From 27e220f938bbed66d0889545b1cc33fc69bf8889 Mon Sep 17 00:00:00 2001 From: msever Date: Fri, 19 Jan 2024 16:35:27 +0100 Subject: [PATCH 1/4] Add release notes --- .../ReleaseNotes/2_5_0.json | 4 ++++ .../ReleaseNotes/2_5_0.md | 18 ++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 Packs/ReversingLabs_Titanium_Cloud/ReleaseNotes/2_5_0.json create mode 100644 Packs/ReversingLabs_Titanium_Cloud/ReleaseNotes/2_5_0.md diff --git a/Packs/ReversingLabs_Titanium_Cloud/ReleaseNotes/2_5_0.json b/Packs/ReversingLabs_Titanium_Cloud/ReleaseNotes/2_5_0.json new file mode 100644 index 000000000000..37ed96ae185d --- /dev/null +++ b/Packs/ReversingLabs_Titanium_Cloud/ReleaseNotes/2_5_0.json @@ -0,0 +1,4 @@ +{ + "breakingChanges":true, + "breakingChangesNotes":"This version introduces changes in the human readable output, context output, arguments and names of the following commands: reversinglabs-titaniumcloud-submit-for-dynamic-analysis, reversinglabs-titaniumcloud-get-dynamic-analysis-results. For more details read the release notes." +} \ No newline at end of file diff --git a/Packs/ReversingLabs_Titanium_Cloud/ReleaseNotes/2_5_0.md b/Packs/ReversingLabs_Titanium_Cloud/ReleaseNotes/2_5_0.md new file mode 100644 index 000000000000..206a9f340320 --- /dev/null +++ b/Packs/ReversingLabs_Titanium_Cloud/ReleaseNotes/2_5_0.md @@ -0,0 +1,18 @@ +#### Integrations +##### ReversingLabs TitaniumCloud v2 +- Updated the Docker image to: *demisto/reversinglabs-sdk-py3:2.0.0.85058*. + + +- Updated the ***reversinglabs-titaniumcloud-submit-for-dynamic-analysis*** command: + - Updated the command name: The command is now called ***reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis***. +- Updated the ***reversinglabs-titaniumcloud-get-dynamic-analysis-results*** command: + - Updated the command name: The command is now called ***reversinglabs-titaniumcloud-get-sample-dynamic-analysis-results***. + - Added the *analysis_id* and *latest_analysis* arguments. + - Updated the human-readable output. + - Updated the context path: The context path is now *ReversingLabs.sample_dynamic_analysis_results* + +Added new commands: +- ***reversinglabs-titaniumcloud-submit-url-for-dynamic-analysis*** +- ***reversinglabs-titaniumcloud-get-url-dynamic-analysis-results*** + + From 6fe44c5aefc6861dec288bc03548c58f4f737f8d Mon Sep 17 00:00:00 2001 From: msever Date: Fri, 19 Jan 2024 16:36:21 +0100 Subject: [PATCH 2/4] Add changes for v2.5.0 --- .../ReversingLabsTitaniumCloudv2/README.md | 69132 +++++++--------- .../ReversingLabsTitaniumCloudv2.py | 190 +- .../ReversingLabsTitaniumCloudv2.yml | 80 +- .../ReversingLabsTitaniumCloudv2_image.png | Bin 3684 -> 4241 bytes .../ReversingLabsTitaniumCloudv2_test.py | 56 +- .../command_examples.txt | 7 +- .../test_data/detonate_sample.json | 2 +- .../test_data/detonate_sample_context.json | 2 +- .../test_data/detonate_url.json | 1 + .../test_data/detonate_url_context.json | 1 + .../test_data/dynamic_results.json | 1 - .../test_data/dynamic_results_context.json | 1 - .../test_data/sample_dynamic_context.json | 1 + .../test_data/sample_dynamic_response.json | 1 + .../pack_metadata.json | 2 +- 15 files changed, 30966 insertions(+), 38511 deletions(-) create mode 100644 Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/detonate_url.json create mode 100644 Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/detonate_url_context.json delete mode 100644 Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/dynamic_results.json delete mode 100644 Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/dynamic_results_context.json create mode 100644 Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/sample_dynamic_context.json create mode 100644 Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/sample_dynamic_response.json diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/README.md b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/README.md index 32b3c98b9285..fed97a511013 100644 --- a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/README.md +++ b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/README.md @@ -10037,14 +10037,16 @@ Notice: Submitting indicators using this command might make the indicator data p > **Analysis ID**: 1686150309665089 > **Requested URL**: http://34.150.1.150/hBQ -### reversinglabs-titaniumcloud-submit-for-dynamic-analysis + + +### reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis *** Submit an existing sample for dynamic analysis. #### Base Command -`reversinglabs-titaniumcloud-submit-for-dynamic-analysis` +`reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis` #### Input @@ -10057,17 +10059,17 @@ Submit an existing sample for dynamic analysis. | **Path** | **Type** | **Description** | | --- | --- | --- | -| ReversingLabs.detonate_sample_dynamic | Unknown | | +| ReversingLabs.detonate_sample_dynamic | Unknown | The dynamic analysis. | #### Command example -```!reversinglabs-titaniumcloud-submit-for-dynamic-analysis sha1=21841b32c6165b27dddbd4d6eb3a672defe54271 platform=windows10``` +```!reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis sha1=21841b32c6165b27dddbd4d6eb3a672defe54271 platform=windows10``` #### Context Example ```json { "ReversingLabs": { "detonate_sample_dynamic": { "rl": { - "analysis_id": "bd4819f0-0327-4579-b72e-08ebfeeae49a", + "analysis_id": "9084a751-cd94-4b2f-8d01-e5bf9542dc89", "requested_hash": "21841b32c6165b27dddbd4d6eb3a672defe54271", "status": "started" } @@ -10081,22 +10083,25 @@ Submit an existing sample for dynamic analysis. >## ReversingLabs submit sample 21841b32c6165b27dddbd4d6eb3a672defe54271 for Dynamic Analysis > **Status**: started > **Requested hash**: 21841b32c6165b27dddbd4d6eb3a672defe54271 -> **Analysis ID**: bd4819f0-0327-4579-b72e-08ebfeeae49a +> **Analysis ID**: 9084a751-cd94-4b2f-8d01-e5bf9542dc89 -### reversinglabs-titaniumcloud-get-dynamic-analysis-results + +### reversinglabs-titaniumcloud-get-sample-dynamic-analysis-results *** -Retrieve dynamic analysis results. +Retrieve dynamic analysis results for a sample. #### Base Command -`reversinglabs-titaniumcloud-get-dynamic-analysis-results` +`reversinglabs-titaniumcloud-get-sample-dynamic-analysis-results` #### Input | **Argument Name** | **Description** | **Required** | | --- | --- | --- | | sha1 | Sample SHA-1 hash. | Required | +| analysis_id | ID of a specific analysis to fetch. | Optional | +| latest_analysis | Fetch the latest analysis. Possible values are: true, false. Default is false. | Optional | #### Context Output @@ -10108,68 +10113,77 @@ Retrieve dynamic analysis results. | DBotScore.Score | Number | The actual score. | | DBotScore.Type | String | The indicator type. | | DBotScore.Indicator | String | The indicator that was tested. | -| DBotScore.Vendor | String | The vendor used to calculate the score. | -| ReversingLabs.dynamic_analysis_results | Unknown | The dynamic analysis results. | +| DBotScore.Vendor | String | The vendor used to calculate the score. | +| ReversingLabs.sample_dynamic_analysis_results | Unknown | The sample dynamic analysis results. | #### Command example -```!reversinglabs-titaniumcloud-get-dynamic-analysis-results sha1=21841b32c6165b27dddbd4d6eb3a672defe54271``` +```!reversinglabs-titaniumcloud-get-sample-dynamic-analysis-results sha1=21841b32c6165b27dddbd4d6eb3a672defe54271 analysis_id=08249dbc-77bf-482e-be4d-b8fa58de01c7 latest_analysis=false``` #### Context Example ```json { "DBotScore": { "Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271", - "Score": 0, + "Reliability": "C - Fairly reliable", + "Score": 3, "Type": "file", "Vendor": "ReversingLabs TitaniumCloud v2" }, "File": { "Hashes": [ + { + "type": "MD5", + "value": "d5720ea13de22edcbe76d20c7908c0bf" + }, { "type": "SHA1", "value": "21841b32c6165b27dddbd4d6eb3a672defe54271" + }, + { + "type": "SHA256", + "value": "0b5225517dcd1faf1de7b9c770baedbe000f8f2eacc22e8759970e26d446ec19" } ], - "SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271" + "MD5": "d5720ea13de22edcbe76d20c7908c0bf", + "Malicious": { + "Description": "MALICIOUS", + "Vendor": "ReversingLabs TitaniumCloud v2" + }, + "SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271", + "SHA256": "0b5225517dcd1faf1de7b9c770baedbe000f8f2eacc22e8759970e26d446ec19" }, "InfoFile": { - "EntryID": "7660@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59", + "EntryID": "8950@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59", "Info": "text/plain", "Name": "Dynamic analysis report file for sample 21841b32c6165b27dddbd4d6eb3a672defe54271", - "Size": 1001542, + "Size": 1985565, "Type": "ASCII text, with very long lines" }, "ReversingLabs": { - "dynamic_analysis_results": { + "sample_dynamic_analysis_results": { "rl": { "report": { - "analysis_duration": 213, - "analysis_id": "9665584d-57d9-4f8a-b63b-5c762b37fc33", - "analysis_time": "2023-05-18T11:55:15", + "analysis_duration": 211, + "analysis_id": "08249dbc-77bf-482e-be4d-b8fa58de01c7", + "analysis_time": "2023-07-16T11:08:11", "behavioral": [ { "file_actions": [ - { - "action_type": "file_created", - "file_name": "Start Menu", - "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows", - "status": "object name collision" - }, { "action_type": "file_opened", - "file_name": "WS2_32.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", - "status": "success or wait" + "file_name": "NETBT_TCPIP_{C8C115D0-C73A-11E8-B003-806E6F6E6963}", + "file_path": "\\DEVICE", + "status": "object name not found" }, { "action_type": "file_opened", - "file_name": "WININET.DLL", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "Output", + "file_path": "\\Device\\ConDrv\\", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "Startup", - "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs", + "file_name": "dhcpcsvc.DLL", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { @@ -10184,3526 +10198,3555 @@ Retrieve dynamic analysis results. "file_path": "C:", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "Roaming", - "file_path": "C:\\Users\\user\\AppData", - "status": "object name collision" - }, { "action_type": "file_opened", - "file_name": "IMM32.DLL", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "ipconfig.exe.mui", + "file_path": "C:\\WINDOWS\\SysWOW64\\en-US", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "tox.done.log", - "file_path": "C:\\Users\\user\\AppData\\Roaming", - "status": "object name not found" + "file_name": "NETBT_TCPIP_{7F50E9BE-7F02-49EC-B525-546E3FB9A32B}", + "file_path": "\\DEVICE", + "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "win32u.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "action_type": "file_created", + "file_name": "Connect", + "file_path": "\\Device\\ConDrv\\", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "CRYPTBASE.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "CNG", + "file_path": "\\Device", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "cfgmgr32.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "CONOUT$", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "shcore.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "Reference", + "file_path": "\\Device\\ConDrv\\", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "USER32.dll", + "file_name": "IPHLPAPI.DLL", "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "CMApi", - "file_path": "\\Device\\DeviceApi", + "file_name": "Input", + "file_path": "\\Device\\ConDrv\\", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "ADVAPI32.dll", + "file_name": "dhcpcsvc6.DLL", "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "GDI32.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "Nsi", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "bcryptPrimitives.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "Server", + "file_path": "\\Device\\ConDrv", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "ntdll.dll", + "file_name": "DNSAPI.dll", "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "msvcp_win.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "SysWOW64", + "file_path": "C:\\WINDOWS", "status": "success or wait" + } + ], + "modules_loaded": [ + { + "module_name": "\\KnownDlls32\\RPCRT4.dll" }, { - "action_type": "file_opened", - "file_name": "SspiCli.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", - "status": "success or wait" + "module_name": "\\KnownDlls32\\dhcpcsvc6.DLL" }, { - "action_type": "file_created", - "file_name": "Programs", - "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu", - "status": "object name collision" + "module_name": "\\KnownDlls32\\NSI.dll" }, { - "action_type": "file_opened", - "file_name": "combase.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", - "status": "success or wait" + "module_name": "\\KnownDlls32\\KERNEL32.DLL" }, { - "action_type": "file_opened", - "file_name": "windows.storage.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", - "status": "success or wait" + "module_name": "\\KnownDlls32\\KERNELBASE.dll" }, { - "action_type": "file_opened", - "file_name": "apphelp.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", - "status": "success or wait" + "module_name": "\\KnownDlls32\\DNSAPI.dll" }, { - "action_type": "file_created", - "file_name": "Startup", - "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs", - "status": "object name collision" + "module_name": "\\KnownDlls32\\WS2_32.dll" }, { - "action_type": "file_opened", - "file_name": "RPCRT4.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "module_name": "\\KnownDlls32\\kernel32.dll" + }, + { + "module_name": "\\KnownDlls32\\bcryptPrimitives.dll" + }, + { + "module_name": "\\KnownDlls32\\msvcrt.dll" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\IPHLPAPI.DLL" + }, + { + "module_name": "\\KnownDlls\\wow64.dll" + }, + { + "module_name": "\\KnownDlls32\\IPHLPAPI.DLL" + }, + { + "module_name": "\\KnownDlls32\\sechost.dll" + }, + { + "module_name": "unknown" + }, + { + "module_name": "\\KnownDlls\\wow64log.dll" + }, + { + "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls" + }, + { + "module_name": "\\KnownDlls\\wow64cpu.dll" + }, + { + "module_name": "\\KnownDlls\\wow64win.dll" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\dhcpcsvc6.dll" + }, + { + "module_name": "\\KnownDlls32\\dhcpcsvc.DLL" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\dnsapi.dll" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\en-US\\ipconfig.exe.mui" + }, + { + "module_name": "\\KnownDlls32\\SspiCli.dll" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\dhcpcsvc.dll" + }, + { + "module_name": "\\Sessions\\1\\Windows\\SharedSection" + }, + { + "module_name": "\\KnownDlls32\\CRYPTBASE.dll" + } + ], + "process": { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew" + }, + "process_actions": [ + { + "action_type": "process_terminated", + "path": "C:\\Windows\\SysWOW64\\ipconfig.exe", "status": "success or wait" }, + { + "action_type": "process_queried", + "path": "C:\\Windows\\SysWOW64\\ipconfig.exe", + "status": "success or wait" + } + ] + }, + { + "file_actions": [ { "action_type": "file_opened", - "file_name": "ucrtbase.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "uxtheme.dll", + "file_path": "C:\\WINDOWS\\system32", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "KERNEL32.DLL", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "CMApi", + "file_path": "\\Device\\DeviceApi", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "sysmain.sdb", - "file_path": "C:\\WINDOWS\\AppPatch", + "file_name": "ole32.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "user", - "file_path": "C:\\Users", - "status": "object name collision" + "action_type": "file_opened", + "file_name": "comctl32.DLL", + "file_path": "C:\\WINDOWS\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403", + "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "SHELL32.DLL", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "conhost.exe", + "file_path": "C:\\WINDOWS\\system32", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "sechost.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "sortdefault.nls", + "file_path": "C:\\WINDOWS\\Globalization\\Sorting", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "shlwapi.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "WINDOWS", + "file_path": "C:", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "gdi32full.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403", + "file_path": "C:\\WINDOWS\\WinSxS", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "kernel.appcore.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "conhost.exe.mui", + "file_path": "C:\\WINDOWS\\system32\\en-US", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "powrprof.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "IMM32.DLL", + "file_path": "C:\\WINDOWS\\system32", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "FLTLIB.DLL", - "file_path": "C:\\WINDOWS\\SysWOW64", - "status": "success or wait" + "file_name": "uxtheme.dll.Config", + "file_path": "C:\\WINDOWS\\system32", + "status": "object name not found" }, { "action_type": "file_opened", - "file_name": "profapi.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "user32.dll.mui", + "file_path": "C:\\WINDOWS\\System32\\en-US", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "KERNELBASE.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "CNG", + "file_path": "\\Device", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "Tox.exe", - "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", + "file_name": "WindowsShell.Manifest", + "file_path": "C:\\WINDOWS", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "CNG", - "file_path": "\\Device", + "file_name": "dwmapi.dll", + "file_path": "C:\\WINDOWS\\system32", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "msvcrt.dll", + "file_name": "ipconfig.exe", "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" } ], "modules_loaded": [ { - "module_name": "\\KnownDlls32\\msvcp_win.dll" + "module_name": "\\KnownDlls\\profapi.dll" }, { - "module_name": "\\KnownDlls32\\RPCRT4.dll" + "module_name": "\\KnownDlls\\windows.storage.dll" }, { - "module_name": "\\KnownDlls32\\WS2_32.dll" + "module_name": "\\KnownDlls\\gdi32full.dll" }, { - "module_name": "\\KnownDlls32\\USER32.dll" + "module_name": "\\KnownDlls\\msvcp_win.dll" }, { - "module_name": "\\KnownDlls32\\combase.dll" + "module_name": "\\KnownDlls\\KERNEL32.DLL" }, { - "module_name": "\\KnownDlls32\\profapi.dll" + "module_name": "\\KnownDlls\\combase.dll" }, { - "module_name": "\\KnownDlls32\\windows.storage.dll" + "module_name": "\\KnownDlls\\uxtheme.dll" }, { - "module_name": "\\KnownDlls32\\FLTLIB.DLL" + "module_name": "\\KnownDlls\\shcore.dll" }, { - "module_name": "\\KnownDlls32\\KERNEL32.DLL" + "module_name": "C:\\Windows\\System32\\en-US\\user32.dll.mui" }, { - "module_name": "\\KnownDlls32\\kernel.appcore.dll" + "module_name": "\\KnownDlls\\sechost.dll" }, { - "module_name": "\\KnownDlls32\\KERNELBASE.dll" + "module_name": "\\KnownDlls\\shlwapi.dll" }, { - "module_name": "\\KnownDlls32\\win32u.dll" + "module_name": "\\KnownDlls\\win32u.dll" }, { - "module_name": "C:\\Windows\\SysWOW64\\apphelp.dll" + "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls" }, { - "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls" + "module_name": "\\KnownDlls\\cfgmgr32.dll" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters" + "module_name": "C:\\Windows\\System32\\uxtheme.dll" }, { - "module_name": "\\KnownDlls32\\IMM32.DLL" + "module_name": "\\KnownDlls\\RPCRT4.dll" }, { - "module_name": "C:\\Windows\\SysWOW64\\imm32.dll" + "module_name": "\\KnownDlls\\kernel.appcore.dll" }, { - "module_name": "\\KnownDlls32\\kernel32.dll" + "module_name": "\\KnownDlls\\ucrtbase.dll" }, { - "module_name": "\\KnownDlls32\\bcryptPrimitives.dll" + "module_name": "\\KnownDlls\\FLTLIB.DLL" }, { - "module_name": "\\KnownDlls32\\powrprof.dll" + "module_name": "\\Sessions\\1\\Windows\\ThemeSection" }, { - "module_name": "\\KnownDlls32\\msvcrt.dll" + "module_name": "\\KnownDlls\\KERNELBASE.dll" }, { - "module_name": "\\KnownDlls\\wow64.dll" + "module_name": "C:\\Windows\\System32\\ole32.dll" }, { - "module_name": "\\KnownDlls32\\sechost.dll" + "module_name": "C:\\Windows\\System32\\dwmapi.dll" + }, + { + "module_name": "\\KnownDlls\\shell32.dll" }, { "module_name": "unknown" }, { - "module_name": "\\KnownDlls\\wow64log.dll" + "module_name": "\\KnownDlls\\IMM32.DLL" }, { - "module_name": "\\KnownDlls32\\apphelp.dll" + "module_name": "\\KnownDlls\\bcryptPrimitives.dll" }, { - "module_name": "\\KnownDlls\\wow64cpu.dll" + "module_name": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403\\comctl32.dll" }, { - "module_name": "\\KnownDlls32\\cfgmgr32.dll" + "module_name": "\\KnownDlls\\user32.dll" }, { - "module_name": "\\KnownDlls\\wow64win.dll" + "module_name": "C:\\Windows\\WindowsShell.Manifest" }, { - "module_name": "\\KnownDlls32\\ucrtbase.dll" + "module_name": "\\KnownDlls\\OLEAUT32.dll" }, { - "module_name": "\\KnownDlls32\\GDI32.dll" + "module_name": "\\KnownDlls\\MSCTF.dll" }, { - "module_name": "\\KnownDlls32\\WININET.DLL" + "module_name": "C:\\Windows\\System32\\en-US\\Conhost.exe.mui" }, { - "module_name": "C:\\Windows\\SysWOW64\\wininet.dll" + "module_name": "\\KnownDlls\\msvcrt.dll" }, { - "module_name": "\\KnownDlls32\\SspiCli.dll" + "module_name": "\\KnownDlls\\powrprof.dll" }, { - "module_name": "\\KnownDlls32\\shlwapi.dll" + "module_name": "C:\\Windows\\System32\\imm32.dll" }, { - "module_name": "\\KnownDlls32\\shcore.dll" + "module_name": "\\KnownDlls\\advapi32.dll" }, { - "module_name": "\\KnownDlls32\\SHELL32.DLL" + "module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters" }, { - "module_name": "C:\\Windows\\apppatch\\sysmain.sdb" + "module_name": "\\KnownDlls\\dwmapi.dll" }, { "module_name": "\\Sessions\\1\\Windows\\SharedSection" }, { - "module_name": "\\KnownDlls32\\CRYPTBASE.dll" + "module_name": "\\KnownDlls\\GDI32.dll" }, { - "module_name": "\\KnownDlls32\\gdi32full.dll" + "module_name": "\\Windows\\Theme596611661", + "module_tag": "" }, { - "module_name": "\\KnownDlls32\\ADVAPI32.dll" + "module_name": "\\Sessions\\1\\Windows\\Theme3441928617", + "module_tag": "" } ], "mutex_actions": [ { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1076:304:WilStaging_02", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1076:120:WilError_01", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4548:304:WilStaging_02", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4548:120:WilError_01", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7568:304:WilStaging_02", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt", - "status": "object name exists" + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7568:120:WilError_01", + "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7880:304:WilStaging_02", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7880:120:WilError_01", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6668:304:WilStaging_02", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6668:120:WilError_01", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6932:304:WilStaging_02", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6932:120:WilError_01", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6064:304:WilStaging_02", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6064:120:WilError_01", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3916:120:WilError_01", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3916:304:WilStaging_02", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7428:304:WilStaging_02", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7428:120:WilError_01", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7652:120:WilError_01", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7652:304:WilStaging_02", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2636:304:WilStaging_02", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2636:120:WilError_01", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5268:304:WilStaging_02", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5268:120:WilError_01", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:64:WilError_01", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4588:120:WilError_01", "status": "success or wait" }, { "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:168:WilStaging_02", - "status": "success or wait" - } - ], - "process": { - "name": "Tox.exe", - "parameters": "\"C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe\" " - }, - "process_actions": [ - { - "action_type": "process_queried", - "path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4588:304:WilStaging_02", "status": "success or wait" }, { - "action_type": "process_terminated", - "path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe", - "status": "success or wait" - } - ], - "registry_actions": [ - { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8060:304:WilStaging_02", "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language", - "status": "object name not found" - }, - { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8060:120:WilError_01", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Disable8And16BitMitigation", - "status": "object name not found" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8132:120:WilError_01", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8132:304:WilStaging_02", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8112:304:WilStaging_02", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration", - "status": "object name not found" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8112:120:WilError_01", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1848:304:WilStaging_02", "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", - "status": "buffer overflow" - }, + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1848:120:WilError_01", + "status": "success or wait" + } + ], + "process": { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" + }, + "process_actions": [ { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}", + "action_type": "process_queried", + "path": "C:\\Windows\\System32\\conhost.exe", "status": "success or wait" + } + ] + }, + { + "file_actions": [ + { + "action_type": "file_created", + "file_name": "Start Menu", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows", + "status": "object name collision" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE", + "action_type": "file_opened", + "file_name": "WS2_32.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy", + "action_type": "file_opened", + "file_name": "WININET.DLL", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration", + "action_type": "file_opened", + "file_name": "Startup", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft", + "action_type": "file_opened", + "file_name": "sortdefault.nls", + "file_path": "C:\\WINDOWS\\Globalization\\Sorting", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions", + "action_type": "file_opened", + "file_name": "WINDOWS", + "file_path": "C:", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows", - "status": "success or wait" + "action_type": "file_created", + "file_name": "Roaming", + "file_path": "C:\\Users\\user\\AppData", + "status": "object name collision" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale", + "action_type": "file_opened", + "file_name": "IMM32.DLL", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft\\Ole", + "action_type": "file_opened", + "file_name": "tox.done.log", + "file_path": "C:\\Users\\user\\AppData\\Roaming", "status": "object name not found" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\", + "action_type": "file_opened", + "file_name": "win32u.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "CRYPTBASE.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "cfgmgr32.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids", + "action_type": "file_opened", + "file_name": "shcore.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale", + "action_type": "file_opened", + "file_name": "USER32.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER", + "action_type": "file_opened", + "file_name": "CMApi", + "file_path": "\\Device\\DeviceApi", "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders", + "action_type": "file_opened", + "file_name": "ADVAPI32.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}", + "action_type": "file_opened", + "file_name": "GDI32.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions", + "action_type": "file_opened", + "file_name": "bcryptPrimitives.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "ntdll.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "msvcp_win.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "SspiCli.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server", - "status": "object name not found" + "action_type": "file_created", + "file_name": "Programs", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu", + "status": "object name collision" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001", - "status": "buffer overflow" + "action_type": "file_opened", + "file_name": "combase.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions", + "action_type": "file_opened", + "file_name": "windows.storage.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers", + "action_type": "file_opened", + "file_name": "apphelp.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers", - "status": "object name not found" + "action_type": "file_created", + "file_name": "Startup", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs", + "status": "object name collision" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole", + "action_type": "file_opened", + "file_name": "RPCRT4.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages", + "action_type": "file_opened", + "file_name": "ucrtbase.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached", + "action_type": "file_opened", + "file_name": "KERNEL32.DLL", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings", + "action_type": "file_opened", + "file_name": "sysmain.sdb", + "file_path": "C:\\WINDOWS\\AppPatch", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager", - "status": "success or wait" + "action_type": "file_created", + "file_name": "user", + "file_path": "C:\\Users", + "status": "object name collision" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "SHELL32.DLL", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", + "action_type": "file_opened", + "file_name": "sechost.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "shlwapi.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags", + "action_type": "file_opened", + "file_name": "gdi32full.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "kernel.appcore.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer", + "action_type": "file_opened", + "file_name": "powrprof.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "FLTLIB.DLL", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}", + "action_type": "file_opened", + "file_name": "profapi.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "KERNELBASE.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "Tox.exe", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "CNG", + "file_path": "\\Device", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1", + "action_type": "file_opened", + "file_name": "msvcrt.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" - }, + } + ], + "modules_loaded": [ { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing", - "status": "object name not found" + "module_name": "\\KnownDlls32\\msvcp_win.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem", - "status": "success or wait" + "module_name": "\\KnownDlls32\\RPCRT4.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Tox.exe", - "status": "object name not found" + "module_name": "\\KnownDlls32\\WS2_32.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager", - "status": "object name not found" + "module_name": "\\KnownDlls32\\USER32.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders", - "status": "success or wait" + "module_name": "\\KnownDlls32\\combase.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag", - "status": "object name not found" + "module_name": "\\KnownDlls32\\profapi.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop", - "status": "object name not found" + "module_name": "\\KnownDlls32\\windows.storage.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language", - "status": "success or wait" + "module_name": "\\KnownDlls32\\FLTLIB.DLL" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop", - "status": "success or wait" + "module_name": "\\KnownDlls32\\KERNEL32.DLL" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager", - "status": "success or wait" + "module_name": "\\KnownDlls32\\kernel.appcore.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration", - "status": "success or wait" + "module_name": "\\KnownDlls32\\KERNELBASE.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages", - "status": "object name not found" + "module_name": "\\KnownDlls32\\win32u.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers", - "status": "object name not found" + "module_name": "C:\\Windows\\SysWOW64\\apphelp.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options", - "status": "success or wait" + "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids", - "status": "object name not found" + "module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}", - "status": "success or wait" + "module_name": "\\KnownDlls32\\IMM32.DLL" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE", - "status": "success or wait" + "module_name": "C:\\Windows\\SysWOW64\\imm32.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}", - "status": "success or wait" + "module_name": "\\KnownDlls32\\kernel32.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001", - "status": "success or wait" + "module_name": "\\KnownDlls32\\bcryptPrimitives.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US", - "status": "success or wait" + "module_name": "\\KnownDlls32\\powrprof.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize", - "status": "object name not found" + "module_name": "\\KnownDlls32\\msvcrt.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US", - "status": "success or wait" + "module_name": "\\KnownDlls\\wow64.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag", - "status": "object name not found" + "module_name": "\\KnownDlls32\\sechost.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86", - "status": "success or wait" + "module_name": "unknown" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags", - "status": "object name not found" + "module_name": "\\KnownDlls\\wow64log.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server", - "status": "success or wait" + "module_name": "\\KnownDlls32\\apphelp.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display", - "status": "object name not found" + "module_name": "\\KnownDlls\\wow64cpu.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag", - "status": "object name not found" + "module_name": "\\KnownDlls32\\cfgmgr32.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions", - "status": "object name not found" + "module_name": "\\KnownDlls\\wow64win.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached", - "status": "buffer overflow" + "module_name": "\\KnownDlls32\\ucrtbase.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize", - "status": "success or wait" + "module_name": "\\KnownDlls32\\GDI32.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\NULL", - "status": "success or wait" + "module_name": "\\KnownDlls32\\WININET.DLL" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings", - "status": "object name not found" + "module_name": "C:\\Windows\\SysWOW64\\wininet.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa", - "status": "object name not found" + "module_name": "\\KnownDlls32\\SspiCli.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy", - "status": "success or wait" + "module_name": "\\KnownDlls32\\shlwapi.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer", - "status": "object name not found" + "module_name": "\\KnownDlls32\\shcore.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag", - "status": "object name not found" + "module_name": "\\KnownDlls32\\SHELL32.DLL" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}", - "status": "success or wait" + "module_name": "C:\\Windows\\apppatch\\sysmain.sdb" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}", - "status": "success or wait" + "module_name": "\\Sessions\\1\\Windows\\SharedSection" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}", - "status": "success or wait" + "module_name": "\\KnownDlls32\\CRYPTBASE.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete", - "status": "object name not found" + "module_name": "\\KnownDlls32\\gdi32full.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL", - "status": "object name not found" - }, + "module_name": "\\KnownDlls32\\ADVAPI32.dll" + } + ], + "mutex_actions": [ { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag", - "status": "object name not found" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer", - "status": "success or wait", - "value": "" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer", - "status": "object name not found", - "value": "" - } - ] - }, - { - "file_actions": [ - { - "action_type": "file_opened", - "file_name": "CNG", - "file_path": "\\Device", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "R000000000013.clb", - "file_path": "C:\\WINDOWS\\Registration", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "CMApi", - "file_path": "\\Device\\DeviceApi", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "Startup", - "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs", - "status": "object name collision" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt", + "status": "object name exists" }, { - "action_type": "file_created", - "file_name": "Start Menu", - "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows", - "status": "object name collision" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key", + "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "uxtheme.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "WININET.DLL", - "file_path": "C:\\WINDOWS\\SysWOW64", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "ole32.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "IMM32.DLL", - "file_path": "C:\\WINDOWS\\SysWOW64", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "tox.done.log", - "file_path": "C:\\Users\\user\\AppData\\Roaming", - "status": "object name not found" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem", + "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "sortdefault.nls", - "file_path": "C:\\WINDOWS\\Globalization\\Sorting", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "user", - "file_path": "C:\\Users", - "status": "object name collision" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem", + "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "Desktop", - "file_path": "C:\\Users\\user", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "WINDOWS", - "file_path": "C:", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "Roaming", - "file_path": "C:\\Users\\user\\AppData", - "status": "object name collision" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem", + "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "Programs", - "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu", - "status": "object name collision" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem", + "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "dwmapi.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "TextInputFramework.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "ntmarta.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "CoreUIComponents.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "CoreMessaging.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "wintypes.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "StaticCache.dat", - "file_path": "C:\\Windows\\Fonts", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8020:64:WilError_01", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "staticcache.dat", - "file_path": "C:\\Windows\\Fonts", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:8020:168:WilStaging_02", + "status": "success or wait" + } + ], + "process": { + "name": "Tox.exe", + "parameters": "\"C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe\" " + }, + "process_actions": [ + { + "action_type": "process_queried", + "path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "USER32.dll.mui", - "file_path": "C:\\WINDOWS\\SysWOW64\\en-US", + "action_type": "process_terminated", + "path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe", "status": "success or wait" } ], - "modules_loaded": [ + "registry_actions": [ { - "module_name": "\\KnownDlls32\\windows.storage.dll" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\OLEAUT32.dll" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\powrprof.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\msvcrt.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Disable8And16BitMitigation", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\combase.dll" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}", + "status": "success or wait" }, { - "module_name": "unknown" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa", + "status": "success or wait" }, { - "module_name": "\\KnownDlls\\wow64cpu.dll" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\clbcatq.dll" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\ucrtbase.dll" + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", + "status": "buffer overflow" }, { - "module_name": "C:\\Windows\\SysWOW64\\wininet.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\WinTypes.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\Registration\\R000000000013.clb" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\RPCRT4.dll" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\FLTLIB.DLL" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\KERNEL32.DLL" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\cfgmgr32.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\uxtheme.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\SHELL32.DLL" - }, - { - "module_name": "\\Sessions\\1\\Windows\\SharedSection" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft\\Ole", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\shcore.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\WS2_32.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\kernel.appcore.dll" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\win32u.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\uxtheme.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\IMM32.DLL" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\imm32.dll" + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\bcryptPrimitives.dll" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\sechost.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions", + "status": "success or wait" }, { - "module_name": "\\KnownDlls\\wow64win.dll" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\GDI32.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\SspiCli.dll" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop", + "status": "object name not found" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server", + "status": "object name not found" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001", + "status": "buffer overflow" }, { - "module_name": "\\KnownDlls32\\msvcp_win.dll" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\USER32.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\KERNELBASE.dll" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\profapi.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\kernel32.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages", + "status": "success or wait" }, { - "module_name": "\\KnownDlls\\wow64.dll" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached", + "status": "success or wait" }, { - "module_name": "\\KnownDlls\\wow64log.dll" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\shlwapi.dll" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\WININET.DLL" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\CRYPTBASE.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\gdi32full.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\ADVAPI32.dll" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\ole32.dll" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer", + "status": "success or wait" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\CTF.AsmListCache.FMPDefault1" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings", + "status": "object name not found" }, { - "module_name": "C:\\Windows\\Fonts\\StaticCache.dat" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\ntmarta.dll" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\CoreMessaging.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option", + "status": "object name not found" }, { - "module_name": "C:\\Windows\\SysWOW64\\ole32.dll" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\dwmapi.dll" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1", + "status": "success or wait" }, { - "module_name": "\\Sessions\\1\\Windows\\ThemeSection" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\MSCTF.dll" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\CoreUIComponents.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Tox.exe", + "status": "object name not found" }, { - "module_name": "C:\\Windows\\SysWOW64\\TextInputFramework.dll" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager", + "status": "object name not found" }, { - "module_name": "C:\\Windows\\SysWOW64\\en-US\\user32.dll.mui" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\ntmarta.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag", + "status": "object name not found" }, { - "module_name": "C:\\Windows\\SysWOW64\\CoreMessaging.dll" + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\TextInputFramework.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\wintypes.dll" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop", + "status": "success or wait" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\AsyncKeyStateTrackerSharedMemory" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer", + "status": "object name not found" }, { - "module_name": "\\KnownDlls32\\CoreUIComponents.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\dwmapi.dll" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration", + "status": "success or wait" }, { - "module_name": "\\Windows\\Theme2337474972", - "module_tag": "" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages", + "status": "object name not found" }, { - "module_name": "\\Sessions\\1\\Windows\\Theme3085020103", - "module_tag": "" - } - ], - "mutex_actions": [ - { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers", + "status": "object name not found" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids", + "status": "object name not found" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once", + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize", + "status": "object name not found" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag", + "status": "object name not found" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags", + "status": "object name not found" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display", + "status": "object name not found" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag", + "status": "object name not found" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions", + "status": "object name not found" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached", + "status": "buffer overflow" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\NULL", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings", + "status": "object name not found" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa", + "status": "object name not found" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem", + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt", - "status": "object name exists" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer", + "status": "object name not found" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:168:WilStaging_02", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag", + "status": "object name not found" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:64:WilError_01", - "status": "success or wait" - } - ], - "process": { - "name": "rl_file.exe", - "parameters": "\"C:\\Users\\user\\Desktop\\rl_file.exe\" " - }, - "process_actions": [ - { - "action_type": "process_queried", - "path": "C:\\Users\\user\\Desktop\\rl_file.exe", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}", "status": "success or wait" }, - { - "action_type": "process_terminated", - "path": "C:\\Users\\user\\Desktop\\rl_file.exe", - "status": "success or wait" - } - ], - "registry_actions": [ { "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}", "status": "success or wait" }, { "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}", "status": "success or wait" }, { "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete", "status": "object name not found" }, - { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", - "status": "buffer overflow" - }, { "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL", "status": "object name not found" }, { "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag", + "status": "object name not found" + } + ] + }, + { + "file_actions": [ + { + "action_type": "file_opened", + "file_name": "CNG", + "file_path": "\\Device", "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}", + "action_type": "file_opened", + "file_name": "R000000000013.clb", + "file_path": "C:\\WINDOWS\\Registration", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions", + "action_type": "file_opened", + "file_name": "CMApi", + "file_path": "\\Device\\DeviceApi", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options", - "status": "success or wait" + "action_type": "file_created", + "file_name": "Startup", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs", + "status": "object name collision" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale", - "status": "object name not found" + "action_type": "file_created", + "file_name": "Start Menu", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows", + "status": "object name collision" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "uxtheme.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "WININET.DLL", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "ole32.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "IMM32.DLL", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Policies\\Microsoft\\WindowsStore", + "action_type": "file_opened", + "file_name": "tox.done.log", + "file_path": "C:\\Users\\user\\AppData\\Roaming", "status": "object name not found" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLEAUT", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "sortdefault.nls", + "file_path": "C:\\WINDOWS\\Globalization\\Sorting", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc", - "status": "object name not found" + "action_type": "file_created", + "file_name": "user", + "file_path": "C:\\Users", + "status": "object name collision" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop", + "action_type": "file_opened", + "file_name": "Desktop", + "file_path": "C:\\Users\\user", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager", + "action_type": "file_opened", + "file_name": "WINDOWS", + "file_path": "C:", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages", - "status": "object name not found" + "action_type": "file_created", + "file_name": "Roaming", + "file_path": "C:\\Users\\user\\AppData", + "status": "object name collision" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001", - "status": "success or wait" + "action_type": "file_created", + "file_name": "Programs", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu", + "status": "object name collision" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US", + "action_type": "file_opened", + "file_name": "dwmapi.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "TextInputFramework.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows NT\\Rpc", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "ntmarta.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached", - "status": "buffer overflow" + "action_type": "file_opened", + "file_name": "CoreUIComponents.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize", + "action_type": "file_opened", + "file_name": "CoreMessaging.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "wintypes.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy", + "action_type": "file_read", + "file_name": "StaticCache.dat", + "file_path": "C:\\Windows\\Fonts", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\", + "action_type": "file_opened", + "file_name": "staticcache.dat", + "file_path": "C:\\Windows\\Fonts", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display", - "status": "object name not found" + "action_type": "file_opened", + "file_name": "USER32.dll.mui", + "file_path": "C:\\WINDOWS\\SysWOW64\\en-US", + "status": "success or wait" + } + ], + "modules_loaded": [ + { + "module_name": "\\KnownDlls32\\windows.storage.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap", - "status": "object name not found" + "module_name": "\\KnownDlls32\\OLEAUT32.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER", - "status": "success or wait" + "module_name": "\\KnownDlls32\\powrprof.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001", - "status": "buffer overflow" + "module_name": "\\KnownDlls32\\msvcrt.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers", - "status": "object name not found" + "module_name": "\\KnownDlls32\\combase.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole", - "status": "success or wait" + "module_name": "unknown" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages", - "status": "success or wait" + "module_name": "\\KnownDlls\\wow64cpu.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US", - "status": "object name not found" + "module_name": "\\KnownDlls32\\clbcatq.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup", - "status": "success or wait" + "module_name": "\\KnownDlls32\\ucrtbase.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc", - "status": "success or wait" + "module_name": "C:\\Windows\\SysWOW64\\wininet.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer", - "status": "success or wait" + "module_name": "C:\\Windows\\SysWOW64\\WinTypes.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName", - "status": "success or wait" + "module_name": "C:\\Windows\\Registration\\R000000000013.clb" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option", - "status": "object name not found" + "module_name": "\\KnownDlls32\\RPCRT4.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1", - "status": "success or wait" + "module_name": "\\KnownDlls32\\FLTLIB.DLL" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing", - "status": "object name not found" + "module_name": "\\KnownDlls32\\KERNEL32.DLL" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop", - "status": "object name not found" + "module_name": "\\KnownDlls32\\cfgmgr32.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language", - "status": "success or wait" + "module_name": "\\KnownDlls32\\uxtheme.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName", - "status": "success or wait" + "module_name": "\\KnownDlls32\\SHELL32.DLL" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}", - "status": "success or wait" + "module_name": "\\Sessions\\1\\Windows\\SharedSection" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}", - "status": "success or wait" + "module_name": "\\KnownDlls32\\shcore.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3", - "status": "success or wait" + "module_name": "\\KnownDlls32\\WS2_32.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings", - "status": "object name not found" + "module_name": "\\KnownDlls32\\kernel.appcore.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag", - "status": "object name not found" + "module_name": "\\KnownDlls32\\win32u.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}", - "status": "success or wait" + "module_name": "C:\\Windows\\SysWOW64\\uxtheme.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}", - "status": "success or wait" + "module_name": "\\KnownDlls32\\IMM32.DLL" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa", - "status": "success or wait" + "module_name": "C:\\Windows\\SysWOW64\\imm32.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE", - "status": "success or wait" + "module_name": "\\KnownDlls32\\bcryptPrimitives.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration", - "status": "success or wait" + "module_name": "\\KnownDlls32\\sechost.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions", - "status": "success or wait" + "module_name": "\\KnownDlls\\wow64win.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}", - "status": "success or wait" + "module_name": "\\KnownDlls32\\GDI32.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop", - "status": "object name not found" + "module_name": "\\KnownDlls32\\SspiCli.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3", - "status": "success or wait" + "module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached", - "status": "success or wait" + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}", - "status": "success or wait" + "module_name": "\\KnownDlls32\\msvcp_win.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration", - "status": "object name not found" + "module_name": "\\KnownDlls32\\USER32.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes", - "status": "success or wait" + "module_name": "\\KnownDlls32\\KERNELBASE.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers", - "status": "object name not found" + "module_name": "\\KnownDlls32\\profapi.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager", - "status": "success or wait" + "module_name": "\\KnownDlls32\\kernel32.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE", - "status": "success or wait" + "module_name": "\\KnownDlls\\wow64.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}", - "status": "success or wait" + "module_name": "\\KnownDlls\\wow64log.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rl_file.exe", - "status": "object name not found" + "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86", - "status": "success or wait" + "module_name": "\\KnownDlls32\\shlwapi.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids", - "status": "success or wait" + "module_name": "\\KnownDlls32\\WININET.DLL" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa", - "status": "object name not found" + "module_name": "\\KnownDlls32\\CRYPTBASE.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy", - "status": "success or wait" + "module_name": "\\KnownDlls32\\gdi32full.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete", - "status": "object name not found" + "module_name": "\\KnownDlls32\\ADVAPI32.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL", - "status": "object name not found" + "module_name": "\\KnownDlls32\\ole32.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language", - "status": "object name not found" + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\CTF.AsmListCache.FMPDefault1" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}", - "status": "success or wait" + "module_name": "C:\\Windows\\Fonts\\StaticCache.dat" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale", - "status": "success or wait" + "module_name": "\\KnownDlls32\\ntmarta.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale", - "status": "object name not found" + "module_name": "\\KnownDlls32\\CoreMessaging.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale", - "status": "success or wait" + "module_name": "C:\\Windows\\SysWOW64\\ole32.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag", - "status": "object name not found" + "module_name": "\\KnownDlls32\\dwmapi.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties", - "status": "object name not found" + "module_name": "\\Sessions\\1\\Windows\\ThemeSection" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize", - "status": "object name not found" + "module_name": "\\KnownDlls32\\MSCTF.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions", - "status": "success or wait" + "module_name": "C:\\Windows\\SysWOW64\\CoreUIComponents.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers", - "status": "success or wait" + "module_name": "C:\\Windows\\SysWOW64\\TextInputFramework.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", - "status": "success or wait" + "module_name": "C:\\Windows\\SysWOW64\\en-US\\user32.dll.mui" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", - "status": "object name not found" + "module_name": "C:\\Windows\\SysWOW64\\ntmarta.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}", - "status": "success or wait" + "module_name": "C:\\Windows\\SysWOW64\\CoreMessaging.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem", - "status": "success or wait" + "module_name": "\\KnownDlls32\\TextInputFramework.dll" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager", - "status": "object name not found" + "module_name": "\\KnownDlls32\\wintypes.dll" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag", - "status": "object name not found" + "module_name": "\\Sessions\\1\\BaseNamedObjects\\AsyncKeyStateTrackerSharedMemory" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration", + "module_name": "\\KnownDlls32\\CoreUIComponents.dll" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\dwmapi.dll" + }, + { + "module_name": "\\Sessions\\1\\Windows\\Theme3441928617", + "module_tag": "" + }, + { + "module_name": "\\Windows\\Theme596611661", + "module_tag": "" + } + ], + "mutex_actions": [ + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\Setup", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem", "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions", - "status": "object name not found" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\NULL", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer", - "status": "object name not found" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock", "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Toggle", - "status": "object name not found" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem", "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF", - "status": "object name not found" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\App Management", - "status": "object name not found" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\Compatibility\\rl_file.exe", - "status": "object name not found" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0", - "status": "object name not found" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\", + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem", "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FA445657-9379-11D6-B41A-00065B83EE53}", - "status": "object name not found" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE", - "status": "object name not found" + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt", + "status": "object name exists" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7716:64:WilError_01", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7716:168:WilStaging_02", + "status": "success or wait" + } + ], + "process": { + "name": "rl_file.exe", + "parameters": "\"C:\\Users\\user\\Desktop\\rl_file.exe\" " + }, + "process_actions": [ + { + "action_type": "process_queried", + "path": "C:\\Users\\user\\Desktop\\rl_file.exe", + "status": "success or wait" }, + { + "action_type": "process_terminated", + "path": "C:\\Users\\user\\Desktop\\rl_file.exe", + "status": "success or wait" + } + ], + "registry_actions": [ { "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Segoe UI", - "status": "object name not found" + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale", + "status": "success or wait" }, { "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input", - "status": "object name not found" + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows", + "status": "success or wait" }, { "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\App Management", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration", "status": "object name not found" }, { "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback", - "status": "object name not found" + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", + "status": "buffer overflow" }, { "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{FA445657-9379-11D6-B41A-00065B83EE53}", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders", "status": "object name not found" }, { "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Input", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows", + "status": "success or wait" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}", "status": "success or wait" }, { "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Toggle", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions", + "status": "success or wait" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options", "status": "success or wait" }, { "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale", "status": "object name not found" }, { "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer", - "status": "object name not found", - "value": "" + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server", + "status": "object name not found" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids", + "status": "object name not found" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86", + "status": "object name not found" }, { "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer", - "status": "success or wait", - "value": "" - } - ] - }, - { - "file_actions": [ + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings", + "status": "object name not found" + }, { - "action_type": "file_read", - "file_name": "OneDriveMedTile.contrast-white_scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Policies\\Microsoft\\WindowsStore", + "status": "object name not found" }, { - "action_type": "file_deleted", - "file_name": "OneDriveMedTile.contrast-black_scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLEAUT", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "mk-MK", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc", + "status": "object name not found" }, { - "action_type": "file_deleted", - "file_name": "OneDriveSmallTile.contrast-white_scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "Cache", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "cs-CZ", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "248aaea9.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "sr-Cyrl-BA", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "es-GT", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "IMM32.DLL", - "file_path": "C:\\WINDOWS\\SysWOW64", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows NT\\Rpc", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "tox.done.log", - "file_path": "C:\\Users\\user\\AppData\\Roaming", - "status": "object name not found" + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached", + "status": "buffer overflow" }, { - "action_type": "file_opened", - "file_name": "History", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "294af3d2.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "USER32.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "ms-MY", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "ARM", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "it-IT", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "CMApi", - "file_path": "\\Device\\DeviceApi", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001", + "status": "buffer overflow" }, { - "action_type": "file_opened", - "file_name": "en-ZA", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "edputil.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "de-AT", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "294af3d2.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "ar-TN", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "ro-RO", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "fr-RE", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "da083887.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "uxtheme.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "fr-CD", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "OneDriveSmallTile.scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing", + "status": "object name not found" }, { - "action_type": "file_written", - "file_name": "chrome_shutdown_ms.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "ARM", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "af-ZA", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "UsageLogs", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer", + "status": "object name not found" }, { - "action_type": "file_read", - "file_name": "DeviceDiagnostic.debugreport.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "ar-BH", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "2ab80eb2.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "OneDriveMedTile.contrast-black_scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "S", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\ARM", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "ucrtbase.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "OneDriveSmallTile.contrast-black_scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "Temp", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "DefaultLayouts.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell", + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "Acrobat", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "DefaultLayouts.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "Adobe", - "file_path": "C:\\Users\\user\\AppData\\Local", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "fr-CI", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "versionlist.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager", + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "Feeds", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "OneDriveMedTile.contrast-black_scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "OneDriveMedTile.contrast-black_scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "Feeds Cache", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "Chrome", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "Cache", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "fr-CI", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "it-IT", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rl_file.exe", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "Credentials", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "tox.log", - "file_path": "C:\\Users\\user\\AppData\\Roaming", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "S", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "ar-YE", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "OneDriveSmallTile.scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete", + "status": "object name not found" }, { - "action_type": "file_written", - "file_name": "Converged_v21033[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "ARM", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "Converged_v21033[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "active-update.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "hi-IN", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "Profiles", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "fr-ML", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "es-419", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "es-PE", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "BrowserMetrics", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data", + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "CRYPTBASE.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "OneDriveSmallTile.contrast-black_scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "DeviceDiagnostic.debugreport.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "ActiveSync", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages", + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "settings-tipset[2].xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "favicon[3].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager", + "status": "object name not found" }, { - "action_type": "file_read", - "file_name": "dd_vcredistMSI1AE4.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "dd_vcredistUI7855.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "en-IE", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\Setup", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "es-GT", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "c43bb7d1.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "DC", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "au-descriptor-1.8.0_301-b09.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions", + "status": "object name not found" }, { - "action_type": "file_written", - "file_name": "2ab80eb2.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\NULL", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "LogoImages", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "3534848bb9f4cb71", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\D3DSCache", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "0", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Toggle", + "status": "object name not found" }, { - "action_type": "file_created", - "file_name": "favicon[1].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "DC", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "results.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "OneDriveSmallTile.scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "en-BZ", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "Windows", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "fr-FR", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\App Management", + "status": "object name not found" }, { - "action_type": "file_created", - "file_name": "OneDriveMedTile.contrast-white_scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\Compatibility\\rl_file.exe", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "fr-SN", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "ar-MA", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "Application Data", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FA445657-9379-11D6-B41A-00065B83EE53}", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "sl-SI", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "lv-LV", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Segoe UI", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "es-PY", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "BDN4269.tmp.dir", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\App Management", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "favicon[2].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF", - "status": "success or wait" + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "shlwapi.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{FA445657-9379-11D6-B41A-00065B83EE53}", + "status": "object name not found" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Input", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "OneDriveMedTile.contrast-white_scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Toggle", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "OneDriveMedTile.contrast-white_scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM", + "status": "object name not found" + } + ] + }, + { + "file_actions": [ + { + "action_type": "file_opened", + "file_name": "Cache", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "OLEAUT32.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "cs-CZ", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "OneDriveSmallTile.contrast-black_scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "action_type": "file_opened", + "file_name": "es-GT", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "InputPersonalization", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", + "file_name": "IMM32.DLL", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "OneDriveMedTile.scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", + "file_name": "tox.done.log", + "file_path": "C:\\Users\\user\\AppData\\Roaming", + "status": "object name not found" + }, + { + "action_type": "file_opened", + "file_name": "History", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "favicon[3].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "status": "end of file" + "action_type": "file_opened", + "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", + "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "id-ID", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "USER32.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "fr-RE", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "ms-MY", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "en-CA", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "ARM", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "eu-ES", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "it-IT", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "OneDriveMedTile.contrast-white_scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "action_type": "file_opened", + "file_name": "CMApi", + "file_path": "\\Device\\DeviceApi", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "en-ID", + "file_name": "en-ZA", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "es-PR", + "file_name": "edputil.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "de-AT", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "favicon[2].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF", + "action_type": "file_opened", + "file_name": "ar-TN", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "bcrypt.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "fr-RE", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "WININET.DLL", + "file_name": "uxtheme.dll", "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "Windows", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", + "file_name": "fr-CD", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "705bcfd6.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", + "action_type": "file_written", + "file_name": "chrome_shutdown_ms.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "294af3d2.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", + "action_type": "file_opened", + "file_name": "ARM", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "en-MY", + "file_name": "af-ZA", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "GDI32.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "UsageLogs", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "ha-Latn-NG", + "file_name": "ar-BH", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "OneDriveMedTile.contrast-black_scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", + "action_type": "file_opened", + "file_name": "S", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\ARM", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "rsaenh.dll", + "file_name": "ucrtbase.dll", "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\ARM", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "OneDriveSmallTile.scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "file_name": "Temp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "OneDriveSmallTile.contrast-white_scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", + "file_name": "DefaultLayouts.xml.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "OneDrive.VisualElementsManifest.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive", + "action_type": "file_opened", + "file_name": "Acrobat", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "sl-SI", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "file_written", + "file_name": "DefaultLayouts.xml.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "au-descriptor-1.8.0_301-b09.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "action_type": "file_opened", + "file_name": "Adobe", + "file_path": "C:\\Users\\user\\AppData\\Local", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "hu-HU", + "file_name": "fr-CI", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "OneDriveMedTile.contrast-black_scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "action_type": "file_opened", + "file_name": "Feeds", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "msvcp_win.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "Feeds Cache", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "TokenBroker", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", + "file_name": "Chrome", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "sv-FI", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "Cache", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "ru-RU", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "fr-CI", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "imagestore", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", + "file_name": "it-IT", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "Cache", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", + "file_name": "Credentials", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", "status": "success or wait" }, { "action_type": "file_read", - "file_name": "2ab80eb2.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", + "file_name": "tox.log", + "file_path": "C:\\Users\\user\\AppData\\Roaming", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "OneDriveMedTile.contrast-black_scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "action_type": "file_opened", + "file_name": "S", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "dd_vcredistUI7869.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", + "action_type": "file_opened", + "file_name": "ar-YE", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "CRYPTSP.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "ARM", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "Media Player", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", + "file_name": "hi-IN", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "Color", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", + "file_name": "Profiles", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "Startup", - "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs", - "status": "object name collision" + "action_type": "file_opened", + "file_name": "fr-ML", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "es-HN", + "file_name": "es-419", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "CLR_v2.0_32", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", + "file_name": "es-PE", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "es-ES", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "BrowserMetrics", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "CLDAPI.dll", + "file_name": "CRYPTBASE.dll", "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "Application Data", - "file_path": "C:\\Users\\user\\AppData\\Local", + "file_name": "ActiveSync", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "MicrosoftEdge", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", + "file_name": "en-IE", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "ar-SA", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "es-GT", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "dd_vcredistMSI7869.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "action_type": "file_opened", + "file_name": "DC", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "DefaultLayouts.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell", + "action_type": "file_opened", + "file_name": "3534848bb9f4cb71", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\D3DSCache", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "sq-AL", + "file_name": "DC", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "en-BZ", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "System", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\Groove", + "file_name": "Windows", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "OneDriveMedTile.scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "action_type": "file_opened", + "file_name": "fr-FR", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "ResultReport.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000", + "file_name": "fr-SN", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "Event Viewer", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", + "file_name": "ar-MA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "tox.decrypt.log", - "file_path": "C:\\Users\\user\\AppData\\Roaming", - "status": "object name not found" + "file_name": "Application Data", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", + "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "dd_vcredistMSI7855.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "action_type": "file_opened", + "file_name": "es-PY", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "hu-HU", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "shlwapi.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "es-PA", + "file_name": "OLEAUT32.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "id-ID", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "ARM", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe", + "file_name": "fr-RE", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "ARM", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", + "file_name": "en-CA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "ar-OM", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "eu-ES", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "OneDriveSmallTile.contrast-black_scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "action_type": "file_opened", + "file_name": "en-ID", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "S", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", + "file_name": "es-PR", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "User", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\Groove", + "file_name": "bcrypt.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "dd_vcredistMSI7855.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "action_type": "file_opened", + "file_name": "WININET.DLL", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "fr-CA", + "file_name": "en-MY", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "OneDriveSmallTile.contrast-white_scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", + "action_type": "file_opened", + "file_name": "GDI32.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "tox.log", - "file_path": "C:\\Users\\user\\AppData\\Roaming", - "status": "object name not found" + "file_name": "ha-Latn-NG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "brndlog.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer", + "action_type": "file_opened", + "file_name": "rsaenh.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "WS2_32.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", "status": "success or wait" }, { "action_type": "file_opened", "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\ARM", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "sortdefault.nls", - "file_path": "C:\\WINDOWS\\Globalization\\Sorting", + "file_name": "sl-SI", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "OneDriveSmallTile.contrast-black_scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", + "file_name": "hu-HU", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "favicon[3].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", + "action_type": "file_opened", + "file_name": "msvcp_win.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "fa-IR", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "Cache", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "win32u.dll", + "file_name": "CRYPTSP.dll", "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "dd_vcredistMSI7869.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", + "file_name": "Color", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "510dd5a4.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", + "action_type": "file_created", + "file_name": "Startup", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs", + "status": "object name collision" + }, + { + "action_type": "file_opened", + "file_name": "es-HN", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "sk-SK", + "file_name": "CLR_v2.0_32", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "es-ES", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "5fc0968a.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", + "file_name": "CLDAPI.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", "file_name": "Application Data", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", + "file_path": "C:\\Users\\user\\AppData\\Local", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "Microsoft", + "file_name": "MicrosoftEdge", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "OneDriveSmallTile.contrast-white_scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "action_type": "file_opened", + "file_name": "ar-SA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "dd_vcredistMSI7869.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "action_type": "file_deleted", + "file_name": "DefaultLayouts.xml", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "Firefox", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla", + "file_name": "sq-AL", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "fr-SN", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "Event Viewer", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "MountPointManager", - "file_path": "", - "status": "success or wait" + "file_name": "tox.decrypt.log", + "file_path": "C:\\Users\\user\\AppData\\Roaming", + "status": "object name not found" }, { "action_type": "file_opened", - "file_name": "Profiles", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color", + "file_name": "hu-HU", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "OneDriveMedTile.contrast-white_scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "action_type": "file_opened", + "file_name": "es-PA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "Converged_v21033[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", + "file_name": "ARM", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "en-HK", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "ARM", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "kernel.appcore.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "ar-OM", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", "file_name": "S", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "es-PE", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "fr-CA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "fr-BE", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" + "file_name": "tox.log", + "file_path": "C:\\Users\\user\\AppData\\Roaming", + "status": "object name not found" }, { - "action_type": "file_opened", - "file_name": "en-GB", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "action_type": "file_read", + "file_name": "brndlog.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "OneDriveMedTile.contrast-white_scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", + "file_name": "WS2_32.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "gl-ES", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "12.0", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office", + "file_name": "sortdefault.nls", + "file_path": "C:\\WINDOWS\\Globalization\\Sorting", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "c:", - "file_path": "", + "file_name": "fa-IR", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "DeviceDiagnostic.debugreport.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000", + "file_name": "win32u.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "OneDriveMedTile.contrast-white_scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "action_type": "file_opened", + "file_name": "sk-SK", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "favicon[1].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", - "status": "end of file" - }, { "action_type": "file_opened", - "file_name": "OneDriveMedTile.scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", + "file_name": "Application Data", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "OneDriveMedTile.contrast-white_scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", + "action_type": "file_opened", + "file_name": "Microsoft", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "Acrobat", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", + "file_name": "Firefox", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "Converged_v21033[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", + "action_type": "file_opened", + "file_name": "fr-SN", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "GameDVR", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", + "file_name": "MountPointManager", + "file_path": "", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "fr-029", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "Profiles", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "dd_vcredistUI7869.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "action_type": "file_opened", + "file_name": "en-HK", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "es-MX", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "kernel.appcore.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "4254396c.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", + "file_name": "S", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "WidevineCdm", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data", + "file_name": "es-PE", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "sk-SK", + "file_name": "fr-BE", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "bg-BG", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "en-GB", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "UserProfileRoaming", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Vault", + "file_name": "gl-ES", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "KERNELBASE.dll", - "file_path": "C:\\WINDOWS\\SysWOW64", + "file_name": "c:", + "file_path": "", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "ar-DZ", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "Acrobat", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "OneDriveSmallTile.contrast-white_scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", + "file_name": "GameDVR", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "tr-TR", + "file_name": "fr-029", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, + { + "action_type": "file_opened", + "file_name": "es-MX", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "WidevineCdm", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "bg-BG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "KERNELBASE.dll", + "file_path": "C:\\WINDOWS\\SysWOW64", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ar-DZ", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "status": "success or wait" + }, { "action_type": "file_opened", "file_name": "Application Data", @@ -13722,12 +13765,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "Converged_v21033[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "fr-FR", @@ -13740,36 +13777,18 @@ Retrieve dynamic analysis results. "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "OneDriveMedTile.contrast-white_scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "input", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "favicon[2].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", - "status": "success or wait" - }, { "action_type": "file_read", "file_name": "desktop.ini", "file_path": "C:\\Users", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "au-descriptor-1.8.0_301-b09.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "af-ZA", @@ -13794,18 +13813,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "OneDriveSmallTile.scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "c43bb7d1.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "DC", @@ -13818,18 +13825,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\WINDOWS\\AppPatch", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "OneDrive.VisualElementsManifest.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "294af3d2.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "en-NZ", @@ -13854,36 +13849,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "OneDriveMedTile.contrast-black_scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "OneDrive", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ar-IQ", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "248aaea9.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "aeb763fb.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "apphelp.dll", @@ -13950,12 +13921,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "favicon[3].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", - "status": "end of file" - }, { "action_type": "file_opened", "file_name": "Low", @@ -13986,30 +13951,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "Recovery", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "OneDriveSmallTile.contrast-white_scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "msapplication.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "favicon[1].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF", - "status": "success or wait" - }, { "action_type": "file_deleted", "file_name": "brndlog.txt", @@ -14028,36 +13969,18 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "OneDriveMedTile.scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "hr-BA", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "dd_vcredistMSI19D2.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "es-VE", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "OneDriveMedTile.scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "DC", @@ -14076,54 +13999,24 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "versionlist.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\VersionManager", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "nb-NO", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "setup", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "OneDriveMedTile.scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Acrobat", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "OneDriveMedTile.contrast-black_scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "es-MX", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "Groove", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "fr-MA", @@ -14142,12 +14035,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users", "status": "object name collision" }, - { - "action_type": "file_created", - "file_name": "OneDriveMedTile.scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "nl-BE", @@ -14184,48 +14071,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "favicon[1].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "es-UY", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "OneDriveSmallTile.contrast-black_scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "OneDrive.VisualElementsManifest.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "8fce0f3.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "au-descriptor-1.8.0_301-b09.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "OneDriveSmallTile.contrast-black_scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Cache", @@ -14244,18 +14095,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "OneDriveMedTile.scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "OneDriveMedTile.contrast-black_scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ar-LB", @@ -14268,30 +14107,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "dd_vcredistUI19D2.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "favicon[1].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "es-DO", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "dd_vcredistMSI19D2.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "sechost.dll", @@ -14304,54 +14125,18 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "OneDriveMedTile.contrast-black_scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "de-CH", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "acrocef_low", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "en-ZA", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "8fce0f3.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "OneDriveMedTile.contrast-black_scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "a5ea21[1].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "OneDriveMedTile.scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "es-EC", @@ -14364,18 +14149,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "OneDriveMedTile.contrast-white_scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "da083887.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "DC", @@ -14388,24 +14161,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\Desktop", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "OneDriveSmallTile.contrast-black_scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "dd_vcredistUI19D2.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "uk-UA", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "sw-KE", @@ -14436,18 +14191,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "OneDriveMedTile.contrast-black_scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "dd_vcredistMSI19D2.