12","sha256":"47cc5f1102fda0eba76b9570a1b943326f2170f270d5280e1f8dd5723c43fc14","sha512":"efee19e8109a48d49f099dd1767c722935123c4ea4d6e0ab905703e16fcb7196d31c45826d4398a5b7249e686ca90db3f671416909ce3440d4709edf1bd55775","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/scripts/Infinite Yield.lua","filename":"Infinite Yield.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","size":480320,"md5":"a8c69257b0db73b3e531d62cd872bc8b","sha1":"60c80decdad7e16869134a8c11a056298c628da6","sha256":"46b69f4be7ded4ac60c39255cfcd39357be8dcee7e60ad34ca53d909aa6e509a","sha512":"35d4211fb76971e3d6918a85ed57a0c4dbb51843b87f5f8a4568e5facfdb44627c111130c78eb7821f7a644a652bdc28caad9350bf8b317dc223aa13a23e6dca","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/scripts/Sine Wave.lua","filename":"Sine Wave.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, ASCII text, with CRLF line terminators","size":1071,"md5":"0bbb2aebfadc119226992045dcaa30b4","sha1":"6939f7c1f4fa7ac0f81e9dabef32fdb24d120e72","sha256":"a5f5aca3ac216ac9040d0425eb52b1465674d8cd79d928474562d9a644ff4f0b","sha512":"b433ad6f5d365c58e2260588fae7a3cbecbfe734daff125ce18b6673c629c1b6bccd6142ea49c2c77d57dbe9ab2d02b2897fd2d7c592d524952a62348715bbf8","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/scripts/Spinning Donut.lua","filename":"Spinning Donut.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, ASCII text, with CRLF line terminators","size":1751,"md5":"967403f0ecb43917e841a085851b732d","sha1":"b09f3bef3e9fe87970b48db46529c611c302db16","sha256":"cb1a35b6ae394e479b97aa1f946ca21b8794dd0d60b08b85bf89fa5b35a4d8da","sha512":"34e83a25f330243faf86b62923a873a9104fa62f756a66074905f7980475581eded0a92cd88b6beba9b6424fb7f2a9cd743627871f80d51ff36c39f28ccb29b3","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/scripts/UNCCheckEnv.lua","filename":"UNCCheckEnv.lua","modified":"2024-11-05T11:51:40-05:00","Modified":"","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","size":29161,"md5":"b76726d10354343d9af5c268e40b47c4","sha1":"7103c78071be0c65c8b3a217168cf7909aef748e","sha256":"e8d53406c916b8e827c65c8f00d8a18b1379e693fd0379e8116e749bdf860cf5","sha512":"5caffd8a06058e890fe4ae35430539281cf53fa791221189f0f6660778a83fa42cc3e5374ce06ff325420d92006c2bfe1003f1486714e889964075da66b046eb","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/Xeno.dll","filename":"Xeno.dll","modified":"2025-01-15T18:26:52-05:00","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64, for MS Windows, 6 sections","size":1320960,"md5":"0b29d40637697c5e495e82ac1f1b6a6c","sha1":"13866b66684fdcef42a756615b13feb11338eeb2","sha256":"eaf2af3853a6c6702f730ce223bd6e7a8ceaf258288286cdb532f6dd76e6e362","sha512":"737b5386422bb1521a293a3ef0e036e68bf53b42fd305386ea66e43e030cd5f11f0bef65a79d27d5de15e972c9f0c25fcdf8d555dd97e629307e2f9fd1ab6f46","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-17","alert":"Scan result 1/71","trigger":"eaf2af3853a6c6702f730ce223bd6e7a8ceaf258288286cdb532f6dd76e6e362","verdict":"suspicious","severity":"","comment":"suspicious - 1/71","link":"https://www.virustotal.com/gui/file/eaf2af3853a6c6702f730ce223bd6e7a8ceaf258288286cdb532f6dd76e6e362","meta":null}]}},{"path":"Xeno-v1.1.2-x64/Xeno.exe","filename":"Xeno.exe","modified":"2025-01-15T18:23:35-05:00","Modified":"","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 6 sections","size":143360,"md5":"f0d6a8ef8299c5f15732a011d90b0be1","sha1":"5d2e6cc0bd4f1e810808f2a284f6c2a30b21edcf","sha256":"326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b","sha512":"5b9f1517949a7fa9fdb7413146632d21a4208dc92823b673af85963ae5cc7f827b3ba27f3e9c5554c45e726ad159aac77d30306acc3559bd8712534e41ff0f27","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-17","alert":"Scan result 1/72","trigger":"326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/326bae0bd1398234dcef4c3d71f00e30cc9b447fa963e21d6f29605f42bb7e5b","meta":null}]}},{"path":"Xeno-v1.1.2-x64/XenoUI.deps.json","filename":"XenoUI.deps.json","modified":"2025-01-15T18:23:35-05:00","Modified":"","magic":"JSON text