{"report_id":"e9cd8dea-e052-42e8-9155-977f528a9fd6","version":6,"status":"done","tags":[],"date":"2024-08-28T08:05:08Z","url":{"schema":"http","addr":"github.com/anonyketa/EXM-Tweaking-Utility-Premium/releases/download/V1.0/exm.zip","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.4","port":0,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-07T17:30:05Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"r11.o.lencr.org","ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-07 07:43:57","last_seen":"2024-08-27 18:12:09","alert_count":0,"request_count":5,"received_data":4435,"sent_data":1635,"comment":"","tags":null,"fingerprints":null},{"fqdn":"r10.o.lencr.org","ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"domain_registered":"2020-06-29","domain_rank":0,"first_seen":"2024-06-06 21:45:11","last_seen":"2024-08-27 18:12:12","alert_count":0,"request_count":3,"received_data":2662,"sent_data":981,"comment":"","tags":null,"fingerprints":null},{"fqdn":"github.com","ip":{"addr":"140.82.121.4","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"domain_registered":"2007-10-09","domain_rank":1423,"first_seen":"2016-07-13 12:28:22","last_seen":"2024-08-26 10:52:48","alert_count":0,"request_count":1,"received_data":4250,"sent_data":534,"comment":"","tags":null,"fingerprints":null},{"fqdn":"objects.githubusercontent.com","ip":{"addr":"185.199.109.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2014-02-06","domain_rank":134060,"first_seen":"2021-11-01 22:34:29","last_seen":"2024-08-27 16:21:30","alert_count":0,"request_count":1,"received_data":13896863,"sent_data":988,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":[{"md5":"de4e8080f24bde2d50836aba1efaebb0","sha1":"4dc443ba1e8f9cdeae72e8c4c5b1694bb91d942d","sha256":"5c2c664bd6bd9f53124f827b6831e268824d78dbc2af4969774412743cd4f028","sha512":"4d35456dc3083f48ba5d5d2394cef9395c8d5a6a64ee35af3a1cb7d4e3e272c0e1f9229fb5504711ab6c53984f434b01cf3728b04eb3e1b3027c592f5b94a3ad","magic":"Zip archive data, at least v2.0 to extract, compression method=store","size":13896079,"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/788602973/a8448863-44c7-4a40-911f-114b46201f4b?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240828%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240828T080437Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=c20f69d6da3fe92073d752fa07075265decd5cab466f6d0e423c44d9e69bbffb\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=788602973\u0026response-content-disposition=attachment%3B%20filename%3Dexm.zip\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.109.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"archive":[{"path":"Autoruns/autoruns.chm","filename":"autoruns.chm","modified":"","Modified":"2023-08-22T20:34:37+02:00","magic":"MS Windows HtmlHelp Data","size":24592,"md5":"2c099793584365b8897fca7a4fa397e8","sha1":"50eaf2f529b1e923f7d0238ea8d3eb2187ad19cf","sha256":"ecb58342290940a5eb6b72be6faa1d0afeec9df5898df3e026d75b7b08bd8f9a","sha512":"ae407cd6b2d6ddf033f04b19ddf168423f819a4a42834afe03b7c35f86dd7b6572ced6c325fd9a56eacc9613944c4f3d17831d15713a35f0ea24f4c4c14af0ce","alerts":{"urlquery":null,"analyzer":null}},{"path":"Autoruns/Autoruns.exe","filename":"Autoruns.exe","modified":"","Modified":"2023-08-22T20:34:37+02:00","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections","size":1783176,"md5":"17bd13edd536269c417ba8e1b4534fbe","sha1":"22470bb3a4c37a0c612ff7ad2596306065ac0c9b","sha256":"6111a70da65153e6ded71eae2057bf6760f340476261f6e15a80479daf9724eb","sha512":"00d8c80dcfdda235d06160b40d06e47bd0be5178c5fb2b26bf4cd984eae520d877517a16d1a62d88ed1f0a46244eafd4cc4b4183a35f85d13b250e492d441455","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"Autoruns/Autoruns.