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "DBG", @@ -14472,12 +14215,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "sr-Cyrl-RS", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ar-AE", @@ -14491,57 +14228,21 @@ Retrieve dynamic analysis results. "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "OneDriveSmallTile.scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "action_type": "file_opened", + "file_name": "CLR_v4.0", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "OneDriveMedTile.contrast-black_scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "action_type": "file_opened", + "file_name": "Adobe", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "OneDriveMedTile.contrast-white_scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "CLR_v4.0", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "OneDriveSmallTile.contrast-white_scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "Adobe", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "sr-Cyrl-ME", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "Vault", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "OneDriveMedTile.contrast-white_scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "action_type": "file_opened", + "file_name": "Vault", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", "status": "success or wait" }, { @@ -14550,36 +14251,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "OneDriveSmallTile.contrast-white_scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "iecompatdata.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "1833c4e9.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "510dd5a4.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "OneDriveSmallTile.scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "bg-BG", @@ -14616,24 +14287,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Unistore", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "ResultReport.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "dd_vcredistMSI1AE4.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "favicon[2].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "fr-CA", @@ -14646,36 +14299,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "ResultReport.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "en-JM", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "OneDriveSmallTile.contrast-white_scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "dd_vcredistUI1AE4.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "favicon[3].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Microsoft", @@ -14694,24 +14323,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "OneDriveMedTile.contrast-white_scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ar-KW", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "dd_vcredistMSI1AE4.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Application Data", @@ -14724,12 +14341,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "msapplication.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Acrobat", @@ -14742,36 +14353,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat\\DC", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "510dd5a4.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "OneDriveMedTile.contrast-white_scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "OneDriveMedTile.contrast-black_scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Cache", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "b11b460a.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ARM", @@ -14784,24 +14371,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "Internet Explorer", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Adobe", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "5fc0968a.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "cfgmgr32.dll", @@ -14820,12 +14395,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "AudioDiagnostic.debugreport.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "et-EE", @@ -14838,18 +14407,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "1833c4e9.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "update100[1].xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "fi-FI", @@ -14862,36 +14419,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "msapplication.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "ResultReport.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "Converged_v21033[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "OneDriveSmallTile.contrast-black_scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "favicon[2].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "status": "end of file" - }, { "action_type": "file_opened", "file_name": "combase.dll", @@ -14910,12 +14437,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "OneDriveSmallTile.contrast-white_scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "es-DO", @@ -14928,30 +14449,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "b11b460a.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "dd_vcredistUI1AE4.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "RPCRT4.dll", "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "705bcfd6.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "es-NI", @@ -14970,12 +14473,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "results.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "status": "success or wait" - }, { "action_type": "file_read", "file_name": "rl_file.exe:Zone.Identifier", @@ -14994,54 +14491,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "OneDriveMedTile.contrast-white_scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "OneDriveSmallTile.scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "248aaea9.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "OneDriveMedTile.contrast-black_scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "a5ea21[1].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "OneDriveMedTile.scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ARM", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "PenWorkspace", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "rl_file.exe", @@ -15060,18 +14515,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "acrord32_sbx", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "ro-MD", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "en-GB", @@ -15084,12 +14527,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "OneDriveSmallTile.contrast-black_scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ar-LB", @@ -15102,30 +14539,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "settings-tipset[2].xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "en-IN", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "5fc0968a.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "OneDriveSmallTile.scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Windows.StateRepositoryPS.dll", @@ -15144,12 +14563,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "OneDriveMedTile.scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Acrobat", @@ -15174,12 +14587,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "OneDriveMedTile.contrast-black_scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "gl-ES", @@ -15192,30 +14599,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "248aaea9.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\ARM", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "1033", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "aeb763fb.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "hy-AM", @@ -15228,18 +14617,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "OneDriveSmallTile.contrast-white_scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "favicon[1].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "KsecDD", @@ -15258,18 +14635,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "OneDriveSmallTile.contrast-white_scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "OneDriveMedTile.scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "nl-NL", @@ -15288,24 +14653,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "8fce0f3.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "OneDriveMedTile.scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "OneDriveSmallTile.scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ARM", @@ -15318,12 +14665,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "dd_vcredistUI1AE4.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, { "action_type": "file_written", "file_name": "unknown", @@ -15360,54 +14701,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "dd_vcredistMSI7855.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "Tiles", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "en-TT", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "dd_vcredistMSI7855.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "iecompatdata.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\IECompatData", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "294af3d2.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "update100[1].xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "Converged_v21033[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "el-GR", @@ -15420,24 +14719,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "AudioDiagnostic.debugreport.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "OneDrive.VisualElementsManifest.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "dd_vcredistMSI1AE4.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "msvcrt.dll", @@ -15450,12 +14731,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "OneDriveSmallTile.contrast-white_scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Application Data", @@ -15468,12 +14743,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "Sync Playlists", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "es-BO", @@ -15486,48 +14755,24 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "au-descriptor-1.8.0_301-b09.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ntdll.dll", "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "sv-SE", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ar-IQ", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "DeviceDiagnostic.debugreport.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "fr-LU", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "5fc0968a.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "DC", @@ -15540,12 +14785,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "msapplication.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "brndlog.txt", @@ -15558,36 +14797,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "OneDriveSmallTile.scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "c43bb7d1.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "OneDriveSmallTile.contrast-black_scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "active-update.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\updates\\308046B0AF4A39CB", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "dd_vcredistMSI7869.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "it-CH", @@ -15600,12 +14809,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "510dd5a4.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Adobe", @@ -15618,12 +14821,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "OneDriveSmallTile.scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "fr-CD", @@ -15660,12 +14857,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "settings-tipset[2].xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Profiles", @@ -15678,24 +14869,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "Adobe_ADMLogs", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ar-YE", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "nl-BE", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Profiles", @@ -15720,24 +14899,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "1833c4e9.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "705bcfd6.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "AudioDiagnostic.debugreport.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "es-US", @@ -15756,66 +14917,30 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "DeviceDiagnostic.debugreport.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Desktop", "file_path": "C:\\Users\\user", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "OneDriveSmallTile.contrast-white_scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "aeb763fb.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "CLR_v4.0_32", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "sr-Latn-ME", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "he-IL", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "OneDriveMedTile.contrast-white_scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "rl_file.exe:Zone.Identifier", "file_path": "C:\\Users\\user\\Desktop", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "OneDriveSmallTile.contrast-white_scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ar-AE", @@ -15828,24 +14953,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Roaming", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "4254396c.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "en-AU", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "dd_vcredistUI7855.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "CLR_v4.0", @@ -15858,18 +14971,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "AudioDiagnostic.debugreport.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "b11b460a.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Application Data", @@ -15888,12 +14989,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "active-update.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "CLR_v2.0_32", @@ -15912,12 +15007,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "OneDriveMedTile.contrast-black_scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_created", "file_name": "Caches", @@ -15936,18 +15025,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "OneDriveSmallTile.contrast-black_scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "b11b460a.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "bn-BD", @@ -15990,42 +15067,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "da083887.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "favicon[1].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "OneDriveMedTile.scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "OneDriveMedTile.scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "OneDriveMedTile.contrast-white_scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "dd_vcredistUI7855.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "pt-BR", @@ -16056,12 +15097,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "active-update.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Color", @@ -16086,18 +15121,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "favicon[2].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "sw-KE", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Adobe", @@ -16110,24 +15133,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "da083887.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "iertutil.dll", "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "OneDriveSmallTile.scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "cversions.1.db", @@ -16146,30 +15157,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "OneDriveSmallTile.contrast-white_scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "ms-MY", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "iecompatdata.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "OneDriveSmallTile.contrast-white_scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "fr-LU", @@ -16188,24 +15175,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "pt-BR", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "desktop.ini", "file_path": "C:\\Users", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "dd_vcredistUI7869.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "TokenBroker", @@ -16218,12 +15193,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "OneDriveMedTile.scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ar-SA", @@ -16236,24 +15205,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Adobe", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "versionlist.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "a5ea21[1].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "OneDriveSmallTile.scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "es-CO", @@ -16266,12 +15217,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "OneDriveSmallTile.contrast-black_scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "hr-BA", @@ -16284,48 +15229,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "dd_vcredistUI7855.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "2550435360", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Caches", "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "OneDriveSmallTile.contrast-black_scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "pl-PL", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "a5ea21[1].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU", - "status": "end of file" - }, - { - "action_type": "file_written", - "file_name": "favicon[1].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "CrashReports", @@ -16338,42 +15247,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "favicon[2].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", - "status": "end of file" - }, - { - "action_type": "file_deleted", - "file_name": "favicon[1].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Safe Browsing", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "OneDriveMedTile.contrast-black_scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "nb-NO", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "OneDriveMedTile.contrast-white_scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "lt-LT", @@ -16386,24 +15265,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "dd_vcredistUI1AE4.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "c43bb7d1.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "update100[1].xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "DC", @@ -16422,12 +15283,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "510dd5a4.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ar-EG", @@ -16446,60 +15301,18 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "dd_vcredistUI1AE4.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "OneDriveMedTile.contrast-black_scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Application Data", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "OneDriveSmallTile.scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "versionlist.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\VersionManager", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ar-SY", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "OneDriveMedTile.scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "favicon[2].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "Converged_v21033[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Temp", @@ -16518,30 +15331,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "dd_vcredistMSI1AE4.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "OneDriveMedTile.contrast-white_scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ms-BN", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "1833c4e9.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Adobe", @@ -16566,12 +15361,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "OneDriveSmallTile.scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_created", "file_name": "Start Menu", @@ -16602,108 +15391,24 @@ Retrieve dynamic analysis results. "file_path": "C:", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "dd_vcredistUI7855.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "en-IE", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "favicon[3].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "8fce0f3.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "OneDriveSmallTile.contrast-white_scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "OneDriveMedTile.contrast-black_scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "OneDriveMedTile.contrast-black_scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "nl-NL", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "OneDriveSmallTile.contrast-white_scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "de-DE", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "ResultReport.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ole32.dll", "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "OneDriveSmallTile.contrast-black_scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "dd_vcredistMSI7869.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "Cache", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\TokenBroker", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "OneDriveSmallTile.contrast-black_scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "OneDriveSmallTile.contrast-white_scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Comms", @@ -16746,30 +15451,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "OneDriveSmallTile.contrast-white_scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "OneDriveSmallTile.scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "8fce0f3.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "OneDriveSmallTile.scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "es-US", @@ -16788,24 +15469,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "favicon[3].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "en-ID", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "results.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "status": "success or wait" - }, { "action_type": "file_read", "file_name": "rl_file.exe", @@ -16813,45 +15482,15 @@ Retrieve dynamic analysis results. "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "OneDriveMedTile.scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", + "action_type": "file_opened", + "file_name": "hi-IN", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "OneDriveSmallTile.contrast-black_scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "favicon[2].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "hi-IN", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "bn-BD", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "1833c4e9.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "iecompatdata.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData", + "action_type": "file_opened", + "file_name": "bn-BD", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { @@ -16866,30 +15505,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "results.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Color", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "OneDriveSmallTile.scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "versionlist.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "de-LU", @@ -16902,24 +15523,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "OneDriveSmallTile.contrast-black_scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "CLR_v4.0_32", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "dd_vcredistUI19D2.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "OneDrive", @@ -16932,18 +15541,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "aeb763fb.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "248aaea9.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ARM", @@ -16992,12 +15589,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "4254396c.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "chrome_shutdown_ms.txt", @@ -17010,42 +15601,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "dd_vcredistUI19D2.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "settings-tipset[2].xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "OneDriveMedTile.contrast-white_scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "AudioDiagnostic.debugreport.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "dd_vcredistUI19D2.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ADVAPI32.dll", @@ -17070,36 +15631,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "dd_vcredistMSI19D2.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "favicon[3].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Unistore", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "OneDriveSmallTile.contrast-black_scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "OneDriveSmallTile.contrast-black_scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_created", "file_name": "Programs", @@ -17118,12 +15655,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "results.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ar-SY", @@ -17136,18 +15667,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "da083887.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "uz-Latn-UZ", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "de-LU", @@ -17160,12 +15679,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "Office", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "UsageLogs", @@ -17178,12 +15691,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "OneDriveSmallTile.contrast-black_scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "DC", @@ -17202,12 +15709,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "Vault", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "es-BO", @@ -17220,60 +15721,18 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "OneDriveSmallTile.contrast-black_scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "dd_vcredistMSI7855.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "OneDriveSmallTile.scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "L.user", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ConnectedDevicesPlatform", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "sr-Latn-BA", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000022600000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}", "file_path": "", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "OneDriveMedTile.contrast-white_scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "favicon[3].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "pt-PT", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, { "action_type": "file_created", "file_name": "chrome_shutdown_ms.txt.toxcrypt", @@ -17286,96 +15745,30 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "dd_vcredistUI7869.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "OneDriveMedTile.scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "b11b460a.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "active-update.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\updates\\308046B0AF4A39CB", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "en-ZW", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "OneDriveMedTile.scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "OneDriveMedTile.contrast-white_scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Color", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "OneDriveMedTile.contrast-white_scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}", "file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\ARM", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "OneDriveSmallTile.contrast-black_scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "dd_vcredistUI7869.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, { "action_type": "file_created", "file_name": "brndlog.txt.toxcrypt", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "c43bb7d1.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "favicon[3].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "WinTypes.dll", @@ -17406,12 +15799,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\Desktop", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "favicon[1].png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "status": "end of file" - }, { "action_type": "file_opened", "file_name": "fr-CH", @@ -17436,36 +15823,18 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "update100[1].xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "uk-UA", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "OneDriveMedTile.contrast-black_scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "en-BZ", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "OneDriveMedTile.scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "fr-BE", @@ -17478,18 +15847,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "OneDriveSmallTile.contrast-white_scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "msapplication.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "History.IE5", @@ -17502,60 +15859,24 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "ms-BN", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Adobe", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "705bcfd6.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ka-GE", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "OneDriveSmallTile.scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "OneDriveSmallTile.scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "MEIPreload", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "Converged_v21033[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "aeb763fb.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "12.0", @@ -17564,14 +15885,8 @@ Retrieve dynamic analysis results. }, { "action_type": "file_opened", - "file_name": "PlayReady", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "fr-CH", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", + "file_name": "fr-CH", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, { @@ -17586,12 +15901,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Adobe", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "OneDrive.VisualElementsManifest.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Adobe", @@ -17604,24 +15913,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "nn-NO", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "TaskSchedulerConfig", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "TabRoaming", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ElevatedDiagnostics", @@ -17652,60 +15943,18 @@ Retrieve dynamic analysis results. "file_path": "", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "favicon[2].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", - "status": "success or wait" - }, { "action_type": "file_written", "file_name": "brndlog.txt.toxcrypt", "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "OneDriveSmallTile.scale-200.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "Internet Explorer", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\PlayReady", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "Low", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "update100[1].xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ru-RU", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "settings-tipset[2].xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "2ab80eb2.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Profiles", @@ -17718,42 +15967,18 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "OneDriveMedTile.scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "en-029", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "sq-AL", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "Converged_v21033[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "en-CA", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_deleted", - "file_name": "2ab80eb2.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "es-CL", @@ -17778,18 +16003,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "4254396c.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "OneDriveMedTile.contrast-white_scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "az-Latn-AZ", @@ -17832,12 +16045,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Color", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "ActionCenterCache", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "SspiCli.dll", @@ -17856,54 +16063,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\WINDOWS\\SysWOW64", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "sr-Latn-RS", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "705bcfd6.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Adobe", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_opened", - "file_name": "OneDriveSmallTile.contrast-white_scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "OneDriveSmallTile.scale-100.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "dd_vcredistMSI19D2.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "OneDriveMedTile.scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "OneDriveSmallTile.contrast-black_scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "de-AT", @@ -17922,12 +16087,6 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "OneDriveMedTile.scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Application Data", @@ -17946,84 +16105,30 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "OneDriveMedTile.contrast-black_scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "S", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "iecompatdata.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\IECompatData", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "logs", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "5fc0968a.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "Cache", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "4254396c.jpg", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "de-LI", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "OneDriveSmallTile.contrast-black_scale-125.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "WindowsApps", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", "status": "success or wait" }, - { - "action_type": "file_written", - "file_name": "OneDriveSmallTile.contrast-white_scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_written", - "file_name": "OneDriveMedTile.scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "OneDriveMedTile.contrast-black_scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "lt-LT", @@ -18036,24 +16141,12 @@ Retrieve dynamic analysis results. "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_created", - "file_name": "a5ea21[1].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "ElevatedDiagnostics", "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, - { - "action_type": "file_read", - "file_name": "OneDriveSmallTile.scale-150.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "status": "success or wait" - }, { "action_type": "file_opened", "file_name": "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db", @@ -18061,36802 +16154,24883 @@ Retrieve dynamic analysis results. "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "CR_28192.tmp", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", + "action_type": "file_deleted", + "file_name": "weakrefobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "b8aa184e[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", - "status": "success or wait" - }, - { - "action_type": "file_opened", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "main.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", + "file_name": "sre_parse.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "8cafcc5f[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "fileinput.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_read", - "file_name": "7d19123f[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "objimpl.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "10379681[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "encoder.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0", + "action_type": "file_created", + "file_name": "threads.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "file_name": "struct.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "27a24753[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "calendar.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "windows-systemtoast-securityandmaintenance_249_0.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache", + "file_name": "events.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "69958a21[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_deleted", + "file_name": "parsetok.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "a0d3923c[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "pyframe.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "8cafcc5f[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "icon_128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", + "file_name": "calltip.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { "action_type": "file_read", - "file_name": "icon_16.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images", + "file_name": "NEWS.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", + "action_type": "file_read", + "file_name": "csv.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "icon_16.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", + "action_type": "file_written", + "file_name": "complexobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "43db4db3[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "rpc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "icon_128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", + "action_type": "file_written", + "file_name": "imghdr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "69958a21[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_written", + "file_name": "codeop.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "11ee0799[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_deleted", + "file_name": "fork_wait.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "page_embed_script.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", + "action_type": "file_written", + "file_name": "client.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "e3f307cb[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", + "action_type": "file_deleted", + "file_name": "oem.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "5e0abf48[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "CREDITS.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", + "action_type": "file_written", + "file_name": "abc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "359d2aee[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_deleted", + "file_name": "pystrhex.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "a2f17337[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_deleted", + "file_name": "nntplib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "1bf12095[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT", + "action_type": "file_opened", + "file_name": "mainmenu.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "dbef2181[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "ffdh3072.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "1bf12095[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT", + "file_name": "warnings.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_read", - "file_name": "5e0abf48[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "doctest.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "69958a21[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_created", + "file_name": "genobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "a2f17337[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_opened", + "file_name": "parsetok.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "craw_window.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "action_type": "file_opened", + "file_name": "gdb_sample.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "OldConvergedLogin_PCore[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU", + "file_name": "copy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "a2f17337[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_deleted", + "file_name": "copyreg.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "tracemalloc.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "a2f17337[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "file_name": "SOPHIA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "b8275b23[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_opened", + "file_name": "query.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "2743db28[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "cp1258.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "3417f6c5[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "config.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "icon_16.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", + "action_type": "file_created", + "file_name": "cp858.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "424a9e57[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_read", + "file_name": "pytime.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "1bf12095[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT", + "file_name": "imghdr.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "page_embed_script.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", + "action_type": "file_written", + "file_name": "poplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "a2f17337[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_created", + "file_name": "secrets.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "431acc73d0187c752f5885ebf2df90c0.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "action_type": "file_read", + "file_name": "warnings.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "eventpage_bin_prod.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", + "action_type": "file_deleted", + "file_name": "copy.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "53c747e0[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "cp875.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "fd45bf1d[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "mimetypes.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_read", - "file_name": "3a8048a4[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "file_name": "import.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "b8275b23[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_opened", + "file_name": "cp1251.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "craw_window.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "file_name": "traceback.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "48a99eae[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "pystrtod.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "7d19123f[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "imghdr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "OldConvergedLogin_PCore[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU", + "file_name": "intrcheck.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "icon_128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", + "file_name": "cp932.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "b8aa184e[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_written", + "file_name": "idle.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "IECompatData.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat", + "action_type": "file_deleted", + "file_name": "bisect_cmd.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "045d3532[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "SettingsCache.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache", + "file_name": "wave.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "dbef2181[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_written", + "file_name": "opcode.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "5e0abf48[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_read", + "file_name": "memoryobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "known_providers_download_v1[1].xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", + "action_type": "file_created", + "file_name": "iomenu.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", + "action_type": "file_written", + "file_name": "keycert2.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "181f4d7eabe2d441119af774407152dd.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "action_type": "file_written", + "file_name": "bisect.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "69958a21[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_opened", + "file_name": "cp1250.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "OldConvergedLogin_PCore[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU", + "action_type": "file_opened", + "file_name": "Reader", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "8636b4dd[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0", + "file_name": "LICENSE.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "craw_background.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "action_type": "file_written", + "file_name": "ipaddress.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "a2f17337[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_written", + "file_name": "dbapi2.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "045d3532[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "pydebug.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "03cedd2d[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "textwrap.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "7d19123f[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "Reader", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "2743db28[2].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_read", + "file_name": "weakrefobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "page_embed_script.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", + "action_type": "file_written", + "file_name": "Python.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", + "file_name": "config.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "0c3a2f0b[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_written", + "file_name": "weakref.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "icon_16.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", + "action_type": "file_written", + "file_name": "lzma.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "OldConvergedLogin_PCore[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU", + "action_type": "file_created", + "file_name": "pymem.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "craw_window.css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css", + "action_type": "file_created", + "file_name": "listobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "IECompatData.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat", + "action_type": "file_created", + "file_name": "osmodule.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "OldConvergedLogin_PCore[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU", + "action_type": "file_created", + "file_name": "cp273.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "OldConvergedLogin_PCore[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU", + "action_type": "file_created", + "file_name": "genericpath.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "icon_128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images", + "action_type": "file_opened", + "file_name": "os.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "craw_window.css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css", + "file_name": "moduleobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "0c3a2f0b[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "bltinmodule.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "page_embed_script.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", + "file_name": "tempfile.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "page_embed_script.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", + "action_type": "file_opened", + "file_name": "cmd.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "8636b4dd[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "debugobj.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "a9486108724e44ae4e34492b400fcd5c.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "action_type": "file_written", + "file_name": "pkgutil.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "69958a21[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "file_name": "turtle.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0", + "file_name": "numbers.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "main.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", + "action_type": "file_deleted", + "file_name": "abc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "96c26e78[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_read", + "file_name": "pydebug.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "craw_window.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0", + "action_type": "file_created", + "file_name": "import.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "359d2aee[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "utils.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "ConvergedLoginPaginatedStrings.EN[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", + "file_name": "pprint.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "8cafcc5f[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "bytesobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "2743db28[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_opened", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "424a9e57[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "sunau.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "8cafcc5f[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "_collections_abc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "IECompatData.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat", + "action_type": "file_created", + "file_name": "patcomp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "main.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", + "action_type": "file_deleted", + "file_name": "_py_abc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "SettingsCache.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache", + "action_type": "file_opened", + "file_name": "traceback.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "03cedd2d[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_deleted", + "file_name": "formatter.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "craw_window.css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css", + "action_type": "file_deleted", + "file_name": "lzma.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "a2f17337[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "file_name": "bad_getattr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "icon_16.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", + "file_name": "cp1253.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "a0d3923c[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_deleted", + "file_name": "enumobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "181f4d7eabe2d441119af774407152dd.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "action_type": "file_created", + "file_name": "pyclbr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "action_type": "file_written", + "file_name": "optparse.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "424a9e57[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "codecs.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "page_embed_script.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", + "action_type": "file_created", + "file_name": "debugger.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "5e0abf48[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_deleted", + "file_name": "cp1125.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "eventpage_bin_prod.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", + "action_type": "file_opened", + "file_name": "uuid.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "1bf12095[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT", + "action_type": "file_opened", + "file_name": "cache", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "page_embed_script.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", + "action_type": "file_written", + "file_name": "cp1140.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "craw_background.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "action_type": "file_opened", + "file_name": "cp856.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "dbef2181[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_deleted", + "file_name": "dbapi2.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "2743db28[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "errors.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "main.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", + "action_type": "file_opened", + "file_name": "posixpath.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "0c3a2f0b[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "ann_module6.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "045d3532[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_written", + "file_name": "context.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0", + "file_name": "window.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "icon_16.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", + "action_type": "file_written", + "file_name": "_sitebuiltins.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "69958a21[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_opened", + "file_name": "ann_module5.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "dbef2181[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_written", + "file_name": "queue.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "a2f17337[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_deleted", + "file_name": "cp1255.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "2743db28[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "file_name": "message.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "96c26e78[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "random.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "a0d3923c[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "abc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\importlib", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "eventpage_bin_prod.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", + "file_name": "squeezer.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "eventpage_bin_prod.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", + "file_name": "has_key.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "3417f6c5[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "bad_getattr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "main.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", + "action_type": "file_deleted", + "file_name": "ann_module7.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", + "file_name": "message.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "b8275b23[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_read", + "file_name": "abc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "file_name": "dump.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "69958a21[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_written", + "file_name": "py_compile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "a9486108724e44ae4e34492b400fcd5c.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "action_type": "file_deleted", + "file_name": "poplib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_read", - "file_name": "b8aa184e[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "file_name": "opcode.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "eventpage_bin_prod.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", + "action_type": "file_created", + "file_name": "sysconfig.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_read", - "file_name": "eventpage_bin_prod.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", + "file_name": "pymacro.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0", + "file_name": "parsetok.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "b8aa184e[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "file_name": "filecmp.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "windows-systemtoast-securityandmaintenance_249_0.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache", + "action_type": "file_opened", + "file_name": "_markupbase.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "action_type": "file_written", + "file_name": "cp864.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "OldConvergedLogin_PCore[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU", + "action_type": "file_written", + "file_name": "ann_module7.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "27a24753[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_written", + "file_name": "ann_module.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "craw_background.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0", + "action_type": "file_deleted", + "file_name": "eval.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "action_type": "file_opened", + "file_name": "koi8_u.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "main.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", + "action_type": "file_deleted", + "file_name": "sunau.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "e3f307cb[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "undo.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "GrShaderCache", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "FlightingLogging.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "icon_16.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", + "file_name": "pstats.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0", + "action_type": "file_opened", + "file_name": "zzdummy.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "icon_16.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images", + "file_name": "pdb.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "43db4db3[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_written", + "file_name": "trsock.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "icon_16.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", + "action_type": "file_written", + "file_name": "cellobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "windows-systemtoast-securityandmaintenance_244_0.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache", + "file_name": "_compat_pickle.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "10379681[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "plistlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "0c3a2f0b[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "cp1252.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "pydtrace.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "file_name": "socket.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "file_name": "util.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "f60c0b47[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_deleted", + "file_name": "frameobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "futures.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0", + "file_name": "_py_abc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "windows-systemtoast-securityandmaintenance_244_0.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache", + "action_type": "file_deleted", + "file_name": "list_tests.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "ConvergedLoginPaginatedStrings.EN[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", + "file_name": "gb2312.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "known_providers_download_v1[1].xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", + "file_name": "bad_coding.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", + "action_type": "file_written", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "5e0abf48[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "graphlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "e3f307cb[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "codeop.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "icon_16.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images", + "action_type": "file_created", + "file_name": "hmac.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "03cedd2d[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "sunau.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "known_providers_download_v1[1].xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", + "action_type": "file_written", + "file_name": "euc_kr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "ConvergedLoginPaginatedStrings.EN[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", + "action_type": "file_deleted", + "file_name": "euc_kr.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "windows-systemtoast-securityandmaintenance_249_0.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache", + "file_name": "big5.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "a9486108724e44ae4e34492b400fcd5c.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "file_name": "filecmp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "icon_128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", + "file_name": "nturl2path.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "ConvergedLoginPaginatedStrings.EN[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", + "action_type": "file_opened", + "file_name": "profile.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "shutil.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "424a9e57[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "parser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "9db0f1a3[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "socket.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "text.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "2743db28[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "keycertecc.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "main.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", + "action_type": "file_opened", + "file_name": "schema.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0", + "action_type": "file_written", + "file_name": "base64.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "SettingsCache.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache", + "file_name": "_endian.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "eventpage_bin_prod.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", + "action_type": "file_written", + "file_name": "gzip.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "icon_16.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", + "action_type": "file_written", + "file_name": "pickletools.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "b8275b23[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_created", + "file_name": "queues.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "b8aa184e[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_written", + "file_name": "pythread.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "icon_128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images", + "file_name": "utils.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "craw_window.css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css", + "action_type": "file_deleted", + "file_name": "weakref.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "file_name": "boolobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "OneDriveSmallTile.contrast-white_scale-400.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "file_name": "bdb.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "3417f6c5[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "runpy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "359d2aee[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_written", + "file_name": "methodobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "icon_128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", + "action_type": "file_written", + "file_name": "ftplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "FlightingLogging.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting", + "file_name": "code.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "windows-systemtoast-securityandmaintenance_244_0.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache", + "file_name": "query.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "icon_16.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", + "file_name": "modulefinder.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "43db4db3[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_deleted", + "file_name": "symtable.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_read", - "file_name": "craw_background.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "file_name": "Python-ast.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "craw_window.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0", + "action_type": "file_created", + "file_name": "cellobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "OldConvergedLogin_PCore[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU", + "action_type": "file_deleted", + "file_name": "base.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "2743db28[2].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_deleted", + "file_name": "typing.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "9db0f1a3[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_written", + "file_name": "iomenu.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "48a99eae[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "pyport.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "icon_128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images", + "file_name": "datetime.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "icon_16.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", + "file_name": "sslproto.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "b8275b23[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_deleted", + "file_name": "threads.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "b8aa184e[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_deleted", + "file_name": "cp863.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0", + "action_type": "file_created", + "file_name": "uuid.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "431acc73d0187c752f5885ebf2df90c0.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "action_type": "file_read", + "file_name": "aifc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "eventpage_bin_prod.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", + "action_type": "file_deleted", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "69958a21[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "file_name": "_pydecimal.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "ConvergedLoginPaginatedStrings.EN[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", + "action_type": "file_created", + "file_name": "johab.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "craw_window.css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css", + "action_type": "file_opened", + "file_name": "ieee754.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "craw_background.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0", + "action_type": "file_created", + "file_name": "profile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "page_embed_script.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", + "action_type": "file_opened", + "file_name": "pkgutil.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "43db4db3[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "hyphen-data", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "69958a21[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_read", + "file_name": "bdb.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "2743db28[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_written", + "file_name": "shelve.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "craw_background.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0", + "file_name": "crypt.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "a0d3923c[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "subprocess.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "3a8048a4[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "file_name": "genericpath.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0", + "action_type": "file_written", + "file_name": "gb2312.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "file_name": "parser.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "functools.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "IECompatData.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat", + "file_name": "chunk.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "53c747e0[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "string.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "craw_window.css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css", + "action_type": "file_read", + "file_name": "tupleobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "9db0f1a3[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_deleted", + "file_name": "modulefinder.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "tupleobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "file_name": "netrc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0", + "action_type": "file_created", + "file_name": "big5.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "431acc73d0187c752f5885ebf2df90c0.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "action_type": "file_deleted", + "file_name": "genobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "96c26e78[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "pyfpe.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "fd45bf1d[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "compileall.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "ConvergedLoginPaginatedStrings.EN[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", + "file_name": "telnetlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "icon_128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", + "action_type": "file_opened", + "file_name": "Files", + "file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "main.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", + "file_name": "dist.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "2743db28[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "cp1251.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "craw_window.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "action_type": "file_opened", + "file_name": "config.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "045d3532[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_deleted", + "file_name": "NEWS2x.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "a9486108724e44ae4e34492b400fcd5c.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "file_name": "_logs", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\npm-cache", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "page_embed_script.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", + "action_type": "file_opened", + "file_name": "compile.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "424a9e57[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_deleted", + "file_name": "cp865.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "3a8048a4[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "file_name": "structseq.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "fd45bf1d[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "cp1255.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "7d19123f[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "pydebug.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "icon_16.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", + "file_name": "cp037.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "11ee0799[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "ipaddress.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "icon_128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images", + "action_type": "file_deleted", + "file_name": "bytesobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0", + "action_type": "file_written", + "file_name": "tracemalloc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "icon_16.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", + "action_type": "file_created", + "file_name": "queue.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "10379681[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "pymem.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "69958a21[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_deleted", + "file_name": "pythread.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0", + "file_name": "dd_SetupUtility.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "48a99eae[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "cp858.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", + "action_type": "file_created", + "file_name": "tarfile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "48a99eae[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_deleted", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "f60c0b47[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "pymacconfig.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "OldConvergedLogin_PCore[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU", + "action_type": "file_opened", + "file_name": "SOPHIA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "craw_window.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0", + "file_name": "format.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "main.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", + "action_type": "file_read", + "file_name": "py_curses.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "eventpage_bin_prod.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", + "file_name": "help.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "craw_background.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "action_type": "file_opened", + "file_name": "nturl2path.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "9db0f1a3[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_written", + "file_name": "heapq.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "3a8048a4[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_opened", + "file_name": "linecache.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "03cedd2d[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_read", + "file_name": "formatter.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "8cafcc5f[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "errors.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "3a8048a4[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_created", + "file_name": "code.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "43db4db3[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "symtable.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "file_name": "panel.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "FlightingLogging.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting", + "action_type": "file_deleted", + "file_name": "py_curses.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "windows-systemtoast-securityandmaintenance_244_0.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache", + "action_type": "file_written", + "file_name": "cookiejar.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "action_type": "file_deleted", + "file_name": "datetime.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "b8aa184e[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_created", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "known_providers_download_v1[1].xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", + "action_type": "file_opened", + "file_name": "heapq.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "windows-systemtoast-securityandmaintenance_249_0.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache", + "file_name": "datetime.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0", + "action_type": "file_created", + "file_name": "cp949.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "3a8048a4[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "file_name": "mailbox.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "8636b4dd[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "tracemalloc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "SettingsCache.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache", + "action_type": "file_deleted", + "file_name": "charset.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "27a24753[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "classobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_read", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0", + "file_name": "fnmatch.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "69958a21[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_written", + "file_name": "events.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp864.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "IECompatData.xml", - "file_path": "C:\\Users\\user\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat", + "file_name": "osdefs.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "8636b4dd[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_deleted", + "file_name": "Outlook.pst", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Outlook", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "96c26e78[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "bitset.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "a0d3923c[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "mimetypes.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "b8275b23[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "file_name": "cookiejar.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "craw_window.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0", + "action_type": "file_deleted", + "file_name": "cookiejar.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "action_type": "file_opened", + "file_name": "cp864.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0", + "action_type": "file_opened", + "file_name": "iterators.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0", + "action_type": "file_opened", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "69958a21[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "file_name": "futures.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "03cedd2d[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_deleted", + "file_name": "mailbox.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "3417f6c5[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "badcert.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "a9486108724e44ae4e34492b400fcd5c.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "file_name": "locale.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0", + "file_name": "bad_coding2.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "icon_16.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", + "file_name": "ann_module3.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "10379681[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_written", + "file_name": "platform.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "main.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", + "file_name": "debugger.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "b8275b23[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_written", + "file_name": "utf_32.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "b8aa184e[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "file_name": "NEWS2x.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "craw_background.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0", + "file_name": "ann_module2.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "a2f17337[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_created", + "file_name": "image.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "181f4d7eabe2d441119af774407152dd.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "action_type": "file_written", + "file_name": "pydtrace.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "431acc73d0187c752f5885ebf2df90c0.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "file_name": "imghdr.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "action_type": "file_deleted", + "file_name": "fileinput.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", + "file_name": "ast.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "OldConvergedLogin_PCore[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU", + "action_type": "file_deleted", + "file_name": "policy.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", "status": "success or wait" }, { "action_type": "file_read", - "file_name": "10379681[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "contextlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "69958a21[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_written", + "file_name": "outwin.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "f60c0b47[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "kz1048.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0", + "action_type": "file_created", + "file_name": "entities.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "96c26e78[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "zipapp.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "f60c0b47[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "_py_abc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "2743db28[2].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_opened", + "file_name": "pip", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "48a99eae[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "iterators.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "9db0f1a3[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "contextlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "icon_128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", - "status": "success or wait" - }, - { - "action_type": "file_read", - "file_name": "2743db28[2].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "file_name": "base64.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "windows-systemtoast-securityandmaintenance_249_0.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache", + "action_type": "file_deleted", + "file_name": "cgi.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "main.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", + "action_type": "file_written", + "file_name": "odictobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "11ee0799[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "oem.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "2743db28[2].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_deleted", + "file_name": "pyframe.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0", + "file_name": "imp_dummy.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "craw_window.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "action_type": "file_written", + "file_name": "rpc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "fd45bf1d[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_written", + "file_name": "cProfile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "ConvergedLoginPaginatedStrings.EN[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", + "action_type": "file_written", + "file_name": "_threading_local.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "181f4d7eabe2d441119af774407152dd.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "action_type": "file_deleted", + "file_name": "ceval.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", + "action_type": "file_created", + "file_name": "final_b.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "3a8048a4[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "file_name": "shelve.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "8636b4dd[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "abc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\importlib", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "53c747e0[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "coding20731.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "FlightingLogging.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting", + "action_type": "file_opened", + "file_name": "parser.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0", + "action_type": "file_opened", + "file_name": "osmodule.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "icon_128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", + "file_name": "kz1048.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "dis_module.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "ConvergedLoginPaginatedStrings.EN[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", + "file_name": "asdl.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "27a24753[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_deleted", + "file_name": "ann_module6.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "re.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "3a8048a4[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "file_name": "bdb.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "7d19123f[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "getpass.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "fd45bf1d[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "io.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "3a8048a4[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_created", + "file_name": "ast.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "11ee0799[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "aifc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "action_type": "file_written", + "file_name": "copy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "3a8048a4[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "file_name": "textview.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "b8275b23[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_written", + "file_name": "coding20731.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "045d3532[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_written", + "file_name": "ascii.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "craw_window.css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css", + "file_name": "operator.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "icon_128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", + "action_type": "file_opened", + "file_name": "inspect.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "359d2aee[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "exports.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "359d2aee[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "status": "success or wait" - }, - { - "action_type": "file_created", - "file_name": "b8aa184e[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "file_name": "koi8_t.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "ConvergedLoginPaginatedStrings.EN[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", + "action_type": "file_opened", + "file_name": "pathlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0", + "file_name": "objimpl.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "dbef2181[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "cp950.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "2743db28[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_written", + "file_name": "undo.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "icon_128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", + "action_type": "file_opened", + "file_name": "poplib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "e3f307cb[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "Files", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "icon_16.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images", + "action_type": "file_opened", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", + "action_type": "file_created", + "file_name": "policy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "main.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", + "action_type": "file_created", + "file_name": "binhex.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "FlightingLogging.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting", + "file_name": "dump.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "craw_window.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "action_type": "file_deleted", + "file_name": "floatobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "craw_window.css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css", + "action_type": "file_deleted", + "file_name": "idna.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "icon_16.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", + "action_type": "file_read", + "file_name": "token.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "3417f6c5[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "socketserver.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "b8275b23[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "file_name": "rlcompleter.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "eventpage_bin_prod.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", + "action_type": "file_written", + "file_name": "contextlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "craw_background.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "action_type": "file_opened", + "file_name": "struct.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "f60c0b47[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "cp863.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "craw_window.css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css", + "file_name": "gettext.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "181f4d7eabe2d441119af774407152dd.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "action_type": "file_written", + "file_name": "_collections_abc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0", + "action_type": "file_created", + "file_name": "idle.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { "action_type": "file_read", - "file_name": "2743db28[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", - "status": "success or wait" - }, - { - "action_type": "file_deleted", - "file_name": "69958a21[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "file_name": "bisect.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "431acc73d0187c752f5885ebf2df90c0.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "action_type": "file_created", + "file_name": "symbol.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "53c747e0[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_opened", + "file_name": "cp737.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "windows-systemtoast-securityandmaintenance_244_0.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache", + "action_type": "file_written", + "file_name": "pyport.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "craw_background.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0", + "action_type": "file_written", + "file_name": "ann_module2.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "2743db28[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_written", + "file_name": "descrobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", + "action_type": "file_written", + "file_name": "charset.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "known_providers_download_v1[1].xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", + "file_name": "filelist.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { "action_type": "file_created", - "file_name": "icon_16.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images", + "file_name": "tokenize.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "SettingsCache.txt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache", + "file_name": "pyhash.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_read", - "file_name": "69958a21[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "file_name": "typeslots.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "1bf12095[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT", + "action_type": "file_deleted", + "file_name": "util.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "icon_128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", + "file_name": "aifc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "b8275b23[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_written", + "file_name": "cp1256.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "0c3a2f0b[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_deleted", + "file_name": "cp1026.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0", + "action_type": "file_opened", + "file_name": "__main__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "b8aa184e[2].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", + "action_type": "file_created", + "file_name": "tracemalloc.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_read", - "file_name": "53c747e0[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "action_type": "file_created", + "file_name": "_aix.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "craw_window.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "main.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", + "file_name": "rangeobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "icon_128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", + "action_type": "file_written", + "file_name": "johab.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "main.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", + "action_type": "file_deleted", + "file_name": "kz1048.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "11ee0799[1].css", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "tree.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "osdefs.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "asdl.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "oem.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "icon_128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", + "file_name": "quoprimime.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", "status": "success or wait" }, { "action_type": "file_written", - "file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", + "file_name": "cmd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", + "action_type": "file_written", + "file_name": "__main__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "icon_128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", + "action_type": "file_written", + "file_name": "smtpd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "file_opened", - "file_name": "icon_128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", + "action_type": "file_created", + "file_name": "utf_32.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "icon_16.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", + "file_name": "bad_getattr.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "a2f17337[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", + "action_type": "file_written", + "file_name": "pymacconfig.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_opened", - "file_name": "icon_128.png", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images", + "file_name": "symtable.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_written", - "file_name": "ConvergedLoginPaginatedStrings.EN[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", + "action_type": "file_read", + "file_name": "pyframe.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "file_created", - "file_name": "page_embed_script.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", + "action_type": "file_opened", + "file_name": "replace.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "file_deleted", - "file_name": "main.js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", + "action_type": "file_read", + "file_name": "pyconfig.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { "action_type": "file_deleted", - "file_name": "e3f307cb[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "ann_module2.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { "action_type": "file_read", - "file_name": "27a24753[1].js", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", + "file_name": "rangeobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" - } - ], - "modules_loaded": [ + }, { - "module_name": "C:\\Windows\\SysWOW64\\oleaut32.dll", - "module_tag": "" + "action_type": "file_read", + "file_name": "graminit.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\msvcp_win.dll", - "module_tag": "" + "action_type": "file_written", + "file_name": "cp865.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\SspiCli.dll", - "module_tag": "" + "action_type": "file_opened", + "file_name": "gzip.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\RPCRT4.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "telnetlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\WS2_32.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "undo.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2", - "module_tag": "" + "action_type": "file_opened", + "file_name": "cp424.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\USER32.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "_markupbase.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\combase.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "gnu.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\win32u.dll", - "module_tag": "" + "action_type": "file_written", + "file_name": "NEWS2x.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db", - "module_tag": "" + "action_type": "file_created", + "file_name": "signal.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\windows.storage.dll", - "module_tag": "" + "action_type": "file_created", + "file_name": "koi8_r.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\propsys.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "graphlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\OLEAUT32.dll", - "module_tag": "" + "action_type": "file_created", + "file_name": "sched.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\PROPSYS.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "bisect.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\iertutil.dll", - "module_tag": "" + "action_type": "file_opened", + "file_name": "dbapi2.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\rsaenh.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "heapq.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\KERNELBASE.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "encoders.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\FLTLIB.DLL", - "module_tag": "" + "action_type": "file_written", + "file_name": "marshal.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\Windows.StateRepositoryPS.dll", - "module_tag": "" + "action_type": "file_opened", + "file_name": "glob.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\apphelp.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "smtplib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls", - "module_tag": "" + "action_type": "file_created", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\uxtheme.dll", - "module_tag": "" + "action_type": "file_opened", + "file_name": "modsupport.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters", - "module_tag": "" + "action_type": "file_written", + "file_name": "gdb_sample.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\windows_shell_global_counters", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "zipfile.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\IMM32.DLL", - "module_tag": "" + "action_type": "file_opened", + "file_name": "gbk.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\CRYPTSP.dll", - "module_tag": "" + "action_type": "file_written", + "file_name": "bltinmodule.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\imm32.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "config.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\kernel32.dll", - "module_tag": "" + "action_type": "file_written", + "file_name": "ssl.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1", - "module_tag": "" + "action_type": "file_opened", + "file_name": "zipapp.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\kernel.appcore.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "dataclasses.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\bcryptPrimitives.dll", - "module_tag": "" + "action_type": "file_read", + "file_name": "difflib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\powrprof.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "traceback.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\bcrypt.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "pstats.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\msvcrt.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "mimetypes.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\CLDAPI.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "xdrlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\rsaenh.dll", - "module_tag": "" + "action_type": "file_read", + "file_name": "floatobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "module_name": "\\KnownDlls\\wow64.dll", - "module_tag": "" + "action_type": "file_created", + "file_name": "cp424.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\bcrypt.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "sysconfig.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\iertutil.dll", - "module_tag": "" + "action_type": "file_written", + "file_name": "badcert.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\sechost.dll", - "module_tag": "" + "action_type": "file_read", + "file_name": "cProfile.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "unknown", - "module_tag": "" + "action_type": "file_written", + "file_name": "cp863.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "module_name": "\\KnownDlls\\wow64log.dll", - "module_tag": "" + "action_type": "file_opened", + "file_name": "base.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\apphelp.dll", - "module_tag": "" + "action_type": "file_opened", + "file_name": "Files", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\WinTypes.dll", - "module_tag": "" + "action_type": "file_created", + "file_name": "generator.