data","size":2608,"md5":"f264dff8b12b6341b6bb97f9cea46324","sha1":"f8f19c048eacb31fb11b88d2a14b02cb3b7dbd74","sha256":"16b09c4fa7b6b3b75ded9a5ea854ad0b1b88288969376c94de1546cd02a82905","sha512":"4c69f803f0c48cff3da3b862dcad62b5c29af197f83d52cbf176c91e16752f883aea5ccb264aec66c2af179e038b5cf98439561ce08ffd31fc8b385486c67b93","alerts":{"urlquery":null,"analyzer":null}},{"path":"Xeno-v1.1.2-x64/XenoUI.dll","filename":"XenoUI.dll","modified":"2025-01-15T18:23:35-05:00","Modified":"","magic":"PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows, 2 sections","size":97792,"md5":"4c43b60b21dccd1dc9c14c0fa7f07a2d","sha1":"b99e120631bd2868a80ec642a7c787eef93fc075","sha256":"4af0cd671c0448dcc2fee2ce1b8845ea2f7c240cfb331220cdb59041947a3e4a","sha512":"746abd0e59878cd70d34383f363a457c5f8e22c1fd303dcd7999d1c800a432ead770935ed901a18d2dc04f3c87235c59bf758fa8034cdfea9ac1233e884681d1","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-17","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.2-x64/XenoUI.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-15","alert":"Scan result 1/70","trigger":"4af0cd671c0448dcc2fee2ce1b8845ea2f7c240cfb331220cdb59041947a3e4a","verdict":"suspicious","severity":"","comment":"suspicious - 1/70","link":"https://www.virustotal.com/gui/file/4af0cd671c0448dcc2fee2ce1b8845ea2f7c240cfb331220cdb59041947a3e4a","meta":null}]}},{"path":"Xeno-v1.1.2-x64/XenoUI.runtimeconfig.json","filename":"XenoUI.runtimeconfig.json","modified":"2025-01-15T18:23:35-05:00","Modified":"","magic":"JSON text data","size":515,"md5":"e0f6f18f9b152bc2d8c710b0214805d6","sha1":"ae3d39e59fd6edc05792a76cdf4f02a637f52e29","sha256":"89ad1ea5c9c20b6b266547ef27c0ae3840cab5642d3c2aedf06b7026245671dd","sha512":"80a6a9ff925bd1ba6f57fa1f7dd40de962001af97f8c2477d0b502728e23b6f412c74134e33efb36ccfeb08bbbeb678beb7e2e52fad24a763967eba8cf09b29e","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-17","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.2-x64/runtimes/win-arm64/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-17","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.2-x64/runtimes/win-x64/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-17","alert":"files - file ~tmp01925d3f.exe","trigger":"Xeno-v1.1.2-x64/runtimes/win-x86/native/WebView2Loader.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-01-17","alert":"Detect pe file that no import table","trigger":"Xeno-v1.1.2-x64/XenoUI.dll","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"date":"2021-10-19","description":"Detect pe file that no import table","rule":"pe_no_import_table","yarahub_license":"CC0 1.0","yarahub_reference_md5":"045ff7ed5a360b19dcc4c5bd9211d194","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"a91fb4f4-1ceb-456d-90d1-a25f6d16b204"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-17","alert":"Scan result 2/65","trigger":"1d2001162fd635210d91f441ed2ba536747a7347b719a49f67429ada56a1395b","verdict":"suspicious","severity":"","comment":"suspicious - 2/65","link":"https://www.virustotal.com/gui/file/1d2001162fd635210d91f441ed2ba536747a7347b719a49f67429ada56a1395b","meta":null}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"github.com/rlz-ve/x/releases/download/v1.1.2/Xeno-v1.1.2-x64.zip","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.3","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-01-17T15:22:41.837Z","timestamp":1737127361837,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"github.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 07 Mar 2024 00:00:00 GMT","end":"Fri, 07 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"E7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0","sha256":"FD:6E:9B:0E:F3:98:BC:D9:04:C3:B2:EC:16:7A:7B:0F:DA:72:01:C9:03:C5:3A:6A:6A:E5:D0:41:43:63:EF:65"}}},"request":{"raw":"GET /rlz-ve/x/releases/download/v1.1.2/Xeno-v1.1.2-x64.zip HTTP/1.1\r\nHost: github.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: GitHub.com\r\ndate: Fri, 17 Jan 2025 15:22:42 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With\r\nlocation: https://objects.githubusercontent.com/github-production-release-asset-2e65be/883345985/6bd4a331-0517-4cdd-927c-b6746b41f8c0?