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}}]}},{"path":"Autoruns/Autoruns64.exe","filename":"Autoruns64.exe","modified":"","Modified":"2023-08-22T20:34:37+02:00","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 7 sections","size":1980352,"md5":"6ae8e963b33ee52df761412b451b2962","sha1":"f7ab1987848a91af2c77a72583211dcadeed420a","sha256":"f59056339de56820e57c961d6ddd9032bd78af9f2333797944f4ee57b77ee2ca","sha512":"472f07bb37966d056d9efb97e4b686951987ca358a9f213fa6db5ec50cf4a32084cb18c863c8c1add20a2619154cf9f4705541e27c196142917eb9491b54846a","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"Autoruns/Autoruns64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}}]}},{"path":"Autoruns/Autoruns64a.exe","filename":"Autoruns64a.exe","modified":"","Modified":"2023-08-22T20:34:37+02:00","magic":"PE32+ executable (GUI) Aarch64, for MS Windows, 6 sections","size":2088856,"md5":"d518661b0940e2464aa8d3073599ab89","sha1":"66be7b41b80477d7ea0045319a08362253d08097","sha256":"d6aee475688b942a2ea49ba4cc5c73ca97191ad91d7d8c2e4a57e07dcf9c9ba6","sha512":"e12967de56c1e514c22adeac308c87b2ee12d86055fb3b4e456db29bb653254cc96715afc3b701ff21c5137b2223a67bbb84a08fd05bfd15f199bdb6ab24e915","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"Autoruns/Autoruns64a.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}}]}},{"path":"Autoruns/autorunsc.exe","filename":"autorunsc.exe","modified":"","Modified":"2023-08-22T20:34:37+02:00","magic":"PE32 executable (console) Intel 80386, for MS Windows, 5 sections","size":718272,"md5":"1d4611e03d8f32ae08cf8ade9a958729","sha1":"a8a3504eaf57a7d640bd42b5d59d2b8afa3e5f33","sha256":"bfbcf41b4659a4f371d434fc92b0f13bd46cfb82b74910633e900008765bd6da","sha512":"b3114eb005aa1f5f855d86d846099d43b61bbc7353d3acec241a79b691f69080474d356d9e414dfb65036c9a36751d9839fef15f8115ea391e906a841eb52ea4","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"Autoruns/autorunsc.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"files - file ~tmp01925d3f.exe","trigger":"Autoruns/autorunsc.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"Autoruns/autorunsc64.exe","filename":"autorunsc64.exe","modified":"","Modified":"2023-08-22T20:34:37+02:00","magic":"PE32+ executable (console) x86-64, for MS Windows, 7 sections","size":803760,"md5":"848e852089ba84056308e184b034c302","sha1":"ffd77f9da61b955b07c76fa392b48c09273d81fd","sha256":"110651323222353e13588adcf82f7a21faa51422a251033a4e1163b9e95ae08a","sha512":"8e45aec194863838ee2e128f765e77b0e6fbfca710279a67fe516a20c273a595a5b1eceba33988c5cbe0c3b3d0238dc25e335a38431b49ac29a35ade099a6259","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"Autoruns/autorunsc64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"files - file ~tmp01925d3f.exe","trigger":"Autoruns/autorunsc64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"Autoruns/autorunsc64a.exe","filename":"autorunsc64a.exe","modified":"","Modified":"2023-08-22T20:34:37+02:00","magic":"PE32+ executable (console) Aarch64, for MS Windows, 6 sections","size":827272,"md5":"0c790f64e69f9d9a4cbde5e21f1a4e93","sha1":"356d1dde5bb5d1a6c43d118910eeff6725a219e9","sha256":"b9c11b7701a269b8151ec8b38577fe2bb4de1e4e1ecd7f63324454054acf6881","sha512":"5d285ff8738dc9aeed61d24e8823f81b568cc251793619d660fa42781b1cb4979c0f67e015183cccddf366f6a96ba9fcda53e91d522642ca8f8bc4bf2461a479","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"Autoruns/autorunsc64a.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"files - file ~tmp01925d3f.exe","trigger":"Autoruns/autorunsc64a.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}}]}},{"path":"Autoruns/Eula.txt","filename":"Eula.txt","modified":"","Modified":"2023-08-22T20:34:37+02:00","magic":"Unicode text, UTF-8 (with BOM) text, with very long lines (518), with CRLF line terminators","size":7490,"md5":"8c24c4084cdc3b7e7f7a88444a012bfc","sha1":"5ab806618497189342722d42dc382623ac3e1b55","sha256":"8329bcbadc7f81539a4969ca13f0be5b8eb7652b912324a1926fc9bfb6ec005a","sha512":"6c74bed85638871fd834b30183e1536e48512dd0f8471624732ac1b487f0eba34dec99f88d2d583335f66df543d5fabf4b8c9456255df2248a4c086f111f0baa","alerts":{"urlquery":null,"analyzer":null}},{"path":"EXMservice.exe","filename":"EXMservice.exe","modified":"","Modified":"2024-08-26T19:26:25+02:00","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":12582912,"md5":"ab2dfff7a07b6bfc8158d8ebd047eb06","sha1":"c82a03d3196d35e62d24b214fe26973d0a096f9a","sha256":"d43f16582732a55e966ee744c02bf87619f5707d66e6531557cb8b19a03a7f38","sha512":"74970b85f3ea00401cb9a4a0cda9d8937265a0168a2ed558e1489831a8f90d612cba652b7a7b495b9e7b544e7594861cd8e012d5203711682b71da964cd3ac42","alerts":{"urlquery":null,"analyzer":null}},{"path":"FortniteSettings/FortniteSettings.exe","filename":"FortniteSettings.exe","modified":"","Modified":"2024-07-22T22:04:28+02:00","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 