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro", - "module_tag": "" + "action_type": "file_created", + "file_name": "cp1253.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "module_name": "\\KnownDlls\\wow64cpu.dll", - "module_tag": "" + "action_type": "file_written", + "file_name": "parsetok.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db", - "module_tag": "" + "action_type": "file_read", + "file_name": "base64.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\edputil.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "decimal.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls\\wow64win.dll", - "module_tag": "" + "action_type": "file_opened", + "file_name": "LICENSE.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\clbcatq.dll", - "module_tag": "" + "action_type": "file_read", + "file_name": "pymem.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\UrlZonesSM_user", - "module_tag": "" + "action_type": "file_written", + "file_name": "code.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\shlwapi.dll", - "module_tag": "" + "action_type": "file_opened", + "file_name": "cp865.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\ucrtbase.dll", - "module_tag": "" + "action_type": "file_opened", + "file_name": "policy.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\profapi.dll", - "module_tag": "" + "action_type": "file_created", + "file_name": "compileall.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\KERNEL32.DLL", - "module_tag": "" + "action_type": "file_created", + "file_name": "gzip.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\Windows.StateRepositoryPS.dll", - "module_tag": "" + "action_type": "file_written", + "file_name": "_aix.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\cldapi.dll", - "module_tag": "" + "action_type": "file_written", + "file_name": "filecmp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\GDI32.dll", - "module_tag": "" + "action_type": "file_created", + "file_name": "codeop.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\cryptsp.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "extend.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\WININET.DLL", - "module_tag": "" + "action_type": "file_read", + "file_name": "enum.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\wininet.dll", - "module_tag": "" + "action_type": "file_opened", + "file_name": "pystate.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\WinTypes.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "text.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\urlmon.dll", - "module_tag": "" + "action_type": "file_opened", + "file_name": "generator.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\en-US\\propsys.dll.mui", - "module_tag": "" + "action_type": "file_written", + "file_name": "patchlevel.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "editor.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\cfgmgr32.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "cp737.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\edputil.dll", - "module_tag": "" + "action_type": "file_opened", + "file_name": "NEWS.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\uxtheme.dll", - "module_tag": "" + "action_type": "file_written", + "file_name": "cp500.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\shcore.dll", - "module_tag": "" + "action_type": "file_deleted", + "file_name": "_compat_pickle.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro", - "module_tag": "" + "action_type": "file_read", + "file_name": "pystate.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\SHELL32.DLL", - "module_tag": "" + "action_type": "file_opened", + "file_name": "euc_jp.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__", - "module_tag": "" + "action_type": "file_opened", + "file_name": "idna.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\SysWOW64\\urlmon.dll", - "module_tag": "" + "action_type": "file_written", + "file_name": "glob.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\apppatch\\sysmain.sdb", - "module_tag": "" + "action_type": "file_written", + "file_name": "sliceobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "module_name": "\\Sessions\\1\\Windows\\SharedSection", - "module_tag": "" + "action_type": "file_created", + "file_name": "_sitebuiltins.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "module_name": "C:\\Windows\\Registration\\R000000000013.clb", - "module_tag": "" + "action_type": "file_written", + "file_name": "pygram.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\CRYPTBASE.dll", - "module_tag": "" + "action_type": "file_written", + "file_name": "cp1253.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db", - "module_tag": "" + "action_type": "file_written", + "file_name": "cp424.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\gdi32full.dll", - "module_tag": "" + "action_type": "file_created", + "file_name": "fileobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\ADVAPI32.dll", - "module_tag": "" + "action_type": "file_opened", + "file_name": "trsock.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" }, { - "module_name": "\\KnownDlls32\\ole32.dll", - "module_tag": "" - } - ], - "mutex_actions": [ - { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key", + "action_type": "file_opened", + "file_name": "server.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem", + "action_type": "file_opened", + "file_name": "eval.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\Global\\SyncRootManager", + "action_type": "file_deleted", + "file_name": "cp775.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt", + "action_type": "file_opened", + "file_name": "browser.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem", + "action_type": "file_opened", + "file_name": "macosx.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem", + "action_type": "file_created", + "file_name": "fnmatch.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem", + "action_type": "file_opened", + "file_name": "debug.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key", + "action_type": "file_opened", + "file_name": "pyexpat.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__terminate_handler_sh", + "action_type": "file_deleted", + "file_name": "reprlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem", + "action_type": "file_created", + "file_name": "cookiejar.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex", - "status": "object name exists" + "action_type": "file_opened", + "file_name": "Reader", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA", + "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock", + "action_type": "file_written", + "file_name": "longobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem", + "action_type": "file_created", + "file_name": "xdrlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__unexpected_handler_sh", + "action_type": "file_written", + "file_name": "eval.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once", + "action_type": "file_created", + "file_name": "exports.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex", - "status": "object name exists" + "action_type": "file_read", + "file_name": "bltinmodule.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem", + "action_type": "file_read", + "file_name": "heapq.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem", + "action_type": "file_written", + "file_name": "tmpjnl2abyncacert.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem", + "action_type": "file_deleted", + "file_name": "stat.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock", + "action_type": "file_deleted", + "file_name": "final_b.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem", + "action_type": "file_created", + "file_name": "cp1258.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem", + "action_type": "file_created", + "file_name": "pyconfig.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem", + "action_type": "file_deleted", + "file_name": "abstract.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem", + "action_type": "file_created", + "file_name": "heapq.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem", + "action_type": "file_deleted", + "file_name": "koi8_t.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem", + "action_type": "file_read", + "file_name": "listobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem", + "action_type": "file_written", + "file_name": "sunau.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-init", + "action_type": "file_opened", + "file_name": "ast.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem", + "action_type": "file_created", + "file_name": "sslproto.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem", + "action_type": "file_opened", + "file_name": "reprlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3080:168:WilStaging_02", + "action_type": "file_deleted", + "file_name": "ndbm.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm", "status": "success or wait" }, { - "action_type": "mutex_created", - "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3080:64:WilError_01", + "action_type": "file_deleted", + "file_name": "calltip.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" - } - ], - "process": { - "name": "rl_file.exe", - "parameters": "C:\\Users\\user\\Desktop\\rl_file.exe" - }, - "process_actions": [ + }, { - "action_type": "process_created", - "path": "C:\\Users\\user\\Desktop\\rl_file.exe", + "action_type": "file_deleted", + "file_name": "bad_coding2.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", "status": "success or wait" }, { - "action_type": "process_queried", - "path": "C:\\Users\\user\\Desktop\\rl_file.exe", + "action_type": "file_created", + "file_name": "NEWS.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", "status": "success or wait" - } - ], - "registry_actions": [ + }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\LocalServer32", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "enumobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "frameobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "linecache.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\DocObject", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "object.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "timeit.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "secrets.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", - "status": "buffer overflow", - "value": "" + "action_type": "file_created", + "file_name": "ann_module3.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "tupleobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "decimal.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "token.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "structmember.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "cp858.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "cp874.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\TreatAs", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "stringprep.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Internet Explorer\\Main", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "SOPHIA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", - "status": "success or wait", - "value": "" + "action_type": "file_read", + "file_name": "pyfpe.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\BrowseInPlace", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "cp875.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\.exe", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "code.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{00000323-0000-0000-C000-000000000046}", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "panel.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "search.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "ffdh3072.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "idna.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "cp037.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0000032A-0000-0000-C000-000000000046}", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "streams.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "cp1125.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\rl_file.exe", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "shelve.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\NULL", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "dis.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\BrowseInPlace", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "pyhash.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\.exe", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "_compression.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\Folder\\Clsid", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "timeit.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Disable8And16BitMitigation", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "enumobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "cp1255.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocServer32", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "operator.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocHandler", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "cp875.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "__main__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "kz1048.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "format.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocHandler32", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "Files", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "mailcap.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "optparse.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "parser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "abstract.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "bytesobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\Directory\\ShellEx\\IconHandler", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "dist.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "Python-ast.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Policies\\Microsoft\\WindowsStore", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "ftplib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\IconHandler", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "lzma.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\Drive\\shellex\\FolderExtensions", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "asynchat.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "audiotests.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AllFilesystemObjects", - "status": "success or wait", - "value": "" + "action_type": "file_read", + "file_name": "datetime.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "datetime.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLEAUT", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "query.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\exefile", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "pickletools.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "pymem.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "SOPHIA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}", - "status": "buffer overflow", - "value": "" + "action_type": "file_written", + "file_name": "ann_module5.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\LocalServer", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "Files", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "textwrap.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "osmodule.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Drive\\shellex\\FolderExtensions", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "traceback.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocServer32", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "Python", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "webbrowser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "ntpath.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "pathlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "rot_13.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\LocalServer", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "calendar.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InProcServer32", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "binhex.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "warnings.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\Folder", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "config.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PropertyBag", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "operator.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "__phello__.foo.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "datetime.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "policy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\NULL", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "Files", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}", - "status": "success or wait", - "value": "" + "action_type": "file_read", + "file_name": "getpass.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "compile.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\TreatAs", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "structmember.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US", - "status": "success or wait", - "value": "" + "action_type": "file_read", + "file_name": "moduleobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}", - "status": "buffer overflow", - "value": "" + "action_type": "file_deleted", + "file_name": "text.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "util.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "objimpl.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\LocalServer32", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "boolobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "sre_compile.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-602200000000}\\", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "allsans.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{75847177-f077-4171-bd2c-a6bb2164fbd0}\\InProcServer32", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "Reader", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "base64mime.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "entities.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "binhex.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "moduleobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "audio.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "palmos.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE\\Diagnosis", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "py_compile.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\Instance", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "_sitebuiltins.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "config.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows NT\\Rpc", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "pathlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "koi8_u.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\.exe", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "pythonrun.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "decoder.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached", - "status": "buffer overflow", - "value": "" + "action_type": "file_deleted", + "file_name": "pylifecycle.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\BrowseInPlace", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "log.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "uuid.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\Elevation", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "keycert4.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\Elevation", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "sliceobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "has_key.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocServer32", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "entities.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "config.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "zzdummy.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\Clsid", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "pymacconfig.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "plistlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "__main__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "bisect.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocServer32", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "crypt.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{1649D1CF-DEAF-4A68-ABE8-5C9F68572FD1}\\InProcServer32", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "run.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "code.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "tmpjnl2abyncacert.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "coding20731.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "errors.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "idna.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\Directory", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "colorsys.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InProcServer32", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "codeop.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "text.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl", - "status": "success or wait", - "value": "" + "action_type": "file_read", + "file_name": "cellobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "log.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER_Classes\\Directory", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "pyerrors.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "ast.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\Clsid", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "inspect.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\AppCompat", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "cp850.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "decimal.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "mailcap.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "cp1255.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "graphlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "doctest.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocHandler", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "csv.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "keycert.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocHandler32", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "abc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\collections", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "threading.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "fnmatch.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "imp_dummy.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001", - "status": "buffer overflow", - "value": "" + "action_type": "file_opened", + "file_name": "euc_kr.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "dataclasses.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "errors.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "TODO.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\Clsid", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "image.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "__main__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages", - "status": "success or wait", - "value": "" + "action_type": "file_read", + "file_name": "fileinput.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "timeit.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "asdl.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "errors.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "getopt.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "utf_16.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\Directory\\Clsid", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "encoder.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "statistics.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "lock_tests.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "final_a.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "numbers.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1649d1cf-deaf-4a68-abe8-5c9f68572fd1}\\InProcServer32", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "dataclasses.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "palmos.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "dictobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace", - "status": "success or wait", - "value": "" + "action_type": "file_read", + "file_name": "symtable.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocHandler", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "abc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "enum.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\LocalServer", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "marshal.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "cp860.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "imp.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "badcert.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "tabnanny.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "cmd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\ZoneMap\\Ranges\\", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "_endian.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocServer32", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "cp950.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "__phello__.foo.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "tool.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}", - "status": "buffer overflow", - "value": "" + "action_type": "file_written", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "events.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NULL", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "Package Cache", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}", - "status": "buffer overflow", - "value": "" + "action_type": "file_written", + "file_name": "xdrlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "Grammar.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "pymath.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\ShellEx\\IconHandler", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "pylifecycle.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Application", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "Python.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\ZoneMap\\Ranges\\", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "NEWS2x.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "_weakrefset.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "pyparse.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "base64mime.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "Reader", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InProcServer32", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "_bootsubprocess.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\DocObject", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "classobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InProcServer32", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "compile.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\TreatAs", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "pythonrun.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "ucnhash.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "queue.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "symbol.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "tupleobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "dictobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocHandler", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "queues.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory", - "status": "success or wait", - "value": "" + "action_type": "file_read", + "file_name": "setobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "ssl.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "textview.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "bad_coding2.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Folder", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "numbers.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "copyreg.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "tty.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\feature_localmachine_lockdown", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "trace.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Main", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "run.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "classobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "cp1140.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "contextvars.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\Elevation", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "pystrtod.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\BrowseInPlace", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "Reader", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "runpy.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "osdefs.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "bad_coding2.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "encoder.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\LocalServer32", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "_parseaddr.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "modsupport.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\LocalServer32", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "gdb_sample.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "selectors.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "sndhdr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "smtpd.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\IconHandler", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "pymath.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "selectors.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "imaplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "patcomp.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace", - "status": "success or wait", - "value": "" + "action_type": "file_read", + "file_name": "decimal.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "zipapp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "scanner.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "pydoc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "history.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "runners.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "netrc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "patchlevel.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "__main__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "tooltip.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "code.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\Directory\\DocObject", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "socket.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "warnings.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-100000000000}", - "status": "buffer overflow", - "value": "" + "action_type": "file_written", + "file_name": "koi8_r.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "errcode.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "HISTORY.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "ieee754.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "koi8_u.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "tarfile.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InProcServer32", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "patchlevel.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\internet explorer\\main", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "ZxcvbnData", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "FORMS", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "pystrcmp.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "cgitb.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\Folder\\DocObject", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "pyarena.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\shell\\open", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "audio.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\TreatAs", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "cp1256.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\ShellEx\\IconHandler", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "wintypes.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "image.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "pytime.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "wave.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\DebugInformation", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "keyword.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "unicodeobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00000323-0000-0000-C000-000000000046}", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "errors.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "pystate.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\Application", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "exports.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocHandler", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "rlcompleter.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocHandler32", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "pymacro.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "descrobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{00000339-0000-0000-C000-000000000046}", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "enum.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "text.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes", - "status": "success or wait", - "value": "" + "action_type": "file_read", + "file_name": "cgitb.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "bitset.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\LocalServer32", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "history.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "descrobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\Elevation", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "cp1257.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "traceback.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "configparser.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "NEWS.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "dis_module.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "cmd.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "gbk.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "locks.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "replace.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "pipes.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "shelve.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rl_file.exe", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "getopt.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "code.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\DocObject", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "osmodule.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "subprocess.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "graminit.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocHandler32", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "posixpath.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "pystate.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{75847177-F077-4171-BD2C-A6BB2164FBD0}\\InProcServer32", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "symtable.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", - "status": "success or wait", - "value": "" + "action_type": "file_read", + "file_name": "pyexpat.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\Folder\\ShellEx\\IconHandler", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "pymacconfig.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "longintrepr.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "grammar.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "badkey.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "ast.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "core.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "platform.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "history.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "zipfile.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "README.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\TreatAs", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "sidebar.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "genericpath.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open\\NULL", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "queues.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Security", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "text.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "imaplib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "keycert2.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "ascii.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "netrc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}", - "status": "buffer overflow", - "value": "" + "action_type": "file_created", + "file_name": "trsock.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "pprint.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "hz.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "uu.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocHandler32", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "abc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "cp856.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "imp.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\internet explorer\\main", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "types.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Clsid", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "cgitb.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "tempfile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "gzip.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "imaplib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "this.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "pygram.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "cellobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\rl_file.exe", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "codecs.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "pyconfig.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "_osx_support.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "re.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "pymem.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "locale.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0000032A-0000-0000-C000-000000000046}", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "euc_jp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "listobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\Instance", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "struct.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-100000000000}\\", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "query.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "encoder.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "import.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "pytree.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "io.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00000339-0000-0000-C000-000000000046}", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "utf_16.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NULL", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "pyclbr.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc\\Extensions", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "main.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "asyncore.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "feedparser.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "pymacro.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "chunk.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "streams.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "gdb_sample.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "Files", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\Clsid", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "ann_module2.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\DocObject", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "Grammar.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\Directory\\BrowseInPlace", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "util.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\importlib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "pydoc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocServer32", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "http", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip\\cache", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "sre_constants.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "pymem.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "Grammar.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\Setup", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "pipes.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\InProcServer32", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "antigravity.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-602200000000}", - "status": "buffer overflow", - "value": "" + "action_type": "file_opened", + "file_name": "pprint.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "fractions.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag", - "status": "buffer overflow", - "value": "" + "action_type": "file_opened", + "file_name": "pystrcmp.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\CurVer", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "pyarena.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "pymacconfig.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "dump.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\Clsid", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "fileinput.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "mailcap.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\Elevation", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "ascii.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "quoprimime.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE", - "status": "success or wait", - "value": "" + "action_type": "file_written", + "file_name": "format.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "crypt.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32", - "status": "success or wait", - "value": "" + "action_type": "file_opened", + "file_name": "token.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "core.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "weakref.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "wave.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\LocalServer", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "quoprimime.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\LocalServer", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "quopri.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions", - "status": "object name not found", - "value": "" + "action_type": "file_read", + "file_name": "longobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer", - "status": "buffer overflow", - "value": "" + "action_type": "file_written", + "file_name": "audio.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject", - "status": "object name not found", - "value": "" + "action_type": "file_deleted", + "file_name": "sliceobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}", - "status": "buffer overflow", - "value": "" + "action_type": "file_created", + "file_name": "pystrhex.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "stat.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "pymath.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", - "status": "success or wait", - "value": "" + "action_type": "file_created", + "file_name": "moduleobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\NULL", - "status": "success or wait", - "value": "" + "action_type": "file_deleted", + "file_name": "optparse.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "undo.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\Folder\\BrowseInPlace", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "__main__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" }, { - "action_type": "key_value_queried", - "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat", - "status": "object name not found", - "value": "" + "action_type": "file_created", + "file_name": "cmd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer", - "status": "object name not found", - "value": "" + "action_type": "file_opened", + "file_name": "opcode.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder", - "status": "object name not found", - "value": "" + "action_type": "file_written", + "file_name": "ceval.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" }, { - "action_type": "key_opened", - "key_name": "HKEY_CURRENT_USER_Classes\\exefile", - "status": "object name not found", - "value": "" - } - ] - } - ], - "classification": "MALICIOUS", - "configuration": "MS Office 2007;Java 8;Adobe Reader 2020;Firefox 62;Google Chrome 69;Microsoft Edge 42;Internet Explorer 11", - "dropped_files": [ - { - "classification": "MALICIOUS", - "file_name": "Tox.exe", - "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", - "md5": "3133c2231fcee5d6b0b4c988a5201da1", - "sample_size": 636416, - "sample_type": "PE/Exe", - "sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271", - "sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346" - }, - { - "classification": "UNKNOWN", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0", - "md5": "949ba0554f8e29dc24f5ce71d9f40d3f", - "sample_size": 3448, - "sample_type": "Binary/None", - "sha1": "1c2e7072945f9d41022daac5cdd3e5c33389e071", - "sha256": "65523544b3e2f9f46be3b68953b5102d9ad460197df40a90c8b0786c0a31cae5" - }, - { - "classification": "MALICIOUS", - "file_name": "8cafcc5f[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "db4573f2f3a6e88768f63363c607f1e8", - "sample_size": 125376, - "sample_type": "Binary/None", - "sha1": "fec7efbaf193949fde393c5c67afcc1258a2acd0", - "sha256": "c97ebcb9fbb1622f66accf54f49dca2280a5e5333768e06d4e519c7af7ae5ec1" - }, - { - "classification": "UNKNOWN", - "file_name": "page_embed_script.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", - "md5": "78a8376cbfee1ce15bc796f1735cb7bf", - "sample_size": 288, - "sample_type": "Binary/None", - "sha1": "f08ec4eab6d493a6a6d16463453687398dcc5985", - "sha256": "f7eb7d4ef9e7c55af90438324800982a3a2a9f41f560392422506b27b5cae173" - }, - { - "classification": "UNKNOWN", - "file_name": "a5ea21[1].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU", - "md5": "07c6dbf463f0f2e51ca5f4e45ef48664", - "sample_size": 40, - "sample_type": "Binary/None", - "sha1": "50a848872bd0f812d8c6a5987a6a8866c2177ff0", - "sha256": "5ce56c888038a0426005eb80abe4155bbde043756b7cbbed11503039c2581217" - }, - { - "classification": "UNKNOWN", - "file_name": "icon_128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", - "md5": "eeaff059138cd55441bc34fdfc919ec0", - "sample_size": 3440, - "sample_type": "Binary/None", - "sha1": "e6d48862f83c7213a9cc13ba7ecc4781a7d82eed", - "sha256": "5dcae96033ba95485ad2c885d17fe6102c837397618c3182dbd73abeadc969f2" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveMedTile.contrast-black_scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "76f184bb00db4b20a96e9d563e2ff705", - "sample_size": 1432, - "sample_type": "Binary/None", - "sha1": "ebeea1be590a282f398e1392161c8de981c49dfe", - "sha256": "52ca52b2a99febe5da76237787d5b2b392c6d6de5a85a2200c68e9d7be276021" - }, - { - "classification": "UNKNOWN", - "file_name": "craw_window.css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css", - "md5": "e62cde757b51b2e48c65bc9362839d03", - "sample_size": 1784, - "sample_type": "Binary/None", - "sha1": "ff5c6e346fe9b830f102f7e50074a150a7bf2f0d", - "sha256": "e9c67e89801811bf137e71a712399bd8cfa6ebe8f7597f472e923a2857a3f762" - }, - { - "classification": "MALICIOUS", - "file_name": "1833c4e9.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "md5": "69243748084c8a26e494271ba83bf5a3", - "sample_size": 47424, - "sample_type": "Binary/None", - "sha1": "37684ede0d616ad8687de86213efdd4c6be81f66", - "sha256": "9e1b0b7121277ebc42f31661a477f709b64dd1d591398e6c2785db83ae7bedd6" - }, - { - "classification": "MALICIOUS", - "file_name": "2ab80eb2.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "md5": "bbba22e6526ba13f686aafdb97a25bb6", - "sample_size": 30080, - "sample_type": "Binary/None", - "sha1": "9232a097b1754d9f2823c5cb75557497230e7c6d", - "sha256": "6d22a69fe61549203fc699a797effcea301d269239c666fb378468d6bdcb2cd5" - }, - { - "classification": "MALICIOUS", - "file_name": "OldConvergedLogin_PCore[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU", - "md5": "96727038666752f23f42dcb7b5f076f2", - "sample_size": 440736, - "sample_type": "Binary/None", - "sha1": "b10bc9db352525cc3e6532004b626a11550d1ef9", - "sha256": "b552a244537ad35398cb9b70c240ab777040e55f03d5c7a11914ed33955d65a1" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveSmallTile.scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "96e93a1dfa1661f0a545102014e45bae", - "sample_size": 632, - "sample_type": "Binary/None", - "sha1": "77c3c7e12d723d0923b6e575c74da53db228541a", - "sha256": "39e47018eb2b323a5d6591812645072eb016aa8c94604ca6c578baa40e98d62b" - }, - { - "classification": "UNKNOWN", - "file_name": "active-update.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB", - "md5": "cef18d6fd2b9ea9da4de885ea1f501ea", - "sample_size": 1088, - "sample_type": "Binary/None", - "sha1": "d91fc1d1bfddf1eeed4a8c00e7d16733b5f49ffa", - "sha256": "403f3c0b05d07145b70657d819277672063a3740123463e714492232a874f94a" - }, - { - "classification": "UNKNOWN", - "file_name": "c43bb7d1.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "md5": "22694bf7c107f414a88eef68a7287f04", - "sample_size": 3328, - "sample_type": "Binary/None", - "sha1": "7d019d40e477a9abe75cceee30eab76ee3c0d539", - "sha256": "4c748d62d99d39a92c08b94f53dc2394c6199736326b7ec0ef4d3667cad85fa3" - }, - { - "classification": "UNKNOWN", - "file_name": "a2f17337[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", - "md5": "63265af0a660bb52c6a93ad52cdd5b15", - "sample_size": 368, - "sample_type": "Binary/None", - "sha1": "eff7a570dda957caca3a5bb5a12e04fd13d85262", - "sha256": "3ebb9cfae53cdbf4f1c4b2b69cd94159bae8facc8b0d67b5f78238a6441af3e3" - }, - { - "classification": "UNKNOWN", - "file_name": "DeviceDiagnostic.debugreport.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "md5": "c61ae23f6d2810fe1aee411eac4769c8", - "sample_size": 1304, - "sample_type": "Binary/None", - "sha1": "d570ac147327fc99774190a1f61e22cd212f7f89", - "sha256": "c96e0eac6c7802b43071e217200b2f804db9638949eb6458dc2a7ec0dc5574d2" - }, - { - "classification": "UNKNOWN", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", - "md5": "1a7aef1670a219808431da5e55e187e9", - "sample_size": 5024, - "sample_type": "Binary/None", - "sha1": "dbf8a14e21312e11c2c151c75d8c72ca55bad836", - "sha256": "af145c976b575c5349639b57d64d2fbe1245db1c46f29417aafb4cc1e9e9c96a" - }, - { - "classification": "UNKNOWN", - "file_name": "msapplication.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940", - "md5": "c91f7e0d191fe1b31cd9e068caf34558", - "sample_size": 416, - "sample_type": "Binary/None", - "sha1": "600ebcf7d39a17de1e173d2d696e74043584f6a9", - "sha256": "b061e21a60c2b1f40d3685d5cc44c24caddb5b43fab12606c8131b0181b36df3" - }, - { - "classification": "MALICIOUS", - "file_name": "dd_vcredistMSI7869.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "md5": "262f3902763b06ad02e57cd11166b352", - "sample_size": 424352, - "sample_type": "Binary/None", - "sha1": "d000b3c1925cb78f19a0e4f1cfd7f8ed13917a16", - "sha256": "9c4e62f086214923e23fcca47f67498f68df7c8f61ee541c45034259c4a123b3" - }, - { - "classification": "MALICIOUS", - "file_name": "ConvergedLoginPaginatedStrings.EN[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", - "md5": "239e00d6977d179678075874598f377d", - "sample_size": 23112, - "sample_type": "Binary/None", - "sha1": "56ddee0650eb3250c090b5c1e377e59a19752db5", - "sha256": "89ce04019debb827fed2c4e800300304c3a078046689f2d915dc58aa5a032c6b" - }, - { - "classification": "MALICIOUS", - "file_name": "1bf12095[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT", - "md5": "e91c28dc017f3297d168f49c5ad86749", - "sample_size": 217832, - "sample_type": "Binary/None", - "sha1": "be13adcea83feec2bda41e82c31afb9e5dbdaa78", - "sha256": "71d6d2beecda8079d82e0985a6458dc300138254a0e039972df1e6f482df07aa" - }, - { - "classification": "UNKNOWN", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0", - "md5": "8e2f9ff3a6eb780f163d876a4493c2ee", - "sample_size": 6744, - "sample_type": "Binary/None", - "sha1": "45e7cbdbd57deda347f88b87ae02865b1b709199", - "sha256": "345f5f4d8fdb2c489874eb467df654ddc240ee13f55d1251c08d0b1814dab57b" - }, - { - "classification": "UNKNOWN", - "file_name": "3a8048a4[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", - "md5": "3a68dfa10af07adeca23a58a30312d2f", - "sample_size": 6688, - "sample_type": "Binary/None", - "sha1": "f2bf3cff675dbe2c618f03bf6561b52ba8e1968d", - "sha256": "0374e29d2202e50454746618bb3ca5678b9742d34b97722962c367d508d2375d" - }, - { - "classification": "MALICIOUS", - "file_name": "7d19123f[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "59851c448a4a073ff6fa9cd9d4d606a4", - "sample_size": 95448, - "sample_type": "Binary/None", - "sha1": "4a60246b7c24f52e14e9d98e4c43904fefc67b30", - "sha256": "47b636339d67d315a4d7f647204a630f44bbc4a5466f555b1d7f849d89d25796" - }, - { - "classification": "UNKNOWN", - "file_name": "favicon[1].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", - "md5": "f3b1a72895a05384dd2bc527813651a7", - "sample_size": 40, - "sample_type": "MZ/DOS", - "sha1": "1cf20dc1ec4fbea198822ca79c32082f9b6e9986", - "sha256": "1438ab63e3516dbf7fb87eecda3b4cca0da0a7e18950304581cdb5e938bf2686" - }, - { - "classification": "UNKNOWN", - "file_name": "705bcfd6.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "md5": "ba1a0ed090c1fcf508cf2b3872aa6989", - "sample_size": 6864, - "sample_type": "Binary/None", - "sha1": "230194fa9e048d4720287e6a2535259975dbfd08", - "sha256": "17740617b346d3e67312f2ba01a70a89b60cd8b8bb27ac8cd4d242d75198911d" - }, - { - "classification": "MALICIOUS", - "file_name": "craw_window.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0", - "md5": "981113ec7eb738152c4549dd770c7d06", - "sample_size": 265832, - "sample_type": "Binary/None", - "sha1": "c6223cb14c21eb7eaccbeca19e03b5007dbbe9f5", - "sha256": "e653477fdeec302de7254f9715a87105a4950d8ab62bec073db68bc91e7b9383" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveSmallTile.contrast-white_scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "96a3d0ea1b838c7eae3a4795e2d3bb18", - "sample_size": 576, - "sample_type": "MZ/DOS", - "sha1": "ad1e61af95bad249c657df359d32c21b01100b7b", - "sha256": "5277db5d7835bb725801563ebbd675fbcc1d70729dd103437fde388dee8d8aa4" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveSmallTile.scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "15ab653bc7720bb7ed0f19c8a26534c3", - "sample_size": 840, - "sample_type": "Binary/None", - "sha1": "c24d1ff9feb5398b0c1c9f793cd42bfdfc38e598", - "sha256": "14a6a1f10d9121e38507238e82f94c266c29789afddf71f0413d2979f52fb1b6" - }, - { - "classification": "UNKNOWN", - "file_name": "favicon[3].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", - "md5": "0ee824fd13122ebd201d2ee9c3dbcfeb", - "sample_size": 40, - "sample_type": "Binary/None", - "sha1": "97ad6030b4773a8b7bfdcabaa71f6b73497df199", - "sha256": "626b1d6edfe07a7691432ed27aa144d27f9e4bef242ae75ed52239d0974cd390" - }, - { - "classification": "UNKNOWN", - "file_name": "FlightingLogging.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting", - "md5": "41b3fa8d1ec44a5ef24c0ae580e475c5", - "sample_size": 592, - "sample_type": "Binary/None", - "sha1": "d5d22bb03085fe85f393782feec0450dcd2e764d", - "sha256": "16113f571340e94639ef90cf4aeb47321102345fdee45fd585826a7a9c4c7f40" - }, - { - "classification": "MALICIOUS", - "file_name": "Converged_v21033[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", - "md5": "9780019e8eeece8eeef305a830d1ce27", - "sample_size": 95952, - "sample_type": "Binary/None", - "sha1": "f01a8d40a5bceed9f57bea23718256087a40186f", - "sha256": "fc46a655c45c7d81f52e3bc1a183bef99b188b90720629500fd3b6d3a7272fbc" - }, - { - "classification": "UNKNOWN", - "file_name": "craw_window.css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css", - "md5": "55792199a2d034671f1c53d07259d903", - "sample_size": 1784, - "sample_type": "Binary/None", - "sha1": "bdd88f2ccc46c7cf28103bc890b5606f8ac3d213", - "sha256": "39d4f9c8dbe9e6937be3d89f4cef63812267e4637c11674f9080d7fba01d5600" - }, - { - "classification": "MALICIOUS", - "file_name": "9db0f1a3[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "0238ef826a07fba232a1c2d2a85c925a", - "sample_size": 602776, - "sample_type": "Binary/None", - "sha1": "6483ff3e2772cdf76f2cd42ca6fbeceefef2cd11", - "sha256": "7d4e80b40e9d60cbf5eef552c67de1bfa7c92c9a79a3f90f363662fb6be4cb64" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveSmallTile.contrast-black_scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "34f9effcf15b5d9024eac98c1949fc16", - "sample_size": 568, - "sample_type": "Binary/None", - "sha1": "7b02c7f4556225f372287618e3ff106c823b7a2e", - "sha256": "c5a5bb7fef76d5d08e3268e0b4878c2505ed0199b605534861a6515bf78a0f10" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveMedTile.contrast-white_scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "d75944f683f11b95b7bf4af112e27cb5", - "sample_size": 3576, - "sample_type": "Binary/None", - "sha1": "6dffe111ed011b6113032c777ffdf0c03716211f", - "sha256": "5bf86a0650586d243f02bd8e311b66b28c957a20f62cab327e30a7d7d4c26bec" - }, - { - "classification": "UNKNOWN", - "file_name": "icon_128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images", - "md5": "c1219038364d783af4d36168b44564d4", - "sample_size": 4400, - "sample_type": "Binary/None", - "sha1": "80ec255a6f61d2e3537b7fbb14e17a7933f4a86d", - "sha256": "574484a87104a7e4cac31593eed5ede17b15ff6ab50577ee1ca4142a095d1f31" - }, - { - "classification": "UNKNOWN", - "file_name": "aeb763fb.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "md5": "6eb6947ee33408d5304d723261fd84b5", - "sample_size": 11008, - "sample_type": "Binary/None", - "sha1": "b2b441f97062dffd2de4bebe6b916676e9dc887f", - "sha256": "b87ebaa2bd92d2eaf88fae26fc7afb602bf0d941b929c756e4bb8010ab376b55" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveMedTile.scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "5fcdbc5ff3d4a169869a0e05fbfff1db", - "sample_size": 3264, - "sample_type": "Binary/None", - "sha1": "72aef388bda0e55752c0bd12173c9ed7e53153e8", - "sha256": "870332619c3d0843cf701643f627c77c2da756b70eaee2aab791ce221c15eb16" - }, - { - "classification": "UNKNOWN", - "file_name": "icon_16.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", - "md5": "935bf747c27c9076f53c9122bd89c396", - "sample_size": 200, - "sample_type": "Binary/None", - "sha1": "1ec0fc4890af3a14b5a82085e765f2065565a683", - "sha256": "247f6d66c9010bd9d40a35914fcf8280e4f5f8d2b022e42bd2bb80a19a32b447" - }, - { - "classification": "MALICIOUS", - "file_name": "0c3a2f0b[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "e7aee7adafeb069be0f0eca63557d06b", - "sample_size": 17488, - "sample_type": "Binary/None", - "sha1": "5ac62172528b725e4f125e1ce9f6e5bb6cc14637", - "sha256": "0a66b70be34e9c9a91b6687586fbec04fba6502ba63b63eebfbf991713de15bc" - }, - { - "classification": "UNKNOWN", - "file_name": "favicon[2].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "md5": "9fd12d1f546213fa9fb56d811fc6733b", - "sample_size": 40, - "sample_type": "Binary/None", - "sha1": "c8527ee841ae3ac9c87ab9ceb41595e85fc387c7", - "sha256": "d3de682693639cb4973d2c051f56f8e166eebf88650bd608046e400f2adce744" - }, - { - "classification": "MALICIOUS", - "file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "md5": "f1b84725c606be70377ccdaafd8f9987", - "sample_size": 282672, - "sample_type": "MZ/DOS", - "sha1": "0d6a91a9336839e641e426cac352a163af2699d1", - "sha256": "1496a0d2ad712cc91ffe7a7676f77cbf1d7e563690b622b21e547050b24e8099" - }, - { - "classification": "MALICIOUS", - "file_name": "craw_background.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", - "md5": "572611e65e675c06df25b8b9e9bc9972", - "sample_size": 544680, - "sample_type": "Binary/None", - "sha1": "8f41732d61c789d38efbf3625fe521e5a0698578", - "sha256": "bfaafb3d3a52260fdf08722d1200a664f317b6416ac9f3e27fc7e036b49eaa0d" - }, - { - "classification": "MALICIOUS", - "file_name": "27a24753[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "ec9976585cd7a7004ab0c694c555645b", - "sample_size": 51128, - "sample_type": "MZ/DOS", - "sha1": "d573108be58563176f95737e773b43ffacfd608d", - "sha256": "85d9a94ab35fb1781a0e3ab7d7fa555dccf0cbcec83c2ba63cd38dbced51dafc" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveMedTile.contrast-black_scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "247d8435213797e046e04542a847086e", - "sample_size": 3264, - "sample_type": "Binary/None", - "sha1": "c469b0ac04db1e34bf8ee389ef116a32b35b424a", - "sha256": "b1b95a75abe1c41ec890e5e49e6bbb56eb3eec7f3515b1a623bff5a8cc7fc85c" - }, - { - "classification": "MALICIOUS", - "file_name": "43db4db3[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "389f3114d26e841ff94c382d1ebd90d6", - "sample_size": 50056, - "sample_type": "Binary/None", - "sha1": "51c35183d8b8df135aaf0e7644ca295aec397e22", - "sha256": "2e943d6c7ca2822981c24f7fba74f9163ab946f78286643c41935d81ac69e88e" - }, - { - "classification": "UNKNOWN", - "file_name": "icon_16.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", - "md5": "451196cd8196be321b42de5235a3ba4a", - "sample_size": 184, - "sample_type": "Binary/None", - "sha1": "0f1bf87249c279f1c0ebbbaf530c4418cb04e034", - "sha256": "d19297c9dc4ef556dc0154f45449bf2df31bf328728361992f92e6aba1119900" - }, - { - "classification": "UNKNOWN", - "file_name": "8fce0f3.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "md5": "4e84a4dfbd89b3c7d95c7db50eaecf94", - "sample_size": 4304, - "sample_type": "Binary/None", - "sha1": "5009e1f3e850f11c6ed67ad5eef2b28ca2991035", - "sha256": "d353b9c16661e02a4ebcbff2b2ce0d2cad7a61b886c7120a3abba23315045c70" - }, - { - "classification": "MALICIOUS", - "file_name": "dd_vcredistUI7855.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "md5": "afd55a4bb073b78b938caec26331328c", - "sample_size": 48776, - "sample_type": "Binary/None", - "sha1": "ce13f4a96e4ff0c8adf200d3daecbf89423f890c", - "sha256": "53eab4144250f1b4a5bdcdad2fa24a50ffcba91f7771fa5864103175cfb39357" - }, - { - "classification": "UNKNOWN", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0", - "md5": "93d73ad36b24abc404ee16e856c98e0c", - "sample_size": 2048, - "sample_type": "Binary/None", - "sha1": "381ec2722edb4a96517b34fa027231c545b76600", - "sha256": "95856cc9e8f9e76dcf619432261836ee55070c3c85de2d91270e99da1466c06e" - }, - { - "classification": "UNKNOWN", - "file_name": "dd_vcredistUI19D2.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "md5": "a8c35e68f70762fa6b68d862872fcbc9", - "sample_size": 16488, - "sample_type": "Binary/None", - "sha1": "d773ea536cbc14a839b897d0fd1ea2b6a05df2da", - "sha256": "7dfdda2fdb85b1d9c9ab41fe90ec288a322d4ab315e4bd6c1f9c0cd5eb54c769" - }, - { - "classification": "UNKNOWN", - "file_name": "main.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0", - "md5": "8ad83bdb282a752774ce2c649f58c6b6", - "sample_size": 136, - "sample_type": "Binary/None", - "sha1": "29246027450a8321d6b58bf6dcf806908a6a248b", - "sha256": "b85080fb4d9e5b8e80ad84beb70575c86e561dffb7e3a1f5b8dd75aeffa5140c" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveMedTile.contrast-white_scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "4c9cf795c25f7d3ef2a0e16f14df0c4b", - "sample_size": 1536, - "sample_type": "Binary/None", - "sha1": "3b36a6166bb0229a2d724197f666709cfb388c3b", - "sha256": "9654f6e16e208fd22ee8cc7d3a79e95d00aa1d5715b424f1ddaf4e1101ea1d1d" - }, - { - "classification": "MALICIOUS", - "file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", - "md5": "cd3bf48fe89eaab163521494811e8e3a", - "sample_size": 2152, - "sample_type": "Binary/None", - "sha1": "052dfddb6942c075ab580d9a4b4400fee705ec26", - "sha256": "32b00e3d2df12c68de72f21b0f12e1396123b185fa7650ac4ba3686377e4ec8f" - }, - { - "classification": "MALICIOUS", - "file_name": "eventpage_bin_prod.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", - "md5": "5f05faaa8ca8b9f63d66686fa8f6a2d2", - "sample_size": 67840, - "sample_type": "Binary/None", - "sha1": "24cda9620a69dd3f2c8ddc8eda8cb6c25ba35527", - "sha256": "a22ab5067e71e8515ef53f213c18c8ea6fffdc40907f6ebaf3173f7eae62f0f0" - }, - { - "classification": "UNKNOWN", - "file_name": "5fc0968a.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "md5": "5e518df1358f3c40a7b57580eb7257dd", - "sample_size": 4992, - "sample_type": "Binary/None", - "sha1": "ae37f94443a1e6712b253a2d703c988bb483fd0d", - "sha256": "9fb39f5b62b17fcde2062ba2376ef2da2ba374cdd45e2c00462255aec60d61af" - }, - { - "classification": "MALICIOUS", - "file_name": "96c26e78[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "37114fef115cb2ed08cd0f9b345f1e32", - "sample_size": 43168, - "sample_type": "Binary/None", - "sha1": "bb819a6224ca85de5812f6ff927b7f130bc68d57", - "sha256": "a6a5d21058a3c3d597b79b9a73766613392fc89a7d4cf1b3bc00d0a20f9aa970" - }, - { - "classification": "MALICIOUS", - "file_name": "f60c0b47[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "5a9c32cd6aa4a8059fe10b7eb2db952a", - "sample_size": 145336, - "sample_type": "Binary/None", - "sha1": "0d4b62a96c330b95c9f500aaec284fb16b058755", - "sha256": "532f10c33703d669cbbf121fa3df1ac171598462d5b2355587dc4fa4bb387b55" - }, - { - "classification": "MALICIOUS", - "file_name": "dd_vcredistMSI19D2.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "md5": "046f80b68972d227bc9761cbb3b328af", - "sample_size": 594368, - "sample_type": "Binary/None", - "sha1": "5b4bb44e4fa62b70fb0a9ce1c7b3506c8a003dbf", - "sha256": "f2179daae61a0156c9b8660219fb79e937bacbb7f5b1804a439b9b0c3a63c24a" - }, - { - "classification": "MALICIOUS", - "file_name": "dd_vcredistMSI7855.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "md5": "b79bfca58696d6c4e617f9f24188379e", - "sample_size": 437288, - "sample_type": "Binary/None", - "sha1": "845e71c1a5062801cc5251bdd4495c4cb2d41a87", - "sha256": "b997a76aa655b6522ff1552903852ba0f2a841bc437a1ac435040942692ad335" - }, - { - "classification": "UNKNOWN", - "file_name": "results.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "md5": "2be26715fff522c284757591383563f5", - "sample_size": 408, - "sample_type": "Binary/None", - "sha1": "a5782d3406871597a93ca5db6e553f494a6ceb9f", - "sha256": "40f23832591bccdf371281ca477d0c8565f6936a3dba60f5a1480843cf0ae46c" - }, - { - "classification": "UNKNOWN", - "file_name": "versionlist.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager", - "md5": "d092fa8ca010bb11e39acbd03e662757", - "sample_size": 15888, - "sample_type": "Binary/None", - "sha1": "063790bb844fea1d7df7fe3371dd48368a659201", - "sha256": "2944acc8a14a38b3b296b8c8b60aacf345791cd45ae53b113680cc14e0d0109c" - }, - { - "classification": "MALICIOUS", - "file_name": "431acc73d0187c752f5885ebf2df90c0.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", - "md5": "1e6bdf606f79b90d31db13b27ccb90a4", - "sample_size": 23280, - "sample_type": "Binary/None", - "sha1": "28a7c5940a6a9e4847bbc1e15044aad6939c3ca8", - "sha256": "cfc933e6a9a22b13be626c1b89817ae3902010056297fc98b426f620d6186d8d" - }, - { - "classification": "UNKNOWN", - "file_name": "dd_vcredistUI1AE4.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "md5": "0fdf5855b9f6b532d2fbcf7d484661fb", - "sample_size": 17704, - "sample_type": "Binary/None", - "sha1": "9038a5bcd8cbb6e55608d8a3778aaf6c6b19bf53", - "sha256": "8c1a4f3fe574ad92a8403dd2377e5ad14f7e92e5b02193515a55186ad44d8d1d" - }, - { - "classification": "UNKNOWN", - "file_name": "4254396c.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "md5": "16369b79366cb7d430fcc726c3453e68", - "sample_size": 7168, - "sample_type": "Binary/None", - "sha1": "d6f775178d4b9bbec785239b736812507aa5756c", - "sha256": "11cdcbad487130180708f1d7eec185abf32c7cf11c6f7682fb8303867ab04ad5" - }, - { - "classification": "MALICIOUS", - "file_name": "craw_background.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0", - "md5": "59615a45baf4b6f17eb8becbb83180b7", - "sample_size": 1125672, - "sample_type": "Binary/None", - "sha1": "ea5320776b1d876fe06fbd613444b265269e9100", - "sha256": "34e01a6383ba30d207db4acd8460cc639c92d8d706db34bfc51d41a268d9366d" - }, - { - "classification": "UNKNOWN", - "file_name": "icon_16.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images", - "md5": "7df0aefb5e3a9891d4d0324bb55160bf", - "sample_size": 600, - "sample_type": "Binary/None", - "sha1": "f192a94ad0f034a845cc70d0a0f9e9e6247d8cbb", - "sha256": "759ec4130d4e540008e6251e045f74045a9740f165550ea030f8dcb91f7c583d" - }, - { - "classification": "UNKNOWN", - "file_name": "iecompatdata.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData", - "md5": "e4f592dcc034071595e3f158a5eebb26", - "sample_size": 3088, - "sample_type": "Binary/None", - "sha1": "4a633bbbbcee2cfa86529b1579216edf84e4b90b", - "sha256": "849e396249ee666d9c6494c3a6d30eecb1bb5f6ffec21e9f247b7ced6d8ed8c6" - }, - { - "classification": "MALICIOUS", - "file_name": "359d2aee[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "31110da299b757c6ec7830fa2c9b0bbb", - "sample_size": 45552, - "sample_type": "Binary/None", - "sha1": "e8044ce1811f2bd09ae762f7d430b07e6763bccb", - "sha256": "92d8aee5cb4ed2c4d656555b950f99da3e0dad58f8ec9b59ec8c8e45c3bb3268" - }, - { - "classification": "UNKNOWN", - "file_name": "windows-systemtoast-securityandmaintenance_249_0.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache", - "md5": "f2acf779e0e88b1af4e4e0e260352215", - "sample_size": 6912, - "sample_type": "Binary/None", - "sha1": "6325305921a90fbbd03a4c5ec36dd2690b71c066", - "sha256": "a6a87c90f3c3d71fc92ae42aa8e0a698e5844e8dc8a7664f71c725de6149f75e" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveSmallTile.contrast-white_scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "37fc5a635536e0154fd470188398495d", - "sample_size": 1816, - "sample_type": "Binary/None", - "sha1": "4e9032f05c6aa1f644505d52221fb03b5e170cbc", - "sha256": "bd0a110924f0dfafeddf9928cb597341c705de9d16241a009df812794c470cb9" - }, - { - "classification": "MALICIOUS", - "file_name": "294af3d2.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "md5": "b302731aed58e4c0010e8eeaa9bb0526", - "sample_size": 28424, - "sample_type": "Binary/None", - "sha1": "91a96684fb2e6a595a65ff0c3dacd98e29b745fe", - "sha256": "dcc24bf4ca2d5b5b9b3759231d40acc398ae21b9e57a962d34adf27eac13273e" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveSmallTile.scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "0b7dd69e946bf68b5973a2bae2bbb1ba", - "sample_size": 456, - "sample_type": "Binary/None", - "sha1": "54eb411141ee6e92d3b58356a0529d78b1037871", - "sha256": "2fce72876814d37c34f79ffac69af154a341805c6a9b2bcb7e27762fe17a17bd" - }, - { - "classification": "MALICIOUS", - "file_name": "OldConvergedLogin_PCore[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU", - "md5": "f1c950df414b39a4234487ec4a049117", - "sample_size": 495688, - "sample_type": "Binary/None", - "sha1": "15e55a75ede32d5bcde9134ca91fe328d252afec", - "sha256": "3aceb6bd2c8923d9de905245b911809fbcffffec1057001d999d651f50150de1" - }, - { - "classification": "UNKNOWN", - "file_name": "69958a21[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", - "md5": "4e7f63d8ea0e2874dc8ad0a92200bea6", - "sample_size": 19744, - "sample_type": "Binary/None", - "sha1": "c0c04507730528eb3f24f854cba1158190907515", - "sha256": "e1f9dd09dbb932d1fdf48b7127f0d41617478884b4b2c1535fd56d11b2564d94" - }, - { - "classification": "MALICIOUS", - "file_name": "DefaultLayouts.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell", - "md5": "4fdcf5ab2ab77b52ef1d78429f0b9680", - "sample_size": 117984, - "sample_type": "Binary/None", - "sha1": "21e58b701c576c50dc23b1ac32cc397b17a071e3", - "sha256": "74740695bfe7f01229b9cf0974c8befc0d57d4fb7b48c0dcadd895a95c4b670e" - }, - { - "classification": "UNKNOWN", - "file_name": "b8aa184e[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", - "md5": "4812e4a1a8fb84956fd58127ed8656eb", - "sample_size": 8088, - "sample_type": "Binary/None", - "sha1": "b248228ff726952e4ed1dcb878a6b9ff9db2df87", - "sha256": "81a33ec80de85d61b11fe8bfdc6bfe8d0a8a4ac5e2397b77aca89f23b02be63c" - }, - { - "classification": "UNKNOWN", - "file_name": "AudioDiagnostic.debugreport.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "md5": "a3118a7583c761552f8a572c9beb4020", - "sample_size": 1928, - "sample_type": "Binary/None", - "sha1": "e6bc3034f7ccc9d7945aa54cc2db8a8921b5b5fc", - "sha256": "8ae64eff7b15b210bf84e00dca58ae97d7ee89b989112d944fcfff9aa09a0c1d" - }, - { - "classification": "MALICIOUS", - "file_name": "2743db28[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", - "md5": "677adc6c52f023021e74ca4668fa07dd", - "sample_size": 60608, - "sample_type": "Binary/None", - "sha1": "4f9fb27b3c52b87e94365f5080d951890784fa0d", - "sha256": "594047be386159fb08e3f5e14694b1fc43aaffddb87da7009f7bf459bf0a6327" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveSmallTile.contrast-white_scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "77bd7d79a8085eb77940a02509ee42c2", - "sample_size": 640, - "sample_type": "Binary/None", - "sha1": "621608c0b7837ef66088cf257dabe63b5c7eb1dc", - "sha256": "a810391f3eda00f4c046dbc7935583c81058488a83b8b7f7d0a0141f2ef5dded" - }, - { - "classification": "MALICIOUS", - "file_name": "69958a21[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", - "md5": "d650c03d787d50179ce996c40fbe51b6", - "sample_size": 19744, - "sample_type": "Binary/None", - "sha1": "3eaf0b29378ec1a3955524a179c5716189a5b684", - "sha256": "530b9bad325f95bd9fef6bbdd84f1d57ac7c3630c1d99c4a32cc7ca1c3f51d75" - }, - { - "classification": "MALICIOUS", - "file_name": "dbef2181[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "4def1df093b64417f134feb8ed537632", - "sample_size": 202280, - "sample_type": "MZ/DOS", - "sha1": "22578a8f9dcbe963f9e917be803600157e63316d", - "sha256": "48d80ed7eab7ce55cc26b6656e85d2bf42df26c57436c37d451dfbb58edd91f5" - }, - { - "classification": "UNKNOWN", - "file_name": "settings-tipset[2].xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", - "md5": "5c7b93e262e1148a1610a460248282ac", - "sample_size": 13088, - "sample_type": "Binary/None", - "sha1": "6aa768dd4287cdc2acd709c84ac2358670867531", - "sha256": "ae7474ec4d1d223883075d9ba1ae5b61410a636607a20ac1a67e8a4835a68594" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveSmallTile.scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "9c3769d42552d74cd9563e4397df953f", - "sample_size": 568, - "sample_type": "Binary/None", - "sha1": "79144194348d946c474a2a41bf0443d2271bd1b0", - "sha256": "c04607bf7a99b076554c90dbbd31211d917f917b07aa502602dc11dc304be426" - }, - { - "classification": "UNKNOWN", - "file_name": "windows-systemtoast-securityandmaintenance_244_0.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache", - "md5": "042f3f7051400be6225403c38d5ca761", - "sample_size": 6912, - "sample_type": "Binary/None", - "sha1": "9eace6a447c9ccb26e04b6d891fe38b6ab65baa2", - "sha256": "44c145e6e295db5de7e8f32075efdf855cb6efb0eca6d846647ce81abea62dd0" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveSmallTile.scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "a10124346cd37ab580fff5885cef7f64", - "sample_size": 1760, - "sample_type": "Binary/None", - "sha1": "19ccb040e728e8088d2a9f151efe2debc4266fc8", - "sha256": "c7e9e31f02efe55cc86a1ee337451fbac66ea9523083cecad9f86159fcaf4ae8" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveMedTile.scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "498426e565663659c128d8c54e567ad0", - "sample_size": 1032, - "sample_type": "Binary/None", - "sha1": "a0d8945bc01b472c2a30f99d6895b99c6b53bd56", - "sha256": "e7c1806d95847e9a7a6431919174a6d0e459b8254897eaece0f4ed806ceca2d7" - }, - { - "classification": "MALICIOUS", - "file_name": "craw_window.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", - "md5": "7ea1fe84f8e7e1031eb4c5a0226ec129", - "sample_size": 261360, - "sample_type": "MZ/DOS", - "sha1": "15ee2e40ece2a798b1546d7ab1d8d663d7433cde", - "sha256": "ae808cfd2b4b72211081d61c51f7357ae48100c736245b4c6997f415c679576c" - }, - { - "classification": "UNKNOWN", - "file_name": "au-descriptor-1.8.0_301-b09.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "md5": "7ef45d1855f09d9384592a98d9497d36", - "sample_size": 6872, - "sample_type": "Binary/None", - "sha1": "9cf7f8283d53fea7d6194bd7d419cc45cfe882ef", - "sha256": "7691ddc4b20872cc4fe578a3d2bd2bde762e25d28e31a113f8fdab300f7865ad" - }, - { - "classification": "UNKNOWN", - "file_name": "favicon[2].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF", - "md5": "929e48893dc76ab164266341a0869742", - "sample_size": 40, - "sample_type": "Binary/None", - "sha1": "e4a741ad48ac4f02af884afcebd3337775adc003", - "sha256": "fc4628e372e5a9fcbcc6cde7ea5a93490defaacbed27b920fb3cfc1d3f15b413" - }, - { - "classification": "UNKNOWN", - "file_name": "510dd5a4.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "md5": "f4c019ff11de2e2ecb6d2d7b61791295", - "sample_size": 4824, - "sample_type": "Binary/None", - "sha1": "e05386026212cb23df3048c5ca0f84b215f15eeb", - "sha256": "2b8d29e1b059318cae19e4673dc96740766aed3e527054d8f745c5a8a7b1345b" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveMedTile.contrast-black_scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "ba40cf8c5ea609d6922bdb1a2acaf162", - "sample_size": 888, - "sample_type": "Binary/None", - "sha1": "a8927145e363b241c40ea6a56923edf4d5afc0be", - "sha256": "7680aa3c3d5fc4844a42360608c1bfc1c3f308ce2b05056df863ab1d43ce4d34" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveSmallTile.contrast-black_scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "fc1bc750e18d84dc0a7768e8c5e460f8", - "sample_size": 456, - "sample_type": "Binary/None", - "sha1": "c142ee490d65e9e5cbb3528011ebdeda4ddb6a99", - "sha256": "39f3d2243aa846422aba64d09d2cd892cd71640a683b416275138db9d249506f" - }, - { - "classification": "MALICIOUS", - "file_name": "a9486108724e44ae4e34492b400fcd5c.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", - "md5": "252bb7de542545dfb4cce9c798f26708", - "sample_size": 216, - "sample_type": "Binary/None", - "sha1": "18a852ac71eb44fae7f0cbc5df0c921f83c88eb7", - "sha256": "5143c004a913bc2ee5a5a47c7a9c2602c1591e61d6d2ad79149c1b96418d96c6" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveMedTile.contrast-white_scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "fdbe2f8e6bb0bc6f13e9ba7de127b938", - "sample_size": 840, - "sample_type": "Binary/None", - "sha1": "7f640b86ecb8b90ad8ccba86279709b10fadbd02", - "sha256": "fa1a99b5adadf817366970a495796083f891c8c75b68a91d2ade31471420473c" - }, - { - "classification": "UNKNOWN", - "file_name": "11ee0799[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "11d24636f4f8690e8a4b21b8dc8b9263", - "sample_size": 6736, - "sample_type": "Binary/None", - "sha1": "2165c2bce110c048cd023d3ee5dbf7f2e2472015", - "sha256": "977165d2068a5e16ce2786a0df02926c2066afa78d82d020757c029a9942e408" - }, - { - "classification": "MALICIOUS", - "file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", - "md5": "31aac22eff6e46771d211a5d49223d86", - "sample_size": 480, - "sample_type": "Binary/None", - "sha1": "b0c50ab7d36cd113fd6778e31a6caf66a341914f", - "sha256": "a44c985a385a38870430bb3a1acefa4c88fc0a0e347af70d2c44c0ebf793a9b7" - }, - { - "classification": "UNKNOWN", - "file_name": "045d3532[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "80b95150365d9945113ae84132ca4656", - "sample_size": 6624, - "sample_type": "Binary/None", - "sha1": "cbbe8513449c0e6c99c83b5c48f7aa094cd4533b", - "sha256": "234180167dd909b27f14590c5b886395fbd94043123968350d2ecd18965e7e56" - }, - { - "classification": "UNKNOWN", - "file_name": "ResultReport.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000", - "md5": "8ca04f866369ff8e654adba9a883bfaa", - "sample_size": 13240, - "sample_type": "Binary/None", - "sha1": "8ea767bdcbde3f642507d5b095b738f2000ec6f2", - "sha256": "320411c627b6769592dd16c3c5f50743a3e1d83de7b6d749678200ff8431f206" - }, - { - "classification": "MALICIOUS", - "file_name": "8636b4dd[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "93146a2a52df6698a2a2affb6a68cce1", - "sample_size": 94864, - "sample_type": "Binary/None", - "sha1": "25a945fc24b40bdeecfb7b3637c604b755bf46f2", - "sha256": "c27953331b91537c59b3ac27df83b7725fe7cf0a80d427a34b9aec4e977bc840" - }, - { - "classification": "MALICIOUS", - "file_name": "2743db28[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "06502812d1f19fbd8e89cb26df9cd202", - "sample_size": 60608, - "sample_type": "Binary/None", - "sha1": "60eb7b5e82a6ea51e7a093f6d688c70a1222bce1", - "sha256": "8d2e250d12981c3fdcec9588b811bbdd5975b75a9129f97eb7c0ba951c38929a" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveSmallTile.contrast-white_scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "e8706bfdcb263e00a8e0e39a5c30138a", - "sample_size": 856, - "sample_type": "Binary/None", - "sha1": "e91983447c0b061c85155918a8bbbbc4b8987ee0", - "sha256": "acb3935d288b844ee7c369c33cdca40aa1f4fcdc5ea6e3515bb3bb7806d1b8b6" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveSmallTile.contrast-black_scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "57dd04e6549c40d01e720bdabc1043f0", - "sample_size": 840, - "sample_type": "Binary/None", - "sha1": "3772e998860eaddd2d7deef800fabeb9e7c2fd05", - "sha256": "ddb99874f5f70307fcc29de98d91d7fd5007ae0ed236175ecf80a052c00dcc6a" - }, - { - "classification": "MALICIOUS", - "file_name": "10379681[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "e07cf30bc6dcf8b3ca40b118ca1dfb13", - "sample_size": 186360, - "sample_type": "Binary/None", - "sha1": "452f6fd4b74073d44a21137f4bb8bef9647af4eb", - "sha256": "cda8f3e1341c03ed4b722b07352f338d5f1413a28880377e3f20d6d44e0a338f" - }, - { - "classification": "UNKNOWN", - "file_name": "page_embed_script.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", - "md5": "a7436bf8f31a3eee05f1e31a7f91de97", - "sample_size": 272, - "sample_type": "Binary/None", - "sha1": "ed603dd763a7a54781635ac09c3442c64720df6d", - "sha256": "33f4d0b61f9e3e9db9a9b66af44bd6294bc9fcd09d2ba1cbaa38d0f9b2768f4d" - }, - { - "classification": "UNKNOWN", - "file_name": "update100[1].xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "md5": "055979ca19e35a07ff5368ed745a4b34", - "sample_size": 440, - "sample_type": "Binary/None", - "sha1": "90dcbf789fce28217831968fd6e660d33aa0a3b8", - "sha256": "bf0c22c59b3cde7b98b981a156d409ecde6a1ee16f2fb1b5c6072816155198b5" - }, - { - "classification": "UNKNOWN", - "file_name": "b11b460a.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "md5": "4edb7f04e98a708a840903a468578e72", - "sample_size": 6696, - "sample_type": "Binary/None", - "sha1": "616ef5737391057802f647d711be1032e50dda86", - "sha256": "962078dc3a9344f67d20094030d41097e6fa6769fc16308c5a3d21e07fafb612" - }, - { - "classification": "UNKNOWN", - "file_name": "icon_128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", - "md5": "3a65714dbdc3bf377717b92670488c04", - "sample_size": 4400, - "sample_type": "Binary/None", - "sha1": "557bcd5e61b743fe6364c37d0ec1e984baaa0005", - "sha256": "62da8741a0412f792d166c932818d8819c567c8655ac4cd6a4ee1bf757862719" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveMedTile.contrast-black_scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "7465b00a991482c48ab94a7d9b1a7f12", - "sample_size": 1032, - "sample_type": "Binary/None", - "sha1": "866d84683251060f63132a8b6f17c1b8963342b6", - "sha256": "d79e4ee7b51d36f426da2812764def96374d2a100e9e854001e4a5cb6e0621f9" - }, - { - "classification": "MALICIOUS", - "file_name": "dd_vcredistUI7869.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "md5": "1b8e0116f32bfdb2677d3a4a706c42e1", - "sample_size": 48760, - "sample_type": "Binary/None", - "sha1": "1c12f99eb64bbaa35a7a7077d1e6f3416af1a6c7", - "sha256": "e4eea66b1a39ae947bcdbdf2ee70511f0c4c928939f6bea368b8b5bae6fb4857" - }, - { - "classification": "UNKNOWN", - "file_name": "main.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", - "md5": "a17307f63fa8051f2410c364483a005c", - "sample_size": 136, - "sample_type": "Binary/None", - "sha1": "3ae5d8d7ebbd15d106e922cc24e24ceffb633bdc", - "sha256": "633d899390a88d215a707f9ac8d2f420bbbee9b42509085a67d2df2ca639521b" - }, - { - "classification": "UNKNOWN", - "file_name": "favicon[1].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "md5": "151b9771e5c54de479ef601172d1cb8a", - "sample_size": 40, - "sample_type": "Binary/None", - "sha1": "f5ef9b6332f22e06cc92a66a3fe0556d852ecde3", - "sha256": "95ea22b51823ba7a0782b2d1621e52bc61ec59cd77c8520e7048f90021805fec" - }, - { - "classification": "UNKNOWN", - "file_name": "ConvergedLoginPaginatedStrings.EN[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", - "md5": "47ee05edcd2985f2f9b37b46995e91f8", - "sample_size": 16832, - "sample_type": "Binary/None", - "sha1": "9c950970bbe53af6a2e4105509bf63f929004967", - "sha256": "54f1d70272f65be6f30475d09d0296118ac7535304b64be0fb8e56a8379d2262" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveMedTile.scale-200.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "a4cdfded9999609b13f567b9abdca09e", - "sample_size": 1432, - "sample_type": "Binary/None", - "sha1": "d39f80120e4b89d1ec8473b5c7c3691621f4c052", - "sha256": "5f88cd5e9a2da00c86dac5fe1e521f4d414b57141d512eaf158210d2b35a52d7" - }, - { - "classification": "MALICIOUS", - "file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "md5": "12bc084aa65cea691856687bd24be209", - "sample_size": 267704, - "sample_type": "Binary/None", - "sha1": "82fdd277a9c934b54fb7ecd15d0690de230f1f21", - "sha256": "671e294fee1958b2e4a3488b7b23b48444b1a412d5b658612c107cd5d45ce44a" - }, - { - "classification": "UNKNOWN", - "file_name": "brndlog.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer", - "md5": "2dce03d6f12b9aa2ceced062fe2a4f4c", - "sample_size": 6616, - "sample_type": "Binary/None", - "sha1": "7e4878709b7399709794b5c1599be4b0b6b2aa58", - "sha256": "4ee13fc40d486d58ba4c1a822d7ca7ab7d9c8e71acce2545df3bba027f9d1e77" - }, - { - "classification": "MALICIOUS", - "file_name": "dd_vcredistMSI1AE4.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", - "md5": "420cdaa2ff2acab7627fdc0301f16539", - "sample_size": 575880, - "sample_type": "Binary/None", - "sha1": "5ab1fe1328bf46a87082f9cf53376d203dc7cf82", - "sha256": "33294bd0818565341fafd9597df9798ce4ffbaab53ba8c8fa8c9a2037ab3a3da" - }, - { - "classification": "UNKNOWN", - "file_name": "e3f307cb[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "4a8d7af27b5ba442db67c064f43038fb", - "sample_size": 18792, - "sample_type": "Binary/None", - "sha1": "ae857cd9c3fc36d3e5e33f39c8704e083cddc61b", - "sha256": "9d7a91015126bffc9539927c9d6db88cb10c1f39f95b2fa32b56ed3079c175b6" - }, - { - "classification": "MALICIOUS", - "file_name": "a0d3923c[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "e0718a483e7d768283b0e0ac3640ceca", - "sample_size": 50056, - "sample_type": "Binary/None", - "sha1": "315dffff6bcbcf45afdd69db8fbfc7d9cb5699d7", - "sha256": "c9b3c9a43d035e4df20434b961be4e7145d707b4e74ab50ecad7dee2f51e5570" - }, - { - "classification": "UNKNOWN", - "file_name": "48a99eae[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "12f9a9e22d69c62af264f3334cf3388d", - "sample_size": 15936, - "sample_type": "Binary/None", - "sha1": "3a706bd69071705a75b8cfe181338c0631754753", - "sha256": "e4ee33d6bf0e3c9f11e3c7f6c3d9e583a4c8a97197e22333360329d179ae9c5c" - }, - { - "classification": "MALICIOUS", - "file_name": "53c747e0[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "80b14bb0b0f538dbd63f16d7d7a1e84a", - "sample_size": 121792, - "sample_type": "Binary/None", - "sha1": "b8c134781f78505e3cd9b6fe28102931454ff373", - "sha256": "919a3c467dace737d06216bfa6bd204ab3a579bf718b2715465957a041bddb63" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveMedTile.scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "042765ea2c848946cd6cf46805cf1910", - "sample_size": 888, - "sample_type": "Binary/None", - "sha1": "ccd2737dbd16a4b3b8169e603494573fff504615", - "sha256": "b8f6c6edc87ed84caaf7650de7ef8e48ce64be8b967821399f1c0df7151cdce0" - }, - { - "classification": "UNKNOWN", - "file_name": "3a8048a4[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", - "md5": "7f580de257940186f6f546e58130b4da", - "sample_size": 6688, - "sample_type": "Binary/None", - "sha1": "079c8d881d119c48663fc40ec070318bdc4e91cb", - "sha256": "72bd6c36682e755ae05b71e1c0b728b0d402bdf177c0ba51fa797569106c7c60" - }, - { - "classification": "UNKNOWN", - "file_name": "b8aa184e[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", - "md5": "fc99216ba55779d2f15cdd70889ecdb7", - "sample_size": 8088, - "sample_type": "Binary/None", - "sha1": "dab18bca7b7a0165ae3365257df5b04e65262236", - "sha256": "fe82e9550513e5b56f5d14df5b006e562fb93e82741864935c026d5ac7975b59" - }, - { - "classification": "MALICIOUS", - "file_name": "5e0abf48[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "383cfd704983453395837c3260c47519", - "sample_size": 217520, - "sample_type": "Binary/None", - "sha1": "da1aa3240abebbee4867cb0847dd2effea029915", - "sha256": "0c88e173940e9d5fa0f6f4415b1e923bc3b64b6d2d99278546f4f200f54fe5aa" - }, - { - "classification": "UNKNOWN", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0", - "md5": "91003e8dd47506884950c059dfe83305", - "sample_size": 5024, - "sample_type": "Binary/None", - "sha1": "10c5656ac1811c9f9799c3e048f9a5062436cca6", - "sha256": "7fde761cac5e8b747c2199fdc841b815a32de5721f642e113b5dd86b0fe4723f" - }, - { - "classification": "MALICIOUS", - "file_name": "3417f6c5[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "23be67f65b755c61fbe4c4e42f608452", - "sample_size": 32048, - "sample_type": "Binary/None", - "sha1": "aa1f4f0156c2b7d19697c2c6f16bfab6dbd99948", - "sha256": "182c2f4432ecfb03b4e8e7c1f9e5fc3ddc4705771bfe38679187f93fb6720fe7" - }, - { - "classification": "UNKNOWN", - "file_name": "da083887.jpg.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "md5": "0b72c7eb4b0328a4a14eb51f7f85aa11", - "sample_size": 3976, - "sample_type": "Binary/None", - "sha1": "96ad8b669212b2a7bef3b49ac1892f0490266642", - "sha256": "a723221ae2d3eace81b4f532dfcc7ae5a52c413cf6a82c570b64154459867f1a" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveMedTile.contrast-black_scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "b040472bfcdb96c5973f17c9023cdaa7", - "sample_size": 696, - "sample_type": "Binary/None", - "sha1": "4a3b9942545ba7c435b94714b68a3ed9d83891d6", - "sha256": "09cf28d3fe3c4d3205f57cb2734f2ae3a43428f61875214c0ae671e6110208fb" - }, - { - "classification": "UNKNOWN", - "file_name": "b8275b23[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", - "md5": "493f912aca198b3228cb876eaef0b87a", - "sample_size": 1712, - "sample_type": "Binary/None", - "sha1": "d1d46bb41c8f30b9be2d0c0c634f374388c6a65b", - "sha256": "95e8834f479dff5f649296ee7e0e11ceef277fc9c94f2cc182ef0dbc14d4acde" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveSmallTile.contrast-black_scale-400.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "c89b784ffd40a5407045b81e54d8b6de", - "sample_size": 1760, - "sample_type": "Binary/None", - "sha1": "fa48f21feb7586a360d049032e17b7b050203524", - "sha256": "3b0c4f178608e04b332a30bd401f2af380bb3bf681b8a47628fd16b8b73207e4" - }, - { - "classification": "MALICIOUS", - "file_name": "IECompatData.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat", - "md5": "22268c9882f7870ebad2d81bcb969c24", - "sample_size": 65232, - "sample_type": "Binary/None", - "sha1": "9b4c7c64d3bddf13ffd9be53d146e06797848680", - "sha256": "a955326dfd0a10aacd446e0ac565536adcba79f81063f1b2eeffa6b112c7a8e1" - }, - { - "classification": "UNKNOWN", - "file_name": "424a9e57[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "44bdb068c76b48be9b626fc8d53da937", - "sample_size": 1352, - "sample_type": "Binary/None", - "sha1": "950f55eff463bfdb2da622bdaa960fe507485056", - "sha256": "3a66f1f7f0c1385eaa499ca5b52287ba3ea87dda6ed61a4c39d131c694eabe26" - }, - { - "classification": "MALICIOUS", - "file_name": "Converged_v21033[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L", - "md5": "c2fd0baa69cd8930cf3d0b508b73aeee", - "sample_size": 102048, - "sample_type": "Binary/None", - "sha1": "a037ea2f2863810aa232554518e7d223fe18adf8", - "sha256": "975be5b63f6876ca7d9489f58829d1e57c176e2b667d82ac20181e5f96e4d8a3" - }, - { - "classification": "MALICIOUS", - "file_name": "SettingsCache.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache", - "md5": "74abce8048d0c92fb14b89ce0e236fd2", - "sample_size": 413096, - "sample_type": "Binary/None", - "sha1": "5ce40e038bfc7d963f00dce2401c3cb61999e64d", - "sha256": "2b84282fb5545fbdad7f6d875941dc2ef34fd9bc0d1d4992c8b0fc99c0e318a6" - }, - { - "classification": "MALICIOUS", - "file_name": "eventpage_bin_prod.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0", - "md5": "313c37344f68927144dbce6909c9d666", - "sample_size": 63696, - "sample_type": "Binary/None", - "sha1": "630f25a0a9322df5fc5e472ee6deca68a923317a", - "sha256": "7d69397aca155491f922be30b0e4b45beecc6e702fc2166f53ab167d99f7114f" - }, - { - "classification": "UNKNOWN", - "file_name": "chrome_shutdown_ms.txt.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", - "md5": "df6fe268cad8f4939c32b06a0abe7f19", - "sample_size": 48, - "sample_type": "Binary/None", - "sha1": "9c36e34d37d519632dda3471cc95672155d88bc4", - "sha256": "db52e07dd8418f4416368c29dbf702d96787187dcc73936720b79f6c5a614918" - }, - { - "classification": "UNKNOWN", - "file_name": "icon_16.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", - "md5": "1aec73c6d3ab5d31021b71fa49175742", - "sample_size": 200, - "sample_type": "Binary/None", - "sha1": "9c4dfd46c967b4d078096006ea7e3fcd1c6656a9", - "sha256": "06b7b84792faf07102d9301dac706b819229019cf4a404aab342ec6554ca7ab3" - }, - { - "classification": "UNKNOWN", - "file_name": "main.js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", - "md5": "15a12b338ab8e37a70179ac0196005d6", - "sample_size": 128, - "sample_type": "Binary/None", - "sha1": "dd1ccc68a494c4efcfad248f602e595f0a62fd17", - "sha256": "e6ee456a7ecf12f8aad5371b510a52a6b00461f38f85bb99b25c92ae460d6152" - }, - { - "classification": "UNKNOWN", - "file_name": "icon_128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0", - "md5": "72b565d8e27c7f6e8f824edf4c2741b7", - "sample_size": 3256, - "sample_type": "Binary/None", - "sha1": "e8e5ad08fb7ff37f002f7f8da31dec14fd01c2f1", - "sha256": "41658e881219b8c18169a9519140dafaca62356a4c6aca5f5855abbadefb48ef" - }, - { - "classification": "MALICIOUS", - "file_name": "known_providers_download_v1[1].xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "md5": "3ad3468603637756e1ac2c6d534e52ed", - "sample_size": 90560, - "sample_type": "Binary/None", - "sha1": "e20cc6b3d65b5162274b74511b394d80bef4293c", - "sha256": "250e9ff13f1ffb7881393e1a9f2cd154e8b5291e6b1840f25e0f5f8c77a45461" - }, - { - "classification": "UNKNOWN", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0", - "md5": "88cc0dec6b76bb2789778c36adc80fdf", - "sample_size": 6200, - "sample_type": "Binary/None", - "sha1": "83c83400a498e4eba5b2da21ec3b3508f3314410", - "sha256": "71569d1bdefecf24258f2ee116087530bb25222ded656de089bb517d7905c8b1" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveMedTile.contrast-white_scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "6e09d57e9030879e4aaa34910b36e340", - "sample_size": 704, - "sample_type": "Binary/None", - "sha1": "acbfaa3f2edca3de19b3dffd8e17ffc9c362193d", - "sha256": "23a76eaeb542e6e67693dbda0755d6d922b3f3ca7980b99c8f872de4f1997a8f" - }, - { - "classification": "UNKNOWN", - "file_name": "favicon[3].png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH", - "md5": "d7bd02610fcc71c45f5e2ee00df76abb", - "sample_size": 40, - "sample_type": "Binary/None", - "sha1": "a12eb2e41914203b301fdf6d52b9b39ac30cbc74", - "sha256": "40ed7f02069b3d3870fe1278a38bc7a906885e8723add3edecec0e48f754cdac" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveSmallTile.contrast-white_scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "6aae4a11bed8b5e51294257edbbd5a60", - "sample_size": 456, - "sample_type": "Binary/None", - "sha1": "64d5df6ff114e7341b5249b732ce50b75b5edf68", - "sha256": "8c68ef438206dfdddfd1b46bfc240bd7db14dc3ce9e35f26fa1976ef8408dce7" - }, - { - "classification": "MALICIOUS", - "file_name": "69958a21[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", - "md5": "58a393fcb834452becebb25bf8f590e4", - "sample_size": 19744, - "sample_type": "Binary/None", - "sha1": "f505c74651244ee53c924bd0ee3679c85f30ec08", - "sha256": "8fdc3d08d1439d1e5f645a55f02fb04cf8316b4a2896fc660699e89f4584c4fe" - }, - { - "classification": "MALICIOUS", - "file_name": "fd45bf1d[1].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "73f05774175a20c682c97aca14781fa5", - "sample_size": 20440, - "sample_type": "Binary/None", - "sha1": "3fbc2a901967b5b318cb2cf89fa8c0542972a4a5", - "sha256": "e32e6d608013aa31de3e787364ab62f572ca521d9568f4ecec913b5070f35983" - }, - { - "classification": "UNKNOWN", - "file_name": "icon_128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0", - "md5": "93ac1853398516b8d864f29923f86db5", - "sample_size": 3416, - "sample_type": "Binary/None", - "sha1": "69e335e3d341d0f493dacf24523e58259543ee0d", - "sha256": "820609c73845d598617cbdb51c90d25a10b700c38eabdedf658b33680991d5f2" - }, - { - "classification": "UNKNOWN", - "file_name": "a2f17337[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", - "md5": "852e6a5320cc53474a9c258f5a88f741", - "sample_size": 368, - "sample_type": "Binary/None", - "sha1": "0568c07b33ac6e7afccaf2574baf6963cc64e016", - "sha256": "d4572e3b98cec4a63eee74404f747dddcffd11a1742b73435b1d98d9156764a7" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveMedTile.contrast-white_scale-125.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "78264d49a16bd764070085d3c8ed7c55", - "sample_size": 912, - "sample_type": "Binary/None", - "sha1": "6120b002921d7bee8a3c6e4fb9f2f1afe6f2bd75", - "sha256": "097af61fcba9ea3a2faca29787af80f2cfd428f11d0449774635b2d0641429e2" - }, - { - "classification": "MALICIOUS", - "file_name": "2743db28[2].css.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1", - "md5": "8444dc6cc0ed42c4f1c36c4258b50096", - "sample_size": 60608, - "sample_type": "Binary/None", - "sha1": "9cdfd384657bdbdc6558e11435175d6c224cbadf", - "sha256": "daca8e23a066ab3acfbffaf9843e5ce9ab84e81578b0c77c6869cbf1c34efba3" - }, - { - "classification": "MALICIOUS", - "file_name": "03cedd2d[1].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16", - "md5": "7ea0bd08d8c028cc6cbb3df59d49dc86", - "sample_size": 41792, - "sample_type": "Binary/None", - "sha1": "796b3157b699d144715b3cf2f9b98c329720e1c6", - "sha256": "5b82f902396ae6c2466178f0308a4d0d3c0e895aa2e8637f2bb197f1b34f7904" - }, - { - "classification": "MALICIOUS", - "file_name": "181f4d7eabe2d441119af774407152dd.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails", - "md5": "3df1fafd008f58bd7cbce8c5ab84eb81", - "sample_size": 50328, - "sample_type": "Binary/None", - "sha1": "0163ac925a57abd5f687816498c6ca7fd319f1f7", - "sha256": "a1ec1ab23fa76fc0e047c066aae7747b2f9236e0efc18488a1baa18fde5c89a5" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDrive.VisualElementsManifest.xml.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive", - "md5": "06986325a06d0b2a0c6c6786b0c3caf5", - "sample_size": 384, - "sample_type": "Binary/None", - "sha1": "80a78acb248504ceec7b7b91019b6dd75215e195", - "sha256": "356b96b572afbe40e91842210cf61717309208a9e168fac82a35e5849b7717ad" - }, - { - "classification": "UNKNOWN", - "file_name": "b8275b23[2].js.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD", - "md5": "e32144c93f15d3cf960bbb70e53f2505", - "sample_size": 1712, - "sample_type": "Binary/None", - "sha1": "fb52d3516f5f27e6284e2669c88ba6a67070cc66", - "sha256": "0195455b13996e7b4e3fef659c6568f96157cd84a4b5cbfd4bab72d2f69e5b46" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveSmallTile.contrast-black_scale-150.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "0111627d1aab907332da307cb4ac5ceb", - "sample_size": 632, - "sample_type": "Binary/None", - "sha1": "b57814bee6620538c64a6d80c74397883c1863a6", - "sha256": "16a4112aa612f8d72eb52c0795625404e3ebbefb6bd9dcf8248d0e296aba909c" - }, - { - "classification": "UNKNOWN", - "file_name": "248aaea9.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm", - "md5": "76a333bdafc772b8da3cb292ff4103a1", - "sample_size": 9656, - "sample_type": "Binary/None", - "sha1": "bf1900d599c530742f0156ab21b7cc9d0fb492c0", - "sha256": "7fac5b99b80d77f55f936474fdb8e8ed63f1d3cc2ba04695893a6ead430f993e" - }, - { - "classification": "UNKNOWN", - "file_name": "OneDriveMedTile.scale-100.