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20250117%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20250117T152242Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=08d90ca31e53d29451346f1ff1d648d0fdc13ef0aa5a1b3c7ac7ea5e5a7f4ae3\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3DXeno-v1.1.2-x64.zip\u0026response-content-type=application%2Foctet-stream\r\ncache-control: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nx-frame-options: deny\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/\r\ncontent-length: 0\r\nx-github-request-id: 5CBF:1FF09E:459A44C:4747503:678A75C1\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-16T17:50:43.021957Z","times_seen":16476669,"resource_available":true,"data":null}},"time_used":377,"timings":{"blocked":97,"dns":1,"connect":19,"send":0,"wait":171,"receive":2,"ssl":82},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/883345985/6bd4a331-0517-4cdd-927c-b6746b41f8c0?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20250117%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20250117T152242Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=08d90ca31e53d29451346f1ff1d648d0fdc13ef0aa5a1b3c7ac7ea5e5a7f4ae3\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3DXeno-v1.1.2-x64.zip\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.111.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-01-17T15:22:42.129Z","timestamp":1737127362129,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":"GitHub, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 Mar 2024 00:00:00 GMT","end":"Fri, 14 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28","sha256":"09:01:0C:CE:9B:72:21:55:C7:E6:86:B0:77:39:D3:D2:DC:06:05:DE:A1:A4:98:4A:0B:96:5E:18:77:77:26:B5"}}},"request":{"raw":"GET /github-production-release-asset-2e65be/883345985/6bd4a331-0517-4cdd-927c-b6746b41f8c0?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20250117%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20250117T152242Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=08d90ca31e53d29451346f1ff1d648d0fdc13ef0aa5a1b3c7ac7ea5e5a7f4ae3\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3DXeno-v1.1.2-x64.zip\u0026response-content-type=application%2Foctet-stream HTTP/1.1\r\nHost: objects.githubusercontent.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/octet-stream\r\nlast-modified: Wed, 15 Jan 2025 23:52:11 GMT\r\netag: \"0x8DD35BFA10F3984\"\r\nserver: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0\r\nx-ms-request-id: 603bb11c-901e-0028-22a8-6780fd000000\r\nx-ms-version: 2024-11-04\r\nx-ms-creation-time: Wed, 15 Jan 2025 23:52:11 GMT\r\nx-ms-blob-content-md5: +ePLgmyAE667LqsTNtYHQg==\r\nx-ms-lease-status: unlocked\r\nx-ms-lease-state: available\r\nx-ms-blob-type: BlockBlob\r\ncontent-disposition: attachment; filename=Xeno-v1.1.2-x64.zip\r\nx-ms-server-encrypted: true\r\nvia: 1.1 varnish, 1.1 varnish\r\nfastly-restarts: 1\r\naccept-ranges: bytes\r\ndate: Fri, 17 Jan 2025 15:22:42 GMT\r\nage: 3860\r\nx-served-by: cache-iad-kiad7000140-IAD, cache-hel1410022-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 82, 924\r\nx-timer: S1737127362.186030,VS0,VE0\r\ncontent-length: 4556244\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4556244,"size_decoded":4556244,"mime_type":"application/octet-stream","magic":"Zip archive data, at least v1.0 to extract, compression method=store","md5":"f9e3cb826c8013aebb2eab1336d60742","sha1":"72bbb72c8aefeb421e92c41c839c08e0b1cb1756","sha256":"1d2001162fd635210d91f441ed2ba536747a7347b719a49f67429ada56a1395b","sha512":"1bcbd4c270f421de0dbae9078dfd5298fb591d557acd37b993d3119e4ebed95f4a333dfad3ec20980ff605bc47a5faaa227041153790ccf2fd77ebb2992b8fda","ssdeep":"98304:WD6OMyxrm+twdjTmDh/BRFQNM74slPZDtgooNhKNaLz//XtJgD:WDUyR9tWjTml/3bZZpnPNAjtJgD","tlshash":"e22633cf2b974771d35ca0fbc1f72e368188ad0b56b2cbd418c9671faaa09604276cd5","first_seen":"2025-01-15T23:59:54.379728Z","last_seen":"2025-03-12T20:14:24.780599Z","times_seen":12,"resource_available":false,"data":null}},"time_used":1029,"timings":{"blocked":52,"dns":1,"connect":13,"send":0,"wait":413,"receive":512,"ssl":34},"alerts":{"ids":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-01-17","alert":"Scan result 2/65","trigger":"1d2001162fd635210d91f441ed2ba536747a7347b719a49f67429ada56a1395b","verdict":"suspicious","severity":"","comment":"suspicious - 2/65","link":"https://www.virustotal.com/gui/file/1d2001162fd635210d91f441ed2ba536747a7347b719a49f67429ada56a1395b","meta":null}],"urlquery":null}}]}