7 sections","size":9759458,"md5":"a39de0d010e9d34de70abad81f031e23","sha1":"9903ee2dd6b87369eb33de49d5a3d13135309899","sha256":"3b4e1a5a0d85269d9491e155864e630339e292a9228dc1eb37ff61b0a657ff6e","sha512":"6247314d4ccf1fc14d8a999d476a6370b4e553bab76fb086f4cbf163f59c982643b0820d7d829ed3d3415456a613c777f90ac8c0ff3112be0ec44a7ee126a9d9","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-08-28","alert":"Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits","trigger":"FortniteSettings/FortniteSettings.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp (https://github.com/ruppde)","date":"2023-03-23","description":"Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits","hash":"fe53b9d820adf3bcddf42976b8af1411e87d9dfd9aa479f12b2db50a5600f348","license":"Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License","reference":"Internal Research","rule":"SUSP_Imphash_Mar23_3","score":"45"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-08-28","alert":"Identifies executable converted using PyInstaller.","trigger":"FortniteSettings/FortniteSettings.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-01-01","description":"Identifies executable converted using PyInstaller.","fingerprint":"ae849936b19be3eb491d658026b252c2f72dcb3c07c6bddecb7f72ad74903eee","first_imported":"2021-12-30","id":"6Pyq57uDDAEHbltmbp7xRT","last_modified":"2021-12-30","rule":"PyInstaller","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2024-08-09","alert":"Scan result 33/75","trigger":"3b4e1a5a0d85269d9491e155864e630339e292a9228dc1eb37ff61b0a657ff6e","verdict":"malicious","severity":"","comment":"malicious - 33/75","link":"https://www.virustotal.com/gui/file/3b4e1a5a0d85269d9491e155864e630339e292a9228dc1eb37ff61b0a657ff6e","meta":null}]}},{"path":"NvidiaProfileInspector/Exm_Premium_Profile_V4.nip","filename":"Exm_Premium_Profile_V4.nip","modified":"","Modified":"2024-04-13T03:18:02+02:00","magic":"XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":700712,"md5":"d5563eaeb8f6e5dbfb2d01fd24b7c8d5","sha1":"f619d9c97f356c0f41ccb8a7da2961b46c4242ef","sha256":"f3904fe5c2475af316b4a41e69bd833e05d8a160089b96e4f97b83fb125426f7","sha512":"0d3823f7582766df5f06cad6e59aca7046889f8be3b6d179a1f7fa1e007f1eed488473bc0f79b0aa347bb86637e0fa14bf4c7a34d13a8835b37acaf17fa4db8d","alerts":{"urlquery":null,"analyzer":null}},{"path":"NvidiaProfileInspector/nv.config","filename":"nv.config","modified":"","Modified":"2023-03-26T09:36:44+02:00","magic":"XML 1.0 document, ASCII text","size":158,"md5":"ce6d0bc7328b0fab08de80f292c1eaa4","sha1":"ae505d6f60a71259b91865f6d5a3d674e9de0ebe","sha256":"383b8dcb968b6bd0633658d9bb55c4acaf4c85a075aa456904a42d4e4efd5561","sha512":"f009ad44131f19997c7c7be38144132d9f701fda4492f3782a2717b92859f189196fac5a7d7e6ff6952f2c1735f27ffaddf0f7acbb45b98a7d85572e96c16c00","alerts":{"urlquery":null,"analyzer":null}},{"path":"NvidiaProfileInspector/nvidiaProfileInspector.exe","filename":"nvidiaProfileInspector.exe","modified":"","Modified":"2023-03-26T11:36:44+02:00","magic":"PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":548352,"md5":"ff5f39370b67a274cb58ba7e2039d2e2","sha1":"3020bb33e563e9efe59ea22aa4588bed5f1b2897","sha256":"1233487ea4db928ee062f12b00a6eda01445d001ab55566107234dea4dc65872","sha512":"7decec37c80d1d5ad6296d737d5d16c4fc92353a3ae4bd083c4a7b267bb6073a53d9f6152b20f9b5e62ba6c93f76d08f813812a83ce164db4c91107d7ad5a95f","alerts":{"urlquery":null,"analyzer":null}},{"path":"NvidiaProfileInspector/Reference.xml","filename":"Reference.xml","modified":"","Modified":"2023-03-26T09:36:44+02:00","magic":"XML 1.0 document, ASCII text, with CRLF line terminators","size":218251,"md5":"1a8493bff2d17c83e299101954dcb562","sha1":"439258f42f755d40311a31b37f6d37f447d546ba","sha256":"5a31c0500500713efd83160cef3db3f56b807b7c4f7a8b4ee7f4ffe05c676081","sha512":"75f2383f73fd3e03fdd17e93091cca7192919cb76ff564cafa7ee8d33d50db83d94dd3905d06b67c01f52f580b73573b490beb61f9a58af3cad3c0a29ce0aa2f","alerts":{"urlquery":null,"analyzer":null}},{"path":"PowerPlan/Exm_Premium_Power_Plan_V3.pow","filename":"Exm_Premium_Power_Plan_V3.pow","modified":"","Modified":"2024-04-13T03:36:50+02:00","magic":"MS