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", - "md5": "1b90920f77e45538be049469419c1e1f", - "sample_size": 696, - "sample_type": "Binary/None", - "sha1": "74aad3ae8f55db81a493111561f308afa18e60b0", - "sha256": "c5bbde7ef7748193d6bdd93f9cb6e86a55a10b9ca2c48c4c61376e6d5ca9df03" - }, - { - "classification": "UNKNOWN", - "file_name": "128.png.toxcrypt", - "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0", - "md5": "913510d99a80b9d2103dc5ed77de9572", - "sample_size": 3952, - "sample_type": "Binary/None", - "sha1": "9cad1d7e6bccb750654e3cf1f380107069819cfd", - "sha256": "0d5832acad5a8b492e13167bf128826173624184a95053b8bdfd8735a3f743c4" - } - ], - "md5": "d5720ea13de22edcbe76d20c7908c0bf", - "memory_strings": "https://bucket.reversinglabs.com/rl-cloud-sandbox-memstrings-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_9665584d-57d9-4f8a-b63b-5c762b37fc33_memstrings_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20230607%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230607T150641Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=ee5ea869e113ae10e0527e84622c7a2ec1c218ea425cdfa502b73231191550df", - "mitre_attack": { - "matrix_list": [ - { - "name": "Enterprise", - "tactics": { - "tactic_list": [ - { - "id": "TA0005", - "name": "Defense Evasion", - "techniques": { - "technique_list": [ - { - "id": "T1055", - "name": "Process Injection" - }, - { - "id": "T1027", - "name": "Obfuscated Files or Information" - }, - { - "id": "T1036", - "name": "Masquerading" - }, - { - "id": "T1027.002", - "name": "Software Packing" - } - ] - } - }, - { - "id": "TA0007", - "name": "Discovery", - "techniques": { - "technique_list": [ - { - "id": "T1083", - "name": "File and Directory Discovery" - }, - { - "id": "T1082", - "name": "System Information Discovery" - }, - { - "id": "T1124", - "name": "System Time Discovery" - }, - { - "id": "T1518.001", - "name": "Security Software Discovery" - } - ] - } - }, - { - "id": "TA0002", - "name": "Execution", - "techniques": { - "technique_list": [] - } - }, - { - "id": "TA0011", - "name": "Command and Control", - "techniques": { - "technique_list": [ - { - "id": "T1573", - "name": "Encrypted Channel" - } - ] - } - }, - { - "id": "TA0010", - "name": "Exfiltration", - "techniques": { - "technique_list": [] - } - }, - { - "id": "TA0004", - "name": "Privilege Escalation", - "techniques": { - "technique_list": [ - { - "id": "T1547.001", - "name": "Registry Run Keys / Startup Folder" - } - ] - } - }, - { - "id": "TA0003", - "name": "Persistence", - "techniques": { - "technique_list": [ - { - "id": "T1176", - "name": "Browser Extensions" - } - ] - } - }, - { - "id": "TA0009", - "name": "Collection", - "techniques": { - "technique_list": [ - { - "id": "T1185", - "name": "Man in the Browser" - }, - { - "id": "T1560", - "name": "Archive Collected Data" - }, - { - "id": "T1056", - "name": "Input Capture" - }, - { - "id": "T1005", - "name": "Data from Local System" - } - ] - } - }, - { - "id": "TA0040", - "name": "Impact", - "techniques": { - "technique_list": [] - } - }, - { - "id": "TA0006", - "name": "Credential Access", - "techniques": { - "technique_list": [ - { - "id": "T1003", - "name": "OS Credential Dumping" - } - ] - } - } - ] - } - } - ] - }, - "network": { - "url": [ - { - "source": "memory", - "url": "http://127.0.0.1:90500123456789ABCDEF" - }, - { - "source": "memory", - "url": "http://dist.torproject.org/torbrowser/4.5.1/tor-win32-0.2.6.7.zip" - }, - { - "source": "memory", - "url": "http://search.live.com/results.aspx?q=" - }, - { - "source": "memory", - "url": "http://gcc.gnu.org/bugs.html):" - }, - { - "source": "memory", - "url": "http://curl.haxx.se/docs/http-cookies.html" - } - ] - }, - "optional_parameters": "internet_simulation=false", - "pcap": "https://bucket.reversinglabs.com/rl-cloud-sandbox-pcap-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_9665584d-57d9-4f8a-b63b-5c762b37fc33_pcap_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20230607%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230607T150640Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=2d949896392b6a7e6100b7e4528496dde102a782cae48e33434188ea087bf217", - "platform": "windows10", - "process_tree": [ - { - "name": "rl_file.exe", - "parameters": "C:\\Users\\user\\Desktop\\rl_file.exe", - "parent_process_id": 3812, - "process_id": 3080 - }, - { - "name": "rl_file.exe", - "parameters": "\"C:\\Users\\user\\Desktop\\rl_file.exe\" ", - "parent_process_id": 3080, - "process_id": 3668 - }, - { - "name": "Tox.exe", - "parameters": "\"C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe\" ", - "parent_process_id": 3812, - "process_id": 1568 - } - ], - "risk_score": 96, - "screenshots": "https://bucket.reversinglabs.com/rl-cloud-sandbox-screenshots-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_9665584d-57d9-4f8a-b63b-5c762b37fc33_screenshots_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20230607%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230607T150641Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=d815f79993cb3bd0939551ce8b200ef8b1ddd636564b999c9ded4c481f9c3b79", - "sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271", - "sha256": "0b5225517dcd1faf1de7b9c770baedbe000f8f2eacc22e8759970e26d446ec19", - "signatures": [ - { - "description": "Reads ini files", - "risk_factor": 5, - "sig_id": 1257 - }, - { - "description": "Creates a start menu entry (Start Menu\\\\Programs\\\\Startup)", - "risk_factor": 7, - "sig_id": 1376 - }, - { - "description": "Disables application error messages (SetErrorMode)", - "risk_factor": 5, - "sig_id": 1397 - }, - { - "description": "Contains functionality to enumerate / list files inside a directory", - "risk_factor": 5, - "sig_id": 1088 - }, - { - "description": "Found inlined nop instructions (likely shell or obfuscated code)", - "risk_factor": 7, - "sig_id": 1537 - }, - { - "description": "Creates temporary files", - "risk_factor": 5, - "sig_id": 1276 - }, - { - "description": "Tries to harvest and steal browser information (history, passwords, etc)", - "risk_factor": 8, - "sig_id": 1272 - }, - { - "description": "Sample reads its own file content", - "risk_factor": 5, - "sig_id": 1571 - }, - { - "description": "URLs found in memory or binary data", - "risk_factor": 5, - "sig_id": 357 - }, - { - "description": "Uses an in-process (OLE) Automation server", - "risk_factor": 5, - "sig_id": 1458 - }, - { - "description": "Sample is packed with UPX", - "risk_factor": 5, - "sig_id": 1366 - }, - { - "description": "Creates a DirectInput object (often for capturing keystrokes)", - "risk_factor": 7, - "sig_id": 1339 - }, - { - "description": "Stores files to the Windows startup directory", - "risk_factor": 7, - "sig_id": 1352 - }, - { - "description": "Creates a process in suspended mode (likely to inject code)", - "risk_factor": 7, - "sig_id": 1790 - }, - { - "description": "Spawns processes", - "risk_factor": 5, - "sig_id": 1271 - }, - { - "description": "Creates mutexes", - "risk_factor": 5, - "sig_id": 1150 - }, - { - "description": "Detected crypto function", - "risk_factor": 7, - "sig_id": 1826 - }, - { - "description": "Sample is known by Antivirus (Virustotal or Metascan)", - "risk_factor": 5, - "sig_id": 1532 - }, - { - "description": "Contains functionality to register its own exception handler", - "risk_factor": 5, - "sig_id": 1094 - }, - { - "description": "Classification label", - "risk_factor": 5, - "sig_id": 420 - }, - { - "description": "Uses 32bit PE files", - "risk_factor": 7, - "sig_id": 621 - }, - { - "description": "Contains functionality to query local / system time", - "risk_factor": 5, - "sig_id": 1103 - }, - { - "description": "Multi AV Scanner detection for dropped file", - "risk_factor": 10, - "sig_id": 1524 - }, - { - "description": "Drops PE files", - "risk_factor": 7, - "sig_id": 1167 - }, - { - "description": "Multi AV Scanner detection for submitted file", - "risk_factor": 10, - "sig_id": 362 - }, - { - "description": "Contains functionality to query CPU information (cpuid)", - "risk_factor": 7, - "sig_id": 1326 - }, - { - "description": "Drops PE files to the startup folder (C:\\\\Documents and Settings\\\\All Users\\\\Start Menu\\\\Programs\\\\Startup)", - "risk_factor": 8, - "sig_id": 1378 - }, - { - "description": "Creates files inside the user directory", - "risk_factor": 5, - "sig_id": 1145 - }, - { - "description": "Reads software policies", - "risk_factor": 5, - "sig_id": 1460 - }, - { - "description": "Overwrites Mozilla Firefox settings", - "risk_factor": 8, - "sig_id": 1382 - }, - { - "description": "Installs a chrome extension", - "risk_factor": 7, - "sig_id": 1393 - }, - { - "description": "Writes many files with high entropy", - "risk_factor": 8, - "sig_id": 2072 - } - ], - "threat_names": [ - { - "threat_name": "Unknown" - } - ] - }, - "requested_hash": "21841b32c6165b27dddbd4d6eb3a672defe54271" - } - } - } -} -``` - -#### Human Readable Output - ->Full report is returned in a downloadable file - -### reversinglabs-titaniumcloud-certificate-analytics - -*** -Retrieve certificate analytics. - -#### Base Command - -`reversinglabs-titaniumcloud-certificate-analytics` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| certificate_thumbprint | Hash string. | Required | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.certificate_analytics | Unknown | | - -#### Command example -```!reversinglabs-titaniumcloud-certificate-analytics certificate_thumbprint="86900D438047F6D00ACE379C6E68A9461BA36ACD152C9E82EDDBE87B331F3E4A"``` -#### Context Example -```json -{ - "InfoFile": { - "EntryID": "7632@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59", - "Info": "text/plain", - "Name": "Certificate Analytics report file for thumbprint 86900D438047F6D00ACE379C6E68A9461BA36ACD152C9E82EDDBE87B331F3E4A", - "Size": 11882, - "Type": "ASCII text, with very long lines" - }, - "ReversingLabs": { - "certificate_analytics": { - "rl": { - "certificate_analytics": { - "certificate": { - "certificate_thumbprints": [ - { - "name": "MD5", - "value": "76cc8c2a0859c683eb494eb4f161ed79" - }, - { - "name": "SHA1", - "value": "03addd4d8bb9c4eb53a49d734a3fa622f35ac4f4" - }, - { - "name": "SHA256", - "value": "86900D438047F6D00ACE379C6E68A9461BA36ACD152C9E82EDDBE87B331F3E4A" - } - ], - "common_name": "OOO \"Industry\"", - "extensions": [ - { - "is_critical": "False", - "name": "X509v3 Authority Key Identifier", - "value": "keyid:1E:C5:B1:2C:7D:87:DA:02:68:7C:25:BC:0C:07:84:3F:B6:CF:DE:F1\n" - }, - { - "is_critical": "False", - "name": "X509v3 Subject Key Identifier", - "value": "3A:32:1F:B5:2F:91:3A:5A:5F:2C:09:7B:74:6C:0C:95:0C:8B:A3:7E" - }, - { - "is_critical": "True", - "name": "X509v3 Key Usage", - "value": "Digital Signature" - }, - { - "is_critical": "True", - "name": "X509v3 Basic Constraints", - "value": "CA:FALSE" - }, - { - "is_critical": "False", - "name": "X509v3 Extended Key Usage", - "value": "Code Signing" - }, - { - "is_critical": "False", - "name": "Netscape Cert Type", - "value": "Object Signing" - }, - { - "is_critical": "False", - "name": "X509v3 Certificate Policies", - "value": "Policy: 1.3.6.1.4.1.6449.1.2.1.3.2\n CPS: https://secure.comodo.net/CPS\n" - }, - { - "is_critical": "False", - "name": "X509v3 CRL Distribution Points", - "value": "\nFull Name:\n URI:http://crl.comodoca.com/COMODOCodeSigningCA2.crl\n" - }, - { - "is_critical": "False", - "name": "Authority Information Access", - "value": "CA Issuers - URI:http://crt.comodoca.com/COMODOCodeSigningCA2.crt\nOCSP - URI:http://ocsp.comodoca.com\n" - }, - { - "is_critical": "False", - "name": "X509v3 Subject Alternative Name", - "value": "email:igorv@ooo-industry.ru" - } - ], - "issuer": { - "certificate_thumbprints": [ - { - "name": "MD5", - "value": "db84b1a0715cfd1e33d1935ddc9beb4e" - }, - { - "name": "SHA1", - "value": "b64771392538d1eb7a9281998791c14afd0c5035" - }, - { - "name": "SHA256", - "value": "8EF8F2565BE30E7CE7BA6302BB18B42A3ACD148A0DDB4779E4C03E862F39589B" - } - ], - "common_name": "COMODO Code Signing CA 2", - "extensions": [ - { - "is_critical": "False", - "name": "X509v3 Authority Key Identifier", - "value": "keyid:DA:ED:64:74:14:9C:14:3C:AB:DD:99:A9:BD:5B:28:4D:8B:3C:C9:D8\n" - }, - { - "is_critical": "False", - "name": "X509v3 Subject Key Identifier", - "value": "1E:C5:B1:2C:7D:87:DA:02:68:7C:25:BC:0C:07:84:3F:B6:CF:DE:F1" - }, - { - "is_critical": "True", - "name": "X509v3 Key Usage", - "value": "Certificate Sign, CRL Sign" - }, - { - "is_critical": "True", - "name": "X509v3 Basic Constraints", - "value": "CA:TRUE, pathlen:0" - }, - { - "is_critical": "False", - "name": "X509v3 Extended Key Usage", - "value": "Code Signing" - }, - { - "is_critical": "False", - "name": "X509v3 Certificate Policies", - "value": "Policy: X509v3 Any Policy\n" - }, - { - "is_critical": "False", - "name": "X509v3 CRL Distribution Points", - "value": "\nFull Name:\n URI:http://crl.usertrust.com/UTN-USERFirst-Object.crl\n" - }, - { - "is_critical": "False", - "name": "Authority Information Access", - "value": "CA Issuers - URI:http://crt.usertrust.com/UTNAddTrustObject_CA.crt\nOCSP - URI:http://ocsp.usertrust.com\n" - } - ], - "issuer": { - "certificate_thumbprints": [ - { - "name": "MD5", - "value": "ff5fbc4290fa389e798467ebd7ae940b" - }, - { - "name": "SHA1", - "value": "8ad5c9987e6f190bd6f5416e2de44ccd641d8cda" - }, - { - "name": "SHA256", - "value": "2CF1EC6AB594113BD538DF6D5C940E3319B424F8756D975888072C6AB558B771" - } - ], - "common_name": "UTN-USERFirst-Object", - "extensions": [ - { - "is_critical": "False", - "name": "X509v3 Authority Key Identifier", - "value": "keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A\n" - }, - { - "is_critical": "False", - "name": "X509v3 Subject Key Identifier", - "value": "DA:ED:64:74:14:9C:14:3C:AB:DD:99:A9:BD:5B:28:4D:8B:3C:C9:D8" - }, - { - "is_critical": "True", - "name": "X509v3 Key Usage", - "value": "Certificate Sign, CRL Sign" - }, - { - "is_critical": "True", - "name": "X509v3 Basic Constraints", - "value": "CA:TRUE" - }, - { - "is_critical": "False", - "name": "X509v3 Certificate Policies", - "value": "Policy: X509v3 Any Policy\n" - }, - { - "is_critical": "False", - "name": "X509v3 CRL Distribution Points", - "value": "\nFull Name:\n URI:http://crl.usertrust.com/AddTrustExternalCARoot.crl\n" - }, - { - "is_critical": "False", - "name": "Authority Information Access", - "value": "OCSP - URI:http://ocsp.usertrust.com\n" - } - ], - "issuer": "AddTrust External CA Root", - "serial_number": "421AF2940984191F520A4BC62426A74B", - "signature": "4D422FA6C18AEB07809058468CF81939662A3C5A2C6DCFD4D987558D790B12887B408FD5C7F84B8D551663ADB757DC3B2BBDD3C14F1E03874B449BE3E2404526F326492B6A84F1547AD442DAFCD36ABB667ECA9EEAE9BBDC07C7C3924E833C81499F92D53209EA492EA111719A36D2C54E68B6CB0E1B2516AF6CDE5D76D81F72B193268617DB18DEAF45E9DFFB98AF1418EDA45EF6899445F055044ADDFF27DD064A40F6B4BCF1E40F9902BBFD5D0E2E28C1BE3B5F1A3F971084BC163ED8A39C631D66CB5C5FDA3EF30F0A093522DBDBC03F00F9E60D5D67D1FDA01E032BD940F7BECC87665480A6A3B8F51962D5D226B19826EE9ACB44A7455A8195151AF551", - "signature_algorithm": "sha1WithRSAEncryption", - "valid_from": "Jun 7 08:09:10 2005 GMT", - "valid_to": "May 30 10:48:38 2020 GMT", - "version": "2" - }, - "serial_number": "10709D4FF55408D7306001D8EA9175BB", - "signature": "9589779368015E7CD92D3707905D5A425E0C64B436B50FF6ABD53927DE2246A4491C664B4619592E794903F69C92DF6D50355C0C912E600359D0F164F76909F67EFEEB34B36DB1BF669CA3BA3178B98735613D92311BEFF4E89ED6AC45FA0C363C8067BBBDEF2EC290E13D712F3BC1B0587E45C352710307F6F3394D8B36211B01DFD9DA5E2BEB0E97801E441C5088F5C612334AA84DA58D2F940C7BC6BF9A2CC332CDBD8C2726F0E13003500682BCF43BB3837506C6EFBAEED380F852C6ACCB79F2389E7BB09258429105C89621ADB94B16811469F137B0FE34F7DCB0DF97F543109B768FB465F5E89F13B71EAC6FC4698A5FBA3C617E5E498623132EAF1548", - "signature_algorithm": "sha1WithRSAEncryption", - "valid_from": "Aug 24 00:00:00 2011 GMT", - "valid_to": "May 30 10:48:38 2020 GMT", - "version": "2" - }, - "serial_number": "D139BDA20096871840DCE08E6A80B6F0", - "signature": "2F5083FC3924FBE3509C294E8DE25499D771A7A554DED358DC05629AFE99803F4BC8DCC436BF0C7CA97015BA2FFD80EFC4D0BDB6E39F375296ECDDCDE3CA0B5033C649B38ECF57761DA6DEA2868D0286EA481177EE6D0D0C1B7B041BB890ECD6CE1FF93EC608F06A4D53C17DCBA4EA5E8894ABADDCFD670B9C3E4E4F0870AC7BB619E3ECE42971FE8FF0AFDE6578892802FC6C9C96DFF767FE2F52EA197C58B5B86C76110CFA05EC019C6FC589B32284D54F4734A21313EDB3970B2820FB6D05EAA5228E7D5035B27AF3B14285225B71F6C3441E7E53631B8C9508F4006E1A464D6DB91E2E8CC7D3B336926812E5356BD8B8B839BFBC990C9A21B1AC17780C39", - "signature_algorithm": "sha1WithRSAEncryption", - "valid_from": "Aug 2 00:00:00 2012 GMT", - "valid_to": "Aug 2 23:59:59 2015 GMT", - "version": "2" - }, - "certificate_first_seen": "2012-09-13T08:57:00", - "classification": { - "status": "undefined" - }, - "statistics": { - "known": 2, - "malicious": 6082, - "suspicious": 142, - "total": 6226, - "unknown": 0 - } - }, - "request": { - "response_format": "json", - "thumbprint": "86900D438047F6D00ACE379C6E68A9461BA36ACD152C9E82EDDBE87B331F3E4A" - } - } - } - } -} -``` - -#### Human Readable Output - ->Full report is returned in a downloadable file - -### reversinglabs-titaniumcloud-yara-ruleset-actions - -*** -Perform various YARA ruleset actions. - -#### Base Command - -`reversinglabs-titaniumcloud-yara-ruleset-actions` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| yara_action | YARA ruleset action. Possible values are: CREATE RULESET, DELETE RULESET, GET RULESET INFO, GET RULESET TEXT. | Required | -| ruleset_name | Name of the YARA ruleset. | Required | -| ruleset_text | Text of the YARA ruleset. | Optional | -| sample_available | Return only samples that are available for download to the user. Must be boolean. | Optional | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.create_yara_ruleset | Unknown | | -| ReversingLabs.delete_yara_ruleset | Unknown | | -| ReversingLabs.get_yara_ruleset_info | Unknown | | -| ReversingLabs.get_yara_ruleset_text | Unknown | | - -#### Command example -```!reversinglabs-titaniumcloud-yara-ruleset-actions ruleset_name=SuperHunt yara_action="GET RULESET INFO"``` -#### Context Example -```json -{ - "ReversingLabs": { - "get_yara_ruleset_info": { - "approved": true, - "ruleset_name": "SuperHunt", - "valid": true - } - } -} -``` - -#### Human Readable Output - ->{ -> "approved": true, -> "ruleset_name": "SuperHunt", -> "valid": true ->} - -### reversinglabs-titaniumcloud-yara-matches-feed - -*** -Returns a recordset of YARA ruleset matches in the specified time range. - -#### Base Command - -`reversinglabs-titaniumcloud-yara-matches-feed` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| time_format | Define the time format that is used. Possible values are: utc, timestamp. | Required | -| time_value | Time value in the defined format. | Required | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.yara_matches_feed | Unknown | | - -#### Command example -```!reversinglabs-titaniumcloud-yara-matches-feed time_format=timestamp time_value=1686149726``` -#### Context Example -```json -{ - "ReversingLabs": { - "yara_matches_feed": { - "rl": { - "feed": { - "entries": [ - { - "file_size": 3276768, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2070668, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2103585, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6c9a7e771632738a4d86e8211be63306b3c31739", - "timestamp": 1686149729 - }, - { - "file_size": 3276768, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2070668, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2103585, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6c9a7e771632738a4d86e8211be63306b3c31739", - "timestamp": 1686149729 - }, - { - "file_size": 700972, - "file_type": "Text/TypeScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6427, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 327393, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "22cbdcd8130f2dabaf16cb6a4cdfe8141c8d54d9", - "timestamp": 1686149748 - }, - { - "file_size": 700972, - "file_type": "Text/TypeScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6427, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 327393, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "22cbdcd8130f2dabaf16cb6a4cdfe8141c8d54d9", - "timestamp": 1686149748 - }, - { - "file_size": 701035, - "file_type": "Text/TypeScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6427, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 327456, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "327da64e3c8bd70b5868a11b90345ffb83faf169", - "timestamp": 1686149771 - }, - { - "file_size": 701035, - "file_type": "Text/TypeScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6427, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 327456, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "327da64e3c8bd70b5868a11b90345ffb83faf169", - "timestamp": 1686149771 - }, - { - "file_size": 2495206, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 1508164, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": true, - "sha1": "8b16533fe15079a2797c5edb655e7faa0136a2c3", - "timestamp": 1686149775 - }, - { - "file_size": 136068, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 90723, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 126493, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "4b69b90535fffc35b944af09c4fecd1ea45bdf03", - "timestamp": 1686149791 - }, - { - "file_size": 136068, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 90723, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 126493, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "4b69b90535fffc35b944af09c4fecd1ea45bdf03", - "timestamp": 1686149791 - }, - { - "file_size": 89327, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7042, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "9833e067786155c711abd4748f0134dce2a50f70", - "timestamp": 1686149812 - }, - { - "file_size": 89327, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7042, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "9833e067786155c711abd4748f0134dce2a50f70", - "timestamp": 1686149812 - }, - { - "file_size": 60165, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 53034, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 44244, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7", - "timestamp": 1686149812 - }, - { - "file_size": 60165, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 53034, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 44244, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7", - "timestamp": 1686149812 - }, - { - "file_size": 348160, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 37848, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": true, - "sha1": "8a5f73ba3d164d764f3247e1a4d8910f1c82118e", - "timestamp": 1686149813 - }, - { - "file_size": 2032952, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1691838, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1680161, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3ef76796bc39440ff9e380ee0870e082a7d4d827", - "timestamp": 1686149813 - }, - { - "file_size": 2032952, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1691838, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1680161, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3ef76796bc39440ff9e380ee0870e082a7d4d827", - "timestamp": 1686149813 - }, - { - "file_size": 152263, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 108863, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 66000, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "672718e4181413228e56e9aca75af311e5113b34", - "timestamp": 1686149815 - }, - { - "file_size": 152263, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 108863, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 66000, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "672718e4181413228e56e9aca75af311e5113b34", - "timestamp": 1686149815 - }, - { - "file_size": 3594552, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2695368, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2746903, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3c1e2700b7b75d6f064f1a4cd92348cbbd12445e", - "timestamp": 1686149821 - }, - { - "file_size": 3594552, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2695368, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2746903, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3c1e2700b7b75d6f064f1a4cd92348cbbd12445e", - "timestamp": 1686149821 - }, - { - "file_size": 629694, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 195141, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 142128, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "689fa08d967cd23c51d86f5f31245b2c4b4cb8f4", - "timestamp": 1686149825 - }, - { - "file_size": 629694, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 195141, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 142128, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "689fa08d967cd23c51d86f5f31245b2c4b4cb8f4", - "timestamp": 1686149825 - }, - { - "file_size": 60165, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 53034, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 44244, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7", - "timestamp": 1686149825 - }, - { - "file_size": 60165, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 53034, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 44244, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7", - "timestamp": 1686149825 - }, - { - "file_size": 7876608, - "file_type": "ELF64 Little/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4574372, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4638450, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "be246b1372fc383087a49f7b217d57f60a91282e", - "timestamp": 1686149830 - }, - { - "file_size": 7876608, - "file_type": "ELF64 Little/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4574372, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4638450, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "be246b1372fc383087a49f7b217d57f60a91282e", - "timestamp": 1686149830 - }, - { - "file_size": 163095, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 92470, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 152391, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "38351d1f1fd246eed1a5319c70e6db239cf08961", - "timestamp": 1686149832 - }, - { - "file_size": 163095, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 92470, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 152391, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "38351d1f1fd246eed1a5319c70e6db239cf08961", - "timestamp": 1686149832 - }, - { - "file_size": 4435792, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 35519, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 251777, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8c2ac756b84dad335730361f0ae794d427f59ac8", - "timestamp": 1686149840 - }, - { - "file_size": 4435792, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 35519, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 251777, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8c2ac756b84dad335730361f0ae794d427f59ac8", - "timestamp": 1686149840 - }, - { - "file_size": 118346, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 16163, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 93519, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "33b343dbf5e945badbde855fccd9d41cc6721b57", - "timestamp": 1686149841 - }, - { - "file_size": 118346, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 16163, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 93519, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "33b343dbf5e945badbde855fccd9d41cc6721b57", - "timestamp": 1686149841 - }, - { - "file_size": 421625, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 254252, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 61027, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "97de77df7de1563a15054f68142f815b4df26ef8", - "timestamp": 1686149841 - }, - { - "file_size": 421625, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 254252, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 61027, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "97de77df7de1563a15054f68142f815b4df26ef8", - "timestamp": 1686149841 - }, - { - "file_size": 89327, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7042, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6c4a87910eafb345ad3b07f13dced51376ccc93f", - "timestamp": 1686149842 - }, - { - "file_size": 89327, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7042, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6c4a87910eafb345ad3b07f13dced51376ccc93f", - "timestamp": 1686149842 - }, - { - "file_size": 4091720, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1530891, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1420528, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "f0a94f8d3ba71b06bc7a463241233c2db1cf4a36", - "timestamp": 1686149842 - }, - { - "file_size": 4091720, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1530891, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1420528, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "f0a94f8d3ba71b06bc7a463241233c2db1cf4a36", - "timestamp": 1686149842 - }, - { - "file_size": 89327, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7042, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "5c880504fedd3ee67d06ecb36ef7247a6b26cd48", - "timestamp": 1686149844 - }, - { - "file_size": 89327, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7042, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "5c880504fedd3ee67d06ecb36ef7247a6b26cd48", - "timestamp": 1686149844 - }, - { - "file_size": 151754, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 108353, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 65464, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "1a9bc0dd119fa6b5b15042468d54a26cccccbeaa", - "timestamp": 1686149844 - }, - { - "file_size": 151754, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 108353, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 65464, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "1a9bc0dd119fa6b5b15042468d54a26cccccbeaa", - "timestamp": 1686149844 - }, - { - "file_size": 151042, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 107641, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 65289, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d7c4f4ab8fc6682e2ba020664b06cb40ac1436f8", - "timestamp": 1686149844 - }, - { - "file_size": 151042, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 107641, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 65289, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d7c4f4ab8fc6682e2ba020664b06cb40ac1436f8", - "timestamp": 1686149844 - }, - { - "file_size": 6321416, - "file_type": "ELF64 Little/SO", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 361578, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 283948, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8cb1f6b4f18c6c55888c7275f54b0f9ca61d4cc7", - "timestamp": 1686149845 - }, - { - "file_size": 6321416, - "file_type": "ELF64 Little/SO", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 361578, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 283948, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8cb1f6b4f18c6c55888c7275f54b0f9ca61d4cc7", - "timestamp": 1686149845 - }, - { - "file_size": 7876608, - "file_type": "ELF64 Little/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4574372, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4638450, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "be246b1372fc383087a49f7b217d57f60a91282e", - "timestamp": 1686149847 - }, - { - "file_size": 7876608, - "file_type": "ELF64 Little/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4574372, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4638450, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "be246b1372fc383087a49f7b217d57f60a91282e", - "timestamp": 1686149847 - }, - { - "file_size": 154712, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 111318, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 68396, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "846e91cbdccfbacf3790aaaa5aad6357394ec328", - "timestamp": 1686149848 - }, - { - "file_size": 154712, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 111318, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 68396, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "846e91cbdccfbacf3790aaaa5aad6357394ec328", - "timestamp": 1686149848 - }, - { - "file_size": 2037575, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 700877, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1730255, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "66ea67dd377be2868f91cada78056d679c37ad14", - "timestamp": 1686149849 - }, - { - "file_size": 2037575, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 700877, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1730255, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "66ea67dd377be2868f91cada78056d679c37ad14", - "timestamp": 1686149849 - }, - { - "file_size": 4435792, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 35519, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 251777, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8c2ac756b84dad335730361f0ae794d427f59ac8", - "timestamp": 1686149849 - }, - { - "file_size": 4435792, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 35519, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 251777, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8c2ac756b84dad335730361f0ae794d427f59ac8", - "timestamp": 1686149849 - }, - { - "file_size": 25735, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 369, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 19182, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "2983e913f00f2919c3ef8af5984fc1d4165ef459", - "timestamp": 1686149851 - }, - { - "file_size": 25735, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 369, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 19182, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "2983e913f00f2919c3ef8af5984fc1d4165ef459", - "timestamp": 1686149851 - }, - { - "file_size": 89327, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7042, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "94d4edb7622aa1bc73976a43641f0f7aa673e515", - "timestamp": 1686149851 - }, - { - "file_size": 89327, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7042, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "94d4edb7622aa1bc73976a43641f0f7aa673e515", - "timestamp": 1686149851 - }, - { - "file_size": 5899328, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3609590, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3648212, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "1e005a0d0a4e445a22845e20f507c9986ab8c981", - "timestamp": 1686149855 - }, - { - "file_size": 5899328, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3609590, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3648212, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "1e005a0d0a4e445a22845e20f507c9986ab8c981", - "timestamp": 1686149855 - }, - { - "file_size": 477009, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 117834, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 179800, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "c4362fdfb7e929c0befe19e1fdbb503e340713ef", - "timestamp": 1686149858 - }, - { - "file_size": 477009, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 117834, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 179800, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "c4362fdfb7e929c0befe19e1fdbb503e340713ef", - "timestamp": 1686149858 - }, - { - "file_size": 146948, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 103548, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 60815, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6aca08c08a657c545ca575cc33e124e0e38f8730", - "timestamp": 1686149865 - }, - { - "file_size": 146948, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 103548, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 60815, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6aca08c08a657c545ca575cc33e124e0e38f8730", - "timestamp": 1686149865 - }, - { - "file_size": 89327, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7042, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "042e4cb27fc3d6fd7c73e3a217a872495a05c90a", - "timestamp": 1686149866 - }, - { - "file_size": 89327, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7042, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "042e4cb27fc3d6fd7c73e3a217a872495a05c90a", - "timestamp": 1686149866 - }, - { - "file_size": 739873, - "file_type": "Text/Go", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8970, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 195156, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "2a8b44ff48c01cb281e6fc55079211d061ead5c5", - "timestamp": 1686149873 - }, - { - "file_size": 739873, - "file_type": "Text/Go", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8970, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 195156, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "2a8b44ff48c01cb281e6fc55079211d061ead5c5", - "timestamp": 1686149873 - }, - { - "file_size": 1001023, - "file_type": "Text/Go", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 12927, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 112532, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "f5d3401062623204bff214eef2887ca59171fc8d", - "timestamp": 1686149874 - }, - { - "file_size": 1001023, - "file_type": "Text/Go", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 12927, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 112532, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "f5d3401062623204bff214eef2887ca59171fc8d", - "timestamp": 1686149874 - }, - { - "file_size": 344860, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 12762, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 227575, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "1d8d3cffaf275d88d4fc68ec7eb20b30c03225b0", - "timestamp": 1686149875 - }, - { - "file_size": 344860, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 12762, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 227575, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "1d8d3cffaf275d88d4fc68ec7eb20b30c03225b0", - "timestamp": 1686149875 - }, - { - "file_size": 6738008, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2615445, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2651672, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3ac8e4d7748a9ca0affb66f81978d33e683c4814", - "timestamp": 1686149879 - }, - { - "file_size": 6738008, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2615445, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2651672, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3ac8e4d7748a9ca0affb66f81978d33e683c4814", - "timestamp": 1686149879 - }, - { - "file_size": 89327, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7042, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "dc5645d2051ac4aac468e02b4ebf62628a73605f", - "timestamp": 1686149880 - }, - { - "file_size": 89327, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7042, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "dc5645d2051ac4aac468e02b4ebf62628a73605f", - "timestamp": 1686149880 - }, - { - "file_size": 6343328, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4122595, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4778117, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "2db6a690c35f5f29fc0986760df02acf70d67abf", - "timestamp": 1686149881 - }, - { - "file_size": 6343328, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4122595, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4778117, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "2db6a690c35f5f29fc0986760df02acf70d67abf", - "timestamp": 1686149881 - }, - { - "file_size": 154231, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 110832, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 68406, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3af52ef8aff5735d794cb2611de951f786961c03", - "timestamp": 1686149900 - }, - { - "file_size": 154231, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 110832, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 68406, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3af52ef8aff5735d794cb2611de951f786961c03", - "timestamp": 1686149900 - }, - { - "file_size": 739903, - "file_type": "Text/Go", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8970, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 195156, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e4965ce5cd511a3efd00a2caba635bfab3f4e805", - "timestamp": 1686149921 - }, - { - "file_size": 739903, - "file_type": "Text/Go", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8970, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 195156, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e4965ce5cd511a3efd00a2caba635bfab3f4e805", - "timestamp": 1686149921 - }, - { - "file_size": 5685433, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 150959, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2075729, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6974c8390c179c1a4a9dca8947a1f2378852faad", - "timestamp": 1686149931 - }, - { - "file_size": 5685433, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 150959, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2075729, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6974c8390c179c1a4a9dca8947a1f2378852faad", - "timestamp": 1686149931 - }, - { - "file_size": 11163136, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 9002020, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8469401, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "07a157e4e612f74d0b01b2844eca8afdc2a43955", - "timestamp": 1686149931 - }, - { - "file_size": 11163136, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 9002020, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8469401, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "07a157e4e612f74d0b01b2844eca8afdc2a43955", - "timestamp": 1686149931 - }, - { - "file_size": 1408268, - "file_type": "Text/Go", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8975, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 109800, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "440bb2c50ba55eebe34ef8a4e201a17144bd5bc2", - "timestamp": 1686149934 - }, - { - "file_size": 1408268, - "file_type": "Text/Go", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8975, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 109800, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "440bb2c50ba55eebe34ef8a4e201a17144bd5bc2", - "timestamp": 1686149934 - }, - { - "file_size": 2397377, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 91153, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1061201, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6cea94c3692b8930e8a4991d94810f01dffafd47", - "timestamp": 1686149935 - }, - { - "file_size": 2397377, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 91153, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1061201, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6cea94c3692b8930e8a4991d94810f01dffafd47", - "timestamp": 1686149935 - }, - { - "file_size": 22505546, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4456790, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3991479, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8d8af50cf52f96e217de076f925b6bc41f8d0ec5", - "timestamp": 1686149935 - }, - { - "file_size": 22505546, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4456790, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3991479, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8d8af50cf52f96e217de076f925b6bc41f8d0ec5", - "timestamp": 1686149935 - }, - { - "file_size": 42817592, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 30365472, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 40659304, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "ec0c5aca4f523a18a8da158ceaf430bbb0d2d1bb", - "timestamp": 1686149945 - }, - { - "file_size": 42817592, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 30365472, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 40659304, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "ec0c5aca4f523a18a8da158ceaf430bbb0d2d1bb", - "timestamp": 1686149945 - }, - { - "file_size": 31211008, - "file_type": "PE+/Exe/QTinstaller", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 16799441, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16899630, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8cd67cceebf916ebc1dfa0f3caac9941d2da7318", - "timestamp": 1686149953 - }, - { - "file_size": 31211008, - "file_type": "PE+/Exe/QTinstaller", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 16799441, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16899630, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8cd67cceebf916ebc1dfa0f3caac9941d2da7318", - "timestamp": 1686149953 - }, - { - "file_size": 173951, - "file_type": "Text/TypeScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 28226, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3981, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "821e2b1a498b28bc2d01e0dc6ef5c9b533e6cddc", - "timestamp": 1686149961 - }, - { - "file_size": 173951, - "file_type": "Text/TypeScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 28226, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3981, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "821e2b1a498b28bc2d01e0dc6ef5c9b533e6cddc", - "timestamp": 1686149961 - }, - { - "file_size": 1001232, - "file_type": "Text/Go", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 12927, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 112532, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "81722e46258f2181c4488ed7e4e016465a054df5", - "timestamp": 1686149962 - }, - { - "file_size": 1001232, - "file_type": "Text/Go", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 12927, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 112532, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "81722e46258f2181c4488ed7e4e016465a054df5", - "timestamp": 1686149962 - }, - { - "file_size": 1408625, - "file_type": "Text/Go", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8975, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 109800, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e497ae5b73b87142c68aa32ca6c8ddc0384a3279", - "timestamp": 1686149962 - }, - { - "file_size": 1408625, - "file_type": "Text/Go", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8975, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 109800, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e497ae5b73b87142c68aa32ca6c8ddc0384a3279", - "timestamp": 1686149962 - }, - { - "file_size": 3276768, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2070676, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2103601, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d6a75b67f5d2e46acd4429b58e972867e9cd5d3a", - "timestamp": 1686149979 - }, - { - "file_size": 3276768, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2070676, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2103601, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d6a75b67f5d2e46acd4429b58e972867e9cd5d3a", - "timestamp": 1686149979 - }, - { - "file_size": 91161, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 28849, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 50403, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "9dcc23c9b21440ad706a182c116309563cd3ffdd", - "timestamp": 1686149982 - }, - { - "file_size": 91161, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 28849, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 50403, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "9dcc23c9b21440ad706a182c116309563cd3ffdd", - "timestamp": 1686149982 - }, - { - "file_size": 10193920, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8189124, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8246307, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3d30c8a0198738772f116ae497f63a98e3860397", - "timestamp": 1686149986 - }, - { - "file_size": 10193920, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8189124, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8246307, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3d30c8a0198738772f116ae497f63a98e3860397", - "timestamp": 1686149986 - }, - { - "file_size": 10953728, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8832644, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8334233, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "688225294de1ce81a0b86856e9473a44d79cb2c7", - "timestamp": 1686149992 - }, - { - "file_size": 10953728, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8832644, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8334233, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "688225294de1ce81a0b86856e9473a44d79cb2c7", - "timestamp": 1686149992 - }, - { - "file_size": 13879776, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 9063260, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8955389, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6b2579402e748c7ca1efe1f9bb1829b935e2e7a3", - "timestamp": 1686149994 - }, - { - "file_size": 13879776, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 9063260, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8955389, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6b2579402e748c7ca1efe1f9bb1829b935e2e7a3", - "timestamp": 1686149994 - }, - { - "file_size": 24079793, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18057198, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8412693, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "1f43bab8c6957fa362fb90c9729c1916eab2bcd0", - "timestamp": 1686150002 - }, - { - "file_size": 24079793, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18057198, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8412693, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "1f43bab8c6957fa362fb90c9729c1916eab2bcd0", - "timestamp": 1686150002 - }, - { - "file_size": 6474752, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2533793, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2591846, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "4cde41ec566dfd3b8bc329e318c4f17e2b4f4829", - "timestamp": 1686150005 - }, - { - "file_size": 6474752, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2533793, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2591846, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "4cde41ec566dfd3b8bc329e318c4f17e2b4f4829", - "timestamp": 1686150005 - }, - { - "file_size": 932698, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 326870, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 54869, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "2cbeabd2324a2a2d98c144c6d884e587223e2ec6", - "timestamp": 1686150015 - }, - { - "file_size": 932698, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 326870, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 54869, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "2cbeabd2324a2a2d98c144c6d884e587223e2ec6", - "timestamp": 1686150015 - }, - { - "file_size": 72837, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 19785, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 43263, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "c7d16b5e7cf3bfff42d2247043551c4175d61d20", - "timestamp": 1686150016 - }, - { - "file_size": 72837, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 19785, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 43263, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "c7d16b5e7cf3bfff42d2247043551c4175d61d20", - "timestamp": 1686150016 - }, - { - "file_size": 36540577, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3889929, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16366923, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "a805ed283e310974d552b3b322b4f18891255757", - "timestamp": 1686150017 - }, - { - "file_size": 36540577, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3889929, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16366923, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "a805ed283e310974d552b3b322b4f18891255757", - "timestamp": 1686150017 - }, - { - "file_size": 5047332, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 13808, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3313365, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "546ddfb350387e7df8ca8266f8b2b038c7eef2d3", - "timestamp": 1686150017 - }, - { - "file_size": 5047332, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 13808, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3313365, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "546ddfb350387e7df8ca8266f8b2b038c7eef2d3", - "timestamp": 1686150017 - }, - { - "file_size": 24901120, - "file_type": "PE+/Exe/QTinstaller", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 14371897, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 14466070, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "fd39aae727a929c51b958ee707c238bfb473ad15", - "timestamp": 1686150022 - }, - { - "file_size": 24901120, - "file_type": "PE+/Exe/QTinstaller", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 14371897, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 14466070, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "fd39aae727a929c51b958ee707c238bfb473ad15", - "timestamp": 1686150022 - }, - { - "file_size": 34397761, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6212556, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12877011, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "1b67acf2821d6fef6927fc280bc43d62c10f3453", - "timestamp": 1686150023 - }, - { - "file_size": 34397761, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6212556, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12877011, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "1b67acf2821d6fef6927fc280bc43d62c10f3453", - "timestamp": 1686150023 - }, - { - "file_size": 15989124, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 12610545, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": true, - "sha1": "fbeba4bc92ad9ef8a63969244cefd0a89a82faca", - "timestamp": 1686150024 - }, - { - "file_size": 30287982, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 26848016, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 26812902, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6b0fbcfd179386a5843a327f505fc9792d0ceb73", - "timestamp": 1686150026 - }, - { - "file_size": 30287982, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 26848016, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 26812902, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6b0fbcfd179386a5843a327f505fc9792d0ceb73", - "timestamp": 1686150026 - }, - { - "file_size": 9734975, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3297128, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3361389, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8710a30f251eb354a10b9b3ded8f39dcb2511270", - "timestamp": 1686150030 - }, - { - "file_size": 9734975, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3297128, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3361389, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8710a30f251eb354a10b9b3ded8f39dcb2511270", - "timestamp": 1686150030 - }, - { - "file_size": 36550757, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3894018, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16377103, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "2d01a780e7061977aa595ed1ab064a64ca72673f", - "timestamp": 1686150034 - }, - { - "file_size": 36550757, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3894018, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16377103, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "2d01a780e7061977aa595ed1ab064a64ca72673f", - "timestamp": 1686150034 - }, - { - "file_size": 30241965, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1270683, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 19094887, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e73e925688406110576d482b6349f6b4abf6e791", - "timestamp": 1686150034 - }, - { - "file_size": 30241965, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1270683, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 19094887, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e73e925688406110576d482b6349f6b4abf6e791", - "timestamp": 1686150034 - }, - { - "file_size": 1159176, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 917880, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1076516, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "75de010f85713ee4d027ad3b425d8810b83e26c5", - "timestamp": 1686150036 - }, - { - "file_size": 1159176, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 917880, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1076516, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "75de010f85713ee4d027ad3b425d8810b83e26c5", - "timestamp": 1686150036 - }, - { - "file_size": 932902, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 216644, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 656004, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "69d5e05c0d3120adbf821c2c81745278e84af7bb", - "timestamp": 1686150036 - }, - { - "file_size": 932902, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 216644, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 656004, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "69d5e05c0d3120adbf821c2c81745278e84af7bb", - "timestamp": 1686150036 - }, - { - "file_size": 9079296, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6536009, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6512841, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d8abe35af92e46e46ba9279fe6026b44680e4c24", - "timestamp": 1686150040 - }, - { - "file_size": 9079296, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6536009, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6512841, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d8abe35af92e46e46ba9279fe6026b44680e4c24", - "timestamp": 1686150040 - }, - { - "file_size": 36641188, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3930181, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16467533, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "013bd97c6dedc7caabd9b4a867374ae3b0ac264c", - "timestamp": 1686150043 - }, - { - "file_size": 36641188, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3930181, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16467533, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "013bd97c6dedc7caabd9b4a867374ae3b0ac264c", - "timestamp": 1686150043 - }, - { - "file_size": 34865877, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 13375873, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 34219704, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3aa2b177f8a825c6b13e4599eb6958557835926a", - "timestamp": 1686150046 - }, - { - "file_size": 34865877, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 13375873, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 34219704, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3aa2b177f8a825c6b13e4599eb6958557835926a", - "timestamp": 1686150046 - }, - { - "file_size": 57024799, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 11320886, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48226201, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "af0677e0ad5168e7ea50bfbfa9d4cc6fb617882b", - "timestamp": 1686150048 - }, - { - "file_size": 57024799, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 11320886, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48226201, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "af0677e0ad5168e7ea50bfbfa9d4cc6fb617882b", - "timestamp": 1686150048 - }, - { - "file_size": 348160, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 37848, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": true, - "sha1": "68000a66e0df17b4742280453a78dbd56240d1ee", - "timestamp": 1686150052 - }, - { - "file_size": 2395811, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 90869, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1060182, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "5db008d6516d29b3c8dfdf79ef9cf9a9c84afdd7", - "timestamp": 1686150054 - }, - { - "file_size": 2395811, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 90869, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1060182, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "5db008d6516d29b3c8dfdf79ef9cf9a9c84afdd7", - "timestamp": 1686150054 - }, - { - "file_size": 36590144, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3909772, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16416489, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "4cdaa1a635a89f003730568320dd1843b0b4eb9b", - "timestamp": 1686150060 - }, - { - "file_size": 36590144, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3909772, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16416489, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "4cdaa1a635a89f003730568320dd1843b0b4eb9b", - "timestamp": 1686150060 - }, - { - "file_size": 36515211, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3879798, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16341556, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3354aa087f5e69e2514eb45f86481e3b48dd8c71", - "timestamp": 1686150061 - }, - { - "file_size": 36515211, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3879798, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16341556, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3354aa087f5e69e2514eb45f86481e3b48dd8c71", - "timestamp": 1686150061 - }, - { - "file_size": 33694294, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 23513731, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 24426219, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "b530c39a703be42f39ea9b0871269121fde6889f", - "timestamp": 1686150062 - }, - { - "file_size": 33694294, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 23513731, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 24426219, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "b530c39a703be42f39ea9b0871269121fde6889f", - "timestamp": 1686150062 - }, - { - "file_size": 36537740, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3888816, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16364086, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "33fb0fe07bf41fecddca87af88764a6133dadd47", - "timestamp": 1686150065 - }, - { - "file_size": 36537740, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3888816, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16364086, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "33fb0fe07bf41fecddca87af88764a6133dadd47", - "timestamp": 1686150065 - }, - { - "file_size": 36770403, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3981874, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16596748, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "fff92cc57a76f6fd2fb1a9f83323935488263d20", - "timestamp": 1686150067 - }, - { - "file_size": 36770403, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3981874, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16596748, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "fff92cc57a76f6fd2fb1a9f83323935488263d20", - "timestamp": 1686150067 - }, - { - "file_size": 58043690, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 11416838, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11383531, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "b34ec7ccb44bd40e2283f90f51fc7cf5b7c116dc", - "timestamp": 1686150088 - }, - { - "file_size": 58043690, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 11416838, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11383531, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "b34ec7ccb44bd40e2283f90f51fc7cf5b7c116dc", - "timestamp": 1686150088 - }, - { - "file_size": 43296371, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2845294, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 36059397, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "82b57851ed6f20a92ee947f7475ba2f1483fbe40", - "timestamp": 1686150095 - }, - { - "file_size": 43296371, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2845294, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 36059397, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "82b57851ed6f20a92ee947f7475ba2f1483fbe40", - "timestamp": 1686150095 - }, - { - "file_size": 928842, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 50772, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 106169, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "a7e388dc1018be1fe314c4f8cbf03b1afef1f2ce", - "timestamp": 1686150097 - }, - { - "file_size": 928842, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 50772, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 106169, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "a7e388dc1018be1fe314c4f8cbf03b1afef1f2ce", - "timestamp": 1686150097 - }, - { - "file_size": 932389, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 331131, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 50692, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3857f93365c892ca7633a9c53730d6bc1d831a0f", - "timestamp": 1686150102 - }, - { - "file_size": 932389, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 331131, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 50692, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3857f93365c892ca7633a9c53730d6bc1d831a0f", - "timestamp": 1686150102 - }, - { - "file_size": 928275, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 323826, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 51157, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "5c92ee4a922e8257741a8147f427470ec1fb2cc7", - "timestamp": 1686150102 - }, - { - "file_size": 928275, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 323826, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 51157, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "5c92ee4a922e8257741a8147f427470ec1fb2cc7", - "timestamp": 1686150102 - }, - { - "file_size": 932276, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 124645, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 684889, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "65dd53f03df7c7fc23c681906bc82faef89b6229", - "timestamp": 1686150102 - }, - { - "file_size": 932276, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 124645, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 684889, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "65dd53f03df7c7fc23c681906bc82faef89b6229", - "timestamp": 1686150102 - }, - { - "file_size": 36531162, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3886168, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16357507, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "4a50c617873f2fe6d95c80c122ed16c47a1418e1", - "timestamp": 1686150102 - }, - { - "file_size": 36531162, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3886168, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16357507, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "4a50c617873f2fe6d95c80c122ed16c47a1418e1", - "timestamp": 1686150102 - }, - { - "file_size": 931071, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 52176, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 610004, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "5f98263a56a793c9a5b1eb4137b241b3f2b3a92f", - "timestamp": 1686150103 - }, - { - "file_size": 931071, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 52176, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 610004, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "5f98263a56a793c9a5b1eb4137b241b3f2b3a92f", - "timestamp": 1686150103 - }, - { - "file_size": 7549400, - "file_type": "ELF32 Little/SO", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 313894, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 370505, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "33c1abb22a7c450ec7a56d86ed55f2309033a1ad", - "timestamp": 1686150103 - }, - { - "file_size": 7549400, - "file_type": "ELF32 Little/SO", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 313894, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 370505, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "33c1abb22a7c450ec7a56d86ed55f2309033a1ad", - "timestamp": 1686150103 - }, - { - "file_size": 1331824, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 913341, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 824258, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "0a67ebac16528d81e4d4a57c24f5ec98bffe78ba", - "timestamp": 1686150104 - }, - { - "file_size": 1331824, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 913341, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 824258, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "0a67ebac16528d81e4d4a57c24f5ec98bffe78ba", - "timestamp": 1686150104 - }, - { - "file_size": 968667, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 134578, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 495188, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "388a688ff5360dc566ae1e02c5744423b1474a8c", - "timestamp": 1686150104 - }, - { - "file_size": 968667, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 134578, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 495188, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "388a688ff5360dc566ae1e02c5744423b1474a8c", - "timestamp": 1686150104 - }, - { - "file_size": 931717, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 423260, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 51749, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3ea76a30076f6773a77a0d38cb4329bb87ccdca6", - "timestamp": 1686150105 - }, - { - "file_size": 931717, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 423260, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 51749, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3ea76a30076f6773a77a0d38cb4329bb87ccdca6", - "timestamp": 1686150105 - }, - { - "file_size": 8185728, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6588985, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7149558, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "f9042e40b9e538738ff824c1ab905857b9cdc83d", - "timestamp": 1686150106 - }, - { - "file_size": 8185728, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6588985, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7149558, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "f9042e40b9e538738ff824c1ab905857b9cdc83d", - "timestamp": 1686150106 - }, - { - "file_size": 930985, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 322357, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 50952, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6beac76e3513c3e844b4a273ee08a7489a850526", - "timestamp": 1686150106 - }, - { - "file_size": 930985, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 322357, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 50952, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6beac76e3513c3e844b4a273ee08a7489a850526", - "timestamp": 1686150106 - }, - { - "file_size": 926603, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 47177, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 694431, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "c8cef867ea206871eb64383f00f2fabaadb7c276", - "timestamp": 1686150109 - }, - { - "file_size": 926603, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 47177, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 694431, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "c8cef867ea206871eb64383f00f2fabaadb7c276", - "timestamp": 1686150109 - }, - { - "file_size": 935797, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 138034, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 342929, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "73dafc4fdeb216048d15665f036646f99af73913", - "timestamp": 1686150109 - }, - { - "file_size": 935797, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 138034, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 342929, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "73dafc4fdeb216048d15665f036646f99af73913", - "timestamp": 1686150109 - }, - { - "file_size": 931560, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 51372, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 609695, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "0123930e0a777ee12c0a73cf035b5bd7f779ec85", - "timestamp": 1686150109 - }, - { - "file_size": 931560, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 51372, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 609695, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "0123930e0a777ee12c0a73cf035b5bd7f779ec85", - "timestamp": 1686150109 - }, - { - "file_size": 935998, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 338376, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 59214, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "5cd8dce7e4c4387ac7b5705dbdae6bb065a26bb4", - "timestamp": 1686150110 - }, - { - "file_size": 935998, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 338376, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 59214, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "5cd8dce7e4c4387ac7b5705dbdae6bb065a26bb4", - "timestamp": 1686150110 - }, - { - "file_size": 933412, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 43451, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 185008, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "101516f0f938f540ac87d4f88875c39c267ea29e", - "timestamp": 1686150112 - }, - { - "file_size": 933412, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 43451, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 185008, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "101516f0f938f540ac87d4f88875c39c267ea29e", - "timestamp": 1686150112 - }, - { - "file_size": 6701832, - "file_type": "PE+/.Net Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1775780, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2815992, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d194592f1c5946d2d49bc657e9924290ce2e2d2e", - "timestamp": 1686150114 - }, - { - "file_size": 6701832, - "file_type": "PE+/.Net Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1775780, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2815992, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d194592f1c5946d2d49bc657e9924290ce2e2d2e", - "timestamp": 1686150114 - }, - { - "file_size": 3276768, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2070676, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2103601, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "afa59c4de068f13d617a8090c55f7d0b645d9782", - "timestamp": 1686150114 - }, - { - "file_size": 3276768, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2070676, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2103601, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "afa59c4de068f13d617a8090c55f7d0b645d9782", - "timestamp": 1686150114 - }, - { - "file_size": 173795, - "file_type": "Text/TypeScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 28070, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3981, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "bd0f7e58c1600c5a717fcf060c6c260d9d865d22", - "timestamp": 1686150115 - }, - { - "file_size": 173795, - "file_type": "Text/TypeScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 28070, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3981, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "bd0f7e58c1600c5a717fcf060c6c260d9d865d22", - "timestamp": 1686150115 - }, - { - "file_size": 931770, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 118609, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 175602, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d85fbe69e08f57750f22ef20ad20e3bb08fb53df", - "timestamp": 1686150115 - }, - { - "file_size": 931770, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 118609, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 175602, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d85fbe69e08f57750f22ef20ad20e3bb08fb53df", - "timestamp": 1686150115 - }, - { - "file_size": 929834, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 55696, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 651831, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "b4c897b4aaa258b27ee0ff7edf553735481f565d", - "timestamp": 1686150116 - }, - { - "file_size": 929834, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 55696, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 651831, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "b4c897b4aaa258b27ee0ff7edf553735481f565d", - "timestamp": 1686150116 - }, - { - "file_size": 23668351, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 774742, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 23214826, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "4af3d5aee88996ec6952ea9e598b434ee4dc0c28", - "timestamp": 1686150119 - }, - { - "file_size": 23668351, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 774742, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 23214826, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "4af3d5aee88996ec6952ea9e598b434ee4dc0c28", - "timestamp": 1686150119 - }, - { - "file_size": 9095348, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2065896, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1838594, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "c8e8441cdad2974770adb2fd9091f4f590188968", - "timestamp": 1686150123 - }, - { - "file_size": 9095348, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2065896, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1838594, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "c8e8441cdad2974770adb2fd9091f4f590188968", - "timestamp": 1686150123 - }, - { - "file_size": 930687, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 118136, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 180327, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "961e3cd96bfa7943f71109d0c235fd8b38376f60", - "timestamp": 1686150124 - }, - { - "file_size": 930687, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 118136, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 180327, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "961e3cd96bfa7943f71109d0c235fd8b38376f60", - "timestamp": 1686150124 - }, - { - "file_size": 931377, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 401046, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 129705, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "0bb2964f5efb578d0ecc0cf06417d686dde59f77", - "timestamp": 1686150125 - }, - { - "file_size": 931377, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 401046, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 129705, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "0bb2964f5efb578d0ecc0cf06417d686dde59f77", - "timestamp": 1686150125 - }, - { - "file_size": 927231, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 57153, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 688672, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "96625e5eb83bfd90167a64c8e3cc7e7be5b63fe0", - "timestamp": 1686150125 - }, - { - "file_size": 927231, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 57153, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 688672, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "96625e5eb83bfd90167a64c8e3cc7e7be5b63fe0", - "timestamp": 1686150125 - }, - { - "file_size": 3331072, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2187152, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2194102, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "089a0358b27ea0c5d92c823b63add32457501a5e", - "timestamp": 1686150126 - }, - { - "file_size": 3331072, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2187152, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2194102, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "089a0358b27ea0c5d92c823b63add32457501a5e", - "timestamp": 1686150126 - }, - { - "file_size": 8126464, - "file_type": "ELF64 Little/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3474544, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3515704, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "20a165c1eb816ff4ad7d55d49e70a41c1198ead8", - "timestamp": 1686150128 - }, - { - "file_size": 8126464, - "file_type": "ELF64 Little/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3474544, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3515704, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "20a165c1eb816ff4ad7d55d49e70a41c1198ead8", - "timestamp": 1686150128 - }, - { - "file_size": 36633572, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3927134, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16459918, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "583d27662efc73f5f42eb81609770e692e9a65ed", - "timestamp": 1686150129 - }, - { - "file_size": 36633572, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3927134, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16459918, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "583d27662efc73f5f42eb81609770e692e9a65ed", - "timestamp": 1686150129 - }, - { - "file_size": 34389577, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6210700, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12869171, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "ff4a7e7fd300f7b38d41ecfb0ac74a33a1beebce", - "timestamp": 1686150135 - }, - { - "file_size": 34389577, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6210700, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12869171, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "ff4a7e7fd300f7b38d41ecfb0ac74a33a1beebce", - "timestamp": 1686150135 - }, - { - "file_size": 935988, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 331334, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 52342, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "2129c563cfbfbab0111c73f31184e0bf4b1bc3a6", - "timestamp": 1686150139 - }, - { - "file_size": 935988, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 331334, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 52342, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "2129c563cfbfbab0111c73f31184e0bf4b1bc3a6", - "timestamp": 1686150139 - }, - { - "file_size": 930473, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 338428, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 59098, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "787d91817a5dd4cf63d0454eb240052aa9687619", - "timestamp": 1686150140 - }, - { - "file_size": 930473, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 338428, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 59098, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "787d91817a5dd4cf63d0454eb240052aa9687619", - "timestamp": 1686150140 - }, - { - "file_size": 12013103, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 9115816, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": true, - "sha1": "6a335f4e638e564f836057fe6e0e2af05ec33da8", - "timestamp": 1686150140 - }, - { - "file_size": 6699288, - "file_type": "PE+/.Net Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1775780, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2815385, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "4cf4ab87e37b01ecdbb8ed0c8796a4fae7edb3ed", - "timestamp": 1686150143 - }, - { - "file_size": 6699288, - "file_type": "PE+/.Net Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1775780, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2815385, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "4cf4ab87e37b01ecdbb8ed0c8796a4fae7edb3ed", - "timestamp": 1686150143 - }, - { - "file_size": 929276, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 47016, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 403386, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "9454c50693d7b390806ced4ef36b9b857b8629fa", - "timestamp": 1686150149 - }, - { - "file_size": 929276, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 47016, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 403386, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "9454c50693d7b390806ced4ef36b9b857b8629fa", - "timestamp": 1686150149 - }, - { - "file_size": 930806, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 46563, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 184147, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "274b00db13eebcd6082de509d400fe5251a98f03", - "timestamp": 1686150149 - }, - { - "file_size": 930806, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 46563, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 184147, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "274b00db13eebcd6082de509d400fe5251a98f03", - "timestamp": 1686150149 - }, - { - "file_size": 61184217, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 45211537, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 58260786, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d9db0d9b40773587e3f3504ee62dd13f356e2042", - "timestamp": 1686150152 - }, - { - "file_size": 61184217, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 45211537, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 58260786, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d9db0d9b40773587e3f3504ee62dd13f356e2042", - "timestamp": 1686150152 - }, - { - "file_size": 73081759, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 12895085, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 30003463, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "824ad09d431328843657589c773b0b69b87fe04e", - "timestamp": 1686150157 - }, - { - "file_size": 73081759, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 12895085, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 30003463, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "824ad09d431328843657589c773b0b69b87fe04e", - "timestamp": 1686150157 - }, - { - "file_size": 10032511, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1605113, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7068039, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "5ba002fd1aa0d945d508de71864be5fbee45f4fb", - "timestamp": 1686150162 - }, - { - "file_size": 10032511, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1605113, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7068039, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "5ba002fd1aa0d945d508de71864be5fbee45f4fb", - "timestamp": 1686150162 - }, - { - "file_size": 931686, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 48187, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 409598, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e5842bab24fad9c4287acfed037aab491c47df01", - "timestamp": 1686150163 - }, - { - "file_size": 931686, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 48187, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 409598, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e5842bab24fad9c4287acfed037aab491c47df01", - "timestamp": 1686150163 - }, - { - "file_size": 26278447, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 23857885, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 23869615, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "290617954cdec1062ac608739fe91ff59390d697", - "timestamp": 1686150167 - }, - { - "file_size": 26278447, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 23857885, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 23869615, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "290617954cdec1062ac608739fe91ff59390d697", - "timestamp": 1686150167 - }, - { - "file_size": 34389577, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6210892, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12869363, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6da793ceb98fba2eca7bf612512c1f19acd4169a", - "timestamp": 1686150172 - }, - { - "file_size": 34389577, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6210892, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12869363, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "6da793ceb98fba2eca7bf612512c1f19acd4169a", - "timestamp": 1686150172 - }, - { - "file_size": 8946132, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3674270, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3441202, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "90edd03ca6404f5463883a9636f3c0f9898e07bd", - "timestamp": 1686150179 - }, - { - "file_size": 8946132, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3674270, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3441202, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "90edd03ca6404f5463883a9636f3c0f9898e07bd", - "timestamp": 1686150179 - }, - { - "file_size": 9193604, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1891954, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3260593, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "7e0f6d644b62d3b5796e50c1d385d4a0c9c6e990", - "timestamp": 1686150180 - }, - { - "file_size": 9193604, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1891954, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3260593, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "7e0f6d644b62d3b5796e50c1d385d4a0c9c6e990", - "timestamp": 1686150180 - }, - { - "file_size": 12764160, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8980721, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12260413, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "7b6aa3b5779ec0d82fee559fc4d63ad480d51081", - "timestamp": 1686150184 - }, - { - "file_size": 12764160, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8980721, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12260413, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "7b6aa3b5779ec0d82fee559fc4d63ad480d51081", - "timestamp": 1686150184 - }, - { - "file_size": 3310440, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1999564, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 785846, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "1f432e629ddc3a46933533ecbb34fea9957e75fb", - "timestamp": 1686150210 - }, - { - "file_size": 3310440, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1999564, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 785846, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "1f432e629ddc3a46933533ecbb34fea9957e75fb", - "timestamp": 1686150210 - }, - { - "file_size": 9573220, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6332741, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7759019, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e65b15c85ad58e8c03d631bc18c60cb8158f284e", - "timestamp": 1686150242 - }, - { - "file_size": 9573220, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6332741, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7759019, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e65b15c85ad58e8c03d631bc18c60cb8158f284e", - "timestamp": 1686150242 - }, - { - "file_size": 930740, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 47540, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 610524, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "b873436ccab36552c99f8fe7061bdbe272d3ce8f", - "timestamp": 1686150266 - }, - { - "file_size": 930740, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 47540, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 610524, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "b873436ccab36552c99f8fe7061bdbe272d3ce8f", - "timestamp": 1686150266 - }, - { - "file_size": 348160, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 37848, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": true, - "sha1": "d69278c938ecff91cb1de3e41eb4ad2ada3d7fd7", - "timestamp": 1686150275 - }, - { - "file_size": 348160, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 37848, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": true, - "sha1": "9e0b73ab7dd3c5393d59f189f72d86969fe810e6", - "timestamp": 1686150278 - }, - { - "file_size": 96404, - "file_type": "Text/TypeScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 34942, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 23974, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "40ae8ce4fd7be204b022a24d145bc76724f29a25", - "timestamp": 1686150284 - }, - { - "file_size": 96404, - "file_type": "Text/TypeScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 34942, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 23974, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "40ae8ce4fd7be204b022a24d145bc76724f29a25", - "timestamp": 1686150284 - }, - { - "file_size": 491771, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 31265, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 449442, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "311b155865c0b0031906cc3cb642c1451c728b49", - "timestamp": 1686150285 - }, - { - "file_size": 491771, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 31265, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 449442, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "311b155865c0b0031906cc3cb642c1451c728b49", - "timestamp": 1686150285 - }, - { - "file_size": 15222705, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3256698, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 10462094, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8077d9e9178106ee04bb064f0c4836609b2651a3", - "timestamp": 1686150286 - }, - { - "file_size": 15222705, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3256698, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 10462094, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8077d9e9178106ee04bb064f0c4836609b2651a3", - "timestamp": 1686150286 - }, - { - "file_size": 30296948, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 26842835, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 26807721, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "083b1295e2caf60b6a41f01b6f87667b98430091", - "timestamp": 1686150290 - }, - { - "file_size": 30296948, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 26842835, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 26807721, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "083b1295e2caf60b6a41f01b6f87667b98430091", - "timestamp": 1686150290 - }, - { - "file_size": 6537308, - "file_type": "PE/Exe/Py2ExeInstaller", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5693089, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2822995, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "49e0274cb0a8a40a09bcad3a1713a800e5fb6fd1", - "timestamp": 1686150294 - }, - { - "file_size": 6537308, - "file_type": "PE/Exe/Py2ExeInstaller", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5693089, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2822995, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "49e0274cb0a8a40a09bcad3a1713a800e5fb6fd1", - "timestamp": 1686150294 - }, - { - "file_size": 7247380, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4008699, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4004292, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "dc5923d8b5caae31db125694e113c3838d645180", - "timestamp": 1686150295 - }, - { - "file_size": 7247380, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4008699, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4004292, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "dc5923d8b5caae31db125694e113c3838d645180", - "timestamp": 1686150295 - }, - { - "file_size": 4502016, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3630751, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3591330, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "0577c58640804c401b437230cced87df2345e29c", - "timestamp": 1686150298 - }, - { - "file_size": 4502016, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3630751, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3591330, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "0577c58640804c401b437230cced87df2345e29c", - "timestamp": 1686150298 - }, - { - "file_size": 12545978, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 10606314, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2930691, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "a74dd66fb887d1af674a86bf6a29b7689e13bcfe", - "timestamp": 1686150302 - }, - { - "file_size": 12545978, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 10606314, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2930691, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "a74dd66fb887d1af674a86bf6a29b7689e13bcfe", - "timestamp": 1686150302 - }, - { - "file_size": 21330944, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 15508458, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 14984430, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d7d92eeac776fff79b8bb27ae022acb7b2a72d46", - "timestamp": 1686150317 - }, - { - "file_size": 21330944, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 15508458, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 14984430, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d7d92eeac776fff79b8bb27ae022acb7b2a72d46", - "timestamp": 1686150317 - }, - { - "file_size": 931771, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 414713, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 57019, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8cb8155899b4297fa0a00e46789aadf71b9ebae0", - "timestamp": 1686150327 - }, - { - "file_size": 931771, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 414713, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 57019, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8cb8155899b4297fa0a00e46789aadf71b9ebae0", - "timestamp": 1686150327 - }, - { - "file_size": 468938, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 20060, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 207216, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "7f8905edbfd2e186ed2a4752c8be165a486871c0", - "timestamp": 1686150330 - }, - { - "file_size": 468938, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 20060, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 207216, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "7f8905edbfd2e186ed2a4752c8be165a486871c0", - "timestamp": 1686150330 - }, - { - "file_size": 3557888, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 509291, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 495464, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e07c7eeeec72a3a3d03de92f0c14ad55ad44ba28", - "timestamp": 1686150332 - }, - { - "file_size": 3557888, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 509291, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 495464, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e07c7eeeec72a3a3d03de92f0c14ad55ad44ba28", - "timestamp": 1686150332 - }, - { - "file_size": 7852544, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6486978, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6455842, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "4a080485c96493bd3debfad49a284a34760e9b70", - "timestamp": 1686150343 - }, - { - "file_size": 7852544, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6486978, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6455842, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "4a080485c96493bd3debfad49a284a34760e9b70", - "timestamp": 1686150343 - }, - { - "file_size": 15735, - "file_type": "Text/TypeScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 11559, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9762, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "aa7abe3707df21fd8e0aab4609e413c9e9395efe", - "timestamp": 1686150351 - }, - { - "file_size": 15735, - "file_type": "Text/TypeScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 11559, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9762, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "aa7abe3707df21fd8e0aab4609e413c9e9395efe", - "timestamp": 1686150351 - }, - { - "file_size": 931613, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 123803, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 294152, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "4243abf48ba4ec77ba7314dc5617ad5d3b3fd1f4", - "timestamp": 1686150352 - }, - { - "file_size": 931613, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 123803, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 294152, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "4243abf48ba4ec77ba7314dc5617ad5d3b3fd1f4", - "timestamp": 1686150352 - }, - { - "file_size": 948192, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 612819, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 588226, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "a6d3081cbeb195d1edfc1099435bf0f9afaf711a", - "timestamp": 1686150354 - }, - { - "file_size": 948192, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 612819, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 588226, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "a6d3081cbeb195d1edfc1099435bf0f9afaf711a", - "timestamp": 1686150354 - }, - { - "file_size": 5127484, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 13808, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3313365, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "ab46a7097d5e33fcc3eefcb097cf651d4b79327e", - "timestamp": 1686150356 - }, - { - "file_size": 5127484, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 13808, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3313365, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "ab46a7097d5e33fcc3eefcb097cf651d4b79327e", - "timestamp": 1686150356 - }, - { - "file_size": 25453056, - "file_type": "PE+/Exe/QTinstaller", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 15179465, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 15285982, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "ade4a102d363465fc686f2205ccc541641212b76", - "timestamp": 1686150357 - }, - { - "file_size": 25453056, - "file_type": "PE+/Exe/QTinstaller", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 15179465, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 15285982, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "ade4a102d363465fc686f2205ccc541641212b76", - "timestamp": 1686150357 - }, - { - "file_size": 43717981, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 22952660, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 21572538, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "730b962ad50fa2261e7cc4cda3cd478e29433cb6", - "timestamp": 1686150363 - }, - { - "file_size": 43717981, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 22952660, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 21572538, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "730b962ad50fa2261e7cc4cda3cd478e29433cb6", - "timestamp": 1686150363 - }, - { - "file_size": 10340152, - "file_type": "PE/.Net Exe", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 615180, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": true, - "sha1": "2715497b02f441d8f7fd55bcbc73e2dc912c284f", - "timestamp": 1686150364 - }, - { - "file_size": 25406657, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5367098, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5417667, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "cec13f5281df131634a68b0f404360f783f557ec", - "timestamp": 1686150371 - }, - { - "file_size": 25406657, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5367098, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5417667, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "cec13f5281df131634a68b0f404360f783f557ec", - "timestamp": 