Windows registry file, NT/2000 or above","size":12288,"md5":"abec2ceb9e8425172e1c7bbabbaf8eb1","sha1":"96bcfdc9bcb7c6fae883473dead92d332f06b162","sha256":"e14a55794a97986b70c4de0f7318561ca525641646451fee00ea53b793f15b6d","sha512":"c86445f87673d2ec4302adba4c6d828b1d1fe0429c7168cdc8f0f7074b8b2bd60974e9b27567b8e25eda2272e7f0fe5253ceb7090d54086c2c821d95bf30f5f1","alerts":{"urlquery":null,"analyzer":null}},{"path":"WindowsUpdateBlocker/Wub.exe","filename":"Wub.exe","modified":"","Modified":"2023-06-09T20:57:22+02:00","magic":"PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections","size":810000,"md5":"82aff8883099cf75462057c4e47e88ac","sha1":"68e2939f59b3869e9bd3ecc4aca3947649631bf8","sha256":"aac1123f17f8569a36bf93876cea30e15103fd2379b401a79129a2a6e7285ac2","sha512":"212ac940a1f8bdd805813c279d471efc53b858bc35c5edad182dfde3c29c37854618a507a0a0839e5a383d1ba4fe317c0b3c8275d023c86ecfa36f221560b96d","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"meth_get_eip","trigger":"WindowsUpdateBlocker/Wub.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-08-28","alert":"Identifies compiled AutoIT script (as EXE).","trigger":"WindowsUpdateBlocker/Wub.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-09-01","description":"Identifies compiled AutoIT script (as EXE).","fingerprint":"7d7623207492860e4196e8c8a493b874bb3042c83f19e61e1d958e79a09bc8f8","first_imported":"2021-12-30","id":"1HD8y9jsBZi1HDN82XCpZx","last_modified":"2021-12-30","rule":"AutoIT_Compiled","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}}]}},{"path":"WindowsUpdateBlocker/Wub.ini","filename":"Wub.ini","modified":"","Modified":"2023-10-15T21:12:34+02:00","magic":"Unicode text, UTF-16, little-endian text, with CRLF line terminators","size":99914,"md5":"a16bf55cd2ef7d9e56565b0ed1aa208a","sha1":"19edddaa24f73d9d01150babd58b1bcc0ff5d849","sha256":"30eb977d58106050818626b9b556a3badc7b7d012462903120a0663987c74c0b","sha512":"ab87d94620b0d77bfa8ff3e721bbb68a28185245b173be7b62195588e2a3b3d3a9ee085497300c14876118dff4edca7fea202328f3156a76c53f786b8d5b6118","alerts":{"urlquery":null,"analyzer":null}},{"path":"WindowsUpdateBlocker/Wub_x64.exe","filename":"Wub_x64.exe","modified":"","Modified":"2023-06-09T20:57:23+02:00","magic":"PE32+ executable (GUI) x86-64, for MS Windows, 5 sections","size":961600,"md5":"9d6778f7f274f7ecd4e7e875a7268b64","sha1":"452fa439f1cc0b9fcc37cf4b8cfff96e8cc348aa","sha256":"187eeee9e518011de1b87cfb0ed03e12ea551e9011f0c8defdd0e4535e672da2","sha512":"d51df55a5f903ec624550e847459bfa52fb19e892a58fe2de41251d9d98890b36f26a4950ad75f900de0311b5330066aaece11ec5e549d5b3867a61a344e0b87","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-08-28","alert":"Identifies compiled AutoIT script (as EXE).","trigger":"WindowsUpdateBlocker/Wub_x64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-09-01","description":"Identifies compiled AutoIT script (as EXE).","fingerprint":"7d7623207492860e4196e8c8a493b874bb3042c83f19e61e1d958e79a09bc8f8","first_imported":"2021-12-30","id":"1HD8y9jsBZi1HDN82XCpZx","last_modified":"2021-12-30","rule":"AutoIT_Compiled","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}}]}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"Autoruns/Autoruns.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"Autoruns/Autoruns64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"Autoruns/Autoruns64a.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"Autoruns/autorunsc.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"files - file ~tmp01925d3f.exe","trigger":"Autoruns/autorunsc.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"Autoruns/autorunsc64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"files - file ~tmp01925d3f.exe","trigger":"Autoruns/autorunsc64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"Autoruns/autorunsc64a.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"files - file ~tmp01925d3f.exe","trigger":"Autoruns/autorunsc64a.