1686150371 - }, - { - "file_size": 931361, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 46225, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 192292, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "5c4e9cc203c98e89a989478efaca334e8779af81", - "timestamp": 1686150371 - }, - { - "file_size": 931361, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 46225, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 192292, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "5c4e9cc203c98e89a989478efaca334e8779af81", - "timestamp": 1686150371 - }, - { - "file_size": 23095627, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 369170, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 21391369, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "06f8373056da04c985cd04b94e51ec666612d2cd", - "timestamp": 1686150371 - }, - { - "file_size": 23095627, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 369170, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 21391369, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "06f8373056da04c985cd04b94e51ec666612d2cd", - "timestamp": 1686150371 - }, - { - "file_size": 348160, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 37848, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": true, - "sha1": "147ae394a900a5d3d735e77dfd86ce49a0991862", - "timestamp": 1686150374 - }, - { - "file_size": 20372117, - "file_type": "PE/Exe/NSIS", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 7242654, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": true, - "sha1": "4f66b0d78adce76fe167fea619b1130503438559", - "timestamp": 1686150375 - }, - { - "file_size": 20280576, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8292185, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8209778, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8db22983306a388d96017ffdb3ab1e00d7ebb43c", - "timestamp": 1686150377 - }, - { - "file_size": 20280576, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8292185, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8209778, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8db22983306a388d96017ffdb3ab1e00d7ebb43c", - "timestamp": 1686150377 - }, - { - "file_size": 10182656, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3152562, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3805148, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "59f6e8d7adc5364174e1ae0f192ad10d2f9d0117", - "timestamp": 1686150379 - }, - { - "file_size": 10182656, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3152562, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3805148, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "59f6e8d7adc5364174e1ae0f192ad10d2f9d0117", - "timestamp": 1686150379 - }, - { - "file_size": 930152, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 412452, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 62429, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "112c3ef4d7d4fee90f4367199ad90568e963cf66", - "timestamp": 1686150382 - }, - { - "file_size": 930152, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 412452, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 62429, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "112c3ef4d7d4fee90f4367199ad90568e963cf66", - "timestamp": 1686150382 - }, - { - "file_size": 8814592, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4011313, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4713025, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "775b98352e38f238b29f95040424f6c1ac503e8f", - "timestamp": 1686150386 - }, - { - "file_size": 8814592, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4011313, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4713025, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "775b98352e38f238b29f95040424f6c1ac503e8f", - "timestamp": 1686150386 - }, - { - "file_size": 3282432, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 1698382, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": true, - "sha1": "89c5c42946f23ab8da17d62395ec0801fc1ff93f", - "timestamp": 1686150394 - }, - { - "file_size": 6444832, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4974746, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5726860, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "dd3646cd6dab41f30705c102b56e633b952bb475", - "timestamp": 1686150397 - }, - { - "file_size": 6444832, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4974746, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5726860, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "dd3646cd6dab41f30705c102b56e633b952bb475", - "timestamp": 1686150397 - }, - { - "file_size": 6474752, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2533783, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2591836, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "696ff8fef64c56e79ea3da6812c7a2edafdc029d", - "timestamp": 1686150401 - }, - { - "file_size": 6474752, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2533783, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2591836, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "696ff8fef64c56e79ea3da6812c7a2edafdc029d", - "timestamp": 1686150401 - }, - { - "file_size": 86433, - "file_type": "Binary/None", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 28868, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 50260, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "7195310aa4920e2cb39ddc26b248143499d3b126", - "timestamp": 1686150413 - }, - { - "file_size": 86433, - "file_type": "Binary/None", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 28868, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 50260, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "7195310aa4920e2cb39ddc26b248143499d3b126", - "timestamp": 1686150413 - }, - { - "file_size": 3267040, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2062484, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2095349, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8f0fc38ce9fde7cde4506f45eaf55a7bd54e1d16", - "timestamp": 1686150421 - }, - { - "file_size": 3267040, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2062484, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2095349, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8f0fc38ce9fde7cde4506f45eaf55a7bd54e1d16", - "timestamp": 1686150421 - }, - { - "file_size": 47601, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 25695, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 33096, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3175ad779cc055b571f0fd1acbd8cc9bfe520280", - "timestamp": 1686150431 - }, - { - "file_size": 47601, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 25695, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 33096, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "3175ad779cc055b571f0fd1acbd8cc9bfe520280", - "timestamp": 1686150431 - }, - { - "file_size": 154756, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 111362, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 68396, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "220680831449b8f6588a9cce44741fab554a7ba7", - "timestamp": 1686150441 - }, - { - "file_size": 154756, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 111362, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 68396, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "220680831449b8f6588a9cce44741fab554a7ba7", - "timestamp": 1686150441 - }, - { - "file_size": 151462, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 108062, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 65135, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "1878b427f101a316442c57209fa17cbe6a1ca0fe", - "timestamp": 1686150448 - }, - { - "file_size": 151462, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 108062, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 65135, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "1878b427f101a316442c57209fa17cbe6a1ca0fe", - "timestamp": 1686150448 - }, - { - "file_size": 89327, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7042, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "a9627215cb7c1b43c9f5f594a82a2c1559857d7b", - "timestamp": 1686150449 - }, - { - "file_size": 89327, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7042, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "a9627215cb7c1b43c9f5f594a82a2c1559857d7b", - "timestamp": 1686150449 - }, - { - "file_size": 89327, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7042, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "2d0ed62c390430662fc33d8f57b4eb121139ca54", - "timestamp": 1686150449 - }, - { - "file_size": 89327, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 18110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7042, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "2d0ed62c390430662fc33d8f57b4eb121139ca54", - "timestamp": 1686150449 - }, - { - "file_size": 159341, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 115940, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 73406, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "a554594c774d4b5d41f7a5234e2905e14b034987", - "timestamp": 1686150450 - }, - { - "file_size": 159341, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 115940, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 73406, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "a554594c774d4b5d41f7a5234e2905e14b034987", - "timestamp": 1686150450 - }, - { - "file_size": 126381, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 70625, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 53368, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "505c406d7ea1a2f47312b0966be841028ae919e7", - "timestamp": 1686150450 - }, - { - "file_size": 126381, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 70625, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 53368, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "505c406d7ea1a2f47312b0966be841028ae919e7", - "timestamp": 1686150450 - }, - { - "file_size": 14417, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 11214, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12222, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "60281e56f446d4a3656a25658ffcbd74f12c5bf4", - "timestamp": 1686150454 - }, - { - "file_size": 14417, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 11214, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12222, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "60281e56f446d4a3656a25658ffcbd74f12c5bf4", - "timestamp": 1686150454 - }, - { - "file_size": 154369, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 110973, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 68402, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "c099dd547b58e74ed8d9c2c6d579ab8e41269500", - "timestamp": 1686150455 - }, - { - "file_size": 154369, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 110973, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 68402, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "c099dd547b58e74ed8d9c2c6d579ab8e41269500", - "timestamp": 1686150455 - }, - { - "file_size": 155384, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 111984, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 68667, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e24497a1dd5d1e5e41bafc6c5aeb7a7c680f98a4", - "timestamp": 1686150457 - }, - { - "file_size": 155384, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 111984, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 68667, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e24497a1dd5d1e5e41bafc6c5aeb7a7c680f98a4", - "timestamp": 1686150457 - }, - { - "file_size": 154219, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 110825, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 68400, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "995fd53ad16804fccf466264417695e6b0ab6e20", - "timestamp": 1686150463 - }, - { - "file_size": 154219, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 110825, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 68400, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "995fd53ad16804fccf466264417695e6b0ab6e20", - "timestamp": 1686150463 - }, - { - "file_size": 381079, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 176266, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 345615, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "593b0f2c47aa6bd73428f10ea0360725faf06c42", - "timestamp": 1686150465 - }, - { - "file_size": 381079, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 176266, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 345615, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "593b0f2c47aa6bd73428f10ea0360725faf06c42", - "timestamp": 1686150465 - }, - { - "file_size": 163098, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 92473, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 152394, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "942e2fb470bd4008055a8bce6749e9bbccb75ea1", - "timestamp": 1686150468 - }, - { - "file_size": 163098, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 92473, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 152394, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "942e2fb470bd4008055a8bce6749e9bbccb75ea1", - "timestamp": 1686150468 - }, - { - "file_size": 13861856, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 9049728, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8942045, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "59dafd4d926ab9a9c34899540af51135fe4bd8da", - "timestamp": 1686150470 - }, - { - "file_size": 13861856, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 9049728, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8942045, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "59dafd4d926ab9a9c34899540af51135fe4bd8da", - "timestamp": 1686150470 - }, - { - "file_size": 164398, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3527, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 58716, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d968e98107f741326dca87d26537cc180932e35f", - "timestamp": 1686150471 - }, - { - "file_size": 164398, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3527, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 58716, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d968e98107f741326dca87d26537cc180932e35f", - "timestamp": 1686150471 - }, - { - "file_size": 1747296, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1673385, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1497969, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "99917368bb78857bf2f837dce851312a70b9ada7", - "timestamp": 1686150471 - }, - { - "file_size": 1747296, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1673385, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1497969, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "99917368bb78857bf2f837dce851312a70b9ada7", - "timestamp": 1686150471 - }, - { - "file_size": 11576577, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 10342763, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 10354427, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "dff8243d0b4a32e46a8ac8021d97b0aad21830a4", - "timestamp": 1686150472 - }, - { - "file_size": 11576577, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 10342763, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 10354427, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "dff8243d0b4a32e46a8ac8021d97b0aad21830a4", - "timestamp": 1686150472 - }, - { - "file_size": 154378, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 110980, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 68404, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "ea9236fdef65fc30c10218b2140d0942adc1f22b", - "timestamp": 1686150472 - }, - { - "file_size": 154378, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 110980, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 68404, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "ea9236fdef65fc30c10218b2140d0942adc1f22b", - "timestamp": 1686150472 - }, - { - "file_size": 39268559, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 64836, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 605486, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "54edf295efcf05160d27fb6834a3caf9f2209ba7", - "timestamp": 1686150475 - }, - { - "file_size": 39268559, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 64836, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 605486, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "54edf295efcf05160d27fb6834a3caf9f2209ba7", - "timestamp": 1686150475 - }, - { - "file_size": 444715, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 15462, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 193293, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "55fc77d16e940a3be013328da7d777f419def447", - "timestamp": 1686150476 - }, - { - "file_size": 444715, - "file_type": "Text/JavaScript", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 15462, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 193293, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "55fc77d16e940a3be013328da7d777f419def447", - "timestamp": 1686150476 - }, - { - "file_size": 146027, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 102626, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 60254, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "969c08328198fbb0749411234c6a00b0ce5a003d", - "timestamp": 1686150478 - }, - { - "file_size": 146027, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 102626, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 60254, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "969c08328198fbb0749411234c6a00b0ce5a003d", - "timestamp": 1686150478 - }, - { - "file_size": 154393, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 110997, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 68402, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "df4b0f26e87a56dd0ee628f3f4e3e4df7ea3adb0", - "timestamp": 1686150478 - }, - { - "file_size": 154393, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 110997, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 68402, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "df4b0f26e87a56dd0ee628f3f4e3e4df7ea3adb0", - "timestamp": 1686150478 - }, - { - "file_size": 407815, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 133036, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 80620, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e35210e1fd190655438816adbb94a276948585d1", - "timestamp": 1686150478 - }, - { - "file_size": 407815, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 133036, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 80620, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e35210e1fd190655438816adbb94a276948585d1", - "timestamp": 1686150478 - }, - { - "file_size": 20620343, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 33910, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 196832, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "a2acda4f1d103c3935fecaceb702793840da5de2", - "timestamp": 1686150481 - }, - { - "file_size": 20620343, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 33910, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 196832, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "a2acda4f1d103c3935fecaceb702793840da5de2", - "timestamp": 1686150481 - }, - { - "file_size": 6009840, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4616975, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4984614, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "58d3d4e8011ca5aa7a827bdb32984b46691cb5a9", - "timestamp": 1686150481 - }, - { - "file_size": 6009840, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4616975, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4984614, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "58d3d4e8011ca5aa7a827bdb32984b46691cb5a9", - "timestamp": 1686150481 - }, - { - "file_size": 20632380, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 16365, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 208986, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d2778f896a3ff2d865af50cbcd529dafcf714393", - "timestamp": 1686150482 - }, - { - "file_size": 20632380, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 16365, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 208986, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "d2778f896a3ff2d865af50cbcd529dafcf714393", - "timestamp": 1686150482 - }, - { - "file_size": 273248, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 251, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4940, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "34578885caf1a2e0b48b46d4e70eb01445acc5f0", - "timestamp": 1686150482 - }, - { - "file_size": 273248, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 251, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4940, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "34578885caf1a2e0b48b46d4e70eb01445acc5f0", - "timestamp": 1686150482 - }, - { - "file_size": 344762, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 12762, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 227460, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "b6caa5f15f08024eda95d3eb61de207ea1db5ca7", - "timestamp": 1686150483 - }, - { - "file_size": 344762, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 12762, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 227460, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "b6caa5f15f08024eda95d3eb61de207ea1db5ca7", - "timestamp": 1686150483 - }, - { - "file_size": 273249, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 251, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4940, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "ddff15d4914ff06b55fbac496362aaae7a2d3c9b", - "timestamp": 1686150484 - }, - { - "file_size": 273249, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 251, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4940, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "ddff15d4914ff06b55fbac496362aaae7a2d3c9b", - "timestamp": 1686150484 - }, - { - "file_size": 456700, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 430650, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 214898, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "a3342c659d56113fcf63287f1f2b51015a32a9fe", - "timestamp": 1686150491 - }, - { - "file_size": 456700, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 430650, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 214898, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "a3342c659d56113fcf63287f1f2b51015a32a9fe", - "timestamp": 1686150491 - }, - { - "file_size": 20655221, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7544, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 19076, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e1a3dcfe7846ac93feb3b6c0d368c619551e2060", - "timestamp": 1686150496 - }, - { - "file_size": 20655221, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7544, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 19076, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "e1a3dcfe7846ac93feb3b6c0d368c619551e2060", - "timestamp": 1686150496 - }, - { - "file_size": 1808816, - "file_type": "PE/.Net Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 201237, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 166562, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8cee4323aa88793881d1e9753476ffd85e9909d2", - "timestamp": 1686150498 - }, - { - "file_size": 1808816, - "file_type": "PE/.Net Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 201237, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 166562, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": true, - "sha1": "8cee4323aa88793881d1e9753476ffd85e9909d2", - "timestamp": 1686150498 - }, - { - "file_size": 17414211, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1697169, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 341432, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "86323712891af72832dd179625c1c9e5f47ef5dc", - "timestamp": 1686149728 - }, - { - "file_size": 17414211, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1697169, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 341432, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "86323712891af72832dd179625c1c9e5f47ef5dc", - "timestamp": 1686149728 - }, - { - "file_size": 97050, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27202, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48756, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4b894706af749cdad62ced56233c32dc85274212", - "timestamp": 1686149728 - }, - { - "file_size": 97050, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27202, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48756, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4b894706af749cdad62ced56233c32dc85274212", - "timestamp": 1686149728 - }, - { - "file_size": 735478, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 555378, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 733133, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "2d4d4a0e0efea6efab5dff40951a996b10fe594c", - "timestamp": 1686149732 - }, - { - "file_size": 735478, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 555378, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 733133, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "2d4d4a0e0efea6efab5dff40951a996b10fe594c", - "timestamp": 1686149732 - }, - { - "file_size": 609570, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 53613, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8513, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "aaed518e40e25ce0e29bd86cefa05cf4c6cdaad8", - "timestamp": 1686149732 - }, - { - "file_size": 609570, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 53613, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8513, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "aaed518e40e25ce0e29bd86cefa05cf4c6cdaad8", - "timestamp": 1686149732 - }, - { - "file_size": 8295796, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3332145, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1798128, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "eb37a450426a73adc228c0b7af6b389fc7bdf56e", - "timestamp": 1686149737 - }, - { - "file_size": 8295796, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3332145, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1798128, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "eb37a450426a73adc228c0b7af6b389fc7bdf56e", - "timestamp": 1686149737 - }, - { - "file_size": 13028229, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 29013, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 650100, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c38171b6039aed6b7b759e296ace24dc7d025b83", - "timestamp": 1686149738 - }, - { - "file_size": 13028229, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 29013, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 650100, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c38171b6039aed6b7b759e296ace24dc7d025b83", - "timestamp": 1686149738 - }, - { - "file_size": 7240420, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4735924, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4985544, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "06b99fba88558d39bdb6dbb429327e38bd1a00a6", - "timestamp": 1686149740 - }, - { - "file_size": 7240420, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4735924, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4985544, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "06b99fba88558d39bdb6dbb429327e38bd1a00a6", - "timestamp": 1686149740 - }, - { - "file_size": 9198608, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6192194, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6196270, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d537cc50888e2276c7faf74e30d23c170738198a", - "timestamp": 1686149744 - }, - { - "file_size": 9198608, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6192194, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6196270, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d537cc50888e2276c7faf74e30d23c170738198a", - "timestamp": 1686149744 - }, - { - "file_size": 26307192, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3868176, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3642636, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0503efcbe5861c3e0d079f9becb3485452b97235", - "timestamp": 1686149749 - }, - { - "file_size": 26307192, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3868176, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3642636, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0503efcbe5861c3e0d079f9becb3485452b97235", - "timestamp": 1686149749 - }, - { - "file_size": 108432, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 45813, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 17730, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6eb5e3bb205a25257bf20d66e9f4f70a7ae67d76", - "timestamp": 1686149755 - }, - { - "file_size": 108432, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 45813, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 17730, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6eb5e3bb205a25257bf20d66e9f4f70a7ae67d76", - "timestamp": 1686149755 - }, - { - "file_size": 22828, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8423, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11498, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "51b0ba00682591290f80e5855f1a4db9998acf09", - "timestamp": 1686149756 - }, - { - "file_size": 22828, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8423, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11498, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "51b0ba00682591290f80e5855f1a4db9998acf09", - "timestamp": 1686149756 - }, - { - "file_size": 22894, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8489, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11564, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0c6f35b25d6e074fab3199944f85df197e063162", - "timestamp": 1686149766 - }, - { - "file_size": 22894, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8489, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11564, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0c6f35b25d6e074fab3199944f85df197e063162", - "timestamp": 1686149766 - }, - { - "file_size": 735481, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 555379, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 733136, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c95b0d982790b576d4b8b0eb0b5eb81c07e8eb87", - "timestamp": 1686149767 - }, - { - "file_size": 735481, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 555379, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 733136, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c95b0d982790b576d4b8b0eb0b5eb81c07e8eb87", - "timestamp": 1686149767 - }, - { - "file_size": 69910542, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 432346, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 401816, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c10dd19fb20e99ac5e03cc854fcb07f3a4689626", - "timestamp": 1686149774 - }, - { - "file_size": 69910542, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 432346, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 401816, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c10dd19fb20e99ac5e03cc854fcb07f3a4689626", - "timestamp": 1686149774 - }, - { - "file_size": 78078, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27427, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48075, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6b23dddf010be66788315ffbd673a8786e216cca", - "timestamp": 1686149779 - }, - { - "file_size": 78078, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27427, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48075, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6b23dddf010be66788315ffbd673a8786e216cca", - "timestamp": 1686149779 - }, - { - "file_size": 55035681, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6445000, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5864743, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a20295d2941d01ad89f148221bfeeb4a7ae91c8a", - "timestamp": 1686149785 - }, - { - "file_size": 55035681, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6445000, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5864743, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a20295d2941d01ad89f148221bfeeb4a7ae91c8a", - "timestamp": 1686149785 - }, - { - "file_size": 72160935, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 25254788, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 62943840, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "3608d31f0528ed78f3b4c7325f48b21eaae7d6e9", - "timestamp": 1686149790 - }, - { - "file_size": 72160935, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 64192330, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "3608d31f0528ed78f3b4c7325f48b21eaae7d6e9", - "timestamp": 1686149790 - }, - { - "file_size": 72160935, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 25254788, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 62943840, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "3608d31f0528ed78f3b4c7325f48b21eaae7d6e9", - "timestamp": 1686149790 - }, - { - "file_size": 5053848, - "file_type": "PE/Exe/UPX", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 4631537, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "9d94d6d2c676ea1391707da336b08adb51a7602e", - "timestamp": 1686149811 - }, - { - "file_size": 48064504, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 14832618, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6254126, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "949abf3b22fde0d82aabde30b447202a85a22976", - "timestamp": 1686149814 - }, - { - "file_size": 48064504, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 14832618, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6254126, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "949abf3b22fde0d82aabde30b447202a85a22976", - "timestamp": 1686149814 - }, - { - "file_size": 17363501, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 276134, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4050570, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "ea2a042555d2ed5031699ab262dd36ee11140a47", - "timestamp": 1686149826 - }, - { - "file_size": 17363501, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 276134, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4050570, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "ea2a042555d2ed5031699ab262dd36ee11140a47", - "timestamp": 1686149826 - }, - { - "file_size": 1097787, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1026714, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1022464, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8347104bb4f67e9f6a009dddab7d9ba64c1f1f34", - "timestamp": 1686149827 - }, - { - "file_size": 1097787, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1026714, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1022464, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8347104bb4f67e9f6a009dddab7d9ba64c1f1f34", - "timestamp": 1686149827 - }, - { - "file_size": 9109956, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6903276, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7053407, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "68272eebbf35852ead3ca57e4d4057c1aca9e87f", - "timestamp": 1686149828 - }, - { - "file_size": 9109956, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6903276, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7053407, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "68272eebbf35852ead3ca57e4d4057c1aca9e87f", - "timestamp": 1686149828 - }, - { - "file_size": 129965, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 28324, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 49213, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8862e555dfb36ef346c9ab015e9cdc042742f905", - "timestamp": 1686149830 - }, - { - "file_size": 129965, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 28324, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 49213, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8862e555dfb36ef346c9ab015e9cdc042742f905", - "timestamp": 1686149830 - }, - { - "file_size": 3401029, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 546852, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12694, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4edebb0ccaf461b657eefd6de9daa819718702c5", - "timestamp": 1686149831 - }, - { - "file_size": 3401029, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 546852, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12694, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4edebb0ccaf461b657eefd6de9daa819718702c5", - "timestamp": 1686149831 - }, - { - "file_size": 12211580, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1831826, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1825431, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "bce246203d8df748692e5d67f7b43779ca18fcb8", - "timestamp": 1686149833 - }, - { - "file_size": 12211580, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1831826, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1825431, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "bce246203d8df748692e5d67f7b43779ca18fcb8", - "timestamp": 1686149833 - }, - { - "file_size": 130472, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 31577, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 53131, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "bb95e8d71ced34ca09a220bcd4740c05bb5beaae", - "timestamp": 1686149835 - }, - { - "file_size": 130472, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 31577, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 53131, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "bb95e8d71ced34ca09a220bcd4740c05bb5beaae", - "timestamp": 1686149835 - }, - { - "file_size": 21856, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 10251, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 20432, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "49e3e9c608998a84c76dea1d14979748fa303108", - "timestamp": 1686149836 - }, - { - "file_size": 21856, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 10251, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 20432, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "49e3e9c608998a84c76dea1d14979748fa303108", - "timestamp": 1686149836 - }, - { - "file_size": 8761628, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5623501, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5729635, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "638ee91a8195f803fb856b9cc58ec90b4e302d2d", - "timestamp": 1686149838 - }, - { - "file_size": 8761628, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5623501, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5729635, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "638ee91a8195f803fb856b9cc58ec90b4e302d2d", - "timestamp": 1686149838 - }, - { - "file_size": 80384, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3832, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4633, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d71c31ff1506662b75a69ab2f4c470acd4a608c6", - "timestamp": 1686149840 - }, - { - "file_size": 80384, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3832, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4633, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d71c31ff1506662b75a69ab2f4c470acd4a608c6", - "timestamp": 1686149840 - }, - { - "file_size": 2696810, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 47000, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11164, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "2bb02417e2229ec6c67723720e8c047473bac428", - "timestamp": 1686149843 - }, - { - "file_size": 2696810, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 47000, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11164, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "2bb02417e2229ec6c67723720e8c047473bac428", - "timestamp": 1686149843 - }, - { - "file_size": 291468, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 30654, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 206411, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "861df3d24be5051f03b772a3614ece4f38c9453f", - "timestamp": 1686149843 - }, - { - "file_size": 291468, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 30654, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 206411, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "861df3d24be5051f03b772a3614ece4f38c9453f", - "timestamp": 1686149843 - }, - { - "file_size": 9605652, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6219463, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7291032, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "dbb08be91da3fbb62d3a940f50ee262b8ee64a00", - "timestamp": 1686149843 - }, - { - "file_size": 9605652, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6219463, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7291032, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "dbb08be91da3fbb62d3a940f50ee262b8ee64a00", - "timestamp": 1686149843 - }, - { - "file_size": 7851776, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5738916, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5715983, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "44ecf0599917582d655aebecad3bff20428a95d5", - "timestamp": 1686149844 - }, - { - "file_size": 7851776, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5738916, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5715983, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "44ecf0599917582d655aebecad3bff20428a95d5", - "timestamp": 1686149844 - }, - { - "file_size": 134280, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 31122, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 52676, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7b954a9a584dfea3b50aa0d266ece12edd920de3", - "timestamp": 1686149844 - }, - { - "file_size": 134280, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 31122, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 52676, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7b954a9a584dfea3b50aa0d266ece12edd920de3", - "timestamp": 1686149844 - }, - { - "file_size": 1566720, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 47648, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48358, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9ae122565cefb2d077ffd8015b2080dbcd66210a", - "timestamp": 1686149846 - }, - { - "file_size": 1566720, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 47648, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48358, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9ae122565cefb2d077ffd8015b2080dbcd66210a", - "timestamp": 1686149846 - }, - { - "file_size": 1826525, - "file_type": "PE/Exe/PECompact", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 61949, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1772779, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "00d16698e37238fa735a1f1728bcbd5a43247e80", - "timestamp": 1686149846 - }, - { - "file_size": 1826525, - "file_type": "PE/Exe/PECompact", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 61949, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1772779, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "00d16698e37238fa735a1f1728bcbd5a43247e80", - "timestamp": 1686149846 - }, - { - "file_size": 31410, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 29004, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 17271, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d11b319f05e4ca0f27820748b503a59f24beb00d", - "timestamp": 1686149846 - }, - { - "file_size": 31410, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 29004, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 17271, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d11b319f05e4ca0f27820748b503a59f24beb00d", - "timestamp": 1686149846 - }, - { - "file_size": 81478, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 31946, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 38816, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "fc16e1d11e96a3c32f5cb55d5dc6f50deeebc1af", - "timestamp": 1686149850 - }, - { - "file_size": 81478, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 31946, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 38816, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "fc16e1d11e96a3c32f5cb55d5dc6f50deeebc1af", - "timestamp": 1686149850 - }, - { - "file_size": 718416, - "file_type": "Document/None/PDF", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 20006, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 140853, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "84c987347c558fb79e603b4ce107e727b35d2ce0", - "timestamp": 1686149850 - }, - { - "file_size": 718416, - "file_type": "Document/None/PDF", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 20006, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 140853, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "84c987347c558fb79e603b4ce107e727b35d2ce0", - "timestamp": 1686149850 - }, - { - "file_size": 7765124, - "file_type": "Binary/None/TNEF", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1806802, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 17011, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1898cb0bd9636e2770bef781e64c14ea930737d9", - "timestamp": 1686149851 - }, - { - "file_size": 7765124, - "file_type": "Binary/None/TNEF", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1806802, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 17011, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1898cb0bd9636e2770bef781e64c14ea930737d9", - "timestamp": 1686149851 - }, - { - "file_size": 7445844, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5463059, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5443224, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8397215a4ef8f0278ca94ac55bcfb7d951eb5991", - "timestamp": 1686149852 - }, - { - "file_size": 7445844, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5463059, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5443224, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8397215a4ef8f0278ca94ac55bcfb7d951eb5991", - "timestamp": 1686149852 - }, - { - "file_size": 58880, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3006, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5184, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "5e3ce373290c3ff3a161f20ce507f566ec02ef37", - "timestamp": 1686149853 - }, - { - "file_size": 58880, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3006, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5184, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "5e3ce373290c3ff3a161f20ce507f566ec02ef37", - "timestamp": 1686149853 - }, - { - "file_size": 34304, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 16023, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 18191, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6419bbc857dfc05244305301ce04fd3101dfbc4e", - "timestamp": 1686149856 - }, - { - "file_size": 34304, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 16023, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 18191, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6419bbc857dfc05244305301ce04fd3101dfbc4e", - "timestamp": 1686149856 - }, - { - "file_size": 13647, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5929, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7760, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "f498fa63f00a6c5d563c78597b1e603f00c292ba", - "timestamp": 1686149856 - }, - { - "file_size": 13647, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5929, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7760, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "f498fa63f00a6c5d563c78597b1e603f00c292ba", - "timestamp": 1686149856 - }, - { - "file_size": 10867247, - "file_type": "Document/None/PDF", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 615042, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2517009, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "80ac906fe3153d272625e4cfd0e953d01dabc718", - "timestamp": 1686149858 - }, - { - "file_size": 10867247, - "file_type": "Document/None/PDF", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 615042, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2517009, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "80ac906fe3153d272625e4cfd0e953d01dabc718", - "timestamp": 1686149858 - }, - { - "file_size": 10866832, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2275907, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2454431, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6d61d48bbadf3a5eaeec617653c64493c03abc48", - "timestamp": 1686149861 - }, - { - "file_size": 10866832, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2275907, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2454431, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6d61d48bbadf3a5eaeec617653c64493c03abc48", - "timestamp": 1686149861 - }, - { - "file_size": 5101876, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 2341502, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "e846d1ab898e95541e6682720022dfb7433b42a1", - "timestamp": 1686149862 - }, - { - "file_size": 1200556, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 908895, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1200168, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a7c06c5ff0f929a52d7d9e88315d9dd6109a7939", - "timestamp": 1686149867 - }, - { - "file_size": 1200556, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 908895, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1200168, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a7c06c5ff0f929a52d7d9e88315d9dd6109a7939", - "timestamp": 1686149867 - }, - { - "file_size": 94208, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 52375, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 54543, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "e445f9ab6f8e1b5ca0c0f06e9afeeeaa81cb5fa7", - "timestamp": 1686149871 - }, - { - "file_size": 94208, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 52375, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 54543, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "e445f9ab6f8e1b5ca0c0f06e9afeeeaa81cb5fa7", - "timestamp": 1686149871 - }, - { - "file_size": 4403680, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1070028, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1569453, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "388bf96870666f99c68015c72e470b96afe330b6", - "timestamp": 1686149876 - }, - { - "file_size": 4403680, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1070028, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1569453, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "388bf96870666f99c68015c72e470b96afe330b6", - "timestamp": 1686149876 - }, - { - "file_size": 124306, - "file_type": "Document/None/RTF", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 56115, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 55176, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0c88ebb87d1db36ec61990b11b9046d8bfc84249", - "timestamp": 1686149876 - }, - { - "file_size": 124306, - "file_type": "Document/None/RTF", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 56115, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 55176, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0c88ebb87d1db36ec61990b11b9046d8bfc84249", - "timestamp": 1686149876 - }, - { - "file_size": 7532560, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5242377, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6199698, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a7175ec0cf4e1bd0976adf1c64fb4cdea1679a8b", - "timestamp": 1686149880 - }, - { - "file_size": 7532560, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5242377, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6199698, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a7175ec0cf4e1bd0976adf1c64fb4cdea1679a8b", - "timestamp": 1686149880 - }, - { - "file_size": 89227939, - "file_type": "PE+/Exe/SetupFactory", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 3721968, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "14f646a4c56d4a6908589ff38cfbc8904fef7ffd", - "timestamp": 1686149881 - }, - { - "file_size": 23765288, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 23568888, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12392190, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "32e0479375a7efd4648e3243d95c8a184b723ff7", - "timestamp": 1686149882 - }, - { - "file_size": 23765288, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 12386158, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "32e0479375a7efd4648e3243d95c8a184b723ff7", - "timestamp": 1686149882 - }, - { - "file_size": 23765288, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 23568888, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12392190, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "32e0479375a7efd4648e3243d95c8a184b723ff7", - "timestamp": 1686149882 - }, - { - "file_size": 83456, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3807, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4722, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "08d52dd79c4506e569f6b44dd040c7666e1c990a", - "timestamp": 1686149884 - }, - { - "file_size": 83456, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3807, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4722, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "08d52dd79c4506e569f6b44dd040c7666e1c990a", - "timestamp": 1686149884 - }, - { - "file_size": 18747429, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1790351, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 434614, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9315db8fd8e974ed3f32fed4af2a87950051db31", - "timestamp": 1686149884 - }, - { - "file_size": 18747429, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1790351, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 434614, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9315db8fd8e974ed3f32fed4af2a87950051db31", - "timestamp": 1686149884 - }, - { - "file_size": 7971248, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6010248, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5922837, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7c0467942d6e3a17cb46f80485735703971be951", - "timestamp": 1686149899 - }, - { - "file_size": 7971248, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6010248, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5922837, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7c0467942d6e3a17cb46f80485735703971be951", - "timestamp": 1686149899 - }, - { - "file_size": 8746736, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6663701, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6518302, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c3905032ee58bd7252bfea670af4fae789ee65bc", - "timestamp": 1686149904 - }, - { - "file_size": 8746736, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6663701, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6518302, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c3905032ee58bd7252bfea670af4fae789ee65bc", - "timestamp": 1686149904 - }, - { - "file_size": 29495534, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7777152, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 14315453, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "5448598e37f1525d59dbde93ed3226c699591660", - "timestamp": 1686149907 - }, - { - "file_size": 29495534, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 23706990, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "5448598e37f1525d59dbde93ed3226c699591660", - "timestamp": 1686149907 - }, - { - "file_size": 29495534, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7777152, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 14315453, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "5448598e37f1525d59dbde93ed3226c699591660", - "timestamp": 1686149907 - }, - { - "file_size": 20208408, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8042295, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9983725, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1274f648fbf7ec60f349f91426520d5fed741a75", - "timestamp": 1686149911 - }, - { - "file_size": 20208408, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8042295, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9983725, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1274f648fbf7ec60f349f91426520d5fed741a75", - "timestamp": 1686149911 - }, - { - "file_size": 9360804, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6623554, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6393329, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a32a21cc68347f914640067d66a8eb9f3d718f97", - "timestamp": 1686149912 - }, - { - "file_size": 9360804, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6623554, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6393329, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a32a21cc68347f914640067d66a8eb9f3d718f97", - "timestamp": 1686149912 - }, - { - "file_size": 22696990, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 273776, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2310626, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "2ee61b0db428bd1943c0a3a23fa9657bdbae4525", - "timestamp": 1686149917 - }, - { - "file_size": 22696990, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 273776, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2310626, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "2ee61b0db428bd1943c0a3a23fa9657bdbae4525", - "timestamp": 1686149917 - }, - { - "file_size": 45056, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 26775, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7215, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4a2a97a3ccc4f69e4369540afa9621517b61a70d", - "timestamp": 1686149924 - }, - { - "file_size": 45056, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 26775, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7215, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4a2a97a3ccc4f69e4369540afa9621517b61a70d", - "timestamp": 1686149924 - }, - { - "file_size": 8178116, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5952245, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6078981, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6187f8a655a0c8d63f7c0d0159ec48faf3926397", - "timestamp": 1686149926 - }, - { - "file_size": 8178116, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5952245, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6078981, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6187f8a655a0c8d63f7c0d0159ec48faf3926397", - "timestamp": 1686149926 - }, - { - "file_size": 118949, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27159, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48713, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "010536c2287998f486647077d5f5f4cb14216f21", - "timestamp": 1686149928 - }, - { - "file_size": 118949, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27159, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48713, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "010536c2287998f486647077d5f5f4cb14216f21", - "timestamp": 1686149928 - }, - { - "file_size": 4397292, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1070008, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1563324, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "28104c2b1121a331071889a8285f18e4e5fa857e", - "timestamp": 1686149932 - }, - { - "file_size": 4397292, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1070008, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1563324, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "28104c2b1121a331071889a8285f18e4e5fa857e", - "timestamp": 1686149932 - }, - { - "file_size": 1126838, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 67755, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 301561, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c068b6be9d12ef34c4bff6438217ec83aedb3920", - "timestamp": 1686149932 - }, - { - "file_size": 1126838, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 67755, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 301561, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c068b6be9d12ef34c4bff6438217ec83aedb3920", - "timestamp": 1686149932 - }, - { - "file_size": 5742, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1420, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1478, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "784251aee0035f509d9a59f46a7854e3156eb1e8", - "timestamp": 1686149932 - }, - { - "file_size": 5742, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1420, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1478, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "784251aee0035f509d9a59f46a7854e3156eb1e8", - "timestamp": 1686149932 - }, - { - "file_size": 8342696, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5758241, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6719849, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1a5599d9ac6637d73e45a008eb13963a43a42de5", - "timestamp": 1686149933 - }, - { - "file_size": 8342696, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5758241, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6719849, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1a5599d9ac6637d73e45a008eb13963a43a42de5", - "timestamp": 1686149933 - }, - { - "file_size": 10935924, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7358335, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7658163, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "ad38d8e905018d8214d3d086a5314bc8baf530f0", - "timestamp": 1686149935 - }, - { - "file_size": 10935924, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7358335, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7658163, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "ad38d8e905018d8214d3d086a5314bc8baf530f0", - "timestamp": 1686149935 - }, - { - "file_size": 9367552, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3032179, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 699012, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "f5e92bd7f79aa5e3dcd577b46ae8adb6ce796fdd", - "timestamp": 1686149936 - }, - { - "file_size": 9367552, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3032179, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 699012, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "f5e92bd7f79aa5e3dcd577b46ae8adb6ce796fdd", - "timestamp": 1686149936 - }, - { - "file_size": 5615616, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 684425, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1855040, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "27177a9974cf5e51e406dfc565abec4323a7f460", - "timestamp": 1686149938 - }, - { - "file_size": 5615616, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 684425, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1855040, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "27177a9974cf5e51e406dfc565abec4323a7f460", - "timestamp": 1686149938 - }, - { - "file_size": 12587776, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1885979, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1879584, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "61f1d317d4b637547328d7bbd8db162332ffca96", - "timestamp": 1686149941 - }, - { - "file_size": 12587776, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1885979, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1879584, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "61f1d317d4b637547328d7bbd8db162332ffca96", - "timestamp": 1686149941 - }, - { - "file_size": 15528080, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7666937, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9603001, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "90006a605fefb15ef0e3ee3a7913e4e3085aa910", - "timestamp": 1686149943 - }, - { - "file_size": 15528080, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7666937, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9603001, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "90006a605fefb15ef0e3ee3a7913e4e3085aa910", - "timestamp": 1686149943 - }, - { - "file_size": 61198027, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3493267, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 59650081, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "81fdd91f2f3ad757beaa4e99d1e696fe216572a7", - "timestamp": 1686149946 - }, - { - "file_size": 61198027, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3493267, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 59650081, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "81fdd91f2f3ad757beaa4e99d1e696fe216572a7", - "timestamp": 1686149946 - }, - { - "file_size": 92550, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 29380, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 50934, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "11e37775d188125698553bb54b92212db30c9868", - "timestamp": 1686149952 - }, - { - "file_size": 92550, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 29380, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 50934, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "11e37775d188125698553bb54b92212db30c9868", - "timestamp": 1686149952 - }, - { - "file_size": 15909007, - "file_type": "PE+/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1572203, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4403826, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "3044d17533125b0e81479c13a3938c5f680945dd", - "timestamp": 1686149952 - }, - { - "file_size": 15909007, - "file_type": "PE+/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1572203, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4403826, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "3044d17533125b0e81479c13a3938c5f680945dd", - "timestamp": 1686149952 - }, - { - "file_size": 7030588, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4138419, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3925485, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "3e781f619085938c400ef62d124e1c160d8e606d", - "timestamp": 1686149953 - }, - { - "file_size": 7030588, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4138419, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3925485, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "3e781f619085938c400ef62d124e1c160d8e606d", - "timestamp": 1686149953 - }, - { - "file_size": 7891860, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5936181, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6065613, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9672712486f68f6ef3fa5ea1051a488652768782", - "timestamp": 1686149956 - }, - { - "file_size": 7891860, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5936181, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6065613, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9672712486f68f6ef3fa5ea1051a488652768782", - "timestamp": 1686149956 - }, - { - "file_size": 1126838, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 67755, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 301561, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c068b6be9d12ef34c4bff6438217ec83aedb3920", - "timestamp": 1686149974 - }, - { - "file_size": 1126838, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 67755, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 301561, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c068b6be9d12ef34c4bff6438217ec83aedb3920", - "timestamp": 1686149974 - }, - { - "file_size": 58853069, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 453396, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 422866, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7f61bf37ba7a45b4d9686384db4cccec61f67c47", - "timestamp": 1686149975 - }, - { - "file_size": 58853069, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 453396, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 422866, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7f61bf37ba7a45b4d9686384db4cccec61f67c47", - "timestamp": 1686149975 - }, - { - "file_size": 80896, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3807, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4617, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6fc8b4b91789e00438dc40c306b51a4cb607eb8d", - "timestamp": 1686149975 - }, - { - "file_size": 80896, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3807, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4617, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6fc8b4b91789e00438dc40c306b51a4cb607eb8d", - "timestamp": 1686149975 - }, - { - "file_size": 4090442, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2966063, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3005572, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a9102e50f879a876bcde1a65ed9e66061345af38", - "timestamp": 1686149977 - }, - { - "file_size": 4090442, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2966063, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3005572, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a9102e50f879a876bcde1a65ed9e66061345af38", - "timestamp": 1686149977 - }, - { - "file_size": 11287504, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 9611205, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9336911, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "855439438fa49547ac12bdf953b32f72c719b2c9", - "timestamp": 1686149980 - }, - { - "file_size": 11287504, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 9611205, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9336911, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "855439438fa49547ac12bdf953b32f72c719b2c9", - "timestamp": 1686149980 - }, - { - "file_size": 51580195, - "file_type": "PE/Exe/NSIS", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 192859, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1055775, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "aa57da659dd7d00cce7d1435bfc8459087f51b6f", - "timestamp": 1686149983 - }, - { - "file_size": 51580195, - "file_type": "PE/Exe/NSIS", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 192859, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1055775, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "aa57da659dd7d00cce7d1435bfc8459087f51b6f", - "timestamp": 1686149983 - }, - { - "file_size": 52603562, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5081683, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48790340, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7b645c555f2208a68b7d6aff201736b6e111d3cc", - "timestamp": 1686149989 - }, - { - "file_size": 52603562, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5081683, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48790340, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7b645c555f2208a68b7d6aff201736b6e111d3cc", - "timestamp": 1686149989 - }, - { - "file_size": 12364752, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 10579965, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 10306863, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6c745b37d30bdc06e8ace8b4189538403c4d5c8a", - "timestamp": 1686149991 - }, - { - "file_size": 12364752, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 10579965, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 10306863, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6c745b37d30bdc06e8ace8b4189538403c4d5c8a", - "timestamp": 1686149991 - }, - { - "file_size": 113599, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 28965, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 50276, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c797c0ed6564a46ae0ac9973f2b97411dbac4754", - "timestamp": 1686149993 - }, - { - "file_size": 113599, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 28965, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 50276, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c797c0ed6564a46ae0ac9973f2b97411dbac4754", - "timestamp": 1686149993 - }, - { - "file_size": 8720028, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6232135, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6035292, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a12a22c2b0ecdbeb2f98a592328068591520225e", - "timestamp": 1686149993 - }, - { - "file_size": 8720028, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6232135, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6035292, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a12a22c2b0ecdbeb2f98a592328068591520225e", - "timestamp": 1686149993 - }, - { - "file_size": 11722184, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 10006757, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9731199, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d824b4da35e0527c04c91b45111790421e0df9c3", - "timestamp": 1686149993 - }, - { - "file_size": 11722184, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 10006757, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9731199, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d824b4da35e0527c04c91b45111790421e0df9c3", - "timestamp": 1686149993 - }, - { - "file_size": 1647430, - "file_type": "Document/None/RTF", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1504890, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1514081, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d416c83fd8bc78cc77ef30a8e5543b59f8b58f90", - "timestamp": 1686150001 - }, - { - "file_size": 1647430, - "file_type": "Document/None/RTF", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1504890, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1514081, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d416c83fd8bc78cc77ef30a8e5543b59f8b58f90", - "timestamp": 1686150001 - }, - { - "file_size": 8185068, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1729023, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1836665, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a470d52b3da243f0a6e4f29990910c15fe877260", - "timestamp": 1686150003 - }, - { - "file_size": 8185068, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1729023, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1836665, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a470d52b3da243f0a6e4f29990910c15fe877260", - "timestamp": 1686150003 - }, - { - "file_size": 9058488, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2024065, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2076599, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "28cb515f6029996c620d90852ac18089b1ded110", - "timestamp": 1686150004 - }, - { - "file_size": 9058488, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2024065, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2076599, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "28cb515f6029996c620d90852ac18089b1ded110", - "timestamp": 1686150004 - }, - { - "file_size": 6957242, - "file_type": "PE/Exe/NSIS", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1535249, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2867970, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "936ed9f8b5e106db89d568cdd6cf0d3768e35e8a", - "timestamp": 1686150005 - }, - { - "file_size": 6957242, - "file_type": "PE/Exe/NSIS", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1535249, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2867970, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "936ed9f8b5e106db89d568cdd6cf0d3768e35e8a", - "timestamp": 1686150005 - }, - { - "file_size": 11402192, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 9748709, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9479007, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "67bf7558493de43e5248d5c3fb0eff9ebe15e025", - "timestamp": 1686150005 - }, - { - "file_size": 11402192, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 9748709, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9479007, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "67bf7558493de43e5248d5c3fb0eff9ebe15e025", - "timestamp": 1686150005 - }, - { - "file_size": 3560827, - "file_type": "ELF64 Little/SO", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 134236, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3282561, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "09a2f81add6a24707bf53b87fc35649648d83d84", - "timestamp": 1686150008 - }, - { - "file_size": 3560827, - "file_type": "ELF64 Little/SO", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 134236, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3282561, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "09a2f81add6a24707bf53b87fc35649648d83d84", - "timestamp": 1686150008 - }, - { - "file_size": 24621335, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1120542, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1090012, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "42b2ae12dea46ea047d05762919e9b4bfe5ef788", - "timestamp": 1686150010 - }, - { - "file_size": 24621335, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1120542, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1090012, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "42b2ae12dea46ea047d05762919e9b4bfe5ef788", - "timestamp": 1686150010 - }, - { - "file_size": 27294631, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2867337, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5192795, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "fadcba6ae6a7d80804672d39716caf6d6b236548", - "timestamp": 1686150010 - }, - { - "file_size": 27294631, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2867337, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5192795, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "fadcba6ae6a7d80804672d39716caf6d6b236548", - "timestamp": 1686150010 - }, - { - "file_size": 563708, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 71256, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 13295, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "ec4ae655adbbb3805d80b71db833024062f40a30", - "timestamp": 1686150022 - }, - { - "file_size": 563708, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 71256, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 13295, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "ec4ae655adbbb3805d80b71db833024062f40a30", - "timestamp": 1686150022 - }, - { - "file_size": 23674771, - "file_type": "PE/.Net Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1113582, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 898210, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c3b9b20d2b059c554bfedcf02f7e20a78ea0b634", - "timestamp": 1686150029 - }, - { - "file_size": 23674771, - "file_type": "PE/.Net Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1113582, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 898210, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c3b9b20d2b059c554bfedcf02f7e20a78ea0b634", - "timestamp": 1686150029 - }, - { - "file_size": 8696352, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6448188, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5556020, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8c6478d4da8936bbd1c41d55d627e5947f350a3c", - "timestamp": 1686150030 - }, - { - "file_size": 8696352, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6448188, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5556020, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8c6478d4da8936bbd1c41d55d627e5947f350a3c", - "timestamp": 1686150030 - }, - { - "file_size": 89737, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27489, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 49043, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "ea0cd712f5841da8a42c88b5531580a67a46606d", - "timestamp": 1686150040 - }, - { - "file_size": 89737, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27489, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 49043, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "ea0cd712f5841da8a42c88b5531580a67a46606d", - "timestamp": 1686150040 - }, - { - "file_size": 7919852, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5071035, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5906334, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "639f26fcdf4cf23f537da436e579d7642bb88a34", - "timestamp": 1686150042 - }, - { - "file_size": 7919852, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5071035, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5906334, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "639f26fcdf4cf23f537da436e579d7642bb88a34", - "timestamp": 1686150042 - }, - { - "file_size": 4740152, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3564800, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3647079, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0e2b28a93eb1a6028a450f2d0fb17b8a4142c838", - "timestamp": 1686150044 - }, - { - "file_size": 4740152, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3564800, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3647079, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0e2b28a93eb1a6028a450f2d0fb17b8a4142c838", - "timestamp": 1686150044 - }, - { - "file_size": 8722544, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6754191, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7446396, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "11da04c21b47ff12ad322a6b23556b240c57e132", - "timestamp": 1686150045 - }, - { - "file_size": 8722544, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6754191, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7446396, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "11da04c21b47ff12ad322a6b23556b240c57e132", - "timestamp": 1686150045 - }, - { - "file_size": 3826214, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 68922, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3251864, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "57e01329fd57cdf43d48e6126dcb04a9a649f486", - "timestamp": 1686150045 - }, - { - "file_size": 3826214, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 68922, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3251864, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "57e01329fd57cdf43d48e6126dcb04a9a649f486", - "timestamp": 1686150045 - }, - { - "file_size": 90401, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 30206, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 51760, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "eb539586df1f83a1ad6a46578ae93af47d28e583", - "timestamp": 1686150050 - }, - { - "file_size": 90401, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 30206, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 51760, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "eb539586df1f83a1ad6a46578ae93af47d28e583", - "timestamp": 1686150050 - }, - { - "file_size": 5196432, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1774761, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1594184, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0dfbab7b39fe2df27cc3c450a33703e862548e7c", - "timestamp": 1686150050 - }, - { - "file_size": 5196432, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1774761, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1594184, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0dfbab7b39fe2df27cc3c450a33703e862548e7c", - "timestamp": 1686150050 - }, - { - "file_size": 88693, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 25563, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 47117, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4f0abfde4499ca4265efaa76240165eeec26ae9c", - "timestamp": 1686150055 - }, - { - "file_size": 88693, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 25563, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 47117, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4f0abfde4499ca4265efaa76240165eeec26ae9c", - "timestamp": 1686150055 - }, - { - "file_size": 3114071, - "file_type": "ELF32 Little/SO", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 104418, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2618650, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "e99fb966b75da3eb02a16fcac3b36c3a9194b857", - "timestamp": 1686150056 - }, - { - "file_size": 3114071, - "file_type": "ELF32 Little/SO", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 104418, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2618650, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "e99fb966b75da3eb02a16fcac3b36c3a9194b857", - "timestamp": 1686150056 - }, - { - "file_size": 28120902, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 22260169, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 27281148, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0ac06711934890049220bec85d224ca6a69a4abf", - "timestamp": 1686150060 - }, - { - "file_size": 28120902, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 22260169, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 27281148, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0ac06711934890049220bec85d224ca6a69a4abf", - "timestamp": 1686150060 - }, - { - "file_size": 28328686, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6610304, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 13148605, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7929803a26acbb9fbec06ee003d65fb01966f3a9", - "timestamp": 1686150077 - }, - { - "file_size": 28328686, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6610304, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 13148605, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7929803a26acbb9fbec06ee003d65fb01966f3a9", - "timestamp": 1686150077 - }, - { - "file_size": 28328686, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 22540142, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "7929803a26acbb9fbec06ee003d65fb01966f3a9", - "timestamp": 1686150077 - }, - { - "file_size": 18271076, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 273776, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4064513, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8efe34081ab998e156e537df4da387b0a4bd7f08", - "timestamp": 1686150078 - }, - { - "file_size": 18271076, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 273776, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4064513, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8efe34081ab998e156e537df4da387b0a4bd7f08", - "timestamp": 1686150078 - }, - { - "file_size": 28018926, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6300544, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12838845, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "3095cf7fcee94f7ca177dd1cb4aea29b5b451116", - "timestamp": 1686150083 - }, - { - "file_size": 28018926, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 22230382, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "3095cf7fcee94f7ca177dd1cb4aea29b5b451116", - "timestamp": 1686150083 - }, - { - "file_size": 28018926, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6300544, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12838845, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "3095cf7fcee94f7ca177dd1cb4aea29b5b451116", - "timestamp": 1686150083 - }, - { - "file_size": 27306734, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5588352, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12126653, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "32c438b9048acb085fda9bd828fe370804e83b5c", - "timestamp": 1686150084 - }, - { - "file_size": 27306734, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5588352, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12126653, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "32c438b9048acb085fda9bd828fe370804e83b5c", - "timestamp": 1686150084 - }, - { - "file_size": 27306734, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 21518190, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "32c438b9048acb085fda9bd828fe370804e83b5c", - "timestamp": 1686150084 - }, - { - "file_size": 81650, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 16951, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 39263, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "37b6ec97243b59e031215a7c79c76bd535c94a11", - "timestamp": 1686150090 - }, - { - "file_size": 81650, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 16951, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 39263, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "37b6ec97243b59e031215a7c79c76bd535c94a11", - "timestamp": 1686150090 - }, - { - "file_size": 181777, - "file_type": "Document/None/PDF", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 9977, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8279, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8e5698b6c99e84ef251da396e57801eea4d4a7e0", - "timestamp": 1686150096 - }, - { - "file_size": 181777, - "file_type": "Document/None/PDF", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 9977, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8279, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8e5698b6c99e84ef251da396e57801eea4d4a7e0", - "timestamp": 1686150096 - }, - { - "file_size": 271360, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 119107, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 118595, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "2b1c1ebb77a69accf7ade4a6656a229a8236da23", - "timestamp": 1686150101 - }, - { - "file_size": 271360, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 119107, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 118595, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "2b1c1ebb77a69accf7ade4a6656a229a8236da23", - "timestamp": 1686150101 - }, - { - "file_size": 583414, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 304758, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 30495, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c90a2097bb3ef3b7782b569aad3a7a402c40ece6", - "timestamp": 1686150102 - }, - { - "file_size": 583414, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 304758, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 30495, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c90a2097bb3ef3b7782b569aad3a7a402c40ece6", - "timestamp": 1686150102 - }, - { - "file_size": 5011956, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3830891, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4122073, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "bceeab17f46e635c4d2d8e83ba98fc53d3b94409", - "timestamp": 1686150104 - }, - { - "file_size": 5011956, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3830891, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4122073, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "bceeab17f46e635c4d2d8e83ba98fc53d3b94409", - "timestamp": 1686150104 - }, - { - "file_size": 22521, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 17697, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 22133, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7370d7caf811dc3fb9b8ded4fb3a23d36997253d", - "timestamp": 1686150104 - }, - { - "file_size": 22521, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 17697, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 22133, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7370d7caf811dc3fb9b8ded4fb3a23d36997253d", - "timestamp": 1686150104 - }, - { - "file_size": 7701312, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5240872, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6126943, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "af1458eda29940c81e42bf6a11d689b9363a575b", - "timestamp": 1686150107 - }, - { - "file_size": 7701312, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5240872, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6126943, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "af1458eda29940c81e42bf6a11d689b9363a575b", - "timestamp": 1686150107 - }, - { - "file_size": 8298484, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1572183, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2680377, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "99047e1bf6e16b647f124db80faf90d91947643e", - "timestamp": 1686150109 - }, - { - "file_size": 8298484, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1572183, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2680377, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "99047e1bf6e16b647f124db80faf90d91947643e", - "timestamp": 1686150109 - }, - { - "file_size": 105267, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 849, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 30630, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "891e13aa1d764808d787be69ae3e8188345891ed", - "timestamp": 1686150115 - }, - { - "file_size": 105267, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 849, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 30630, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "891e13aa1d764808d787be69ae3e8188345891ed", - "timestamp": 1686150115 - }, - { - "file_size": 6390588, - "file_type": "PE+/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3498419, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3285485, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "732c2810e0cecccdfbcf3a052753060d8158643d", - "timestamp": 1686150119 - }, - { - "file_size": 6390588, - "file_type": "PE+/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3498419, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3285485, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "732c2810e0cecccdfbcf3a052753060d8158643d", - "timestamp": 1686150119 - }, - { - "file_size": 102498470, - "file_type": "PE/Exe/NSIS", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 26303220, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 15358931, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "89f539a36777589582b45b5ab3f1c4b8c392a519", - "timestamp": 1686150124 - }, - { - "file_size": 102498470, - "file_type": "PE/Exe/NSIS", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 26303220, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 15358931, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "89f539a36777589582b45b5ab3f1c4b8c392a519", - "timestamp": 1686150124 - }, - { - "file_size": 223744, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 21284, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 15037, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "025d67d07d1d4c0c6815dd671c5021f2d1dbeb2d", - "timestamp": 1686150124 - }, - { - "file_size": 223744, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 21284, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 15037, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "025d67d07d1d4c0c6815dd671c5021f2d1dbeb2d", - "timestamp": 1686150124 - }, - { - "file_size": 34840, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1586, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 20241, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "247dda310be523a670399ce08ac7576eeffceba9", - "timestamp": 1686150127 - }, - { - "file_size": 34840, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1586, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 20241, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "247dda310be523a670399ce08ac7576eeffceba9", - "timestamp": 1686150127 - }, - { - "file_size": 97689, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 34565, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 56119, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "ce2fbbb268352f30e63708658a895b55d5994a21", - "timestamp": 1686150127 - }, - { - "file_size": 97689, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 34565, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 56119, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "ce2fbbb268352f30e63708658a895b55d5994a21", - "timestamp": 1686150127 - }, - { - "file_size": 608019, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 120997, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 179775, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "81bc384770e1fcf3d32e38b69e7fa6dfd68eceb5", - "timestamp": 1686150128 - }, - { - "file_size": 608019, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 120997, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 179775, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "81bc384770e1fcf3d32e38b69e7fa6dfd68eceb5", - "timestamp": 1686150128 - }, - { - "file_size": 7109996, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5978050, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4853648, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "2a354db1cbe01973b6ea523d0842327ddafc17b8", - "timestamp": 1686150129 - }, - { - "file_size": 7109996, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5978050, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4853648, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "2a354db1cbe01973b6ea523d0842327ddafc17b8", - "timestamp": 1686150129 - }, - { - "file_size": 11060751, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 208731, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4067711, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d328639db252e6882cde55b4d96fb6c6917ce647", - "timestamp": 1686150135 - }, - { - "file_size": 11060751, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 208731, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4067711, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d328639db252e6882cde55b4d96fb6c6917ce647", - "timestamp": 1686150135 - }, - { - "file_size": 102034, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 31083, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 52637, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9d13375b63610249a16e7eec10b2be064c7097f7", - "timestamp": 1686150136 - }, - { - "file_size": 102034, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 31083, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 52637, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9d13375b63610249a16e7eec10b2be064c7097f7", - "timestamp": 1686150136 - }, - { - "file_size": 24915182, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 19126638, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "3c24cca2a6bfa8faaa35756e6814802dbcd751f2", - "timestamp": 1686150137 - }, - { - "file_size": 24915182, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3196800, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9735101, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "3c24cca2a6bfa8faaa35756e6814802dbcd751f2", - "timestamp": 1686150137 - }, - { - "file_size": 24915182, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3196800, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9735101, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "3c24cca2a6bfa8faaa35756e6814802dbcd751f2", - "timestamp": 1686150137 - }, - { - "file_size": 26192622, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 20404078, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "9c9d925179896d29421f881eb5ad77af9e8bc7fb", - "timestamp": 1686150137 - }, - { - "file_size": 26192622, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4474240, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11012541, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9c9d925179896d29421f881eb5ad77af9e8bc7fb", - "timestamp": 1686150137 - }, - { - "file_size": 26192622, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4474240, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11012541, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9c9d925179896d29421f881eb5ad77af9e8bc7fb", - "timestamp": 1686150137 - }, - { - "file_size": 26345710, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 20557166, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "d6d554d74fdfd98418b8fa34338056708291599e", - "timestamp": 1686150137 - }, - { - "file_size": 26345710, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4627328, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11165629, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d6d554d74fdfd98418b8fa34338056708291599e", - "timestamp": 1686150137 - }, - { - "file_size": 26345710, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4627328, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11165629, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d6d554d74fdfd98418b8fa34338056708291599e", - "timestamp": 1686150137 - }, - { - "file_size": 25406702, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3688320, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 10226621, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1799c607028ad0ed4d15e46bb80cc0a70683e90f", - "timestamp": 1686150137 - }, - { - "file_size": 25406702, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3688320, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 10226621, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1799c607028ad0ed4d15e46bb80cc0a70683e90f", - "timestamp": 1686150137 - }, - { - "file_size": 25406702, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 19618158, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "1799c607028ad0ed4d15e46bb80cc0a70683e90f", - "timestamp": 1686150137 - }, - { - "file_size": 25241838, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 19453294, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "f5be7fa83024d787932ead402e6a0a63da6eb443", - "timestamp": 1686150138 - }, - { - "file_size": 25241838, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3523456, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 10061757, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "f5be7fa83024d787932ead402e6a0a63da6eb443", - "timestamp": 1686150138 - }, - { - "file_size": 25241838, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3523456, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 10061757, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "f5be7fa83024d787932ead402e6a0a63da6eb443", - "timestamp": 1686150138 - }, - { - "file_size": 27273966, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 21485422, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "f9461339c56853fd3b535f99bc72bd2b897591d0", - "timestamp": 1686150138 - }, - { - "file_size": 27273966, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5555584, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12093885, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "f9461339c56853fd3b535f99bc72bd2b897591d0", - "timestamp": 1686150138 - }, - { - "file_size": 27273966, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5555584, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12093885, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "f9461339c56853fd3b535f99bc72bd2b897591d0", - "timestamp": 