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"The DFIR Report","date":"2021-02-22","description":"files - file ~tmp01925d3f.exe","hash1":"10ff83629d727df428af1f57c524e1eaddeefd608c5a317a5bfc13e2df87fb63","reference":"https://thedfirreport.com","rule":"cobalt_strike_tmp01925d3f","score":"80","yarahub_license":"CC0 1.0","yarahub_reference_md5":"1c6ba04dc9808084846ac1005deb9c85","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"58ae3b15-154e-47e9-a24c-c8b885a4cd55"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public Nextron YARA rules","scan_date":"2024-08-28","alert":"Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits","trigger":"FortniteSettings/FortniteSettings.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/Neo23x0/signature-base","meta":{"author":"Arnim Rupp (https://github.com/ruppde)","date":"2023-03-23","description":"Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits","hash":"fe53b9d820adf3bcddf42976b8af1411e87d9dfd9aa479f12b2db50a5600f348","license":"Detection Rule License 1.1 https://github.com/SigmaHQ/Detection-Rule-License","reference":"Internal Research","rule":"SUSP_Imphash_Mar23_3","score":"45"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-08-28","alert":"Identifies executable converted using PyInstaller.","trigger":"FortniteSettings/FortniteSettings.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-01-01","description":"Identifies executable converted using PyInstaller.","fingerprint":"ae849936b19be3eb491d658026b252c2f72dcb3c07c6bddecb7f72ad74903eee","first_imported":"2021-12-30","id":"6Pyq57uDDAEHbltmbp7xRT","last_modified":"2021-12-30","rule":"PyInstaller","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2024-08-28","alert":"meth_get_eip","trigger":"WindowsUpdateBlocker/Wub.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Willi Ballenthin","date":"2022-06-13","rule":"meth_get_eip","yarahub_author_email":"william.ballenthin@mandiant.com","yarahub_author_twitter":"@williballenthin","yarahub_license":"CC BY 4.0","yarahub_reference_md5":"9727d5c2a5133f3b6a6466cc530a5048","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"666bfd55-7931-454e-beb8-22b5211ab04f"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-08-28","alert":"Identifies compiled AutoIT script (as EXE).","trigger":"WindowsUpdateBlocker/Wub.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-09-01","description":"Identifies compiled AutoIT script (as EXE).","fingerprint":"7d7623207492860e4196e8c8a493b874bb3042c83f19e61e1d958e79a09bc8f8","first_imported":"2021-12-30","id":"1HD8y9jsBZi1HDN82XCpZx","last_modified":"2021-12-30","rule":"AutoIT_Compiled","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}},{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"Public InfoSec YARA rules","scan_date":"2024-08-28","alert":"Identifies compiled AutoIT script (as EXE).","trigger":"WindowsUpdateBlocker/Wub_x64.exe","verdict":"malware","severity":"medium","comment":"","link":"https://github.com/bartblaze/Yara-rules","meta":{"author":"@bartblaze","category":"MALWARE","creation_date":"2020-09-01","description":"Identifies compiled AutoIT script (as EXE).","fingerprint":"7d7623207492860e4196e8c8a493b874bb3042c83f19e61e1d958e79a09bc8f8","first_imported":"2021-12-30","id":"1HD8y9jsBZi1HDN82XCpZx","last_modified":"2021-12-30","rule":"AutoIT_Compiled","sharing":"TLP:WHITE","source":"BARTBLAZE","status":"RELEASED","version":"1.0"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.77.32","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:04:36.924443774Z","timestamp":1724832276924,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"8D2071964C9D8A7E8E5E0C36BC5D82199123CE55059A79FFEDE86B59A9CB8DB5\"\r\nLast-Modified: Mon, 26 Aug 2024 02:33:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=2666\r\nExpires: Wed, 28 Aug 2024 08:49:02 GMT\r\nDate: Wed, 28 Aug 2024 08:04:36 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"a5c8e602d1c34dad6d2bf031b1922353","sha1":"5326666dceb77fd224fb1b5d8ab3eeeee07cea4d","sha256":"8d2071964c9d8a7e8e5e0c36bc5d82199123ce55059a79ffede86b59a9cb8db5","sha512":"14af0c1bf4201ac4fb6286d5e00f43901439eb5482f0c35b9e6f9691951f8c421b6cdb19e1386a951c33f88da9dd584ce2100ec690715654bad0141e15194328","ssdeep":"","tlshash":"08f09e661929b5d10a6c6878cfe4f0611e1e9dab28c40a9ab8ac93e56d467ac799200c","first_seen":"2024-08-26T09:37:06Z","last_seen":"2024-08-29T17:45:43.183391Z","times_seen":13234,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:04:36.949538963Z","timestamp":1724832276949,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"5A2F5A87F6408BBC11020231759DB8EEB24C28C0890DA8F3EE2565D87B0E1E4C\"\r\nLast-Modified: Mon, 26 Aug 2024 02:36:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=6575\r\nExpires: Wed, 28 Aug 2024 09:54:11 GMT\r\nDate: Wed, 28 Aug 2024 08:04:36 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"35888f142e8c995a2a992b24009a2cee","sha1":"8315b1d92f868af492e04ea1d0846ee9fc0328e7","sha256":"5a2f5a87f6408bbc11020231759db8eeb24c28c0890da8f3ee2565d87b0e1e4c","sha512":"520246d8e18bc326605766a6e5f3d8161db171271712caaa258d25258dbb6c7e57f07bb1b0c92d3d3134eb1111e6154c7ddce67caa8bafd3d25f38fdb7032517","ssdeep":"","tlshash":"86f0059236e17961ed9d321579edd25339208aa9905094c5748447b254602dd47c9909","first_seen":"2024-08-26T09:37:37Z","last_seen":"2024-08-29T17:45:45.462962Z","times_seen":20149,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:04:37.334650046Z","timestamp":1724832277334,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"0E7A047F2A11F5DB27830E9B2B2F9AC4578F8BC34E2A5AC00E194F0AC5E3E4FB\"\r\nLast-Modified: Mon, 26 Aug 2024 02:34:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=20328\r\nExpires: Wed, 28 Aug 2024 13:43:25 GMT\r\nDate: Wed, 28 Aug 2024 08:04:37 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"f7c4be8bd45166d9a6c01c9002cb0b35","sha1":"e057803eec2aa279d12d5a361903b66e7eccbb86","sha256":"0e7a047f2a11f5db27830e9b2b2f9ac4578f8bc34e2a5ac00e194f0ac5e3e4fb","sha512":"5906d92951ab9fcf937aa78576f11485319b5aa43b501c105ea213b5ffe3c4ebd99821f394f56b25504bec0c3ce15a856051827881e2e700375ec8a049842e77","ssdeep":"","tlshash":"54f0054510adb811ba5c5e3727b7c12e3e719af9342001db145442d52c10f7257c5804","first_seen":"2024-08-26T13:28:34Z","last_seen":"2024-08-29T17:44:10.113879Z","times_seen":19628,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r10.o.lencr.org/","fqdn":"r10.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.36.76.226","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:04:37.630364017Z","timestamp":1724832277630,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r10.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"73DD3E76893C7D3E9789FAA480774DFADA70BAD4E7F2EE0E2F05DD03E37167C8\"\r\nLast-Modified: Mon, 26 Aug 2024 02:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=5889\r\nExpires: Wed, 28 Aug 2024 09:42:46 GMT\r\nDate: Wed, 28 Aug 2024 08:04:37 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"5816ac10e25df6aba223283feef4fcc4","sha1":"341fac36b46eefae0d822171e880f6dc52392a3f","sha256":"73dd3e76893c7d3e9789faa480774dfada70bad4e7f2ee0e2f05dd03e37167c8","sha512":"8a35425bd60ec413bffdf952890669308ebec9e4ccf688b4bd57dffc7bfc17887246098c5f4ec742c2865fd9072a040d825e7b4b5d00cd57b6ddd9804857093c","ssdeep":"","tlshash":"0cf00ea225bf68102b7c09284ddac11dbf21fa8d380041f07ca046fa6ca1bec62d984b","first_seen":"2024-08-26T09:03:22Z","last_seen":"2024-08-29T17:46:07.367972Z","times_seen":11646,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"github.com/anonyketa/EXM-Tweaking-Utility-Premium/releases/download/V1.0/exm.zip","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.4","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-28T08:04:37.574Z","timestamp":1724832277574,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"github.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Thu, 07 Mar 2024 00:00:00 GMT","end":"Fri, 07 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"E7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0","sha256":"FD:6E:9B:0E:F3:98:BC:D9:04:C3:B2:EC:16:7A:7B:0F:DA:72:01:C9:03:C5:3A:6A:6A:E5:D0:41:43:63:EF:65"}}},"request":{"raw":"GET /anonyketa/EXM-Tweaking-Utility-Premium/releases/download/V1.0/exm.zip HTTP/1.1\r\nHost: github.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: GitHub.com\r\ndate: Wed, 28 Aug 2024 08:04:37 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With\r\nlocation: https://objects.githubusercontent.com/github-production-release-asset-2e65be/788602973/a8448863-44c7-4a40-911f-114b46201f4b?