1686150138 - }, - { - "file_size": 26257134, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4538752, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11077053, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "bbda585b97e741d2fb638684255a0c49daafadac", - "timestamp": 1686150138 - }, - { - "file_size": 26257134, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 20468590, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "bbda585b97e741d2fb638684255a0c49daafadac", - "timestamp": 1686150138 - }, - { - "file_size": 26257134, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4538752, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11077053, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "bbda585b97e741d2fb638684255a0c49daafadac", - "timestamp": 1686150138 - }, - { - "file_size": 4620288, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2649834, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2685878, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "102d0b298f078b7d115083307e4ca0ed1bcbd134", - "timestamp": 1686150138 - }, - { - "file_size": 4620288, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2649834, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2685878, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "102d0b298f078b7d115083307e4ca0ed1bcbd134", - "timestamp": 1686150138 - }, - { - "file_size": 489616, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 38581, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 22168, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "32de67e7b17be1d18964e2086362b34f3c7b3575", - "timestamp": 1686150138 - }, - { - "file_size": 489616, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 38581, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 22168, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "32de67e7b17be1d18964e2086362b34f3c7b3575", - "timestamp": 1686150138 - }, - { - "file_size": 33862, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 26439, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 23818, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "40caa9fe8fa64c0f9ba67298941a34d042cff179", - "timestamp": 1686150138 - }, - { - "file_size": 33862, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 26439, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 23818, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "40caa9fe8fa64c0f9ba67298941a34d042cff179", - "timestamp": 1686150138 - }, - { - "file_size": 85008, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27891, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 49445, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "37c285df8d320279049afa0c23fa334a3bbeda77", - "timestamp": 1686150139 - }, - { - "file_size": 85008, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27891, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 49445, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "37c285df8d320279049afa0c23fa334a3bbeda77", - "timestamp": 1686150139 - }, - { - "file_size": 27974382, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 22185838, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "153a8db91757b63b2d6f178bb9d02ea5208c9457", - "timestamp": 1686150139 - }, - { - "file_size": 27974382, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6256000, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12794301, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "153a8db91757b63b2d6f178bb9d02ea5208c9457", - "timestamp": 1686150139 - }, - { - "file_size": 27974382, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6256000, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12794301, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "153a8db91757b63b2d6f178bb9d02ea5208c9457", - "timestamp": 1686150139 - }, - { - "file_size": 28105966, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6387584, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12925885, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d50286aa8bb8c3014247b90adb746b25bfd31003", - "timestamp": 1686150139 - }, - { - "file_size": 28105966, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 22317422, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "d50286aa8bb8c3014247b90adb746b25bfd31003", - "timestamp": 1686150139 - }, - { - "file_size": 28105966, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6387584, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12925885, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d50286aa8bb8c3014247b90adb746b25bfd31003", - "timestamp": 1686150139 - }, - { - "file_size": 29250286, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7531904, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 14070205, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6c074b89819c235bdeb338af24c7c735ad0035ec", - "timestamp": 1686150140 - }, - { - "file_size": 29250286, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7531904, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 14070205, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6c074b89819c235bdeb338af24c7c735ad0035ec", - "timestamp": 1686150140 - }, - { - "file_size": 29250286, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 23461742, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "6c074b89819c235bdeb338af24c7c735ad0035ec", - "timestamp": 1686150140 - }, - { - "file_size": 58288120, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 41036824, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 23548621, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c9812fa79f7c7d3a61f8ed156a3f9047aba84256", - "timestamp": 1686150140 - }, - { - "file_size": 58288120, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 41036824, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 23548621, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c9812fa79f7c7d3a61f8ed156a3f9047aba84256", - "timestamp": 1686150140 - }, - { - "file_size": 27151086, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5432704, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11971005, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6f9101e3313d15831fe21dca4f41cd305a5a42b0", - "timestamp": 1686150140 - }, - { - "file_size": 27151086, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5432704, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11971005, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6f9101e3313d15831fe21dca4f41cd305a5a42b0", - "timestamp": 1686150140 - }, - { - "file_size": 27151086, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 21362542, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "6f9101e3313d15831fe21dca4f41cd305a5a42b0", - "timestamp": 1686150140 - }, - { - "file_size": 25467630, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3749248, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 10287549, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "54553aa667794ecaf466add2eb68115e655bb142", - "timestamp": 1686150142 - }, - { - "file_size": 25467630, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3749248, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 10287549, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "54553aa667794ecaf466add2eb68115e655bb142", - "timestamp": 1686150142 - }, - { - "file_size": 25467630, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 19679086, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "54553aa667794ecaf466add2eb68115e655bb142", - "timestamp": 1686150142 - }, - { - "file_size": 24958190, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3239808, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9778109, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "96485038e952a3ea5b05d3b73cb09e16746f05fe", - "timestamp": 1686150142 - }, - { - "file_size": 24958190, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 19169646, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "96485038e952a3ea5b05d3b73cb09e16746f05fe", - "timestamp": 1686150142 - }, - { - "file_size": 24958190, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3239808, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9778109, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "96485038e952a3ea5b05d3b73cb09e16746f05fe", - "timestamp": 1686150142 - }, - { - "file_size": 22632960, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 12832781, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 17325113, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d9470e93a7f0471df16a93a2df001e35f383b358", - "timestamp": 1686150143 - }, - { - "file_size": 22632960, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 12832781, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 17325113, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d9470e93a7f0471df16a93a2df001e35f383b358", - "timestamp": 1686150143 - }, - { - "file_size": 28521710, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6803328, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 13341629, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a9e434ae7946b87a7a35e1ceea2a3585c63364ff", - "timestamp": 1686150146 - }, - { - "file_size": 28521710, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 22733166, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "a9e434ae7946b87a7a35e1ceea2a3585c63364ff", - "timestamp": 1686150146 - }, - { - "file_size": 28521710, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6803328, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 13341629, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a9e434ae7946b87a7a35e1ceea2a3585c63364ff", - "timestamp": 1686150146 - }, - { - "file_size": 28730094, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7011712, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 13550013, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "722d9445761cedf9cf95b00a27484c98b198a087", - "timestamp": 1686150147 - }, - { - "file_size": 28730094, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 22941550, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "722d9445761cedf9cf95b00a27484c98b198a087", - "timestamp": 1686150147 - }, - { - "file_size": 28730094, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7011712, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 13550013, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "722d9445761cedf9cf95b00a27484c98b198a087", - "timestamp": 1686150147 - }, - { - "file_size": 19508784, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 14359504, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16198715, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a074e8cd0d7f96a1660eb8034c9d4bb659911d8c", - "timestamp": 1686150151 - }, - { - "file_size": 19508784, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 14359504, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16198715, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a074e8cd0d7f96a1660eb8034c9d4bb659911d8c", - "timestamp": 1686150151 - }, - { - "file_size": 134656, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4983, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3404, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "5c5149ddc70c1570f08aeaadf3ae7f9c0b62aa44", - "timestamp": 1686150153 - }, - { - "file_size": 134656, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4983, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3404, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "5c5149ddc70c1570f08aeaadf3ae7f9c0b62aa44", - "timestamp": 1686150153 - }, - { - "file_size": 123956, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 35591, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 57145, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4151684c657f55df0fbcf6f23e4ff59a3d434933", - "timestamp": 1686150154 - }, - { - "file_size": 123956, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 35591, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 57145, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4151684c657f55df0fbcf6f23e4ff59a3d434933", - "timestamp": 1686150154 - }, - { - "file_size": 89099, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27245, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48799, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c1c8b28dccfe8d0b1019ccd86c4a64b6deff30f6", - "timestamp": 1686150158 - }, - { - "file_size": 89099, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27245, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48799, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c1c8b28dccfe8d0b1019ccd86c4a64b6deff30f6", - "timestamp": 1686150158 - }, - { - "file_size": 526968, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 46, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 656, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9a1f873e7ca75688bb3ecf3538c673994ea8f06e", - "timestamp": 1686150159 - }, - { - "file_size": 526968, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 46, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 656, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9a1f873e7ca75688bb3ecf3538c673994ea8f06e", - "timestamp": 1686150159 - }, - { - "file_size": 3652720, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1101203, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1128397, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "946bccb4633670592563b838e8905d87d32006c9", - "timestamp": 1686150162 - }, - { - "file_size": 3652720, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1101203, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1128397, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "946bccb4633670592563b838e8905d87d32006c9", - "timestamp": 1686150162 - }, - { - "file_size": 9176564, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6268070, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7592405, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "30a5cb71610bf97bb780db06d1c3a685558cef60", - "timestamp": 1686150163 - }, - { - "file_size": 9176564, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6268070, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7592405, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "30a5cb71610bf97bb780db06d1c3a685558cef60", - "timestamp": 1686150163 - }, - { - "file_size": 6925744, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4923140, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4887861, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c552441469a45b5342205401366537d43dfbf1c3", - "timestamp": 1686150164 - }, - { - "file_size": 6925744, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4923140, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4887861, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c552441469a45b5342205401366537d43dfbf1c3", - "timestamp": 1686150164 - }, - { - "file_size": 7991496, - "file_type": "PE/Exe/NSIS", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2569503, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3902224, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9f236dccf15907ee09d04f6c8a451bd42b1d4e2d", - "timestamp": 1686150165 - }, - { - "file_size": 7991496, - "file_type": "PE/Exe/NSIS", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2569503, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3902224, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9f236dccf15907ee09d04f6c8a451bd42b1d4e2d", - "timestamp": 1686150165 - }, - { - "file_size": 5979364, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4057685, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4165750, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "967fcbf4e10d26548398eec462c166d1df722266", - "timestamp": 1686150165 - }, - { - "file_size": 5979364, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4057685, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4165750, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "967fcbf4e10d26548398eec462c166d1df722266", - "timestamp": 1686150165 - }, - { - "file_size": 9728028, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6334598, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6463104, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "5d2ee739905d5f78b6e31684f3bb92423647692b", - "timestamp": 1686150166 - }, - { - "file_size": 9728028, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6334598, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6463104, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "5d2ee739905d5f78b6e31684f3bb92423647692b", - "timestamp": 1686150166 - }, - { - "file_size": 8267816, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5914695, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5870746, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "bb7e753018fc4b3c1fdc780a364df59d2e566e67", - "timestamp": 1686150167 - }, - { - "file_size": 8267816, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5914695, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5870746, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "bb7e753018fc4b3c1fdc780a364df59d2e566e67", - "timestamp": 1686150167 - }, - { - "file_size": 6904424, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4921711, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5569145, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "750679ecdaac688baa60e32674e510f60cac2ba1", - "timestamp": 1686150167 - }, - { - "file_size": 6904424, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4921711, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5569145, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "750679ecdaac688baa60e32674e510f60cac2ba1", - "timestamp": 1686150167 - }, - { - "file_size": 8668000, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5790672, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5929530, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8d17ecf99008a1800aa77b798c53f75f34db635f", - "timestamp": 1686150167 - }, - { - "file_size": 8668000, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5790672, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5929530, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8d17ecf99008a1800aa77b798c53f75f34db635f", - "timestamp": 1686150167 - }, - { - "file_size": 8020420, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1730444, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1955210, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "098c13f1d5cc4b6038d67874cd2340c470047bde", - "timestamp": 1686150168 - }, - { - "file_size": 8020420, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1730444, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1955210, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "098c13f1d5cc4b6038d67874cd2340c470047bde", - "timestamp": 1686150168 - }, - { - "file_size": 9653972, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1796540, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1636817, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "683b6403118d4a672e2f31efef768346320c5d5d", - "timestamp": 1686150169 - }, - { - "file_size": 9653972, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1796540, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1636817, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "683b6403118d4a672e2f31efef768346320c5d5d", - "timestamp": 1686150169 - }, - { - "file_size": 5534364, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4320126, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4305821, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "2627f11c33033737de957cf52cc29297d0810371", - "timestamp": 1686150169 - }, - { - "file_size": 5534364, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4320126, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4305821, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "2627f11c33033737de957cf52cc29297d0810371", - "timestamp": 1686150169 - }, - { - "file_size": 10148688, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1961186, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2836228, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9834a9b1ff7edf23552ac4e15464a50ced1f90fa", - "timestamp": 1686150170 - }, - { - "file_size": 10148688, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1961186, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2836228, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9834a9b1ff7edf23552ac4e15464a50ced1f90fa", - "timestamp": 1686150170 - }, - { - "file_size": 8828660, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6406510, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6382932, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "48bd69a510ba602c73863ad2afb6b1455e858335", - "timestamp": 1686150170 - }, - { - "file_size": 8828660, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6406510, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6382932, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "48bd69a510ba602c73863ad2afb6b1455e858335", - "timestamp": 1686150170 - }, - { - "file_size": 6136097, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 3709386, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "5bc8ccc3bfd1b1c9bb5c14f442c70a32efa61a71", - "timestamp": 1686150172 - }, - { - "file_size": 19905987, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2216386, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1636129, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9f547ef8cba3b6f25f8c7fe2cacf62496c78cf09", - "timestamp": 1686150174 - }, - { - "file_size": 19905987, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2216386, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1636129, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9f547ef8cba3b6f25f8c7fe2cacf62496c78cf09", - "timestamp": 1686150174 - }, - { - "file_size": 1215488, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 576416, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "059403186f3a5d4832bd7bf3e137ab532076c37c", - "timestamp": 1686150175 - }, - { - "file_size": 62215476, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 25262900, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 53345796, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "af6b75fe56e8568402c36c11a851c31519729d09", - "timestamp": 1686150176 - }, - { - "file_size": 62215476, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 25262900, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 53345796, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "af6b75fe56e8568402c36c11a851c31519729d09", - "timestamp": 1686150176 - }, - { - "file_size": 62215476, - "file_type": "Binary/Archive/ZIP", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 53626293, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "af6b75fe56e8568402c36c11a851c31519729d09", - "timestamp": 1686150176 - }, - { - "file_size": 8790228, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5984952, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7594298, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "791352f0f97961d04505e72dbbc4c90521823212", - "timestamp": 1686150176 - }, - { - "file_size": 8790228, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5984952, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7594298, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "791352f0f97961d04505e72dbbc4c90521823212", - "timestamp": 1686150176 - }, - { - "file_size": 3970896, - "file_type": "PE/.Net Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1384326, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3217764, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "739c8e7a85bf46ced7d5926d46f5327b03c13e39", - "timestamp": 1686150177 - }, - { - "file_size": 3970896, - "file_type": "PE/.Net Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1384326, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3217764, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "739c8e7a85bf46ced7d5926d46f5327b03c13e39", - "timestamp": 1686150177 - }, - { - "file_size": 370759, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 120638, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "d15409e85cbcd767078d35da6402415a8786b261", - "timestamp": 1686150178 - }, - { - "file_size": 19508784, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 14359504, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16198715, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a074e8cd0d7f96a1660eb8034c9d4bb659911d8c", - "timestamp": 1686150178 - }, - { - "file_size": 19508784, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 14359504, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16198715, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a074e8cd0d7f96a1660eb8034c9d4bb659911d8c", - "timestamp": 1686150178 - }, - { - "file_size": 9376260, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6790310, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7997401, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "69b79a4acbecc8d616965ccde616fbed0bce6bb6", - "timestamp": 1686150180 - }, - { - "file_size": 9376260, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6790310, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7997401, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "69b79a4acbecc8d616965ccde616fbed0bce6bb6", - "timestamp": 1686150180 - }, - { - "file_size": 25092884, - "file_type": "PE/Exe/NSIS", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3544155, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3318615, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0061d1045777f0d4ffa785a37224981e663cadef", - "timestamp": 1686150187 - }, - { - "file_size": 25092884, - "file_type": "PE/Exe/NSIS", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3544155, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3318615, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0061d1045777f0d4ffa785a37224981e663cadef", - "timestamp": 1686150187 - }, - { - "file_size": 29217518, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 23428974, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0", - "timestamp": 1686150197 - }, - { - "file_size": 29217518, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7499136, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 14037437, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0", - "timestamp": 1686150197 - }, - { - "file_size": 29217518, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7499136, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 14037437, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0", - "timestamp": 1686150197 - }, - { - "file_size": 29422318, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7703936, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 14242237, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a90063b91d8f19cd55120a84a2264dbb56e46594", - "timestamp": 1686150197 - }, - { - "file_size": 29422318, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 23633774, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "a90063b91d8f19cd55120a84a2264dbb56e46594", - "timestamp": 1686150197 - }, - { - "file_size": 29422318, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7703936, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 14242237, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a90063b91d8f19cd55120a84a2264dbb56e46594", - "timestamp": 1686150197 - }, - { - "file_size": 25040110, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3321728, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9860029, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229", - "timestamp": 1686150199 - }, - { - "file_size": 25040110, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 19251566, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229", - "timestamp": 1686150199 - }, - { - "file_size": 25040110, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3321728, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 9860029, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229", - "timestamp": 1686150199 - }, - { - "file_size": 28910318, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7191936, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 13730237, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "765176df2ecd44d2f33c9a3e09cfffd38b86dc64", - "timestamp": 1686150200 - }, - { - "file_size": 28910318, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7191936, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 13730237, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "765176df2ecd44d2f33c9a3e09cfffd38b86dc64", - "timestamp": 1686150200 - }, - { - "file_size": 28910318, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 23121774, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "765176df2ecd44d2f33c9a3e09cfffd38b86dc64", - "timestamp": 1686150200 - }, - { - "file_size": 32130008, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 977110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 761738, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "ae7ff1a8ecc631ba5589735ad0fafbe18d1c41e5", - "timestamp": 1686150201 - }, - { - "file_size": 32130008, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 977110, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 761738, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "ae7ff1a8ecc631ba5589735ad0fafbe18d1c41e5", - "timestamp": 1686150201 - }, - { - "file_size": 66892302, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3139247, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2558990, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "5e440414494a26e2ee213b9b681d867ad39b9f80", - "timestamp": 1686150214 - }, - { - "file_size": 66892302, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3139247, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2558990, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "5e440414494a26e2ee213b9b681d867ad39b9f80", - "timestamp": 1686150214 - }, - { - "file_size": 166833664, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 143364306, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 146750644, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6adeec98314a2649c39350736d889cd272a391b8", - "timestamp": 1686150221 - }, - { - "file_size": 166833664, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 143364306, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 146750644, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6adeec98314a2649c39350736d889cd272a391b8", - "timestamp": 1686150221 - }, - { - "file_size": 138356736, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 113475200, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 116917070, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "eb3c36c843befc50091898fb978f83d45d32e422", - "timestamp": 1686150228 - }, - { - "file_size": 138356736, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 113475200, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 116917070, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "eb3c36c843befc50091898fb978f83d45d32e422", - "timestamp": 1686150228 - }, - { - "file_size": 93670, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 28715, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 50269, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c3a0a929800a0ebe66ac85e6667c6644e872b09d", - "timestamp": 1686150231 - }, - { - "file_size": 93670, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 28715, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 50269, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c3a0a929800a0ebe66ac85e6667c6644e872b09d", - "timestamp": 1686150231 - }, - { - "file_size": 8553924, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5876359, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6986177, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a3b265af2589cf44aecb2049803a5a4ff84bb202", - "timestamp": 1686150232 - }, - { - "file_size": 8553924, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5876359, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6986177, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a3b265af2589cf44aecb2049803a5a4ff84bb202", - "timestamp": 1686150232 - }, - { - "file_size": 88241, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27207, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48761, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c2643a9a4997e6e3e51685cab2f9c6fd4abc7611", - "timestamp": 1686150237 - }, - { - "file_size": 88241, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27207, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48761, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c2643a9a4997e6e3e51685cab2f9c6fd4abc7611", - "timestamp": 1686150237 - }, - { - "file_size": 9414708, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6335661, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6370528, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7d304cf9efb664f2ccd968904d504ed8c576e654", - "timestamp": 1686150239 - }, - { - "file_size": 9414708, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6335661, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6370528, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7d304cf9efb664f2ccd968904d504ed8c576e654", - "timestamp": 1686150239 - }, - { - "file_size": 10379992, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6814165, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8323239, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "fb499f3e7de44f21eb9cb1a956f3f767d4ed47f0", - "timestamp": 1686150241 - }, - { - "file_size": 10379992, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6814165, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8323239, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "fb499f3e7de44f21eb9cb1a956f3f767d4ed47f0", - "timestamp": 1686150241 - }, - { - "file_size": 5250, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2325, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4097, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "630991c60909126d75f94b113fd177180f6712ea", - "timestamp": 1686150245 - }, - { - "file_size": 5250, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2325, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4097, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "630991c60909126d75f94b113fd177180f6712ea", - "timestamp": 1686150245 - }, - { - "file_size": 82432, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3828, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4798, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "797c389bd066a4a04c2bce344cb60123443ec81e", - "timestamp": 1686150247 - }, - { - "file_size": 82432, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3828, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4798, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "797c389bd066a4a04c2bce344cb60123443ec81e", - "timestamp": 1686150247 - }, - { - "file_size": 111806, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 29792, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 51346, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8ad9ad7f0468ebd22e0d9e8384c4a107857333a5", - "timestamp": 1686150247 - }, - { - "file_size": 111806, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 29792, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 51346, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8ad9ad7f0468ebd22e0d9e8384c4a107857333a5", - "timestamp": 1686150247 - }, - { - "file_size": 27570, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 15335, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 19448, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1bfc6472d02cab3b91ce506a17d9cad64804871c", - "timestamp": 1686150248 - }, - { - "file_size": 27570, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 15335, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 19448, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1bfc6472d02cab3b91ce506a17d9cad64804871c", - "timestamp": 1686150248 - }, - { - "file_size": 450048, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 288291, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 221176, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "111bcee00d7c3d6df8c1420ee0de782eb1937133", - "timestamp": 1686150248 - }, - { - "file_size": 450048, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 288291, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 221176, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "111bcee00d7c3d6df8c1420ee0de782eb1937133", - "timestamp": 1686150248 - }, - { - "file_size": 2600888, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2163112, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2014788, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7e32d3bc9afd569852093401de5c4bb5f44b76ff", - "timestamp": 1686150249 - }, - { - "file_size": 2600888, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2163112, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2014788, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7e32d3bc9afd569852093401de5c4bb5f44b76ff", - "timestamp": 1686150249 - }, - { - "file_size": 175221, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 35882, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 57436, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "423a146bc73d434a9f39de260f567dd8d0258d47", - "timestamp": 1686150250 - }, - { - "file_size": 175221, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 35882, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 57436, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "423a146bc73d434a9f39de260f567dd8d0258d47", - "timestamp": 1686150250 - }, - { - "file_size": 8509312, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6222960, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6167524, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "19b22d0a540bac402aa018c7df49bd97bf02f44a", - "timestamp": 1686150251 - }, - { - "file_size": 8509312, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6222960, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6167524, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "19b22d0a540bac402aa018c7df49bd97bf02f44a", - "timestamp": 1686150251 - }, - { - "file_size": 80864416, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2597762, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2017505, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "e8a00ce275d0d66559cadb01b10a0ae2d441c60d", - "timestamp": 1686150258 - }, - { - "file_size": 80864416, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2597762, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2017505, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "e8a00ce275d0d66559cadb01b10a0ae2d441c60d", - "timestamp": 1686150258 - }, - { - "file_size": 20964640, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7215661, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11972784, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "e8aeecd01fdf0e1521090598c2180f5cb575f6e6", - "timestamp": 1686150261 - }, - { - "file_size": 20964640, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7215661, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11972784, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "e8aeecd01fdf0e1521090598c2180f5cb575f6e6", - "timestamp": 1686150261 - }, - { - "file_size": 275456, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5162, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6481, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c11a9ca1d3c3b6eaa69adcf6eb9f4c723e990aec", - "timestamp": 1686150261 - }, - { - "file_size": 275456, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5162, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6481, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c11a9ca1d3c3b6eaa69adcf6eb9f4c723e990aec", - "timestamp": 1686150261 - }, - { - "file_size": 87323, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27477, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 49031, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "19f3b61586f5cb7808ed718fae3b99408fcde7b8", - "timestamp": 1686150263 - }, - { - "file_size": 87323, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27477, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 49031, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "19f3b61586f5cb7808ed718fae3b99408fcde7b8", - "timestamp": 1686150263 - }, - { - "file_size": 12437976, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 10483381, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 10170287, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "bd599890f96bfd2cb617bc1155bd15fc40a084ed", - "timestamp": 1686150266 - }, - { - "file_size": 12437976, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 10483381, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 10170287, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "bd599890f96bfd2cb617bc1155bd15fc40a084ed", - "timestamp": 1686150266 - }, - { - "file_size": 10148938, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 864896, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 14986, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0233a0fec543e6232060515a2e26cc58c2a75623", - "timestamp": 1686150268 - }, - { - "file_size": 10148938, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 864896, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 14986, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0233a0fec543e6232060515a2e26cc58c2a75623", - "timestamp": 1686150268 - }, - { - "file_size": 9892620, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6562492, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7558230, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "75f9a61c03ade1bbb0cb9046a95a50c6c6fbc09a", - "timestamp": 1686150270 - }, - { - "file_size": 9892620, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6562492, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 7558230, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "75f9a61c03ade1bbb0cb9046a95a50c6c6fbc09a", - "timestamp": 1686150270 - }, - { - "file_size": 9560808, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6901970, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6907982, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "fbcc73b821ae5184783a597050d8ebd62835bfc9", - "timestamp": 1686150270 - }, - { - "file_size": 9560808, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6901970, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6907982, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "fbcc73b821ae5184783a597050d8ebd62835bfc9", - "timestamp": 1686150270 - }, - { - "file_size": 18831446, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 265862, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12964500, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "25e03817dafe65daaa426190b00318324d21cf71", - "timestamp": 1686150270 - }, - { - "file_size": 18831446, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 265862, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12964500, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "25e03817dafe65daaa426190b00318324d21cf71", - "timestamp": 1686150270 - }, - { - "file_size": 8165976, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3933805, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4859118, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "f4678063bfee99893461cd18f9ec4556382d102f", - "timestamp": 1686150272 - }, - { - "file_size": 8165976, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3933805, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4859118, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "f4678063bfee99893461cd18f9ec4556382d102f", - "timestamp": 1686150272 - }, - { - "file_size": 101077, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27765, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 49319, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "62ea9191258518515b4be63a7c69a39b918bd28a", - "timestamp": 1686150272 - }, - { - "file_size": 101077, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27765, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 49319, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "62ea9191258518515b4be63a7c69a39b918bd28a", - "timestamp": 1686150272 - }, - { - "file_size": 8092688, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1464386, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2192617, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "e1e78ef90f835f32fb9bd89fc074c22f7748f3e3", - "timestamp": 1686150273 - }, - { - "file_size": 8092688, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1464386, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2192617, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "e1e78ef90f835f32fb9bd89fc074c22f7748f3e3", - "timestamp": 1686150273 - }, - { - "file_size": 9136128, - "file_type": "PE/.Net Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3935869, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3109983, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "48672736929745d0f2716882ccdb099501cb6b1e", - "timestamp": 1686150274 - }, - { - "file_size": 9136128, - "file_type": "PE/.Net Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3935869, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3109983, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "48672736929745d0f2716882ccdb099501cb6b1e", - "timestamp": 1686150274 - }, - { - "file_size": 6035544, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2875148, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3522427, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9d0c0632f5948623baa3c1ff47e51cb7d7fa2e91", - "timestamp": 1686150275 - }, - { - "file_size": 6035544, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 2875148, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3522427, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9d0c0632f5948623baa3c1ff47e51cb7d7fa2e91", - "timestamp": 1686150275 - }, - { - "file_size": 13500336, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 11443773, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11133887, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1ceec28970dbdc86c09768fdc2bfa305fce4d261", - "timestamp": 1686150276 - }, - { - "file_size": 13500336, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 11443773, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11133887, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1ceec28970dbdc86c09768fdc2bfa305fce4d261", - "timestamp": 1686150276 - }, - { - "file_size": 3376319, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 245960, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 15314, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "efd9d71b0975e5847c4615faf5afc5e9f7210ae3", - "timestamp": 1686150277 - }, - { - "file_size": 3376319, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 245960, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 15314, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "efd9d71b0975e5847c4615faf5afc5e9f7210ae3", - "timestamp": 1686150277 - }, - { - "file_size": 103016, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 33875, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 55429, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "e412e2c41f29f865786ecf493deafd266c779d88", - "timestamp": 1686150277 - }, - { - "file_size": 103016, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 33875, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 55429, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "e412e2c41f29f865786ecf493deafd266c779d88", - "timestamp": 1686150277 - }, - { - "file_size": 7885612, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6087984, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6053339, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "80430d7fd0fc7c60d98a89aed4c7bb4495aa6379", - "timestamp": 1686150278 - }, - { - "file_size": 7885612, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6087984, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6053339, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "80430d7fd0fc7c60d98a89aed4c7bb4495aa6379", - "timestamp": 1686150278 - }, - { - "file_size": 14178816, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4320653, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5427992, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "ebde3e5d4f5dad37d897d676df2240e7e40e08fe", - "timestamp": 1686150278 - }, - { - "file_size": 14178816, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4320653, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5427992, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "ebde3e5d4f5dad37d897d676df2240e7e40e08fe", - "timestamp": 1686150278 - }, - { - "file_size": 272896, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8053, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6460, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "3a1800e643dae8652354dc0e1d09e0fdd010f6a4", - "timestamp": 1686150279 - }, - { - "file_size": 272896, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 8053, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6460, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "3a1800e643dae8652354dc0e1d09e0fdd010f6a4", - "timestamp": 1686150279 - }, - { - "file_size": 689819, - "file_type": "Document/None/RTF", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 533244, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 590406, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "5eb3615197888c564cc0190dcb59bc20c7f5cbd9", - "timestamp": 1686150283 - }, - { - "file_size": 689819, - "file_type": "Document/None/RTF", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 533244, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 590406, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "5eb3615197888c564cc0190dcb59bc20c7f5cbd9", - "timestamp": 1686150283 - }, - { - "file_size": 7179516, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1496148, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1515461, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8a89d0ad8c999e16a2226fddf4096770486212dd", - "timestamp": 1686150284 - }, - { - "file_size": 7179516, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1496148, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1515461, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8a89d0ad8c999e16a2226fddf4096770486212dd", - "timestamp": 1686150284 - }, - { - "file_size": 8096528, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5711198, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5832392, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0e753811a1a4bda820926842ce75c4e28c955919", - "timestamp": 1686150287 - }, - { - "file_size": 8096528, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5711198, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5832392, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0e753811a1a4bda820926842ce75c4e28c955919", - "timestamp": 1686150287 - }, - { - "file_size": 1766139, - "file_type": "Text/None", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 260148, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 825848, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8a6f27250902702f78938252e2671205790648d4", - "timestamp": 1686150288 - }, - { - "file_size": 1766139, - "file_type": "Text/None", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 260148, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 825848, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8a6f27250902702f78938252e2671205790648d4", - "timestamp": 1686150288 - }, - { - "file_size": 10031584, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6627232, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6604495, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8913aed7d56e63add8ed8f65622454ab0b0ed007", - "timestamp": 1686150290 - }, - { - "file_size": 10031584, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6627232, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6604495, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8913aed7d56e63add8ed8f65622454ab0b0ed007", - "timestamp": 1686150290 - }, - { - "file_size": 6598488, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1651604, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2536422, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "03de2c6afdf55d2e9fe71e126a4d8c3bd5a6e513", - "timestamp": 1686150293 - }, - { - "file_size": 6598488, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1651604, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2536422, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "03de2c6afdf55d2e9fe71e126a4d8c3bd5a6e513", - "timestamp": 1686150293 - }, - { - "file_size": 8198736, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1724241, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1717079, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "2a770424281587e72a70f2b38c6393ee43fcb8fe", - "timestamp": 1686150293 - }, - { - "file_size": 8198736, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1724241, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1717079, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "2a770424281587e72a70f2b38c6393ee43fcb8fe", - "timestamp": 1686150293 - }, - { - "file_size": 8041928, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6164307, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6028674, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "58a086af9f4be29846114490255f118299ee9988", - "timestamp": 1686150298 - }, - { - "file_size": 8041928, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6164307, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6028674, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "58a086af9f4be29846114490255f118299ee9988", - "timestamp": 1686150298 - }, - { - "file_size": 22636544, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 12836365, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 17328505, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4a066f4da5351af20dcc6848fcca14ac7237022d", - "timestamp": 1686150304 - }, - { - "file_size": 22636544, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 12836365, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 17328505, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4a066f4da5351af20dcc6848fcca14ac7237022d", - "timestamp": 1686150304 - }, - { - "file_size": 31212344, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 25069984, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 24741844, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "de4fab5048313f8ea6d87b1821bfc8707463f688", - "timestamp": 1686150308 - }, - { - "file_size": 31212344, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 25069984, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 24741844, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "de4fab5048313f8ea6d87b1821bfc8707463f688", - "timestamp": 1686150308 - }, - { - "file_size": 46181234, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 28136043, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 340000, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a7dd7dbd677a352cade7696363a2b69827ed9efa", - "timestamp": 1686150316 - }, - { - "file_size": 46181234, - "file_type": "PE/.Net Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 28136043, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 340000, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a7dd7dbd677a352cade7696363a2b69827ed9efa", - "timestamp": 1686150316 - }, - { - "file_size": 4268456, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1053136, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1079585, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "55d4bb310cf6f691bf7917630349e60f91e69883", - "timestamp": 1686150328 - }, - { - "file_size": 4268456, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1053136, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1079585, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "55d4bb310cf6f691bf7917630349e60f91e69883", - "timestamp": 1686150328 - }, - { - "file_size": 711168, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 22283, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 140714, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1cc796892a6c83da4f9d64c7ac496f48e9e87462", - "timestamp": 1686150331 - }, - { - "file_size": 711168, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 22283, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 140714, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1cc796892a6c83da4f9d64c7ac496f48e9e87462", - "timestamp": 1686150331 - }, - { - "file_size": 81041, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 26719, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48030, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "fac13be0be3051b4ea5dd0299de7297c50eca677", - "timestamp": 1686150331 - }, - { - "file_size": 81041, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 26719, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 48030, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "fac13be0be3051b4ea5dd0299de7297c50eca677", - "timestamp": 1686150331 - }, - { - "file_size": 2149088, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1486348, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1792360, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "918840817f162ce48336914897b0a2b9e94159c6", - "timestamp": 1686150332 - }, - { - "file_size": 2149088, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1486348, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1792360, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "918840817f162ce48336914897b0a2b9e94159c6", - "timestamp": 1686150332 - }, - { - "file_size": 83456, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3829, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4736, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7d2d0a954430071976be168e02000021fe3f8d47", - "timestamp": 1686150334 - }, - { - "file_size": 83456, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3829, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4736, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7d2d0a954430071976be168e02000021fe3f8d47", - "timestamp": 1686150334 - }, - { - "file_size": 81703, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 29471, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 51025, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0de6b65809ff0a806b84af7878f46ab7b0961e58", - "timestamp": 1686150335 - }, - { - "file_size": 81703, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 29471, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 51025, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "0de6b65809ff0a806b84af7878f46ab7b0961e58", - "timestamp": 1686150335 - }, - { - "file_size": 1986332, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1489941, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1578610, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "cefdbcf177848c3dbc4660ffa92e0971429717e6", - "timestamp": 1686150335 - }, - { - "file_size": 1986332, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1489941, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1578610, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "cefdbcf177848c3dbc4660ffa92e0971429717e6", - "timestamp": 1686150335 - }, - { - "file_size": 454144, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 282176, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 220548, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "e4794fefadbba8fcb81540281ccccb949cccd828", - "timestamp": 1686150336 - }, - { - "file_size": 454144, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 282176, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 220548, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "e4794fefadbba8fcb81540281ccccb949cccd828", - "timestamp": 1686150336 - }, - { - "file_size": 18366038, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7030388, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12499092, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "b8c11b6867eaec662e5217df5c861393fa6220e6", - "timestamp": 1686150336 - }, - { - "file_size": 18366038, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7030388, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12499092, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "b8c11b6867eaec662e5217df5c861393fa6220e6", - "timestamp": 1686150336 - }, - { - "file_size": 8588884, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6284895, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6248087, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d9a5feabf05c02918500526e08a432cee2b65615", - "timestamp": 1686150337 - }, - { - "file_size": 8588884, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6284895, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6248087, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d9a5feabf05c02918500526e08a432cee2b65615", - "timestamp": 1686150337 - }, - { - "file_size": 9326836, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6567307, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6759624, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "dfb89e0653f80361906802592cd76c3dfbbe0881", - "timestamp": 1686150337 - }, - { - "file_size": 9326836, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6567307, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6759624, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "dfb89e0653f80361906802592cd76c3dfbbe0881", - "timestamp": 1686150337 - }, - { - "file_size": 150057, - "file_type": "Document/None/PDF", - "rule": [ - { - "identifier": "ExampleRule", - "matched_data": [ - { - "match_offset": 116422, - "matched_string": "dGV4dCBoZXJl\n", - "string_identifier": "JG15X3RleHRfc3RyaW5n\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset2", - "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c", - "sample_available": false, - "sha1": "db9a5761f9beda80273964d79aa8bf589ea00f9d", - "timestamp": 1686150338 - }, - { - "file_size": 101408, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27646, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 49200, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "920811cc5d0f3a9218886cc0c35f60793859ccff", - "timestamp": 1686150340 - }, - { - "file_size": 101408, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 27646, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 49200, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "920811cc5d0f3a9218886cc0c35f60793859ccff", - "timestamp": 1686150340 - }, - { - "file_size": 17661014, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6325364, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11794068, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "86e5a6461a4c70641f1d9f05b363a6ee9ad9e967", - "timestamp": 1686150341 - }, - { - "file_size": 17661014, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6325364, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11794068, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "86e5a6461a4c70641f1d9f05b363a6ee9ad9e967", - "timestamp": 1686150341 - }, - { - "file_size": 17709654, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6374004, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11842708, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d0286f449fe9b310149eba7c643ef32980b20c0a", - "timestamp": 1686150343 - }, - { - "file_size": 17709654, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6374004, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 11842708, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d0286f449fe9b310149eba7c643ef32980b20c0a", - "timestamp": 1686150343 - }, - { - "file_size": 18516054, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7180404, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12649108, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a629d0a626ea29b61a59fa12f74ecae92f111d2b", - "timestamp": 1686150345 - }, - { - "file_size": 18516054, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7180404, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12649108, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "a629d0a626ea29b61a59fa12f74ecae92f111d2b", - "timestamp": 1686150345 - }, - { - "file_size": 13872608, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 9059948, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8952253, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9583081e5b7c0f4f74b2222a23fc058d667ab595", - "timestamp": 1686150351 - }, - { - "file_size": 13872608, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 9059948, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8952253, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9583081e5b7c0f4f74b2222a23fc058d667ab595", - "timestamp": 1686150351 - }, - { - "file_size": 82432, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3812, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4691, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "39d12fff02df078867efb755f7353480b5f6c0bc", - "timestamp": 1686150357 - }, - { - "file_size": 82432, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3812, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4691, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "39d12fff02df078867efb755f7353480b5f6c0bc", - "timestamp": 1686150357 - }, - { - "file_size": 2272971, - "file_type": "Text/None", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 74664, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 619547, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "67c71d50582dea8fedfe6a3b234936a626ffaeb2", - "timestamp": 1686150357 - }, - { - "file_size": 2272971, - "file_type": "Text/None", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 74664, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 619547, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "67c71d50582dea8fedfe6a3b234936a626ffaeb2", - "timestamp": 1686150357 - }, - { - "file_size": 8879376, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5745648, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5751012, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1a773ba334a1fc0f818bbd42f77a4e1d946065a9", - "timestamp": 1686150360 - }, - { - "file_size": 8879376, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5745648, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5751012, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1a773ba334a1fc0f818bbd42f77a4e1d946065a9", - "timestamp": 1686150360 - }, - { - "file_size": 7755441, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 406771, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 21825, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "812184db6861a00260557e33605b51d0042ff585", - "timestamp": 1686150360 - }, - { - "file_size": 7755441, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 406771, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 21825, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "812184db6861a00260557e33605b51d0042ff585", - "timestamp": 1686150360 - }, - { - "file_size": 5618928, - "file_type": "MachO32 Little/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3904124, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4378424, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d1b2e67d1e6066e353d169cfcdcb67b76360ad94", - "timestamp": 1686150361 - }, - { - "file_size": 5618928, - "file_type": "MachO32 Little/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3904124, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4378424, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "d1b2e67d1e6066e353d169cfcdcb67b76360ad94", - "timestamp": 1686150361 - }, - { - "file_size": 7870848, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5851887, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5929958, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "350122e4dba72eec4fcf1b5b91d172335c85d7a9", - "timestamp": 1686150369 - }, - { - "file_size": 7870848, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5851887, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5929958, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "350122e4dba72eec4fcf1b5b91d172335c85d7a9", - "timestamp": 1686150369 - }, - { - "file_size": 8173600, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5940668, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5601532, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "ecc1080cc4303734260b958a79cefb40ae6d0153", - "timestamp": 1686150372 - }, - { - "file_size": 8173600, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 5940668, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5601532, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "ecc1080cc4303734260b958a79cefb40ae6d0153", - "timestamp": 1686150372 - }, - { - "file_size": 366711, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 83827, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 363899, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "cf2f0e2acfc86560055a39013db63285b1d78a03", - "timestamp": 1686150388 - }, - { - "file_size": 366711, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 83827, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 363899, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "cf2f0e2acfc86560055a39013db63285b1d78a03", - "timestamp": 1686150388 - }, - { - "file_size": 9487360, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6897389, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6936885, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4106e8b239bb92d9fa524b3a6d667c7115b0b666", - "timestamp": 1686150401 - }, - { - "file_size": 9487360, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6897389, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6936885, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4106e8b239bb92d9fa524b3a6d667c7115b0b666", - "timestamp": 1686150401 - }, - { - "file_size": 58555814, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1184014, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 10951600, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7c14bdf271b74f35da06091594293c7502c82107", - "timestamp": 1686150401 - }, - { - "file_size": 58555814, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1184014, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 10951600, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "7c14bdf271b74f35da06091594293c7502c82107", - "timestamp": 1686150401 - }, - { - "file_size": 366706, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 83826, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 363894, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "52a6a217b72415fc38bde13c0f077e47671a7845", - "timestamp": 1686150410 - }, - { - "file_size": 366706, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 83826, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 363894, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "52a6a217b72415fc38bde13c0f077e47671a7845", - "timestamp": 1686150410 - }, - { - "file_size": 21275520, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7310445, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12111641, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9dc59205f47be9eac8046b5b259f2ccf65ceddc6", - "timestamp": 1686150414 - }, - { - "file_size": 21275520, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7310445, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12111641, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "9dc59205f47be9eac8046b5b259f2ccf65ceddc6", - "timestamp": 1686150414 - }, - { - "file_size": 86684, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 34414, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 55968, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4120782b6b598f4a7e95b4c480c791cffe37a268", - "timestamp": 1686150422 - }, - { - "file_size": 86684, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 34414, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 55968, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4120782b6b598f4a7e95b4c480c791cffe37a268", - "timestamp": 1686150422 - }, - { - "file_size": 5327272, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3979083, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2767474, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "eb86c40eb9e7de2c827db61b705530e5945c4562", - "timestamp": 1686150442 - }, - { - "file_size": 5327272, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3979083, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2767474, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "eb86c40eb9e7de2c827db61b705530e5945c4562", - "timestamp": 1686150442 - }, - { - "file_size": 1686113, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 192055, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16350, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8d02b28113241f8c6bb4f6313a19950876eca116", - "timestamp": 1686150448 - }, - { - "file_size": 1686113, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 192055, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 16350, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "8d02b28113241f8c6bb4f6313a19950876eca116", - "timestamp": 1686150448 - }, - { - "file_size": 35515, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 34829, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 22757, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4767545f40d35fbfee5bbd359fe6be615e679ff9", - "timestamp": 1686150452 - }, - { - "file_size": 35515, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 34829, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 22757, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4767545f40d35fbfee5bbd359fe6be615e679ff9", - "timestamp": 1686150452 - }, - { - "file_size": 7892976, - "file_type": "ELF64 Little/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3577820, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3615204, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "94c89fd87cf33f18c9b1783bb133633aa5b28234", - "timestamp": 1686150454 - }, - { - "file_size": 7892976, - "file_type": "ELF64 Little/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3577820, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 3615204, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "94c89fd87cf33f18c9b1783bb133633aa5b28234", - "timestamp": 1686150454 - }, - { - "file_size": 242700, - "file_type": "Document/None/RTF", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 31895, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 41619, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "3d526a12778e918e2350d23aa02bfa7cd2c448d0", - "timestamp": 1686150455 - }, - { - "file_size": 242700, - "file_type": "Document/None/RTF", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 31895, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 41619, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "3d526a12778e918e2350d23aa02bfa7cd2c448d0", - "timestamp": 1686150455 - }, - { - "file_size": 7525504, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1861301, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1676862, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "b2eed81dd77100042b7e918b4f5cacc2d6444aa6", - "timestamp": 1686150455 - }, - { - "file_size": 7525504, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 1861301, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1676862, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "b2eed81dd77100042b7e918b4f5cacc2d6444aa6", - "timestamp": 1686150455 - }, - { - "file_size": 74127, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 26665, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 47554, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c1ad6cf9c783302cedf77c209ae4d5a11d05b07f", - "timestamp": 1686150464 - }, - { - "file_size": 74127, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 26665, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 47554, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "c1ad6cf9c783302cedf77c209ae4d5a11d05b07f", - "timestamp": 1686150464 - }, - { - "file_size": 6306744, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4682682, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5358994, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1fa90eebb148c20a065f0a78d5794f00c7bb51a4", - "timestamp": 1686150481 - }, - { - "file_size": 6306744, - "file_type": "DEX/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 4682682, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 5358994, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "1fa90eebb148c20a065f0a78d5794f00c7bb51a4", - "timestamp": 1686150481 - }, - { - "file_size": 8729572, - "file_type": "PE/Exe/NSIS", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3118958, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2893418, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6eebfafb77dac46dd9a0541cbd719f59d18ae74a", - "timestamp": 1686150486 - }, - { - "file_size": 8729572, - "file_type": "PE/Exe/NSIS", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3118958, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 2893418, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6eebfafb77dac46dd9a0541cbd719f59d18ae74a", - "timestamp": 1686150486 - }, - { - "file_size": 662567, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 467856, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 24033, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4273c4cdb874a9caeddfb76f5e712480246928a6", - "timestamp": 1686150489 - }, - { - "file_size": 662567, - "file_type": "Email/None/MIME", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 467856, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 24033, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4273c4cdb874a9caeddfb76f5e712480246928a6", - "timestamp": 1686150489 - }, - { - "file_size": 366703, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 83825, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 363891, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4791aa7a9d8123b974c9b3e41fc3269bfa287c28", - "timestamp": 1686150489 - }, - { - "file_size": 366703, - "file_type": "Text/HTML/HTML", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 83825, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 363891, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "4791aa7a9d8123b974c9b3e41fc3269bfa287c28", - "timestamp": 1686150489 - }, - { - "file_size": 18824790, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 259206, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12957844, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "3d779c8998dfba56449ad09dbd24db692d2b6528", - "timestamp": 1686150490 - }, - { - "file_size": 18824790, - "file_type": "PE/Dll", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 259206, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 12957844, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "3d779c8998dfba56449ad09dbd24db692d2b6528", - "timestamp": 1686150490 - }, - { - "file_size": 8471556, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7414380, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6887310, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "f10efe378fb0fa90ca1ee5dcdfee615b1473a74e", - "timestamp": 1686150490 - }, - { - "file_size": 8471556, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 7414380, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 6887310, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "f10efe378fb0fa90ca1ee5dcdfee615b1473a74e", - "timestamp": 1686150490 - }, - { - "file_size": 81408, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3819, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4611, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "76c28f712820786cbe6cbeb7f9789480a7ac3b23", - "timestamp": 1686150491 - }, - { - "file_size": 81408, - "file_type": "Binary/Archive/Compound", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 3819, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 4611, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "76c28f712820786cbe6cbeb7f9789480a7ac3b23", - "timestamp": 1686150491 - }, - { - "file_size": 13890720, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 9051048, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8736852, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "121299e36826d127762d70605c78118223be66a3", - "timestamp": 1686150497 - }, - { - "file_size": 13890720, - "file_type": "PE+/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 9051048, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 8736852, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "121299e36826d127762d70605c78118223be66a3", - "timestamp": 1686150497 - }, - { - "file_size": 18482183, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6662509, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1459423, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "SuperHunt", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6010aef2725e64cdeab0e91df479bf0e0a7be14c", - "timestamp": 1686150499 - }, - { - "file_size": 18482183, - "file_type": "PE/Exe", - "rule": [ - { - "identifier": "Example", - "matched_data": [ - { - "match_offset": 6662509, - "matched_string": "cGF5\n", - "string_identifier": "JHN0cmluZzE=\n" - }, - { - "match_offset": 1459423, - "matched_string": "aW1tZWRpYXRlbHk=\n", - "string_identifier": "JHN0cmluZzI=\n" - } - ], - "meta": [], - "tag": [] - } - ], - "ruleset_name": "ruleset1", - "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508", - "sample_available": false, - "sha1": "6010aef2725e64cdeab0e91df479bf0e0a7be14c", - "timestamp": 1686150499 - } - ], - "last_timestamp": 1686150499, - "name": "YARA Match Continuous Feed", - "time_range": { - "from": "Wed, 07 Jun 2023 14:55:26 +0000", - "to": "Wed, 07 Jun 2023 15:08:19 +0000" - } - } - } - } - } -} -``` - -#### Human Readable Output - ->## ReversingLabs YARA Matches Feed for time value 1686149726 -> **Last timestamp**: 1686150499 -> **From**: Wed, 07 Jun 2023 14:55:26 +0000 -> **To**: Wed, 07 Jun 2023 15:08:19 +0000 -> -> ### Entries ->|file_size|file_type|rule|ruleset_name|ruleset_sha1|sample_available|sha1|timestamp| ->|---|---|---|---|---|---|---|---| ->| 3276768 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070668, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103585, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6c9a7e771632738a4d86e8211be63306b3c31739 | 1686149729 | ->| 3276768 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070668, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103585, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6c9a7e771632738a4d86e8211be63306b3c31739 | 1686149729 | ->| 700972 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 327393, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 22cbdcd8130f2dabaf16cb6a4cdfe8141c8d54d9 | 1686149748 | ->| 700972 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 327393, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 22cbdcd8130f2dabaf16cb6a4cdfe8141c8d54d9 | 1686149748 | ->| 701035 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 327456, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 327da64e3c8bd70b5868a11b90345ffb83faf169 | 1686149771 | ->| 701035 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 327456, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 327da64e3c8bd70b5868a11b90345ffb83faf169 | 1686149771 | ->| 2495206 | PE/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 1508164, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 8b16533fe15079a2797c5edb655e7faa0136a2c3 | 1686149775 | ->| 136068 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 90723, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 126493, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 4b69b90535fffc35b944af09c4fecd1ea45bdf03 | 1686149791 | ->| 136068 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 90723, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 126493, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 4b69b90535fffc35b944af09c4fecd1ea45bdf03 | 1686149791 | ->| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 9833e067786155c711abd4748f0134dce2a50f70 | 1686149812 | ->| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 9833e067786155c711abd4748f0134dce2a50f70 | 1686149812 | ->| 60165 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 44244, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7 | 1686149812 | ->| 60165 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 44244, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7 | 1686149812 | ->| 348160 | PE/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 8a5f73ba3d164d764f3247e1a4d8910f1c82118e | 1686149813 | ->| 2032952 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1691838, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1680161, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3ef76796bc39440ff9e380ee0870e082a7d4d827 | 1686149813 | ->| 2032952 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1691838, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1680161, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3ef76796bc39440ff9e380ee0870e082a7d4d827 | 1686149813 | ->| 152263 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108863, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 66000, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 672718e4181413228e56e9aca75af311e5113b34 | 1686149815 | ->| 152263 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108863, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 66000, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 672718e4181413228e56e9aca75af311e5113b34 | 1686149815 | ->| 3594552 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2695368, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2746903, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3c1e2700b7b75d6f064f1a4cd92348cbbd12445e | 1686149821 | ->| 3594552 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2695368, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2746903, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3c1e2700b7b75d6f064f1a4cd92348cbbd12445e | 1686149821 | ->| 629694 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 195141, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 142128, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 689fa08d967cd23c51d86f5f31245b2c4b4cb8f4 | 1686149825 | ->| 629694 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 195141, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 142128, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 689fa08d967cd23c51d86f5f31245b2c4b4cb8f4 | 1686149825 | ->| 60165 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 44244, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7 | 1686149825 | ->| 60165 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 44244, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7 | 1686149825 | ->| 7876608 | ELF64 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4574372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4638450, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | be246b1372fc383087a49f7b217d57f60a91282e | 1686149830 | ->| 7876608 | ELF64 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4574372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4638450, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | be246b1372fc383087a49f7b217d57f60a91282e | 1686149830 | ->| 163095 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 92470, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 152391, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 38351d1f1fd246eed1a5319c70e6db239cf08961 | 1686149832 | ->| 163095 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 92470, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 152391, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 38351d1f1fd246eed1a5319c70e6db239cf08961 | 1686149832 | ->| 4435792 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35519, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 251777, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8c2ac756b84dad335730361f0ae794d427f59ac8 | 1686149840 | ->| 4435792 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35519, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 251777, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8c2ac756b84dad335730361f0ae794d427f59ac8 | 1686149840 | ->| 118346 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16163, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 93519, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 33b343dbf5e945badbde855fccd9d41cc6721b57 | 1686149841 | ->| 118346 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16163, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 93519, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 33b343dbf5e945badbde855fccd9d41cc6721b57 | 1686149841 | ->| 421625 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 254252, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 61027, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 97de77df7de1563a15054f68142f815b4df26ef8 | 1686149841 | ->| 421625 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 254252, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 61027, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 97de77df7de1563a15054f68142f815b4df26ef8 | 1686149841 | ->| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6c4a87910eafb345ad3b07f13dced51376ccc93f | 1686149842 | ->| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6c4a87910eafb345ad3b07f13dced51376ccc93f | 1686149842 | ->| 4091720 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1530891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1420528, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | f0a94f8d3ba71b06bc7a463241233c2db1cf4a36 | 1686149842 | ->| 4091720 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1530891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1420528, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | f0a94f8d3ba71b06bc7a463241233c2db1cf4a36 | 1686149842 | ->| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 5c880504fedd3ee67d06ecb36ef7247a6b26cd48 | 1686149844 | ->| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 5c880504fedd3ee67d06ecb36ef7247a6b26cd48 | 1686149844 | ->| 151754 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108353, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 1a9bc0dd119fa6b5b15042468d54a26cccccbeaa | 1686149844 | ->| 151754 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108353, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 1a9bc0dd119fa6b5b15042468d54a26cccccbeaa | 1686149844 | ->| 151042 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 107641, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65289, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d7c4f4ab8fc6682e2ba020664b06cb40ac1436f8 | 1686149844 | ->| 151042 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 107641, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65289, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d7c4f4ab8fc6682e2ba020664b06cb40ac1436f8 | 1686149844 | ->| 6321416 | ELF64 Little/SO | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 361578, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 283948, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8cb1f6b4f18c6c55888c7275f54b0f9ca61d4cc7 | 1686149845 | ->| 6321416 | ELF64 Little/SO | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 361578, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 283948, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8cb1f6b4f18c6c55888c7275f54b0f9ca61d4cc7 | 1686149845 | ->| 7876608 | ELF64 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4574372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4638450, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | be246b1372fc383087a49f7b217d57f60a91282e | 1686149847 | ->| 7876608 | ELF64 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4574372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4638450, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | be246b1372fc383087a49f7b217d57f60a91282e | 1686149847 | ->| 154712 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111318, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 846e91cbdccfbacf3790aaaa5aad6357394ec328 | 1686149848 | ->| 154712 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111318, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 846e91cbdccfbacf3790aaaa5aad6357394ec328 | 1686149848 | ->| 2037575 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 700877, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1730255, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 66ea67dd377be2868f91cada78056d679c37ad14 | 1686149849 | ->| 2037575 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 700877, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1730255, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 66ea67dd377be2868f91cada78056d679c37ad14 | 1686149849 | ->| 4435792 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35519, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 251777, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8c2ac756b84dad335730361f0ae794d427f59ac8 | 1686149849 | ->| 4435792 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35519, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 251777, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8c2ac756b84dad335730361f0ae794d427f59ac8 | 1686149849 | ->| 25735 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 369, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19182, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 2983e913f00f2919c3ef8af5984fc1d4165ef459 | 1686149851 | ->| 25735 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 369, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19182, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 2983e913f00f2919c3ef8af5984fc1d4165ef459 | 1686149851 | ->| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 94d4edb7622aa1bc73976a43641f0f7aa673e515 | 1686149851 | ->| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 94d4edb7622aa1bc73976a43641f0f7aa673e515 | 1686149851 | ->| 5899328 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3609590, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3648212, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 1e005a0d0a4e445a22845e20f507c9986ab8c981 | 1686149855 | ->| 5899328 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3609590, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3648212, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 1e005a0d0a4e445a22845e20f507c9986ab8c981 | 1686149855 | ->| 477009 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 117834, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 179800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | c4362fdfb7e929c0befe19e1fdbb503e340713ef | 1686149858 | ->| 477009 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 117834, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 179800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | c4362fdfb7e929c0befe19e1fdbb503e340713ef | 1686149858 | ->| 146948 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 103548, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 60815, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6aca08c08a657c545ca575cc33e124e0e38f8730 | 1686149865 | ->| 146948 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 103548, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 60815, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6aca08c08a657c545ca575cc33e124e0e38f8730 | 1686149865 | ->| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 042e4cb27fc3d6fd7c73e3a217a872495a05c90a | 1686149866 | ->| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 042e4cb27fc3d6fd7c73e3a217a872495a05c90a | 1686149866 | ->| 739873 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 195156, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 2a8b44ff48c01cb281e6fc55079211d061ead5c5 | 1686149873 | ->| 739873 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 195156, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 2a8b44ff48c01cb281e6fc55079211d061ead5c5 | 1686149873 | ->| 1001023 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12927, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 112532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | f5d3401062623204bff214eef2887ca59171fc8d | 1686149874 | ->| 1001023 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12927, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 112532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | f5d3401062623204bff214eef2887ca59171fc8d | 1686149874 | ->| 344860 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 227575, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 1d8d3cffaf275d88d4fc68ec7eb20b30c03225b0 | 1686149875 | ->| 344860 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 227575, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 1d8d3cffaf275d88d4fc68ec7eb20b30c03225b0 | 1686149875 | ->| 6738008 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2615445, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2651672, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3ac8e4d7748a9ca0affb66f81978d33e683c4814 | 1686149879 | ->| 6738008 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2615445, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2651672, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3ac8e4d7748a9ca0affb66f81978d33e683c4814 | 1686149879 | ->| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | dc5645d2051ac4aac468e02b4ebf62628a73605f | 1686149880 | ->| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | dc5645d2051ac4aac468e02b4ebf62628a73605f | 1686149880 | ->| 6343328 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4122595, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4778117, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 2db6a690c35f5f29fc0986760df02acf70d67abf | 1686149881 | ->| 6343328 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4122595, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4778117, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 2db6a690c35f5f29fc0986760df02acf70d67abf | 1686149881 | ->| 154231 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110832, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3af52ef8aff5735d794cb2611de951f786961c03 | 1686149900 | ->| 154231 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110832, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3af52ef8aff5735d794cb2611de951f786961c03 | 1686149900 | ->| 739903 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 195156, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e4965ce5cd511a3efd00a2caba635bfab3f4e805 | 1686149921 | ->| 739903 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 195156, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e4965ce5cd511a3efd00a2caba635bfab3f4e805 | 1686149921 | ->| 5685433 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 150959, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2075729, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6974c8390c179c1a4a9dca8947a1f2378852faad | 1686149931 | ->| 5685433 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 150959, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2075729, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6974c8390c179c1a4a9dca8947a1f2378852faad | 1686149931 | ->| 11163136 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9002020, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8469401, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 07a157e4e612f74d0b01b2844eca8afdc2a43955 | 1686149931 | ->| 11163136 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9002020, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8469401, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 07a157e4e612f74d0b01b2844eca8afdc2a43955 | 1686149931 | ->| 1408268 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 109800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 440bb2c50ba55eebe34ef8a4e201a17144bd5bc2 | 1686149934 | ->| 1408268 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 109800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 440bb2c50ba55eebe34ef8a4e201a17144bd5bc2 | 1686149934 | ->| 2397377 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 91153, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1061201, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6cea94c3692b8930e8a4991d94810f01dffafd47 | 1686149935 | ->| 2397377 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 91153, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1061201, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6cea94c3692b8930e8a4991d94810f01dffafd47 | 1686149935 | ->| 22505546 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4456790, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3991479, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8d8af50cf52f96e217de076f925b6bc41f8d0ec5 | 1686149935 | ->| 22505546 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4456790, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3991479, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8d8af50cf52f96e217de076f925b6bc41f8d0ec5 | 1686149935 | ->| 42817592 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30365472, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 40659304, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | ec0c5aca4f523a18a8da158ceaf430bbb0d2d1bb | 1686149945 | ->| 42817592 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30365472, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 40659304, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | ec0c5aca4f523a18a8da158ceaf430bbb0d2d1bb | 1686149945 | ->| 31211008 | PE+/Exe/QTinstaller | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16799441, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16899630, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8cd67cceebf916ebc1dfa0f3caac9941d2da7318 | 1686149953 | ->| 31211008 | PE+/Exe/QTinstaller | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16799441, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16899630, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8cd67cceebf916ebc1dfa0f3caac9941d2da7318 | 1686149953 | ->| 173951 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28226, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 821e2b1a498b28bc2d01e0dc6ef5c9b533e6cddc | 1686149961 | ->| 173951 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28226, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 821e2b1a498b28bc2d01e0dc6ef5c9b533e6cddc | 1686149961 | ->| 1001232 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12927, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 112532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 81722e46258f2181c4488ed7e4e016465a054df5 | 1686149962 | ->| 1001232 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12927, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 112532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 81722e46258f2181c4488ed7e4e016465a054df5 | 1686149962 | ->| 1408625 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 109800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e497ae5b73b87142c68aa32ca6c8ddc0384a3279 | 1686149962 | ->| 1408625 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 109800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e497ae5b73b87142c68aa32ca6c8ddc0384a3279 | 1686149962 | ->| 3276768 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070676, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103601, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d6a75b67f5d2e46acd4429b58e972867e9cd5d3a | 1686149979 | ->| 3276768 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070676, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103601, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d6a75b67f5d2e46acd4429b58e972867e9cd5d3a | 1686149979 | ->| 91161 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28849, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50403, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 9dcc23c9b21440ad706a182c116309563cd3ffdd | 1686149982 | ->| 91161 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28849, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50403, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 9dcc23c9b21440ad706a182c116309563cd3ffdd | 1686149982 | ->| 10193920 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8189124, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8246307, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3d30c8a0198738772f116ae497f63a98e3860397 | 1686149986 | ->| 10193920 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8189124, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8246307, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3d30c8a0198738772f116ae497f63a98e3860397 | 1686149986 | ->| 10953728 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8832644, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8334233, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 688225294de1ce81a0b86856e9473a44d79cb2c7 | 1686149992 | ->| 10953728 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8832644, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8334233, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 688225294de1ce81a0b86856e9473a44d79cb2c7 | 1686149992 | ->| 13879776 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9063260, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8955389, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6b2579402e748c7ca1efe1f9bb1829b935e2e7a3 | 1686149994 | ->| 13879776 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9063260, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8955389, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6b2579402e748c7ca1efe1f9bb1829b935e2e7a3 | 1686149994 | ->| 24079793 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18057198, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8412693, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 1f43bab8c6957fa362fb90c9729c1916eab2bcd0 | 1686150002 | ->| 24079793 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18057198, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8412693, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 1f43bab8c6957fa362fb90c9729c1916eab2bcd0 | 1686150002 | ->| 6474752 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2533793, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2591846, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 4cde41ec566dfd3b8bc329e318c4f17e2b4f4829 | 1686150005 | ->| 6474752 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2533793, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2591846, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 4cde41ec566dfd3b8bc329e318c4f17e2b4f4829 | 1686150005 | ->| 932698 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 326870, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 54869, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 2cbeabd2324a2a2d98c144c6d884e587223e2ec6 | 1686150015 | ->| 932698 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 326870, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 54869, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 2cbeabd2324a2a2d98c144c6d884e587223e2ec6 | 1686150015 | ->| 72837 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 19785, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 43263, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | c7d16b5e7cf3bfff42d2247043551c4175d61d20 | 1686150016 | ->| 72837 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 19785, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 43263, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | c7d16b5e7cf3bfff42d2247043551c4175d61d20 | 1686150016 | ->| 36540577 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3889929, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16366923, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | a805ed283e310974d552b3b322b4f18891255757 | 1686150017 | ->| 36540577 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3889929, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16366923, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | a805ed283e310974d552b3b322b4f18891255757 | 1686150017 | ->| 5047332 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3313365, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 546ddfb350387e7df8ca8266f8b2b038c7eef2d3 | 1686150017 | ->| 5047332 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3313365, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 546ddfb350387e7df8ca8266f8b2b038c7eef2d3 | 1686150017 | ->| 24901120 | PE+/Exe/QTinstaller | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14371897, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14466070, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | fd39aae727a929c51b958ee707c238bfb473ad15 | 1686150022 | ->| 24901120 | PE+/Exe/QTinstaller | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14371897, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14466070, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | fd39aae727a929c51b958ee707c238bfb473ad15 | 1686150022 | ->| 34397761 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6212556, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12877011, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 1b67acf2821d6fef6927fc280bc43d62c10f3453 | 1686150023 | ->| 34397761 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6212556, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12877011, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 1b67acf2821d6fef6927fc280bc43d62c10f3453 | 1686150023 | ->| 15989124 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 12610545, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | fbeba4bc92ad9ef8a63969244cefd0a89a82faca | 1686150024 | ->| 30287982 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26848016, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 26812902, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6b0fbcfd179386a5843a327f505fc9792d0ceb73 | 1686150026 | ->| 30287982 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26848016, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 26812902, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6b0fbcfd179386a5843a327f505fc9792d0ceb73 | 1686150026 | ->| 9734975 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3297128, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3361389, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8710a30f251eb354a10b9b3ded8f39dcb2511270 | 1686150030 | ->| 9734975 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3297128, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3361389, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8710a30f251eb354a10b9b3ded8f39dcb2511270 | 1686150030 | ->| 36550757 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3894018, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16377103, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 2d01a780e7061977aa595ed1ab064a64ca72673f | 1686150034 | ->| 36550757 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3894018, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16377103, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 2d01a780e7061977aa595ed1ab064a64ca72673f | 1686150034 | ->| 30241965 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1270683, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19094887, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e73e925688406110576d482b6349f6b4abf6e791 | 1686150034 | ->| 30241965 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1270683, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19094887, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e73e925688406110576d482b6349f6b4abf6e791 | 1686150034 | ->| 1159176 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 917880, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1076516, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 75de010f85713ee4d027ad3b425d8810b83e26c5 | 1686150036 | ->| 1159176 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 917880, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1076516, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 75de010f85713ee4d027ad3b425d8810b83e26c5 | 1686150036 | ->| 932902 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 216644, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 656004, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 69d5e05c0d3120adbf821c2c81745278e84af7bb | 1686150036 | ->| 932902 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 216644, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 656004, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 69d5e05c0d3120adbf821c2c81745278e84af7bb | 1686150036 | ->| 9079296 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6536009, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6512841, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d8abe35af92e46e46ba9279fe6026b44680e4c24 | 1686150040 | ->| 9079296 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6536009, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6512841, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d8abe35af92e46e46ba9279fe6026b44680e4c24 | 1686150040 | ->| 36641188 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3930181, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16467533, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 013bd97c6dedc7caabd9b4a867374ae3b0ac264c | 1686150043 | ->| 36641188 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3930181, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16467533, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 013bd97c6dedc7caabd9b4a867374ae3b0ac264c | 1686150043 | ->| 34865877 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13375873, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 34219704, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3aa2b177f8a825c6b13e4599eb6958557835926a | 1686150046 | ->| 34865877 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13375873, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 34219704, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3aa2b177f8a825c6b13e4599eb6958557835926a | 1686150046 | ->| 57024799 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11320886, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48226201, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | af0677e0ad5168e7ea50bfbfa9d4cc6fb617882b | 1686150048 | ->| 57024799 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11320886, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48226201, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | af0677e0ad5168e7ea50bfbfa9d4cc6fb617882b | 1686150048 | ->| 348160 | PE/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 68000a66e0df17b4742280453a78dbd56240d1ee | 1686150052 | ->| 2395811 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 90869, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1060182, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 5db008d6516d29b3c8dfdf79ef9cf9a9c84afdd7 | 1686150054 | ->| 2395811 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 90869, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1060182, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 5db008d6516d29b3c8dfdf79ef9cf9a9c84afdd7 | 1686150054 | ->| 36590144 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3909772, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16416489, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 4cdaa1a635a89f003730568320dd1843b0b4eb9b | 1686150060 | ->| 36590144 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3909772, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16416489, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 4cdaa1a635a89f003730568320dd1843b0b4eb9b | 1686150060 | ->| 36515211 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3879798, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16341556, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3354aa087f5e69e2514eb45f86481e3b48dd8c71 | 1686150061 | ->| 36515211 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3879798, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16341556, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3354aa087f5e69e2514eb45f86481e3b48dd8c71 | 1686150061 | ->| 33694294 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23513731, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24426219, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | b530c39a703be42f39ea9b0871269121fde6889f | 1686150062 | ->| 33694294 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23513731, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24426219, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | b530c39a703be42f39ea9b0871269121fde6889f | 1686150062 | ->| 36537740 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3888816, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16364086, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 33fb0fe07bf41fecddca87af88764a6133dadd47 | 1686150065 | ->| 36537740 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3888816, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16364086, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 33fb0fe07bf41fecddca87af88764a6133dadd47 | 1686150065 | ->| 36770403 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3981874, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16596748, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | fff92cc57a76f6fd2fb1a9f83323935488263d20 | 1686150067 | ->| 36770403 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3981874, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16596748, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | fff92cc57a76f6fd2fb1a9f83323935488263d20 | 1686150067 | ->| 58043690 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11416838, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11383531, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | b34ec7ccb44bd40e2283f90f51fc7cf5b7c116dc | 1686150088 | ->| 58043690 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11416838, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11383531, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | b34ec7ccb44bd40e2283f90f51fc7cf5b7c116dc | 1686150088 | ->| 43296371 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2845294, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 36059397, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 82b57851ed6f20a92ee947f7475ba2f1483fbe40 | 1686150095 | ->| 43296371 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2845294, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 36059397, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 82b57851ed6f20a92ee947f7475ba2f1483fbe40 | 1686150095 | ->| 928842 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 50772, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 106169, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | a7e388dc1018be1fe314c4f8cbf03b1afef1f2ce | 1686150097 | ->| 928842 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 50772, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 106169, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | a7e388dc1018be1fe314c4f8cbf03b1afef1f2ce | 1686150097 | ->| 932389 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 331131, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50692, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3857f93365c892ca7633a9c53730d6bc1d831a0f | 1686150102 | ->| 932389 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 331131, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50692, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3857f93365c892ca7633a9c53730d6bc1d831a0f | 1686150102 | ->| 928275 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 323826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51157, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 5c92ee4a922e8257741a8147f427470ec1fb2cc7 | 1686150102 | ->| 928275 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 323826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51157, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 5c92ee4a922e8257741a8147f427470ec1fb2cc7 | 1686150102 | ->| 932276 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 124645, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 684889, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 65dd53f03df7c7fc23c681906bc82faef89b6229 | 1686150102 | ->| 932276 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 124645, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 684889, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 65dd53f03df7c7fc23c681906bc82faef89b6229 | 1686150102 | ->| 36531162 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3886168, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16357507, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 4a50c617873f2fe6d95c80c122ed16c47a1418e1 | 1686150102 | ->| 36531162 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3886168, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16357507, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 4a50c617873f2fe6d95c80c122ed16c47a1418e1 | 1686150102 | ->| 931071 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 52176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 610004, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 5f98263a56a793c9a5b1eb4137b241b3f2b3a92f | 1686150103 | ->| 931071 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 52176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 610004, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 5f98263a56a793c9a5b1eb4137b241b3f2b3a92f | 1686150103 | ->| 7549400 | ELF32 Little/SO | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 313894, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 370505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 33c1abb22a7c450ec7a56d86ed55f2309033a1ad | 1686150103 | ->| 7549400 | ELF32 Little/SO | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 313894, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 370505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 33c1abb22a7c450ec7a56d86ed55f2309033a1ad | 1686150103 | ->| 1331824 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 913341, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 824258, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 0a67ebac16528d81e4d4a57c24f5ec98bffe78ba | 1686150104 | ->| 1331824 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 913341, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 824258, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 0a67ebac16528d81e4d4a57c24f5ec98bffe78ba | 1686150104 | ->| 968667 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 134578, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 495188, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 388a688ff5360dc566ae1e02c5744423b1474a8c | 1686150104 | ->| 968667 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 134578, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 495188, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 388a688ff5360dc566ae1e02c5744423b1474a8c | 1686150104 | ->| 931717 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 423260, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51749, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3ea76a30076f6773a77a0d38cb4329bb87ccdca6 | 1686150105 | ->| 931717 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 423260, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51749, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3ea76a30076f6773a77a0d38cb4329bb87ccdca6 | 1686150105 | ->| 8185728 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6588985, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7149558, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | f9042e40b9e538738ff824c1ab905857b9cdc83d | 1686150106 | ->| 8185728 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6588985, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7149558, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | f9042e40b9e538738ff824c1ab905857b9cdc83d | 1686150106 | ->| 930985 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 322357, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50952, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6beac76e3513c3e844b4a273ee08a7489a850526 | 1686150106 | ->| 930985 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 322357, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50952, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6beac76e3513c3e844b4a273ee08a7489a850526 | 1686150106 | ->| 926603 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47177, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 694431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | c8cef867ea206871eb64383f00f2fabaadb7c276 | 1686150109 | ->| 926603 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47177, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 694431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | c8cef867ea206871eb64383f00f2fabaadb7c276 | 1686150109 | ->| 935797 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 138034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 342929, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 73dafc4fdeb216048d15665f036646f99af73913 | 1686150109 | ->| 935797 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 138034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 342929, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 73dafc4fdeb216048d15665f036646f99af73913 | 1686150109 | ->| 931560 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 51372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 609695, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 0123930e0a777ee12c0a73cf035b5bd7f779ec85 | 1686150109 | ->| 931560 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 51372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 609695, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 0123930e0a777ee12c0a73cf035b5bd7f779ec85 | 1686150109 | ->| 935998 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 338376, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59214, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 5cd8dce7e4c4387ac7b5705dbdae6bb065a26bb4 | 1686150110 | ->| 935998 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 338376, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59214, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 5cd8dce7e4c4387ac7b5705dbdae6bb065a26bb4 | 1686150110 | ->| 933412 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 43451, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 185008, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 101516f0f938f540ac87d4f88875c39c267ea29e | 1686150112 | ->| 933412 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 43451, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 185008, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 101516f0f938f540ac87d4f88875c39c267ea29e | 1686150112 | ->| 6701832 | PE+/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1775780, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2815992, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d194592f1c5946d2d49bc657e9924290ce2e2d2e | 1686150114 | ->| 6701832 | PE+/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1775780, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2815992, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d194592f1c5946d2d49bc657e9924290ce2e2d2e | 1686150114 | ->| 3276768 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070676, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103601, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | afa59c4de068f13d617a8090c55f7d0b645d9782 | 1686150114 | ->| 3276768 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070676, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103601, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | afa59c4de068f13d617a8090c55f7d0b645d9782 | 1686150114 | ->| 173795 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28070, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | bd0f7e58c1600c5a717fcf060c6c260d9d865d22 | 1686150115 | ->| 173795 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28070, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | bd0f7e58c1600c5a717fcf060c6c260d9d865d22 | 1686150115 | ->| 931770 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 118609, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 175602, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d85fbe69e08f57750f22ef20ad20e3bb08fb53df | 1686150115 | ->| 931770 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 118609, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 175602, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d85fbe69e08f57750f22ef20ad20e3bb08fb53df | 1686150115 | ->| 929834 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 55696, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 651831, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | b4c897b4aaa258b27ee0ff7edf553735481f565d | 1686150116 | ->| 929834 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 55696, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 651831, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | b4c897b4aaa258b27ee0ff7edf553735481f565d | 1686150116 | ->| 23668351 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 774742, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23214826, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 4af3d5aee88996ec6952ea9e598b434ee4dc0c28 | 1686150119 | ->| 23668351 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 774742, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23214826, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 4af3d5aee88996ec6952ea9e598b434ee4dc0c28 | 1686150119 | ->| 9095348 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2065896, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1838594, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | c8e8441cdad2974770adb2fd9091f4f590188968 | 1686150123 | ->| 9095348 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2065896, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1838594, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | c8e8441cdad2974770adb2fd9091f4f590188968 | 1686150123 | ->| 930687 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 118136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 180327, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 961e3cd96bfa7943f71109d0c235fd8b38376f60 | 1686150124 | ->| 930687 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 118136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 180327, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 961e3cd96bfa7943f71109d0c235fd8b38376f60 | 1686150124 | ->| 931377 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 401046, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 129705, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 0bb2964f5efb578d0ecc0cf06417d686dde59f77 | 1686150125 | ->| 931377 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 401046, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 129705, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 0bb2964f5efb578d0ecc0cf06417d686dde59f77 | 1686150125 | ->| 927231 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 57153, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 688672, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 96625e5eb83bfd90167a64c8e3cc7e7be5b63fe0 | 1686150125 | ->| 927231 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 57153, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 688672, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 96625e5eb83bfd90167a64c8e3cc7e7be5b63fe0 | 1686150125 | ->| 3331072 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2187152, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2194102, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 089a0358b27ea0c5d92c823b63add32457501a5e | 1686150126 | ->| 3331072 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2187152, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2194102, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 089a0358b27ea0c5d92c823b63add32457501a5e | 1686150126 | ->| 8126464 | ELF64 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3474544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3515704, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 20a165c1eb816ff4ad7d55d49e70a41c1198ead8 | 1686150128 | ->| 8126464 | ELF64 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3474544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3515704, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 20a165c1eb816ff4ad7d55d49e70a41c1198ead8 | 1686150128 | ->| 36633572 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3927134, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16459918, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 583d27662efc73f5f42eb81609770e692e9a65ed | 1686150129 | ->| 36633572 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3927134, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16459918, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 583d27662efc73f5f42eb81609770e692e9a65ed | 1686150129 | ->| 34389577 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6210700, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12869171, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | ff4a7e7fd300f7b38d41ecfb0ac74a33a1beebce | 1686150135 | ->| 34389577 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6210700, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12869171, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | ff4a7e7fd300f7b38d41ecfb0ac74a33a1beebce | 1686150135 | ->| 935988 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 331334, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52342, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 2129c563cfbfbab0111c73f31184e0bf4b1bc3a6 | 1686150139 | ->| 935988 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 331334, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52342, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 2129c563cfbfbab0111c73f31184e0bf4b1bc3a6 | 1686150139 | ->| 930473 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 338428, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59098, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 787d91817a5dd4cf63d0454eb240052aa9687619 | 1686150140 | ->| 930473 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 338428, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59098, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 787d91817a5dd4cf63d0454eb240052aa9687619 | 1686150140 | ->| 12013103 | PE/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 9115816, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 6a335f4e638e564f836057fe6e0e2af05ec33da8 | 1686150140 | ->| 6699288 | PE+/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1775780, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2815385, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 4cf4ab87e37b01ecdbb8ed0c8796a4fae7edb3ed | 1686150143 | ->| 6699288 | PE+/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1775780, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2815385, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 4cf4ab87e37b01ecdbb8ed0c8796a4fae7edb3ed | 1686150143 | ->| 929276 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47016, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 403386, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 9454c50693d7b390806ced4ef36b9b857b8629fa | 1686150149 | ->| 929276 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47016, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 403386, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 9454c50693d7b390806ced4ef36b9b857b8629fa | 1686150149 | ->| 930806 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46563, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 184147, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 274b00db13eebcd6082de509d400fe5251a98f03 | 1686150149 | ->| 930806 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46563, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 184147, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 274b00db13eebcd6082de509d400fe5251a98f03 | 1686150149 | ->| 61184217 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 45211537, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 58260786, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d9db0d9b40773587e3f3504ee62dd13f356e2042 | 1686150152 | ->| 61184217 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 45211537, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 58260786, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d9db0d9b40773587e3f3504ee62dd13f356e2042 | 1686150152 | ->| 73081759 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12895085, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30003463, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 824ad09d431328843657589c773b0b69b87fe04e | 1686150157 | ->| 73081759 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12895085, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30003463, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 824ad09d431328843657589c773b0b69b87fe04e | 1686150157 | ->| 10032511 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1605113, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7068039, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 5ba002fd1aa0d945d508de71864be5fbee45f4fb | 1686150162 | ->| 10032511 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1605113, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7068039, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 5ba002fd1aa0d945d508de71864be5fbee45f4fb | 1686150162 | ->| 931686 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 48187, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 409598, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e5842bab24fad9c4287acfed037aab491c47df01 | 1686150163 | ->| 931686 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 48187, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 409598, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e5842bab24fad9c4287acfed037aab491c47df01 | 1686150163 | ->| 26278447 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23857885, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23869615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 290617954cdec1062ac608739fe91ff59390d697 | 1686150167 | ->| 26278447 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23857885, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23869615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 290617954cdec1062ac608739fe91ff59390d697 | 1686150167 | ->| 34389577 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6210892, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12869363, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6da793ceb98fba2eca7bf612512c1f19acd4169a | 1686150172 | ->| 34389577 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6210892, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12869363, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6da793ceb98fba2eca7bf612512c1f19acd4169a | 1686150172 | ->| 8946132 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3674270, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3441202, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 90edd03ca6404f5463883a9636f3c0f9898e07bd | 1686150179 | ->| 8946132 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3674270, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3441202, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 90edd03ca6404f5463883a9636f3c0f9898e07bd | 1686150179 | ->| 9193604 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1891954, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3260593, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 7e0f6d644b62d3b5796e50c1d385d4a0c9c6e990 | 1686150180 | ->| 9193604 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1891954, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3260593, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 7e0f6d644b62d3b5796e50c1d385d4a0c9c6e990 | 1686150180 | ->| 12764160 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8980721, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12260413, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 7b6aa3b5779ec0d82fee559fc4d63ad480d51081 | 1686150184 | ->| 12764160 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8980721, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12260413, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 7b6aa3b5779ec0d82fee559fc4d63ad480d51081 | 1686150184 | ->| 3310440 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1999564, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 785846, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 1f432e629ddc3a46933533ecbb34fea9957e75fb | 1686150210 | ->| 3310440 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1999564, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 785846, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 1f432e629ddc3a46933533ecbb34fea9957e75fb | 1686150210 | ->| 9573220 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6332741, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7759019, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e65b15c85ad58e8c03d631bc18c60cb8158f284e | 1686150242 | ->| 9573220 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6332741, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7759019, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e65b15c85ad58e8c03d631bc18c60cb8158f284e | 1686150242 | ->| 930740 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47540, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 610524, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | b873436ccab36552c99f8fe7061bdbe272d3ce8f | 1686150266 | ->| 930740 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47540, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 610524, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | b873436ccab36552c99f8fe7061bdbe272d3ce8f | 1686150266 | ->| 348160 | PE/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | d69278c938ecff91cb1de3e41eb4ad2ada3d7fd7 | 1686150275 | ->| 348160 | PE/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 9e0b73ab7dd3c5393d59f189f72d86969fe810e6 | 1686150278 | ->| 96404 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34942, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23974, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 40ae8ce4fd7be204b022a24d145bc76724f29a25 | 1686150284 | ->| 96404 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34942, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23974, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 40ae8ce4fd7be204b022a24d145bc76724f29a25 | 1686150284 | ->| 491771 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31265, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 449442, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 311b155865c0b0031906cc3cb642c1451c728b49 | 1686150285 | ->| 491771 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31265, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 449442, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 311b155865c0b0031906cc3cb642c1451c728b49 | 1686150285 | ->| 15222705 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3256698, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10462094, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8077d9e9178106ee04bb064f0c4836609b2651a3 | 1686150286 | ->| 15222705 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3256698, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10462094, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8077d9e9178106ee04bb064f0c4836609b2651a3 | 1686150286 | ->| 30296948 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26842835, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 26807721, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 083b1295e2caf60b6a41f01b6f87667b98430091 | 1686150290 | ->| 30296948 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26842835, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 26807721, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 083b1295e2caf60b6a41f01b6f87667b98430091 | 1686150290 | ->| 6537308 | PE/Exe/Py2ExeInstaller | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5693089, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2822995, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 49e0274cb0a8a40a09bcad3a1713a800e5fb6fd1 | 1686150294 | ->| 6537308 | PE/Exe/Py2ExeInstaller | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5693089, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2822995, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 49e0274cb0a8a40a09bcad3a1713a800e5fb6fd1 | 1686150294 | ->| 7247380 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4008699, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4004292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | dc5923d8b5caae31db125694e113c3838d645180 | 1686150295 | ->| 7247380 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4008699, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4004292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | dc5923d8b5caae31db125694e113c3838d645180 | 1686150295 | ->| 4502016 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3630751, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3591330, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 0577c58640804c401b437230cced87df2345e29c | 1686150298 | ->| 4502016 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3630751, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3591330, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 0577c58640804c401b437230cced87df2345e29c | 1686150298 | ->| 12545978 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10606314, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2930691, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | a74dd66fb887d1af674a86bf6a29b7689e13bcfe | 1686150302 | ->| 12545978 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10606314, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2930691, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | a74dd66fb887d1af674a86bf6a29b7689e13bcfe | 1686150302 | ->| 21330944 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15508458, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14984430, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d7d92eeac776fff79b8bb27ae022acb7b2a72d46 | 1686150317 | ->| 21330944 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15508458, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14984430, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d7d92eeac776fff79b8bb27ae022acb7b2a72d46 | 1686150317 | ->| 931771 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 414713, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57019, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8cb8155899b4297fa0a00e46789aadf71b9ebae0 | 1686150327 | ->| 931771 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 414713, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57019, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8cb8155899b4297fa0a00e46789aadf71b9ebae0 | 1686150327 | ->| 468938 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 20060, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 207216, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 7f8905edbfd2e186ed2a4752c8be165a486871c0 | 1686150330 | ->| 468938 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 20060, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 207216, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 7f8905edbfd2e186ed2a4752c8be165a486871c0 | 1686150330 | ->| 3557888 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 509291, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 495464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e07c7eeeec72a3a3d03de92f0c14ad55ad44ba28 | 1686150332 | ->| 3557888 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 509291, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 495464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e07c7eeeec72a3a3d03de92f0c14ad55ad44ba28 | 1686150332 | ->| 7852544 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6486978, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6455842, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 4a080485c96493bd3debfad49a284a34760e9b70 | 1686150343 | ->| 7852544 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6486978, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6455842, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 4a080485c96493bd3debfad49a284a34760e9b70 | 1686150343 | ->| 15735 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11559, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9762, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | aa7abe3707df21fd8e0aab4609e413c9e9395efe | 1686150351 | ->| 15735 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11559, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9762, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | aa7abe3707df21fd8e0aab4609e413c9e9395efe | 1686150351 | ->| 931613 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 123803, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 294152, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 4243abf48ba4ec77ba7314dc5617ad5d3b3fd1f4 | 1686150352 | ->| 931613 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 123803, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 294152, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 4243abf48ba4ec77ba7314dc5617ad5d3b3fd1f4 | 1686150352 | ->| 948192 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 612819, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 588226, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | a6d3081cbeb195d1edfc1099435bf0f9afaf711a | 1686150354 | ->| 948192 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 612819, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 588226, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | a6d3081cbeb195d1edfc1099435bf0f9afaf711a | 1686150354 | ->| 5127484 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3313365, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | ab46a7097d5e33fcc3eefcb097cf651d4b79327e | 1686150356 | ->| 5127484 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3313365, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | ab46a7097d5e33fcc3eefcb097cf651d4b79327e | 1686150356 | ->| 25453056 | PE+/Exe/QTinstaller | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15179465, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15285982, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | ade4a102d363465fc686f2205ccc541641212b76 | 1686150357 | ->| 25453056 | PE+/Exe/QTinstaller | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15179465, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15285982, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | ade4a102d363465fc686f2205ccc541641212b76 | 1686150357 | ->| 43717981 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22952660, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21572538, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 730b962ad50fa2261e7cc4cda3cd478e29433cb6 | 1686150363 | ->| 43717981 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22952660, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21572538, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 730b962ad50fa2261e7cc4cda3cd478e29433cb6 | 1686150363 | ->| 10340152 | PE/.Net Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 615180, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 2715497b02f441d8f7fd55bcbc73e2dc912c284f | 1686150364 | ->| 25406657 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5367098, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5417667, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | cec13f5281df131634a68b0f404360f783f557ec | 1686150371 | ->| 25406657 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5367098, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5417667, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | cec13f5281df131634a68b0f404360f783f557ec | 1686150371 | ->| 931361 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46225, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 192292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 5c4e9cc203c98e89a989478efaca334e8779af81 | 1686150371 | ->| 931361 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46225, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 192292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 5c4e9cc203c98e89a989478efaca334e8779af81 | 1686150371 | ->| 23095627 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 369170, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21391369, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 06f8373056da04c985cd04b94e51ec666612d2cd | 1686150371 | ->| 23095627 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 369170, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21391369, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 06f8373056da04c985cd04b94e51ec666612d2cd | 1686150371 | ->| 348160 | PE/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 147ae394a900a5d3d735e77dfd86ce49a0991862 | 1686150374 | ->| 20372117 | PE/Exe/NSIS | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 7242654, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 4f66b0d78adce76fe167fea619b1130503438559 | 1686150375 | ->| 20280576 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8292185, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8209778, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8db22983306a388d96017ffdb3ab1e00d7ebb43c | 1686150377 | ->| 20280576 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8292185, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8209778, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8db22983306a388d96017ffdb3ab1e00d7ebb43c | 1686150377 | ->| 10182656 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3152562, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3805148, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 59f6e8d7adc5364174e1ae0f192ad10d2f9d0117 | 1686150379 | ->| 10182656 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3152562, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3805148, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 59f6e8d7adc5364174e1ae0f192ad10d2f9d0117 | 1686150379 | ->| 930152 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 412452, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 62429, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 112c3ef4d7d4fee90f4367199ad90568e963cf66 | 1686150382 | ->| 930152 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 412452, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 62429, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 112c3ef4d7d4fee90f4367199ad90568e963cf66 | 1686150382 | ->| 8814592 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4011313, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4713025, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 775b98352e38f238b29f95040424f6c1ac503e8f | 1686150386 | ->| 8814592 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4011313, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4713025, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 775b98352e38f238b29f95040424f6c1ac503e8f | 1686150386 | ->| 3282432 | PE+/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 1698382, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 89c5c42946f23ab8da17d62395ec0801fc1ff93f | 1686150394 | ->| 6444832 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4974746, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5726860, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | dd3646cd6dab41f30705c102b56e633b952bb475 | 1686150397 | ->| 6444832 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4974746, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5726860, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | dd3646cd6dab41f30705c102b56e633b952bb475 | 1686150397 | ->| 6474752 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2533783, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2591836, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 696ff8fef64c56e79ea3da6812c7a2edafdc029d | 1686150401 | ->| 6474752 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2533783, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2591836, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 696ff8fef64c56e79ea3da6812c7a2edafdc029d | 1686150401 | ->| 86433 | Binary/None | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28868, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50260, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 7195310aa4920e2cb39ddc26b248143499d3b126 | 1686150413 | ->| 86433 | Binary/None | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28868, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50260, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 7195310aa4920e2cb39ddc26b248143499d3b126 | 1686150413 | ->| 3267040 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2062484, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2095349, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8f0fc38ce9fde7cde4506f45eaf55a7bd54e1d16 | 1686150421 | ->| 3267040 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2062484, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2095349, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8f0fc38ce9fde7cde4506f45eaf55a7bd54e1d16 | 1686150421 | ->| 47601 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25695, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 33096, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3175ad779cc055b571f0fd1acbd8cc9bfe520280 | 1686150431 | ->| 47601 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25695, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 33096, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3175ad779cc055b571f0fd1acbd8cc9bfe520280 | 1686150431 | ->| 154756 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111362, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 220680831449b8f6588a9cce44741fab554a7ba7 | 1686150441 | ->| 154756 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111362, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 220680831449b8f6588a9cce44741fab554a7ba7 | 1686150441 | ->| 151462 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108062, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65135, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 1878b427f101a316442c57209fa17cbe6a1ca0fe | 1686150448 | ->| 151462 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108062, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65135, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 1878b427f101a316442c57209fa17cbe6a1ca0fe | 1686150448 | ->| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | a9627215cb7c1b43c9f5f594a82a2c1559857d7b | 1686150449 | ->| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | a9627215cb7c1b43c9f5f594a82a2c1559857d7b | 1686150449 | ->| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 2d0ed62c390430662fc33d8f57b4eb121139ca54 | 1686150449 | ->| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 2d0ed62c390430662fc33d8f57b4eb121139ca54 | 1686150449 | ->| 159341 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 115940, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 73406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | a554594c774d4b5d41f7a5234e2905e14b034987 | 1686150450 | ->| 159341 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 115940, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 73406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | a554594c774d4b5d41f7a5234e2905e14b034987 | 1686150450 | ->| 126381 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 70625, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53368, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 505c406d7ea1a2f47312b0966be841028ae919e7 | 1686150450 | ->| 126381 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 70625, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53368, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 505c406d7ea1a2f47312b0966be841028ae919e7 | 1686150450 | ->| 14417 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11214, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12222, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 60281e56f446d4a3656a25658ffcbd74f12c5bf4 | 1686150454 | ->| 14417 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11214, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12222, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 60281e56f446d4a3656a25658ffcbd74f12c5bf4 | 1686150454 | ->| 154369 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110973, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68402, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | c099dd547b58e74ed8d9c2c6d579ab8e41269500 | 1686150455 | ->| 154369 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110973, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68402, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | c099dd547b58e74ed8d9c2c6d579ab8e41269500 | 1686150455 | ->| 155384 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68667, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e24497a1dd5d1e5e41bafc6c5aeb7a7c680f98a4 | 1686150457 | ->| 155384 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68667, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e24497a1dd5d1e5e41bafc6c5aeb7a7c680f98a4 | 1686150457 | ->| 154219 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110825, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68400, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 995fd53ad16804fccf466264417695e6b0ab6e20 | 1686150463 | ->| 154219 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110825, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68400, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 995fd53ad16804fccf466264417695e6b0ab6e20 | 1686150463 | ->| 381079 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 176266, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 345615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 593b0f2c47aa6bd73428f10ea0360725faf06c42 | 1686150465 | ->| 381079 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 176266, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 345615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 593b0f2c47aa6bd73428f10ea0360725faf06c42 | 1686150465 | ->| 163098 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 92473, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 152394, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 942e2fb470bd4008055a8bce6749e9bbccb75ea1 | 1686150468 | ->| 163098 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 92473, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 152394, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 942e2fb470bd4008055a8bce6749e9bbccb75ea1 | 1686150468 | ->| 13861856 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9049728, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8942045, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 59dafd4d926ab9a9c34899540af51135fe4bd8da | 1686150470 | ->| 13861856 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9049728, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8942045, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 59dafd4d926ab9a9c34899540af51135fe4bd8da | 1686150470 | ->| 164398 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3527, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 58716, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d968e98107f741326dca87d26537cc180932e35f | 1686150471 | ->| 164398 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3527, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 58716, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d968e98107f741326dca87d26537cc180932e35f | 1686150471 | ->| 1747296 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1673385, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1497969, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 99917368bb78857bf2f837dce851312a70b9ada7 | 1686150471 | ->| 1747296 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1673385, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1497969, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 99917368bb78857bf2f837dce851312a70b9ada7 | 1686150471 | ->| 11576577 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10342763, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10354427, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | dff8243d0b4a32e46a8ac8021d97b0aad21830a4 | 1686150472 | ->| 11576577 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10342763, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10354427, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | dff8243d0b4a32e46a8ac8021d97b0aad21830a4 | 1686150472 | ->| 154378 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110980, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68404, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | ea9236fdef65fc30c10218b2140d0942adc1f22b | 1686150472 | ->| 154378 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110980, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68404, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | ea9236fdef65fc30c10218b2140d0942adc1f22b | 1686150472 | ->| 39268559 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 64836, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 605486, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 54edf295efcf05160d27fb6834a3caf9f2209ba7 | 1686150475 | ->| 39268559 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 64836, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 605486, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 54edf295efcf05160d27fb6834a3caf9f2209ba7 | 1686150475 | ->| 444715 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15462, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 193293, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 55fc77d16e940a3be013328da7d777f419def447 | 1686150476 | ->| 444715 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15462, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 193293, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 55fc77d16e940a3be013328da7d777f419def447 | 1686150476 | ->| 146027 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 102626, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 60254, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 969c08328198fbb0749411234c6a00b0ce5a003d | 1686150478 | ->| 146027 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 102626, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 60254, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 969c08328198fbb0749411234c6a00b0ce5a003d | 1686150478 | ->| 154393 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110997, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68402, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | df4b0f26e87a56dd0ee628f3f4e3e4df7ea3adb0 | 1686150478 | ->| 154393 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110997, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68402, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | df4b0f26e87a56dd0ee628f3f4e3e4df7ea3adb0 | 1686150478 | ->| 407815 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 133036, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 80620, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e35210e1fd190655438816adbb94a276948585d1 | 1686150478 | ->| 407815 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 133036, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 80620, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e35210e1fd190655438816adbb94a276948585d1 | 1686150478 | ->| 20620343 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 33910, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 196832, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | a2acda4f1d103c3935fecaceb702793840da5de2 | 1686150481 | ->| 20620343 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 33910, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 196832, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | a2acda4f1d103c3935fecaceb702793840da5de2 | 1686150481 | ->| 6009840 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4616975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4984614, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 58d3d4e8011ca5aa7a827bdb32984b46691cb5a9 | 1686150481 | ->| 6009840 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4616975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4984614, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 58d3d4e8011ca5aa7a827bdb32984b46691cb5a9 | 1686150481 | ->| 20632380 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16365, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 208986, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d2778f896a3ff2d865af50cbcd529dafcf714393 | 1686150482 | ->| 20632380 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16365, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 208986, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d2778f896a3ff2d865af50cbcd529dafcf714393 | 1686150482 | ->| 273248 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4940, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 34578885caf1a2e0b48b46d4e70eb01445acc5f0 | 1686150482 | ->| 273248 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4940, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 34578885caf1a2e0b48b46d4e70eb01445acc5f0 | 1686150482 | ->| 344762 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 227460, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | b6caa5f15f08024eda95d3eb61de207ea1db5ca7 | 1686150483 | ->| 344762 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 227460, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | b6caa5f15f08024eda95d3eb61de207ea1db5ca7 | 1686150483 | ->| 273249 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4940, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | ddff15d4914ff06b55fbac496362aaae7a2d3c9b | 1686150484 | ->| 273249 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4940, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | ddff15d4914ff06b55fbac496362aaae7a2d3c9b | 1686150484 | ->| 456700 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 430650, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 214898, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | a3342c659d56113fcf63287f1f2b51015a32a9fe | 1686150491 | ->| 456700 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 430650, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 214898, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | a3342c659d56113fcf63287f1f2b51015a32a9fe | 1686150491 | ->| 20655221 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19076, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e1a3dcfe7846ac93feb3b6c0d368c619551e2060 | 1686150496 | ->| 20655221 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19076, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e1a3dcfe7846ac93feb3b6c0d368c619551e2060 | 1686150496 | ->| 1808816 | PE/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 201237, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 166562, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8cee4323aa88793881d1e9753476ffd85e9909d2 | 1686150498 | ->| 1808816 | PE/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 201237, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 166562, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8cee4323aa88793881d1e9753476ffd85e9909d2 | 1686150498 | ->| 17414211 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1697169, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 341432, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 86323712891af72832dd179625c1c9e5f47ef5dc | 1686149728 | ->| 17414211 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1697169, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 341432, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 86323712891af72832dd179625c1c9e5f47ef5dc | 1686149728 | ->| 97050 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27202, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48756, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4b894706af749cdad62ced56233c32dc85274212 | 1686149728 | ->| 97050 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27202, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48756, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4b894706af749cdad62ced56233c32dc85274212 | 1686149728 | ->| 735478 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 555378, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 733133, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 2d4d4a0e0efea6efab5dff40951a996b10fe594c | 1686149732 | ->| 735478 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 555378, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 733133, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 2d4d4a0e0efea6efab5dff40951a996b10fe594c | 1686149732 | ->| 609570 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53613, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8513, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | aaed518e40e25ce0e29bd86cefa05cf4c6cdaad8 | 1686149732 | ->| 609570 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53613, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8513, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | aaed518e40e25ce0e29bd86cefa05cf4c6cdaad8 | 1686149732 | ->| 8295796 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3332145, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1798128, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | eb37a450426a73adc228c0b7af6b389fc7bdf56e | 1686149737 | ->| 8295796 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3332145, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1798128, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | eb37a450426a73adc228c0b7af6b389fc7bdf56e | 1686149737 | ->| 13028229 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29013, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 650100, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c38171b6039aed6b7b759e296ace24dc7d025b83 | 1686149738 | ->| 13028229 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29013, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 650100, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c38171b6039aed6b7b759e296ace24dc7d025b83 | 1686149738 | ->| 7240420 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4735924, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4985544, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 06b99fba88558d39bdb6dbb429327e38bd1a00a6 | 1686149740 | ->| 7240420 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4735924, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4985544, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 06b99fba88558d39bdb6dbb429327e38bd1a00a6 | 1686149740 | ->| 9198608 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6192194, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6196270, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d537cc50888e2276c7faf74e30d23c170738198a | 1686149744 | ->| 9198608 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6192194, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6196270, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d537cc50888e2276c7faf74e30d23c170738198a | 1686149744 | ->| 26307192 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3868176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3642636, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0503efcbe5861c3e0d079f9becb3485452b97235 | 1686149749 | ->| 26307192 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3868176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3642636, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0503efcbe5861c3e0d079f9becb3485452b97235 | 1686149749 | ->| 108432 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 45813, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17730, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6eb5e3bb205a25257bf20d66e9f4f70a7ae67d76 | 1686149755 | ->| 108432 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 45813, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17730, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6eb5e3bb205a25257bf20d66e9f4f70a7ae67d76 | 1686149755 | ->| 22828 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8423, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11498, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 51b0ba00682591290f80e5855f1a4db9998acf09 | 1686149756 | ->| 22828 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8423, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11498, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 51b0ba00682591290f80e5855f1a4db9998acf09 | 1686149756 | ->| 22894 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8489, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11564, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0c6f35b25d6e074fab3199944f85df197e063162 | 1686149766 | ->| 22894 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8489, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11564, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0c6f35b25d6e074fab3199944f85df197e063162 | 1686149766 | ->| 735481 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 555379, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 733136, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c95b0d982790b576d4b8b0eb0b5eb81c07e8eb87 | 1686149767 | ->| 735481 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 555379, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 733136, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c95b0d982790b576d4b8b0eb0b5eb81c07e8eb87 | 1686149767 | ->| 69910542 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 432346, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 401816, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c10dd19fb20e99ac5e03cc854fcb07f3a4689626 | 1686149774 | ->| 69910542 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 432346, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 401816, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c10dd19fb20e99ac5e03cc854fcb07f3a4689626 | 1686149774 | ->| 78078 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48075, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6b23dddf010be66788315ffbd673a8786e216cca | 1686149779 | ->| 78078 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48075, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6b23dddf010be66788315ffbd673a8786e216cca | 1686149779 | ->| 55035681 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6445000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5864743, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a20295d2941d01ad89f148221bfeeb4a7ae91c8a | 1686149785 | ->| 55035681 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6445000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5864743, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a20295d2941d01ad89f148221bfeeb4a7ae91c8a | 1686149785 | ->| 72160935 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25254788, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 62943840, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 3608d31f0528ed78f3b4c7325f48b21eaae7d6e9 | 1686149790 | ->| 72160935 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 64192330, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 3608d31f0528ed78f3b4c7325f48b21eaae7d6e9 | 1686149790 | ->| 72160935 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25254788, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 62943840, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 3608d31f0528ed78f3b4c7325f48b21eaae7d6e9 | 1686149790 | ->| 5053848 | PE/Exe/UPX | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 4631537, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 9d94d6d2c676ea1391707da336b08adb51a7602e | 1686149811 | ->| 48064504 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14832618, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6254126, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 949abf3b22fde0d82aabde30b447202a85a22976 | 1686149814 | ->| 48064504 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14832618, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6254126, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 949abf3b22fde0d82aabde30b447202a85a22976 | 1686149814 | ->| 17363501 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 276134, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4050570, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | ea2a042555d2ed5031699ab262dd36ee11140a47 | 1686149826 | ->| 17363501 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 276134, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4050570, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | ea2a042555d2ed5031699ab262dd36ee11140a47 | 1686149826 | ->| 1097787 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1026714, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1022464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8347104bb4f67e9f6a009dddab7d9ba64c1f1f34 | 1686149827 | ->| 1097787 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1026714, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1022464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8347104bb4f67e9f6a009dddab7d9ba64c1f1f34 | 1686149827 | ->| 9109956 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6903276, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7053407, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 68272eebbf35852ead3ca57e4d4057c1aca9e87f | 1686149828 | ->| 9109956 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6903276, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7053407, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 68272eebbf35852ead3ca57e4d4057c1aca9e87f | 1686149828 | ->| 129965 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28324, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49213, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8862e555dfb36ef346c9ab015e9cdc042742f905 | 1686149830 | ->| 129965 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28324, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49213, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8862e555dfb36ef346c9ab015e9cdc042742f905 | 1686149830 | ->| 3401029 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 546852, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12694, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4edebb0ccaf461b657eefd6de9daa819718702c5 | 1686149831 | ->| 3401029 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 546852, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12694, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4edebb0ccaf461b657eefd6de9daa819718702c5 | 1686149831 | ->| 12211580 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1831826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1825431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | bce246203d8df748692e5d67f7b43779ca18fcb8 | 1686149833 | ->| 12211580 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1831826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1825431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | bce246203d8df748692e5d67f7b43779ca18fcb8 | 1686149833 | ->| 130472 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31577, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53131, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | bb95e8d71ced34ca09a220bcd4740c05bb5beaae | 1686149835 | ->| 130472 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31577, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53131, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | bb95e8d71ced34ca09a220bcd4740c05bb5beaae | 1686149835 | ->| 21856 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 20432, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 49e3e9c608998a84c76dea1d14979748fa303108 | 1686149836 | ->| 21856 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 20432, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 49e3e9c608998a84c76dea1d14979748fa303108 | 1686149836 | ->| 8761628 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5623501, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5729635, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 638ee91a8195f803fb856b9cc58ec90b4e302d2d | 1686149838 | ->| 8761628 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5623501, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5729635, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 638ee91a8195f803fb856b9cc58ec90b4e302d2d | 1686149838 | ->| 80384 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3832, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4633, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d71c31ff1506662b75a69ab2f4c470acd4a608c6 | 1686149840 | ->| 80384 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3832, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4633, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d71c31ff1506662b75a69ab2f4c470acd4a608c6 | 1686149840 | ->| 2696810 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11164, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 2bb02417e2229ec6c67723720e8c047473bac428 | 1686149843 | ->| 2696810 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11164, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 2bb02417e2229ec6c67723720e8c047473bac428 | 1686149843 | ->| 291468 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30654, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 206411, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 861df3d24be5051f03b772a3614ece4f38c9453f | 1686149843 | ->| 291468 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30654, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 206411, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 861df3d24be5051f03b772a3614ece4f38c9453f | 1686149843 | ->| 9605652 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6219463, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7291032, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | dbb08be91da3fbb62d3a940f50ee262b8ee64a00 | 1686149843 | ->| 9605652 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6219463, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7291032, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | dbb08be91da3fbb62d3a940f50ee262b8ee64a00 | 1686149843 | ->| 7851776 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5738916, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5715983, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 44ecf0599917582d655aebecad3bff20428a95d5 | 1686149844 | ->| 7851776 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5738916, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5715983, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 44ecf0599917582d655aebecad3bff20428a95d5 | 1686149844 | ->| 134280 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31122, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52676, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7b954a9a584dfea3b50aa0d266ece12edd920de3 | 1686149844 | ->| 134280 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31122, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52676, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7b954a9a584dfea3b50aa0d266ece12edd920de3 | 1686149844 | ->| 1566720 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47648, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48358, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9ae122565cefb2d077ffd8015b2080dbcd66210a | 1686149846 | ->| 1566720 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47648, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48358, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9ae122565cefb2d077ffd8015b2080dbcd66210a | 1686149846 | ->| 1826525 | PE/Exe/PECompact | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 61949, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1772779, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 00d16698e37238fa735a1f1728bcbd5a43247e80 | 1686149846 | ->| 1826525 | PE/Exe/PECompact | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 61949, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1772779, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 00d16698e37238fa735a1f1728bcbd5a43247e80 | 1686149846 | ->| 31410 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29004, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17271, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d11b319f05e4ca0f27820748b503a59f24beb00d | 1686149846 | ->| 31410 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29004, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17271, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d11b319f05e4ca0f27820748b503a59f24beb00d | 1686149846 | ->| 81478 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31946, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 38816, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | fc16e1d11e96a3c32f5cb55d5dc6f50deeebc1af | 1686149850 | ->| 81478 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31946, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 38816, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | fc16e1d11e96a3c32f5cb55d5dc6f50deeebc1af | 1686149850 | ->| 718416 | Document/None/PDF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 20006, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 140853, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 84c987347c558fb79e603b4ce107e727b35d2ce0 | 1686149850 | ->| 718416 | Document/None/PDF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 20006, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 140853, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 84c987347c558fb79e603b4ce107e727b35d2ce0 | 1686149850 | ->| 7765124 | Binary/None/TNEF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1806802, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17011, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1898cb0bd9636e2770bef781e64c14ea930737d9 | 1686149851 | ->| 7765124 | Binary/None/TNEF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1806802, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17011, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1898cb0bd9636e2770bef781e64c14ea930737d9 | 1686149851 | ->| 7445844 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5463059, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5443224, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8397215a4ef8f0278ca94ac55bcfb7d951eb5991 | 1686149852 | ->| 7445844 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5463059, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5443224, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8397215a4ef8f0278ca94ac55bcfb7d951eb5991 | 1686149852 | ->| 58880 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3006, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5184, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 5e3ce373290c3ff3a161f20ce507f566ec02ef37 | 1686149853 | ->| 58880 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3006, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5184, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 5e3ce373290c3ff3a161f20ce507f566ec02ef37 | 1686149853 | ->| 34304 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16023, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 18191, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6419bbc857dfc05244305301ce04fd3101dfbc4e | 1686149856 | ->| 34304 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16023, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 18191, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6419bbc857dfc05244305301ce04fd3101dfbc4e | 1686149856 | ->| 13647 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5929, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7760, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | f498fa63f00a6c5d563c78597b1e603f00c292ba | 1686149856 | ->| 13647 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5929, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7760, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | f498fa63f00a6c5d563c78597b1e603f00c292ba | 1686149856 | ->| 10867247 | Document/None/PDF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 615042, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2517009, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 80ac906fe3153d272625e4cfd0e953d01dabc718 | 1686149858 | ->| 10867247 | Document/None/PDF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 615042, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2517009, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 80ac906fe3153d272625e4cfd0e953d01dabc718 | 1686149858 | ->| 10866832 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2275907, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2454431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6d61d48bbadf3a5eaeec617653c64493c03abc48 | 1686149861 | ->| 10866832 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2275907, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2454431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6d61d48bbadf3a5eaeec617653c64493c03abc48 | 1686149861 | ->| 5101876 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 2341502, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | e846d1ab898e95541e6682720022dfb7433b42a1 | 1686149862 | ->| 1200556 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 908895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1200168, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a7c06c5ff0f929a52d7d9e88315d9dd6109a7939 | 1686149867 | ->| 1200556 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 908895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1200168, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a7c06c5ff0f929a52d7d9e88315d9dd6109a7939 | 1686149867 | ->| 94208 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 52375, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 54543, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | e445f9ab6f8e1b5ca0c0f06e9afeeeaa81cb5fa7 | 1686149871 | ->| 94208 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 52375, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 54543, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | e445f9ab6f8e1b5ca0c0f06e9afeeeaa81cb5fa7 | 1686149871 | ->| 4403680 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1070028, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1569453, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 388bf96870666f99c68015c72e470b96afe330b6 | 1686149876 | ->| 4403680 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1070028, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1569453, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 388bf96870666f99c68015c72e470b96afe330b6 | 1686149876 | ->| 124306 | Document/None/RTF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 56115, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55176, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0c88ebb87d1db36ec61990b11b9046d8bfc84249 | 1686149876 | ->| 124306 | Document/None/RTF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 56115, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55176, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0c88ebb87d1db36ec61990b11b9046d8bfc84249 | 1686149876 | ->| 7532560 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5242377, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6199698, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a7175ec0cf4e1bd0976adf1c64fb4cdea1679a8b | 1686149880 | ->| 7532560 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5242377, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6199698, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a7175ec0cf4e1bd0976adf1c64fb4cdea1679a8b | 1686149880 | ->| 89227939 | PE+/Exe/SetupFactory | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 3721968, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 14f646a4c56d4a6908589ff38cfbc8904fef7ffd | 1686149881 | ->| 23765288 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23568888, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12392190, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 32e0479375a7efd4648e3243d95c8a184b723ff7 | 1686149882 | ->| 23765288 | PE/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 12386158, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 32e0479375a7efd4648e3243d95c8a184b723ff7 | 1686149882 | ->| 23765288 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23568888, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12392190, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 32e0479375a7efd4648e3243d95c8a184b723ff7 | 1686149882 | ->| 83456 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3807, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4722, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 08d52dd79c4506e569f6b44dd040c7666e1c990a | 1686149884 | ->| 83456 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3807, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4722, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 08d52dd79c4506e569f6b44dd040c7666e1c990a | 1686149884 | ->| 18747429 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1790351, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 434614, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9315db8fd8e974ed3f32fed4af2a87950051db31 | 1686149884 | ->| 18747429 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1790351, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 434614, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9315db8fd8e974ed3f32fed4af2a87950051db31 | 1686149884 | ->| 7971248 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6010248, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5922837, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7c0467942d6e3a17cb46f80485735703971be951 | 1686149899 | ->| 7971248 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6010248, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5922837, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7c0467942d6e3a17cb46f80485735703971be951 | 1686149899 | ->| 8746736 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6663701, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6518302, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c3905032ee58bd7252bfea670af4fae789ee65bc | 1686149904 | ->| 8746736 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6663701, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6518302, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c3905032ee58bd7252bfea670af4fae789ee65bc | 1686149904 | ->| 29495534 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7777152, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14315453, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 5448598e37f1525d59dbde93ed3226c699591660 | 1686149907 | ->| 29495534 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23706990, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 5448598e37f1525d59dbde93ed3226c699591660 | 1686149907 | ->| 29495534 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7777152, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14315453, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 5448598e37f1525d59dbde93ed3226c699591660 | 1686149907 | ->| 20208408 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8042295, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9983725, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1274f648fbf7ec60f349f91426520d5fed741a75 | 1686149911 | ->| 20208408 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8042295, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9983725, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1274f648fbf7ec60f349f91426520d5fed741a75 | 1686149911 | ->| 9360804 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6623554, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6393329, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a32a21cc68347f914640067d66a8eb9f3d718f97 | 1686149912 | ->| 9360804 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6623554, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6393329, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a32a21cc68347f914640067d66a8eb9f3d718f97 | 1686149912 | ->| 22696990 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 273776, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2310626, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 2ee61b0db428bd1943c0a3a23fa9657bdbae4525 | 1686149917 | ->| 22696990 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 273776, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2310626, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 2ee61b0db428bd1943c0a3a23fa9657bdbae4525 | 1686149917 | ->| 45056 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26775, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7215, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4a2a97a3ccc4f69e4369540afa9621517b61a70d | 1686149924 | ->| 45056 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26775, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7215, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4a2a97a3ccc4f69e4369540afa9621517b61a70d | 1686149924 | ->| 8178116 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5952245, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6078981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6187f8a655a0c8d63f7c0d0159ec48faf3926397 | 1686149926 | ->| 8178116 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5952245, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6078981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6187f8a655a0c8d63f7c0d0159ec48faf3926397 | 1686149926 | ->| 118949 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27159, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48713, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 010536c2287998f486647077d5f5f4cb14216f21 | 1686149928 | ->| 118949 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27159, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48713, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 010536c2287998f486647077d5f5f4cb14216f21 | 1686149928 | ->| 4397292 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1070008, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1563324, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 28104c2b1121a331071889a8285f18e4e5fa857e | 1686149932 | ->| 4397292 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1070008, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1563324, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 28104c2b1121a331071889a8285f18e4e5fa857e | 1686149932 | ->| 1126838 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 67755, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 301561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c068b6be9d12ef34c4bff6438217ec83aedb3920 | 1686149932 | ->| 1126838 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 67755, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 301561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c068b6be9d12ef34c4bff6438217ec83aedb3920 | 1686149932 | ->| 5742 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1420, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1478, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 784251aee0035f509d9a59f46a7854e3156eb1e8 | 1686149932 | ->| 5742 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1420, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1478, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 784251aee0035f509d9a59f46a7854e3156eb1e8 | 1686149932 | ->| 8342696 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5758241, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6719849, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1a5599d9ac6637d73e45a008eb13963a43a42de5 | 1686149933 | ->| 8342696 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5758241, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6719849, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1a5599d9ac6637d73e45a008eb13963a43a42de5 | 1686149933 | ->| 10935924 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7358335, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7658163, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | ad38d8e905018d8214d3d086a5314bc8baf530f0 | 1686149935 | ->| 10935924 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7358335, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7658163, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | ad38d8e905018d8214d3d086a5314bc8baf530f0 | 1686149935 | ->| 9367552 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3032179, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 699012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | f5e92bd7f79aa5e3dcd577b46ae8adb6ce796fdd | 1686149936 | ->| 9367552 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3032179, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 699012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | f5e92bd7f79aa5e3dcd577b46ae8adb6ce796fdd | 1686149936 | ->| 5615616 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 684425, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1855040, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 