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240828%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240828T080437Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=c20f69d6da3fe92073d752fa07075265decd5cab466f6d0e423c44d9e69bbffb\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=788602973\u0026response-content-disposition=attachment%3B%20filename%3Dexm.zip\u0026response-content-type=application%2Foctet-stream\r\ncache-control: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nx-frame-options: deny\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/\r\ncontent-length: 0\r\nx-github-request-id: F97A:3243EC:2602E4F:26E548B:66CEDA15\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-22T02:29:52.920518Z","times_seen":16623839,"resource_available":true,"data":null}},"time_used":365,"timings":{"blocked":109,"dns":1,"connect":20,"send":0,"wait":143,"receive":0,"ssl":89},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/788602973/a8448863-44c7-4a40-911f-114b46201f4b?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240828%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240828T080437Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=c20f69d6da3fe92073d752fa07075265decd5cab466f6d0e423c44d9e69bbffb\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=788602973\u0026response-content-disposition=attachment%3B%20filename%3Dexm.zip\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.109.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2024-08-28T08:04:37.860Z","timestamp":1724832277860,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":"GitHub, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 Mar 2024 00:00:00 GMT","end":"Fri, 14 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28","sha256":"09:01:0C:CE:9B:72:21:55:C7:E6:86:B0:77:39:D3:D2:DC:06:05:DE:A1:A4:98:4A:0B:96:5E:18:77:77:26:B5"}}},"request":{"raw":"GET /github-production-release-asset-2e65be/788602973/a8448863-44c7-4a40-911f-114b46201f4b?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20240828%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20240828T080437Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=c20f69d6da3fe92073d752fa07075265decd5cab466f6d0e423c44d9e69bbffb\u0026X-Amz-SignedHeaders=host\u0026actor_id=0\u0026key_id=0\u0026repo_id=788602973\u0026response-content-disposition=attachment%3B%20filename%3Dexm.zip\u0026response-content-type=application%2Foctet-stream HTTP/1.1\r\nHost: objects.githubusercontent.com\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/octet-stream\r\nlast-modified: Mon, 26 Aug 2024 17:28:02 GMT\r\netag: \"0x8DCC5F4703D5796\"\r\nserver: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0\r\nx-ms-request-id: b0d2954b-101e-0054-69e2-f7ae02000000\r\nx-ms-version: 2020-10-02\r\nx-ms-creation-time: Mon, 26 Aug 2024 17:28:02 GMT\r\nx-ms-lease-status: unlocked\r\nx-ms-lease-state: available\r\nx-ms-blob-type: BlockBlob\r\ncontent-disposition: attachment; filename=exm.zip\r\nx-ms-server-encrypted: true\r\nvia: 1.1 varnish, 1.1 varnish\r\nfastly-restarts: 1\r\naccept-ranges: bytes\r\nage: 0\r\ndate: Wed, 28 Aug 2024 08:04:38 GMT\r\nx-served-by: cache-iad-kjyo7100134-IAD, cache-hel1410034-HEL\r\nx-cache: HIT, MISS\r\nx-cache-hits: 33, 0\r\nx-timer: S1724832278.940294,VS0,VE97\r\ncontent-length: 13896079\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13896079,"size_decoded":13896079,"mime_type":"application/octet-stream","magic":"Zip archive data, at least v2.0 to extract, compression method=store","md5":"de4e8080f24bde2d50836aba1efaebb0","sha1":"4dc443ba1e8f9cdeae72e8c4c5b1694bb91d942d","sha256":"5c2c664bd6bd9f53124f827b6831e268824d78dbc2af4969774412743cd4f028","sha512":"4d35456dc3083f48ba5d5d2394cef9395c8d5a6a64ee35af3a1cb7d4e3e272c0e1f9229fb5504711ab6c53984f434b01cf3728b04eb3e1b3027c592f5b94a3ad","ssdeep":"393216:mgh5PgRPSElnPxv3UtsjoIngX95yNXxEp:pPMPSE5xv3Ut+NgXjy3Ep","tlshash":"f4e6333c0bbebd34f28c71ba1aa8c1c5f740ee01525134511b6a934f689f92a9fd9b5c","first_seen":"2024-08-29T17:30:05.329092Z","last_seen":"2024-08-29T17:30:05.329092Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1629,"timings":{"blocked":63,"dns":1,"connect":26,"send":0,"wait":530,"receive":973,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:04:41.735541087Z","timestamp":1724832281735,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"571F2EF4CB90C7834ACECBF6981410DDBD15611A6750B8A77717821DC1D1A167\"\r\nLast-Modified: Mon, 26 Aug 2024 02:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3292\r\nExpires: Wed, 28 Aug 2024 08:59:31 GMT\r\nDate: Wed, 28 Aug 2024 08:04:39 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"0192c7488a56c1b9f50decbbc7c6e924","sha1":"7ed837f77d0fee2e3c5833f86d73eb2dfa3f6bec","sha256":"571f2ef4cb90c7834acecbf6981410ddbd15611a6750b8a77717821dc1d1a167","sha512":"a5f5b42d4f65bff1669d388493604f1aba272cabf1313c42568917490fdb8b52fdd4fe8b984f00c748e68fc003994e2b0aef47b0a74776d55e304854b2523da6","ssdeep":"","tlshash":"84f005c3b62cb45a4e3c103799d4d037149478590ac846e9dcc057f278b57e942e550c","first_seen":"2024-08-26T12:43:12Z","last_seen":"2024-08-29T17:44:34.32567Z","times_seen":16518,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:04:41.736526306Z","timestamp":1724832281736,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"571F2EF4CB90C7834ACECBF6981410DDBD15611A6750B8A77717821DC1D1A167\"\r\nLast-Modified: Mon, 26 Aug 2024 02:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3292\r\nExpires: Wed, 28 Aug 2024 08:59:31 GMT\r\nDate: Wed, 28 Aug 2024 08:04:39 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"0192c7488a56c1b9f50decbbc7c6e924","sha1":"7ed837f77d0fee2e3c5833f86d73eb2dfa3f6bec","sha256":"571f2ef4cb90c7834acecbf6981410ddbd15611a6750b8a77717821dc1d1a167","sha512":"a5f5b42d4f65bff1669d388493604f1aba272cabf1313c42568917490fdb8b52fdd4fe8b984f00c748e68fc003994e2b0aef47b0a74776d55e304854b2523da6","ssdeep":"","tlshash":"84f005c3b62cb45a4e3c103799d4d037149478590ac846e9dcc057f278b57e942e550c","first_seen":"2024-08-26T12:43:12Z","last_seen":"2024-08-29T17:44:34.32567Z","times_seen":16518,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:04:41.737582848Z","timestamp":1724832281737,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"571F2EF4CB90C7834ACECBF6981410DDBD15611A6750B8A77717821DC1D1A167\"\r\nLast-Modified: Mon, 26 Aug 2024 02:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3292\r\nExpires: Wed, 28 Aug 2024 08:59:31 GMT\r\nDate: Wed, 28 Aug 2024 08:04:39 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"0192c7488a56c1b9f50decbbc7c6e924","sha1":"7ed837f77d0fee2e3c5833f86d73eb2dfa3f6bec","sha256":"571f2ef4cb90c7834acecbf6981410ddbd15611a6750b8a77717821dc1d1a167","sha512":"a5f5b42d4f65bff1669d388493604f1aba272cabf1313c42568917490fdb8b52fdd4fe8b984f00c748e68fc003994e2b0aef47b0a74776d55e304854b2523da6","ssdeep":"","tlshash":"84f005c3b62cb45a4e3c103799d4d037149478590ac846e9dcc057f278b57e942e550c","first_seen":"2024-08-26T12:43:12Z","last_seen":"2024-08-29T17:44:34.32567Z","times_seen":16518,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"r11.o.lencr.org/","fqdn":"r11.o.lencr.org","domain":"lencr.org","tld":"org"},"ip":{"addr":"23.33.119.57","port":0,"asn":20940,"as":"Akamai International B.V.","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2024-08-28T08:04:41.738584465Z","timestamp":1724832281738,"http_version":"","security_state":"","security_info":null,"request":{"raw":"POST / HTTP/1.1\r\nHost: r11.o.lencr.org\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/ocsp-request\r\nContent-Length: 85\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nContent-Type: application/ocsp-response\r\nContent-Length: 504\r\nETag: \"571F2EF4CB90C7834ACECBF6981410DDBD15611A6750B8A77717821DC1D1A167\"\r\nLast-Modified: Mon, 26 Aug 2024 02:38:00 UTC\r\nCache-Control: public, no-transform, must-revalidate, max-age=3292\r\nExpires: Wed, 28 Aug 2024 08:59:31 GMT\r\nDate: Wed, 28 Aug 2024 08:04:39 GMT\r\nConnection: keep-alive\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":504,"size_decoded":504,"mime_type":"application/octet-stream","magic":"data","md5":"0192c7488a56c1b9f50decbbc7c6e924","sha1":"7ed837f77d0fee2e3c5833f86d73eb2dfa3f6bec","sha256":"571f2ef4cb90c7834acecbf6981410ddbd15611a6750b8a77717821dc1d1a167","sha512":"a5f5b42d4f65bff1669d388493604f1aba272cabf1313c42568917490fdb8b52fdd4fe8b984f00c748e68fc003994e2b0aef47b0a74776d55e304854b2523da6","ssdeep":"","tlshash":"84f005c3b62cb45a4e3c103799d4d037149478590ac846e9dcc057f278b57e942e550c","first_seen":"2024-08-26T12:43:12Z","last_seen":"2024-08-29T17:44:34.32567Z","times_seen":16518,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}