27177a9974cf5e51e406dfc565abec4323a7f460 | 1686149938 | ->| 5615616 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 684425, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1855040, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 27177a9974cf5e51e406dfc565abec4323a7f460 | 1686149938 | ->| 12587776 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1885979, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1879584, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 61f1d317d4b637547328d7bbd8db162332ffca96 | 1686149941 | ->| 12587776 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1885979, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1879584, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 61f1d317d4b637547328d7bbd8db162332ffca96 | 1686149941 | ->| 15528080 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7666937, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9603001, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 90006a605fefb15ef0e3ee3a7913e4e3085aa910 | 1686149943 | ->| 15528080 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7666937, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9603001, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 90006a605fefb15ef0e3ee3a7913e4e3085aa910 | 1686149943 | ->| 61198027 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3493267, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59650081, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 81fdd91f2f3ad757beaa4e99d1e696fe216572a7 | 1686149946 | ->| 61198027 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3493267, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59650081, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 81fdd91f2f3ad757beaa4e99d1e696fe216572a7 | 1686149946 | ->| 92550 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29380, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50934, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 11e37775d188125698553bb54b92212db30c9868 | 1686149952 | ->| 92550 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29380, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50934, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 11e37775d188125698553bb54b92212db30c9868 | 1686149952 | ->| 15909007 | PE+/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1572203, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4403826, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 3044d17533125b0e81479c13a3938c5f680945dd | 1686149952 | ->| 15909007 | PE+/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1572203, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4403826, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 3044d17533125b0e81479c13a3938c5f680945dd | 1686149952 | ->| 7030588 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4138419, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3925485, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 3e781f619085938c400ef62d124e1c160d8e606d | 1686149953 | ->| 7030588 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4138419, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3925485, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 3e781f619085938c400ef62d124e1c160d8e606d | 1686149953 | ->| 7891860 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5936181, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6065613, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9672712486f68f6ef3fa5ea1051a488652768782 | 1686149956 | ->| 7891860 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5936181, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6065613, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9672712486f68f6ef3fa5ea1051a488652768782 | 1686149956 | ->| 1126838 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 67755, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 301561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c068b6be9d12ef34c4bff6438217ec83aedb3920 | 1686149974 | ->| 1126838 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 67755, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 301561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c068b6be9d12ef34c4bff6438217ec83aedb3920 | 1686149974 | ->| 58853069 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 453396, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 422866, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7f61bf37ba7a45b4d9686384db4cccec61f67c47 | 1686149975 | ->| 58853069 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 453396, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 422866, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7f61bf37ba7a45b4d9686384db4cccec61f67c47 | 1686149975 | ->| 80896 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3807, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4617, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6fc8b4b91789e00438dc40c306b51a4cb607eb8d | 1686149975 | ->| 80896 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3807, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4617, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6fc8b4b91789e00438dc40c306b51a4cb607eb8d | 1686149975 | ->| 4090442 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2966063, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3005572, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a9102e50f879a876bcde1a65ed9e66061345af38 | 1686149977 | ->| 4090442 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2966063, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3005572, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a9102e50f879a876bcde1a65ed9e66061345af38 | 1686149977 | ->| 11287504 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9611205, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9336911, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 855439438fa49547ac12bdf953b32f72c719b2c9 | 1686149980 | ->| 11287504 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9611205, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9336911, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 855439438fa49547ac12bdf953b32f72c719b2c9 | 1686149980 | ->| 51580195 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 192859, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1055775, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | aa57da659dd7d00cce7d1435bfc8459087f51b6f | 1686149983 | ->| 51580195 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 192859, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1055775, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | aa57da659dd7d00cce7d1435bfc8459087f51b6f | 1686149983 | ->| 52603562 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5081683, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48790340, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7b645c555f2208a68b7d6aff201736b6e111d3cc | 1686149989 | ->| 52603562 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5081683, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48790340, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7b645c555f2208a68b7d6aff201736b6e111d3cc | 1686149989 | ->| 12364752 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10579965, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10306863, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6c745b37d30bdc06e8ace8b4189538403c4d5c8a | 1686149991 | ->| 12364752 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10579965, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10306863, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6c745b37d30bdc06e8ace8b4189538403c4d5c8a | 1686149991 | ->| 113599 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28965, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50276, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c797c0ed6564a46ae0ac9973f2b97411dbac4754 | 1686149993 | ->| 113599 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28965, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50276, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c797c0ed6564a46ae0ac9973f2b97411dbac4754 | 1686149993 | ->| 8720028 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6232135, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6035292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a12a22c2b0ecdbeb2f98a592328068591520225e | 1686149993 | ->| 8720028 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6232135, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6035292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a12a22c2b0ecdbeb2f98a592328068591520225e | 1686149993 | ->| 11722184 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10006757, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9731199, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d824b4da35e0527c04c91b45111790421e0df9c3 | 1686149993 | ->| 11722184 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10006757, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9731199, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d824b4da35e0527c04c91b45111790421e0df9c3 | 1686149993 | ->| 1647430 | Document/None/RTF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1504890, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1514081, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d416c83fd8bc78cc77ef30a8e5543b59f8b58f90 | 1686150001 | ->| 1647430 | Document/None/RTF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1504890, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1514081, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d416c83fd8bc78cc77ef30a8e5543b59f8b58f90 | 1686150001 | ->| 8185068 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1729023, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1836665, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a470d52b3da243f0a6e4f29990910c15fe877260 | 1686150003 | ->| 8185068 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1729023, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1836665, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a470d52b3da243f0a6e4f29990910c15fe877260 | 1686150003 | ->| 9058488 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2024065, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2076599, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 28cb515f6029996c620d90852ac18089b1ded110 | 1686150004 | ->| 9058488 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2024065, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2076599, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 28cb515f6029996c620d90852ac18089b1ded110 | 1686150004 | ->| 6957242 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1535249, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2867970, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 936ed9f8b5e106db89d568cdd6cf0d3768e35e8a | 1686150005 | ->| 6957242 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1535249, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2867970, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 936ed9f8b5e106db89d568cdd6cf0d3768e35e8a | 1686150005 | ->| 11402192 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9748709, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9479007, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 67bf7558493de43e5248d5c3fb0eff9ebe15e025 | 1686150005 | ->| 11402192 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9748709, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9479007, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 67bf7558493de43e5248d5c3fb0eff9ebe15e025 | 1686150005 | ->| 3560827 | ELF64 Little/SO | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 134236, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3282561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 09a2f81add6a24707bf53b87fc35649648d83d84 | 1686150008 | ->| 3560827 | ELF64 Little/SO | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 134236, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3282561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 09a2f81add6a24707bf53b87fc35649648d83d84 | 1686150008 | ->| 24621335 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1120542, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1090012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 42b2ae12dea46ea047d05762919e9b4bfe5ef788 | 1686150010 | ->| 24621335 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1120542, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1090012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 42b2ae12dea46ea047d05762919e9b4bfe5ef788 | 1686150010 | ->| 27294631 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2867337, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5192795, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | fadcba6ae6a7d80804672d39716caf6d6b236548 | 1686150010 | ->| 27294631 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2867337, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5192795, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | fadcba6ae6a7d80804672d39716caf6d6b236548 | 1686150010 | ->| 563708 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 71256, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13295, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | ec4ae655adbbb3805d80b71db833024062f40a30 | 1686150022 | ->| 563708 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 71256, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13295, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | ec4ae655adbbb3805d80b71db833024062f40a30 | 1686150022 | ->| 23674771 | PE/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1113582, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 898210, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c3b9b20d2b059c554bfedcf02f7e20a78ea0b634 | 1686150029 | ->| 23674771 | PE/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1113582, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 898210, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c3b9b20d2b059c554bfedcf02f7e20a78ea0b634 | 1686150029 | ->| 8696352 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6448188, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5556020, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8c6478d4da8936bbd1c41d55d627e5947f350a3c | 1686150030 | ->| 8696352 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6448188, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5556020, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8c6478d4da8936bbd1c41d55d627e5947f350a3c | 1686150030 | ->| 89737 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27489, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49043, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | ea0cd712f5841da8a42c88b5531580a67a46606d | 1686150040 | ->| 89737 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27489, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49043, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | ea0cd712f5841da8a42c88b5531580a67a46606d | 1686150040 | ->| 7919852 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5071035, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5906334, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 639f26fcdf4cf23f537da436e579d7642bb88a34 | 1686150042 | ->| 7919852 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5071035, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5906334, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 639f26fcdf4cf23f537da436e579d7642bb88a34 | 1686150042 | ->| 4740152 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3564800, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3647079, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0e2b28a93eb1a6028a450f2d0fb17b8a4142c838 | 1686150044 | ->| 4740152 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3564800, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3647079, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0e2b28a93eb1a6028a450f2d0fb17b8a4142c838 | 1686150044 | ->| 8722544 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6754191, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7446396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 11da04c21b47ff12ad322a6b23556b240c57e132 | 1686150045 | ->| 8722544 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6754191, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7446396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 11da04c21b47ff12ad322a6b23556b240c57e132 | 1686150045 | ->| 3826214 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 68922, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3251864, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 57e01329fd57cdf43d48e6126dcb04a9a649f486 | 1686150045 | ->| 3826214 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 68922, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3251864, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 57e01329fd57cdf43d48e6126dcb04a9a649f486 | 1686150045 | ->| 90401 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30206, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51760, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | eb539586df1f83a1ad6a46578ae93af47d28e583 | 1686150050 | ->| 90401 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30206, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51760, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | eb539586df1f83a1ad6a46578ae93af47d28e583 | 1686150050 | ->| 5196432 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1774761, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1594184, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0dfbab7b39fe2df27cc3c450a33703e862548e7c | 1686150050 | ->| 5196432 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1774761, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1594184, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0dfbab7b39fe2df27cc3c450a33703e862548e7c | 1686150050 | ->| 88693 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25563, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 47117, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4f0abfde4499ca4265efaa76240165eeec26ae9c | 1686150055 | ->| 88693 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25563, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 47117, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4f0abfde4499ca4265efaa76240165eeec26ae9c | 1686150055 | ->| 3114071 | ELF32 Little/SO | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 104418, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2618650, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | e99fb966b75da3eb02a16fcac3b36c3a9194b857 | 1686150056 | ->| 3114071 | ELF32 Little/SO | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 104418, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2618650, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | e99fb966b75da3eb02a16fcac3b36c3a9194b857 | 1686150056 | ->| 28120902 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22260169, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 27281148, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0ac06711934890049220bec85d224ca6a69a4abf | 1686150060 | ->| 28120902 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22260169, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 27281148, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0ac06711934890049220bec85d224ca6a69a4abf | 1686150060 | ->| 28328686 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6610304, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13148605, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7929803a26acbb9fbec06ee003d65fb01966f3a9 | 1686150077 | ->| 28328686 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6610304, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13148605, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7929803a26acbb9fbec06ee003d65fb01966f3a9 | 1686150077 | ->| 28328686 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22540142, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 7929803a26acbb9fbec06ee003d65fb01966f3a9 | 1686150077 | ->| 18271076 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 273776, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4064513, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8efe34081ab998e156e537df4da387b0a4bd7f08 | 1686150078 | ->| 18271076 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 273776, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4064513, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8efe34081ab998e156e537df4da387b0a4bd7f08 | 1686150078 | ->| 28018926 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6300544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12838845, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 3095cf7fcee94f7ca177dd1cb4aea29b5b451116 | 1686150083 | ->| 28018926 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22230382, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 3095cf7fcee94f7ca177dd1cb4aea29b5b451116 | 1686150083 | ->| 28018926 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6300544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12838845, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 3095cf7fcee94f7ca177dd1cb4aea29b5b451116 | 1686150083 | ->| 27306734 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5588352, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12126653, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 32c438b9048acb085fda9bd828fe370804e83b5c | 1686150084 | ->| 27306734 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5588352, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12126653, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 32c438b9048acb085fda9bd828fe370804e83b5c | 1686150084 | ->| 27306734 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 21518190, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 32c438b9048acb085fda9bd828fe370804e83b5c | 1686150084 | ->| 81650 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16951, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 39263, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 37b6ec97243b59e031215a7c79c76bd535c94a11 | 1686150090 | ->| 81650 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16951, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 39263, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 37b6ec97243b59e031215a7c79c76bd535c94a11 | 1686150090 | ->| 181777 | Document/None/PDF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9977, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8279, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8e5698b6c99e84ef251da396e57801eea4d4a7e0 | 1686150096 | ->| 181777 | Document/None/PDF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9977, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8279, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8e5698b6c99e84ef251da396e57801eea4d4a7e0 | 1686150096 | ->| 271360 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 119107, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 118595, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 2b1c1ebb77a69accf7ade4a6656a229a8236da23 | 1686150101 | ->| 271360 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 119107, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 118595, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 2b1c1ebb77a69accf7ade4a6656a229a8236da23 | 1686150101 | ->| 583414 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 304758, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30495, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c90a2097bb3ef3b7782b569aad3a7a402c40ece6 | 1686150102 | ->| 583414 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 304758, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30495, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c90a2097bb3ef3b7782b569aad3a7a402c40ece6 | 1686150102 | ->| 5011956 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3830891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4122073, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | bceeab17f46e635c4d2d8e83ba98fc53d3b94409 | 1686150104 | ->| 5011956 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3830891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4122073, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | bceeab17f46e635c4d2d8e83ba98fc53d3b94409 | 1686150104 | ->| 22521 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 17697, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22133, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7370d7caf811dc3fb9b8ded4fb3a23d36997253d | 1686150104 | ->| 22521 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 17697, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22133, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7370d7caf811dc3fb9b8ded4fb3a23d36997253d | 1686150104 | ->| 7701312 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5240872, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6126943, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | af1458eda29940c81e42bf6a11d689b9363a575b | 1686150107 | ->| 7701312 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5240872, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6126943, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | af1458eda29940c81e42bf6a11d689b9363a575b | 1686150107 | ->| 8298484 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1572183, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2680377, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 99047e1bf6e16b647f124db80faf90d91947643e | 1686150109 | ->| 8298484 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1572183, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2680377, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 99047e1bf6e16b647f124db80faf90d91947643e | 1686150109 | ->| 105267 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 849, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30630, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 891e13aa1d764808d787be69ae3e8188345891ed | 1686150115 | ->| 105267 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 849, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30630, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 891e13aa1d764808d787be69ae3e8188345891ed | 1686150115 | ->| 6390588 | PE+/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3498419, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3285485, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 732c2810e0cecccdfbcf3a052753060d8158643d | 1686150119 | ->| 6390588 | PE+/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3498419, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3285485, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 732c2810e0cecccdfbcf3a052753060d8158643d | 1686150119 | ->| 102498470 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26303220, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15358931, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 89f539a36777589582b45b5ab3f1c4b8c392a519 | 1686150124 | ->| 102498470 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26303220, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15358931, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 89f539a36777589582b45b5ab3f1c4b8c392a519 | 1686150124 | ->| 223744 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 21284, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15037, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 025d67d07d1d4c0c6815dd671c5021f2d1dbeb2d | 1686150124 | ->| 223744 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 21284, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15037, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 025d67d07d1d4c0c6815dd671c5021f2d1dbeb2d | 1686150124 | ->| 34840 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1586, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 20241, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 247dda310be523a670399ce08ac7576eeffceba9 | 1686150127 | ->| 34840 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1586, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 20241, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 247dda310be523a670399ce08ac7576eeffceba9 | 1686150127 | ->| 97689 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34565, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 56119, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | ce2fbbb268352f30e63708658a895b55d5994a21 | 1686150127 | ->| 97689 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34565, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 56119, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | ce2fbbb268352f30e63708658a895b55d5994a21 | 1686150127 | ->| 608019 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 120997, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 179775, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 81bc384770e1fcf3d32e38b69e7fa6dfd68eceb5 | 1686150128 | ->| 608019 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 120997, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 179775, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 81bc384770e1fcf3d32e38b69e7fa6dfd68eceb5 | 1686150128 | ->| 7109996 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5978050, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4853648, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 2a354db1cbe01973b6ea523d0842327ddafc17b8 | 1686150129 | ->| 7109996 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5978050, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4853648, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 2a354db1cbe01973b6ea523d0842327ddafc17b8 | 1686150129 | ->| 11060751 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 208731, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4067711, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d328639db252e6882cde55b4d96fb6c6917ce647 | 1686150135 | ->| 11060751 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 208731, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4067711, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d328639db252e6882cde55b4d96fb6c6917ce647 | 1686150135 | ->| 102034 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31083, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52637, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9d13375b63610249a16e7eec10b2be064c7097f7 | 1686150136 | ->| 102034 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31083, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52637, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9d13375b63610249a16e7eec10b2be064c7097f7 | 1686150136 | ->| 24915182 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19126638, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 3c24cca2a6bfa8faaa35756e6814802dbcd751f2 | 1686150137 | ->| 24915182 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3196800, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9735101, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 3c24cca2a6bfa8faaa35756e6814802dbcd751f2 | 1686150137 | ->| 24915182 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3196800, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9735101, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 3c24cca2a6bfa8faaa35756e6814802dbcd751f2 | 1686150137 | ->| 26192622 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 20404078, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 9c9d925179896d29421f881eb5ad77af9e8bc7fb | 1686150137 | ->| 26192622 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4474240, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11012541, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9c9d925179896d29421f881eb5ad77af9e8bc7fb | 1686150137 | ->| 26192622 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4474240, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11012541, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9c9d925179896d29421f881eb5ad77af9e8bc7fb | 1686150137 | ->| 26345710 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 20557166, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | d6d554d74fdfd98418b8fa34338056708291599e | 1686150137 | ->| 26345710 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4627328, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11165629, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d6d554d74fdfd98418b8fa34338056708291599e | 1686150137 | ->| 26345710 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4627328, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11165629, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d6d554d74fdfd98418b8fa34338056708291599e | 1686150137 | ->| 25406702 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3688320, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10226621, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1799c607028ad0ed4d15e46bb80cc0a70683e90f | 1686150137 | ->| 25406702 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3688320, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10226621, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1799c607028ad0ed4d15e46bb80cc0a70683e90f | 1686150137 | ->| 25406702 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19618158, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 1799c607028ad0ed4d15e46bb80cc0a70683e90f | 1686150137 | ->| 25241838 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19453294, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | f5be7fa83024d787932ead402e6a0a63da6eb443 | 1686150138 | ->| 25241838 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3523456, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10061757, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | f5be7fa83024d787932ead402e6a0a63da6eb443 | 1686150138 | ->| 25241838 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3523456, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10061757, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | f5be7fa83024d787932ead402e6a0a63da6eb443 | 1686150138 | ->| 27273966 | PE/Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 21485422, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | f9461339c56853fd3b535f99bc72bd2b897591d0 | 1686150138 | ->| 27273966 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5555584, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12093885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | f9461339c56853fd3b535f99bc72bd2b897591d0 | 1686150138 | ->| 27273966 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5555584, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12093885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | f9461339c56853fd3b535f99bc72bd2b897591d0 | 1686150138 | ->| 26257134 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4538752, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11077053, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | bbda585b97e741d2fb638684255a0c49daafadac | 1686150138 | ->| 26257134 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 20468590, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | bbda585b97e741d2fb638684255a0c49daafadac | 1686150138 | ->| 26257134 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4538752, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11077053, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | bbda585b97e741d2fb638684255a0c49daafadac | 1686150138 | ->| 4620288 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2649834, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2685878, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 102d0b298f078b7d115083307e4ca0ed1bcbd134 | 1686150138 | ->| 4620288 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2649834, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2685878, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 102d0b298f078b7d115083307e4ca0ed1bcbd134 | 1686150138 | ->| 489616 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 38581, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22168, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 32de67e7b17be1d18964e2086362b34f3c7b3575 | 1686150138 | ->| 489616 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 38581, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22168, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 32de67e7b17be1d18964e2086362b34f3c7b3575 | 1686150138 | ->| 33862 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26439, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23818, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 40caa9fe8fa64c0f9ba67298941a34d042cff179 | 1686150138 | ->| 33862 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26439, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23818, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 40caa9fe8fa64c0f9ba67298941a34d042cff179 | 1686150138 | ->| 85008 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49445, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 37c285df8d320279049afa0c23fa334a3bbeda77 | 1686150139 | ->| 85008 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49445, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 37c285df8d320279049afa0c23fa334a3bbeda77 | 1686150139 | ->| 27974382 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22185838, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 153a8db91757b63b2d6f178bb9d02ea5208c9457 | 1686150139 | ->| 27974382 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6256000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12794301, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 153a8db91757b63b2d6f178bb9d02ea5208c9457 | 1686150139 | ->| 27974382 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6256000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12794301, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 153a8db91757b63b2d6f178bb9d02ea5208c9457 | 1686150139 | ->| 28105966 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6387584, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12925885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d50286aa8bb8c3014247b90adb746b25bfd31003 | 1686150139 | ->| 28105966 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22317422, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | d50286aa8bb8c3014247b90adb746b25bfd31003 | 1686150139 | ->| 28105966 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6387584, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12925885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d50286aa8bb8c3014247b90adb746b25bfd31003 | 1686150139 | ->| 29250286 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7531904, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14070205, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6c074b89819c235bdeb338af24c7c735ad0035ec | 1686150140 | ->| 29250286 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7531904, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14070205, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6c074b89819c235bdeb338af24c7c735ad0035ec | 1686150140 | ->| 29250286 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23461742, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 6c074b89819c235bdeb338af24c7c735ad0035ec | 1686150140 | ->| 58288120 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 41036824, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23548621, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c9812fa79f7c7d3a61f8ed156a3f9047aba84256 | 1686150140 | ->| 58288120 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 41036824, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23548621, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c9812fa79f7c7d3a61f8ed156a3f9047aba84256 | 1686150140 | ->| 27151086 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5432704, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11971005, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6f9101e3313d15831fe21dca4f41cd305a5a42b0 | 1686150140 | ->| 27151086 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5432704, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11971005, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6f9101e3313d15831fe21dca4f41cd305a5a42b0 | 1686150140 | ->| 27151086 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 21362542, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 6f9101e3313d15831fe21dca4f41cd305a5a42b0 | 1686150140 | ->| 25467630 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3749248, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10287549, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 54553aa667794ecaf466add2eb68115e655bb142 | 1686150142 | ->| 25467630 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3749248, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10287549, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 54553aa667794ecaf466add2eb68115e655bb142 | 1686150142 | ->| 25467630 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19679086, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 54553aa667794ecaf466add2eb68115e655bb142 | 1686150142 | ->| 24958190 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3239808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9778109, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 96485038e952a3ea5b05d3b73cb09e16746f05fe | 1686150142 | ->| 24958190 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19169646, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 96485038e952a3ea5b05d3b73cb09e16746f05fe | 1686150142 | ->| 24958190 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3239808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9778109, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 96485038e952a3ea5b05d3b73cb09e16746f05fe | 1686150142 | ->| 22632960 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12832781, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17325113, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d9470e93a7f0471df16a93a2df001e35f383b358 | 1686150143 | ->| 22632960 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12832781, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17325113, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d9470e93a7f0471df16a93a2df001e35f383b358 | 1686150143 | ->| 28521710 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6803328, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13341629, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a9e434ae7946b87a7a35e1ceea2a3585c63364ff | 1686150146 | ->| 28521710 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22733166, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | a9e434ae7946b87a7a35e1ceea2a3585c63364ff | 1686150146 | ->| 28521710 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6803328, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13341629, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a9e434ae7946b87a7a35e1ceea2a3585c63364ff | 1686150146 | ->| 28730094 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7011712, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13550013, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 722d9445761cedf9cf95b00a27484c98b198a087 | 1686150147 | ->| 28730094 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22941550, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 722d9445761cedf9cf95b00a27484c98b198a087 | 1686150147 | ->| 28730094 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7011712, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13550013, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 722d9445761cedf9cf95b00a27484c98b198a087 | 1686150147 | ->| 19508784 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14359504, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16198715, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a074e8cd0d7f96a1660eb8034c9d4bb659911d8c | 1686150151 | ->| 19508784 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14359504, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16198715, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a074e8cd0d7f96a1660eb8034c9d4bb659911d8c | 1686150151 | ->| 134656 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4983, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3404, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 5c5149ddc70c1570f08aeaadf3ae7f9c0b62aa44 | 1686150153 | ->| 134656 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4983, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3404, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 5c5149ddc70c1570f08aeaadf3ae7f9c0b62aa44 | 1686150153 | ->| 123956 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35591, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57145, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4151684c657f55df0fbcf6f23e4ff59a3d434933 | 1686150154 | ->| 123956 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35591, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57145, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4151684c657f55df0fbcf6f23e4ff59a3d434933 | 1686150154 | ->| 89099 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27245, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48799, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c1c8b28dccfe8d0b1019ccd86c4a64b6deff30f6 | 1686150158 | ->| 89099 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27245, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48799, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c1c8b28dccfe8d0b1019ccd86c4a64b6deff30f6 | 1686150158 | ->| 526968 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 656, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9a1f873e7ca75688bb3ecf3538c673994ea8f06e | 1686150159 | ->| 526968 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 656, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9a1f873e7ca75688bb3ecf3538c673994ea8f06e | 1686150159 | ->| 3652720 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1101203, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1128397, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 946bccb4633670592563b838e8905d87d32006c9 | 1686150162 | ->| 3652720 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1101203, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1128397, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 946bccb4633670592563b838e8905d87d32006c9 | 1686150162 | ->| 9176564 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6268070, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7592405, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 30a5cb71610bf97bb780db06d1c3a685558cef60 | 1686150163 | ->| 9176564 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6268070, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7592405, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 30a5cb71610bf97bb780db06d1c3a685558cef60 | 1686150163 | ->| 6925744 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4923140, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4887861, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c552441469a45b5342205401366537d43dfbf1c3 | 1686150164 | ->| 6925744 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4923140, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4887861, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c552441469a45b5342205401366537d43dfbf1c3 | 1686150164 | ->| 7991496 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2569503, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3902224, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9f236dccf15907ee09d04f6c8a451bd42b1d4e2d | 1686150165 | ->| 7991496 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2569503, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3902224, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9f236dccf15907ee09d04f6c8a451bd42b1d4e2d | 1686150165 | ->| 5979364 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4057685, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4165750, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 967fcbf4e10d26548398eec462c166d1df722266 | 1686150165 | ->| 5979364 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4057685, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4165750, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 967fcbf4e10d26548398eec462c166d1df722266 | 1686150165 | ->| 9728028 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6334598, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6463104, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 5d2ee739905d5f78b6e31684f3bb92423647692b | 1686150166 | ->| 9728028 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6334598, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6463104, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 5d2ee739905d5f78b6e31684f3bb92423647692b | 1686150166 | ->| 8267816 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5914695, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5870746, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | bb7e753018fc4b3c1fdc780a364df59d2e566e67 | 1686150167 | ->| 8267816 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5914695, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5870746, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | bb7e753018fc4b3c1fdc780a364df59d2e566e67 | 1686150167 | ->| 6904424 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4921711, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5569145, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 750679ecdaac688baa60e32674e510f60cac2ba1 | 1686150167 | ->| 6904424 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4921711, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5569145, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 750679ecdaac688baa60e32674e510f60cac2ba1 | 1686150167 | ->| 8668000 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5790672, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5929530, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8d17ecf99008a1800aa77b798c53f75f34db635f | 1686150167 | ->| 8668000 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5790672, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5929530, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8d17ecf99008a1800aa77b798c53f75f34db635f | 1686150167 | ->| 8020420 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1730444, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1955210, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 098c13f1d5cc4b6038d67874cd2340c470047bde | 1686150168 | ->| 8020420 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1730444, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1955210, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 098c13f1d5cc4b6038d67874cd2340c470047bde | 1686150168 | ->| 9653972 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1796540, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1636817, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 683b6403118d4a672e2f31efef768346320c5d5d | 1686150169 | ->| 9653972 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1796540, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1636817, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 683b6403118d4a672e2f31efef768346320c5d5d | 1686150169 | ->| 5534364 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4320126, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4305821, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 2627f11c33033737de957cf52cc29297d0810371 | 1686150169 | ->| 5534364 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4320126, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4305821, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 2627f11c33033737de957cf52cc29297d0810371 | 1686150169 | ->| 10148688 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1961186, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2836228, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9834a9b1ff7edf23552ac4e15464a50ced1f90fa | 1686150170 | ->| 10148688 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1961186, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2836228, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9834a9b1ff7edf23552ac4e15464a50ced1f90fa | 1686150170 | ->| 8828660 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6406510, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6382932, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 48bd69a510ba602c73863ad2afb6b1455e858335 | 1686150170 | ->| 8828660 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6406510, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6382932, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 48bd69a510ba602c73863ad2afb6b1455e858335 | 1686150170 | ->| 6136097 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 3709386, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 5bc8ccc3bfd1b1c9bb5c14f442c70a32efa61a71 | 1686150172 | ->| 19905987 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2216386, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1636129, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9f547ef8cba3b6f25f8c7fe2cacf62496c78cf09 | 1686150174 | ->| 19905987 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2216386, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1636129, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9f547ef8cba3b6f25f8c7fe2cacf62496c78cf09 | 1686150174 | ->| 1215488 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 576416, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 059403186f3a5d4832bd7bf3e137ab532076c37c | 1686150175 | ->| 62215476 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25262900, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53345796, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | af6b75fe56e8568402c36c11a851c31519729d09 | 1686150176 | ->| 62215476 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25262900, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53345796, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | af6b75fe56e8568402c36c11a851c31519729d09 | 1686150176 | ->| 62215476 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 53626293, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | af6b75fe56e8568402c36c11a851c31519729d09 | 1686150176 | ->| 8790228 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5984952, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7594298, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 791352f0f97961d04505e72dbbc4c90521823212 | 1686150176 | ->| 8790228 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5984952, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7594298, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 791352f0f97961d04505e72dbbc4c90521823212 | 1686150176 | ->| 3970896 | PE/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1384326, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3217764, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 739c8e7a85bf46ced7d5926d46f5327b03c13e39 | 1686150177 | ->| 3970896 | PE/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1384326, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3217764, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 739c8e7a85bf46ced7d5926d46f5327b03c13e39 | 1686150177 | ->| 370759 | Text/HTML/HTML | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 120638, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | d15409e85cbcd767078d35da6402415a8786b261 | 1686150178 | ->| 19508784 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14359504, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16198715, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a074e8cd0d7f96a1660eb8034c9d4bb659911d8c | 1686150178 | ->| 19508784 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14359504, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16198715, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a074e8cd0d7f96a1660eb8034c9d4bb659911d8c | 1686150178 | ->| 9376260 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6790310, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7997401, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 69b79a4acbecc8d616965ccde616fbed0bce6bb6 | 1686150180 | ->| 9376260 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6790310, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7997401, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 69b79a4acbecc8d616965ccde616fbed0bce6bb6 | 1686150180 | ->| 25092884 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3544155, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3318615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0061d1045777f0d4ffa785a37224981e663cadef | 1686150187 | ->| 25092884 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3544155, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3318615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0061d1045777f0d4ffa785a37224981e663cadef | 1686150187 | ->| 29217518 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23428974, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0 | 1686150197 | ->| 29217518 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7499136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14037437, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0 | 1686150197 | ->| 29217518 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7499136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14037437, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0 | 1686150197 | ->| 29422318 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7703936, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14242237, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a90063b91d8f19cd55120a84a2264dbb56e46594 | 1686150197 | ->| 29422318 | PE/Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23633774, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | a90063b91d8f19cd55120a84a2264dbb56e46594 | 1686150197 | ->| 29422318 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7703936, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14242237, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a90063b91d8f19cd55120a84a2264dbb56e46594 | 1686150197 | ->| 25040110 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3321728, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9860029, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229 | 1686150199 | ->| 25040110 | PE/Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19251566, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229 | 1686150199 | ->| 25040110 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3321728, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9860029, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229 | 1686150199 | ->| 28910318 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7191936, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13730237, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 765176df2ecd44d2f33c9a3e09cfffd38b86dc64 | 1686150200 | ->| 28910318 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7191936, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13730237, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 765176df2ecd44d2f33c9a3e09cfffd38b86dc64 | 1686150200 | ->| 28910318 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23121774, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 765176df2ecd44d2f33c9a3e09cfffd38b86dc64 | 1686150200 | ->| 32130008 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 977110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 761738, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | ae7ff1a8ecc631ba5589735ad0fafbe18d1c41e5 | 1686150201 | ->| 32130008 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 977110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 761738, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | ae7ff1a8ecc631ba5589735ad0fafbe18d1c41e5 | 1686150201 | ->| 66892302 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3139247, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2558990, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 5e440414494a26e2ee213b9b681d867ad39b9f80 | 1686150214 | ->| 66892302 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3139247, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2558990, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 5e440414494a26e2ee213b9b681d867ad39b9f80 | 1686150214 | ->| 166833664 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 143364306, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 146750644, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6adeec98314a2649c39350736d889cd272a391b8 | 1686150221 | ->| 166833664 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 143364306, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 146750644, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6adeec98314a2649c39350736d889cd272a391b8 | 1686150221 | ->| 138356736 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 113475200, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 116917070, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | eb3c36c843befc50091898fb978f83d45d32e422 | 1686150228 | ->| 138356736 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 113475200, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 116917070, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | eb3c36c843befc50091898fb978f83d45d32e422 | 1686150228 | ->| 93670 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28715, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50269, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c3a0a929800a0ebe66ac85e6667c6644e872b09d | 1686150231 | ->| 93670 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28715, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50269, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c3a0a929800a0ebe66ac85e6667c6644e872b09d | 1686150231 | ->| 8553924 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5876359, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6986177, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a3b265af2589cf44aecb2049803a5a4ff84bb202 | 1686150232 | ->| 8553924 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5876359, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6986177, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a3b265af2589cf44aecb2049803a5a4ff84bb202 | 1686150232 | ->| 88241 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27207, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48761, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c2643a9a4997e6e3e51685cab2f9c6fd4abc7611 | 1686150237 | ->| 88241 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27207, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48761, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c2643a9a4997e6e3e51685cab2f9c6fd4abc7611 | 1686150237 | ->| 9414708 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6335661, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6370528, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7d304cf9efb664f2ccd968904d504ed8c576e654 | 1686150239 | ->| 9414708 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6335661, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6370528, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7d304cf9efb664f2ccd968904d504ed8c576e654 | 1686150239 | ->| 10379992 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6814165, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8323239, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | fb499f3e7de44f21eb9cb1a956f3f767d4ed47f0 | 1686150241 | ->| 10379992 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6814165, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8323239, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | fb499f3e7de44f21eb9cb1a956f3f767d4ed47f0 | 1686150241 | ->| 5250 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2325, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4097, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 630991c60909126d75f94b113fd177180f6712ea | 1686150245 | ->| 5250 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2325, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4097, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 630991c60909126d75f94b113fd177180f6712ea | 1686150245 | ->| 82432 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3828, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4798, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 797c389bd066a4a04c2bce344cb60123443ec81e | 1686150247 | ->| 82432 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3828, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4798, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 797c389bd066a4a04c2bce344cb60123443ec81e | 1686150247 | ->| 111806 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29792, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51346, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8ad9ad7f0468ebd22e0d9e8384c4a107857333a5 | 1686150247 | ->| 111806 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29792, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51346, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8ad9ad7f0468ebd22e0d9e8384c4a107857333a5 | 1686150247 | ->| 27570 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15335, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19448, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1bfc6472d02cab3b91ce506a17d9cad64804871c | 1686150248 | ->| 27570 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15335, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19448, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1bfc6472d02cab3b91ce506a17d9cad64804871c | 1686150248 | ->| 450048 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 288291, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 221176, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 111bcee00d7c3d6df8c1420ee0de782eb1937133 | 1686150248 | ->| 450048 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 288291, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 221176, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 111bcee00d7c3d6df8c1420ee0de782eb1937133 | 1686150248 | ->| 2600888 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2163112, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2014788, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7e32d3bc9afd569852093401de5c4bb5f44b76ff | 1686150249 | ->| 2600888 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2163112, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2014788, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7e32d3bc9afd569852093401de5c4bb5f44b76ff | 1686150249 | ->| 175221 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35882, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57436, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 423a146bc73d434a9f39de260f567dd8d0258d47 | 1686150250 | ->| 175221 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35882, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57436, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 423a146bc73d434a9f39de260f567dd8d0258d47 | 1686150250 | ->| 8509312 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6222960, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6167524, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 19b22d0a540bac402aa018c7df49bd97bf02f44a | 1686150251 | ->| 8509312 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6222960, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6167524, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 19b22d0a540bac402aa018c7df49bd97bf02f44a | 1686150251 | ->| 80864416 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2597762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2017505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | e8a00ce275d0d66559cadb01b10a0ae2d441c60d | 1686150258 | ->| 80864416 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2597762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2017505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | e8a00ce275d0d66559cadb01b10a0ae2d441c60d | 1686150258 | ->| 20964640 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7215661, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11972784, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | e8aeecd01fdf0e1521090598c2180f5cb575f6e6 | 1686150261 | ->| 20964640 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7215661, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11972784, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | e8aeecd01fdf0e1521090598c2180f5cb575f6e6 | 1686150261 | ->| 275456 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5162, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6481, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c11a9ca1d3c3b6eaa69adcf6eb9f4c723e990aec | 1686150261 | ->| 275456 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5162, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6481, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c11a9ca1d3c3b6eaa69adcf6eb9f4c723e990aec | 1686150261 | ->| 87323 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27477, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49031, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 19f3b61586f5cb7808ed718fae3b99408fcde7b8 | 1686150263 | ->| 87323 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27477, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49031, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 19f3b61586f5cb7808ed718fae3b99408fcde7b8 | 1686150263 | ->| 12437976 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10483381, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10170287, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | bd599890f96bfd2cb617bc1155bd15fc40a084ed | 1686150266 | ->| 12437976 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10483381, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10170287, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | bd599890f96bfd2cb617bc1155bd15fc40a084ed | 1686150266 | ->| 10148938 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 864896, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14986, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0233a0fec543e6232060515a2e26cc58c2a75623 | 1686150268 | ->| 10148938 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 864896, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14986, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0233a0fec543e6232060515a2e26cc58c2a75623 | 1686150268 | ->| 9892620 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6562492, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7558230, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 75f9a61c03ade1bbb0cb9046a95a50c6c6fbc09a | 1686150270 | ->| 9892620 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6562492, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7558230, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 75f9a61c03ade1bbb0cb9046a95a50c6c6fbc09a | 1686150270 | ->| 9560808 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6901970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6907982, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | fbcc73b821ae5184783a597050d8ebd62835bfc9 | 1686150270 | ->| 9560808 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6901970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6907982, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | fbcc73b821ae5184783a597050d8ebd62835bfc9 | 1686150270 | ->| 18831446 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 265862, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12964500, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 25e03817dafe65daaa426190b00318324d21cf71 | 1686150270 | ->| 18831446 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 265862, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12964500, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 25e03817dafe65daaa426190b00318324d21cf71 | 1686150270 | ->| 8165976 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3933805, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4859118, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | f4678063bfee99893461cd18f9ec4556382d102f | 1686150272 | ->| 8165976 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3933805, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4859118, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | f4678063bfee99893461cd18f9ec4556382d102f | 1686150272 | ->| 101077 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27765, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49319, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 62ea9191258518515b4be63a7c69a39b918bd28a | 1686150272 | ->| 101077 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27765, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49319, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 62ea9191258518515b4be63a7c69a39b918bd28a | 1686150272 | ->| 8092688 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1464386, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2192617, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | e1e78ef90f835f32fb9bd89fc074c22f7748f3e3 | 1686150273 | ->| 8092688 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1464386, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2192617, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | e1e78ef90f835f32fb9bd89fc074c22f7748f3e3 | 1686150273 | ->| 9136128 | PE/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3935869, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3109983, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 48672736929745d0f2716882ccdb099501cb6b1e | 1686150274 | ->| 9136128 | PE/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3935869, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3109983, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 48672736929745d0f2716882ccdb099501cb6b1e | 1686150274 | ->| 6035544 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2875148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3522427, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9d0c0632f5948623baa3c1ff47e51cb7d7fa2e91 | 1686150275 | ->| 6035544 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2875148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3522427, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9d0c0632f5948623baa3c1ff47e51cb7d7fa2e91 | 1686150275 | ->| 13500336 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11443773, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11133887, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1ceec28970dbdc86c09768fdc2bfa305fce4d261 | 1686150276 | ->| 13500336 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11443773, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11133887, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1ceec28970dbdc86c09768fdc2bfa305fce4d261 | 1686150276 | ->| 3376319 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 245960, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15314, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | efd9d71b0975e5847c4615faf5afc5e9f7210ae3 | 1686150277 | ->| 3376319 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 245960, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15314, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | efd9d71b0975e5847c4615faf5afc5e9f7210ae3 | 1686150277 | ->| 103016 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 33875, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55429, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | e412e2c41f29f865786ecf493deafd266c779d88 | 1686150277 | ->| 103016 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 33875, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55429, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | e412e2c41f29f865786ecf493deafd266c779d88 | 1686150277 | ->| 7885612 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6087984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6053339, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 80430d7fd0fc7c60d98a89aed4c7bb4495aa6379 | 1686150278 | ->| 7885612 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6087984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6053339, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 80430d7fd0fc7c60d98a89aed4c7bb4495aa6379 | 1686150278 | ->| 14178816 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4320653, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5427992, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | ebde3e5d4f5dad37d897d676df2240e7e40e08fe | 1686150278 | ->| 14178816 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4320653, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5427992, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | ebde3e5d4f5dad37d897d676df2240e7e40e08fe | 1686150278 | ->| 272896 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8053, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6460, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 3a1800e643dae8652354dc0e1d09e0fdd010f6a4 | 1686150279 | ->| 272896 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8053, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6460, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 3a1800e643dae8652354dc0e1d09e0fdd010f6a4 | 1686150279 | ->| 689819 | Document/None/RTF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 533244, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 590406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 5eb3615197888c564cc0190dcb59bc20c7f5cbd9 | 1686150283 | ->| 689819 | Document/None/RTF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 533244, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 590406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 5eb3615197888c564cc0190dcb59bc20c7f5cbd9 | 1686150283 | ->| 7179516 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1496148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1515461, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8a89d0ad8c999e16a2226fddf4096770486212dd | 1686150284 | ->| 7179516 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1496148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1515461, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8a89d0ad8c999e16a2226fddf4096770486212dd | 1686150284 | ->| 8096528 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5711198, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5832392, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0e753811a1a4bda820926842ce75c4e28c955919 | 1686150287 | ->| 8096528 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5711198, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5832392, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0e753811a1a4bda820926842ce75c4e28c955919 | 1686150287 | ->| 1766139 | Text/None | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 260148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 825848, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8a6f27250902702f78938252e2671205790648d4 | 1686150288 | ->| 1766139 | Text/None | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 260148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 825848, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8a6f27250902702f78938252e2671205790648d4 | 1686150288 | ->| 10031584 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6627232, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6604495, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8913aed7d56e63add8ed8f65622454ab0b0ed007 | 1686150290 | ->| 10031584 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6627232, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6604495, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8913aed7d56e63add8ed8f65622454ab0b0ed007 | 1686150290 | ->| 6598488 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1651604, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2536422, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 03de2c6afdf55d2e9fe71e126a4d8c3bd5a6e513 | 1686150293 | ->| 6598488 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1651604, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2536422, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 03de2c6afdf55d2e9fe71e126a4d8c3bd5a6e513 | 1686150293 | ->| 8198736 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1724241, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1717079, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 2a770424281587e72a70f2b38c6393ee43fcb8fe | 1686150293 | ->| 8198736 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1724241, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1717079, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 2a770424281587e72a70f2b38c6393ee43fcb8fe | 1686150293 | ->| 8041928 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6164307, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6028674, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 58a086af9f4be29846114490255f118299ee9988 | 1686150298 | ->| 8041928 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6164307, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6028674, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 58a086af9f4be29846114490255f118299ee9988 | 1686150298 | ->| 22636544 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12836365, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17328505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4a066f4da5351af20dcc6848fcca14ac7237022d | 1686150304 | ->| 22636544 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12836365, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17328505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4a066f4da5351af20dcc6848fcca14ac7237022d | 1686150304 | ->| 31212344 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25069984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24741844, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | de4fab5048313f8ea6d87b1821bfc8707463f688 | 1686150308 | ->| 31212344 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25069984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24741844, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | de4fab5048313f8ea6d87b1821bfc8707463f688 | 1686150308 | ->| 46181234 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28136043, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 340000, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a7dd7dbd677a352cade7696363a2b69827ed9efa | 1686150316 | ->| 46181234 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28136043, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 340000, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a7dd7dbd677a352cade7696363a2b69827ed9efa | 1686150316 | ->| 4268456 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1053136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1079585, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 55d4bb310cf6f691bf7917630349e60f91e69883 | 1686150328 | ->| 4268456 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1053136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1079585, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 55d4bb310cf6f691bf7917630349e60f91e69883 | 1686150328 | ->| 711168 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22283, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 140714, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1cc796892a6c83da4f9d64c7ac496f48e9e87462 | 1686150331 | ->| 711168 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22283, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 140714, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1cc796892a6c83da4f9d64c7ac496f48e9e87462 | 1686150331 | ->| 81041 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26719, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48030, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | fac13be0be3051b4ea5dd0299de7297c50eca677 | 1686150331 | ->| 81041 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26719, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48030, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | fac13be0be3051b4ea5dd0299de7297c50eca677 | 1686150331 | ->| 2149088 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1486348, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1792360, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 918840817f162ce48336914897b0a2b9e94159c6 | 1686150332 | ->| 2149088 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1486348, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1792360, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 918840817f162ce48336914897b0a2b9e94159c6 | 1686150332 | ->| 83456 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3829, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4736, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7d2d0a954430071976be168e02000021fe3f8d47 | 1686150334 | ->| 83456 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3829, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4736, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7d2d0a954430071976be168e02000021fe3f8d47 | 1686150334 | ->| 81703 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29471, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51025, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0de6b65809ff0a806b84af7878f46ab7b0961e58 | 1686150335 | ->| 81703 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29471, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51025, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0de6b65809ff0a806b84af7878f46ab7b0961e58 | 1686150335 | ->| 1986332 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1489941, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1578610, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | cefdbcf177848c3dbc4660ffa92e0971429717e6 | 1686150335 | ->| 1986332 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1489941, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1578610, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | cefdbcf177848c3dbc4660ffa92e0971429717e6 | 1686150335 | ->| 454144 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 282176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 220548, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | e4794fefadbba8fcb81540281ccccb949cccd828 | 1686150336 | ->| 454144 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 282176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 220548, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | e4794fefadbba8fcb81540281ccccb949cccd828 | 1686150336 | ->| 18366038 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7030388, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12499092, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | b8c11b6867eaec662e5217df5c861393fa6220e6 | 1686150336 | ->| 18366038 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7030388, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12499092, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | b8c11b6867eaec662e5217df5c861393fa6220e6 | 1686150336 | ->| 8588884 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6284895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6248087, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d9a5feabf05c02918500526e08a432cee2b65615 | 1686150337 | ->| 8588884 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6284895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6248087, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d9a5feabf05c02918500526e08a432cee2b65615 | 1686150337 | ->| 9326836 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6567307, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6759624, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | dfb89e0653f80361906802592cd76c3dfbbe0881 | 1686150337 | ->| 9326836 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6567307, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6759624, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | dfb89e0653f80361906802592cd76c3dfbbe0881 | 1686150337 | ->| 150057 | Document/None/PDF | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 116422, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | db9a5761f9beda80273964d79aa8bf589ea00f9d | 1686150338 | ->| 101408 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27646, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49200, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 920811cc5d0f3a9218886cc0c35f60793859ccff | 1686150340 | ->| 101408 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27646, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49200, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 920811cc5d0f3a9218886cc0c35f60793859ccff | 1686150340 | ->| 17661014 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6325364, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11794068, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 86e5a6461a4c70641f1d9f05b363a6ee9ad9e967 | 1686150341 | ->| 17661014 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6325364, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11794068, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 86e5a6461a4c70641f1d9f05b363a6ee9ad9e967 | 1686150341 | ->| 17709654 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6374004, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11842708, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d0286f449fe9b310149eba7c643ef32980b20c0a | 1686150343 | ->| 17709654 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6374004, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11842708, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d0286f449fe9b310149eba7c643ef32980b20c0a | 1686150343 | ->| 18516054 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7180404, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12649108, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a629d0a626ea29b61a59fa12f74ecae92f111d2b | 1686150345 | ->| 18516054 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7180404, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12649108, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a629d0a626ea29b61a59fa12f74ecae92f111d2b | 1686150345 | ->| 13872608 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9059948, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8952253, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9583081e5b7c0f4f74b2222a23fc058d667ab595 | 1686150351 | ->| 13872608 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9059948, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8952253, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9583081e5b7c0f4f74b2222a23fc058d667ab595 | 1686150351 | ->| 82432 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3812, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4691, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 39d12fff02df078867efb755f7353480b5f6c0bc | 1686150357 | ->| 82432 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3812, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4691, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 39d12fff02df078867efb755f7353480b5f6c0bc | 1686150357 | ->| 2272971 | Text/None | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 74664, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 619547, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 67c71d50582dea8fedfe6a3b234936a626ffaeb2 | 1686150357 | ->| 2272971 | Text/None | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 74664, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 619547, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 67c71d50582dea8fedfe6a3b234936a626ffaeb2 | 1686150357 | ->| 8879376 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5745648, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5751012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1a773ba334a1fc0f818bbd42f77a4e1d946065a9 | 1686150360 | ->| 8879376 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5745648, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5751012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1a773ba334a1fc0f818bbd42f77a4e1d946065a9 | 1686150360 | ->| 7755441 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 406771, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21825, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 812184db6861a00260557e33605b51d0042ff585 | 1686150360 | ->| 7755441 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 406771, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21825, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 812184db6861a00260557e33605b51d0042ff585 | 1686150360 | ->| 5618928 | MachO32 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3904124, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4378424, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d1b2e67d1e6066e353d169cfcdcb67b76360ad94 | 1686150361 | ->| 5618928 | MachO32 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3904124, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4378424, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d1b2e67d1e6066e353d169cfcdcb67b76360ad94 | 1686150361 | ->| 7870848 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5851887, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5929958, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 350122e4dba72eec4fcf1b5b91d172335c85d7a9 | 1686150369 | ->| 7870848 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5851887, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5929958, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 350122e4dba72eec4fcf1b5b91d172335c85d7a9 | 1686150369 | ->| 8173600 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5940668, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5601532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | ecc1080cc4303734260b958a79cefb40ae6d0153 | 1686150372 | ->| 8173600 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5940668, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5601532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | ecc1080cc4303734260b958a79cefb40ae6d0153 | 1686150372 | ->| 366711 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83827, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363899, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | cf2f0e2acfc86560055a39013db63285b1d78a03 | 1686150388 | ->| 366711 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83827, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363899, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | cf2f0e2acfc86560055a39013db63285b1d78a03 | 1686150388 | ->| 9487360 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6897389, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6936885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4106e8b239bb92d9fa524b3a6d667c7115b0b666 | 1686150401 | ->| 9487360 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6897389, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6936885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4106e8b239bb92d9fa524b3a6d667c7115b0b666 | 1686150401 | ->| 58555814 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1184014, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10951600, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7c14bdf271b74f35da06091594293c7502c82107 | 1686150401 | ->| 58555814 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1184014, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10951600, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7c14bdf271b74f35da06091594293c7502c82107 | 1686150401 | ->| 366706 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363894, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 52a6a217b72415fc38bde13c0f077e47671a7845 | 1686150410 | ->| 366706 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363894, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 52a6a217b72415fc38bde13c0f077e47671a7845 | 1686150410 | ->| 21275520 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7310445, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12111641, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9dc59205f47be9eac8046b5b259f2ccf65ceddc6 | 1686150414 | ->| 21275520 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7310445, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12111641, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9dc59205f47be9eac8046b5b259f2ccf65ceddc6 | 1686150414 | ->| 86684 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34414, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55968, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4120782b6b598f4a7e95b4c480c791cffe37a268 | 1686150422 | ->| 86684 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34414, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55968, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4120782b6b598f4a7e95b4c480c791cffe37a268 | 1686150422 | ->| 5327272 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3979083, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2767474, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | eb86c40eb9e7de2c827db61b705530e5945c4562 | 1686150442 | ->| 5327272 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3979083, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2767474, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | eb86c40eb9e7de2c827db61b705530e5945c4562 | 1686150442 | ->| 1686113 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 192055, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16350, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8d02b28113241f8c6bb4f6313a19950876eca116 | 1686150448 | ->| 1686113 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 192055, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16350, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8d02b28113241f8c6bb4f6313a19950876eca116 | 1686150448 | ->| 35515 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34829, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22757, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4767545f40d35fbfee5bbd359fe6be615e679ff9 | 1686150452 | ->| 35515 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34829, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22757, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4767545f40d35fbfee5bbd359fe6be615e679ff9 | 1686150452 | ->| 7892976 | ELF64 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3577820, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3615204, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 94c89fd87cf33f18c9b1783bb133633aa5b28234 | 1686150454 | ->| 7892976 | ELF64 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3577820, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3615204, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 94c89fd87cf33f18c9b1783bb133633aa5b28234 | 1686150454 | ->| 242700 | Document/None/RTF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 41619, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 3d526a12778e918e2350d23aa02bfa7cd2c448d0 | 1686150455 | ->| 242700 | Document/None/RTF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 41619, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 3d526a12778e918e2350d23aa02bfa7cd2c448d0 | 1686150455 | ->| 7525504 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1861301, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1676862, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | b2eed81dd77100042b7e918b4f5cacc2d6444aa6 | 1686150455 | ->| 7525504 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1861301, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1676862, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | b2eed81dd77100042b7e918b4f5cacc2d6444aa6 | 1686150455 | ->| 74127 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26665, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 47554, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c1ad6cf9c783302cedf77c209ae4d5a11d05b07f | 1686150464 | ->| 74127 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26665, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 47554, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c1ad6cf9c783302cedf77c209ae4d5a11d05b07f | 1686150464 | ->| 6306744 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4682682, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5358994, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1fa90eebb148c20a065f0a78d5794f00c7bb51a4 | 1686150481 | ->| 6306744 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4682682, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5358994, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1fa90eebb148c20a065f0a78d5794f00c7bb51a4 | 1686150481 | ->| 8729572 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3118958, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2893418, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6eebfafb77dac46dd9a0541cbd719f59d18ae74a | 1686150486 | ->| 8729572 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3118958, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2893418, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6eebfafb77dac46dd9a0541cbd719f59d18ae74a | 1686150486 | ->| 662567 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 467856, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24033, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4273c4cdb874a9caeddfb76f5e712480246928a6 | 1686150489 | ->| 662567 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 467856, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24033, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4273c4cdb874a9caeddfb76f5e712480246928a6 | 1686150489 | ->| 366703 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83825, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363891, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4791aa7a9d8123b974c9b3e41fc3269bfa287c28 | 1686150489 | ->| 366703 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83825, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363891, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4791aa7a9d8123b974c9b3e41fc3269bfa287c28 | 1686150489 | ->| 18824790 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 259206, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12957844, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 3d779c8998dfba56449ad09dbd24db692d2b6528 | 1686150490 | ->| 18824790 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 259206, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12957844, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 3d779c8998dfba56449ad09dbd24db692d2b6528 | 1686150490 | ->| 8471556 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7414380, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6887310, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | f10efe378fb0fa90ca1ee5dcdfee615b1473a74e | 1686150490 | ->| 8471556 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7414380, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6887310, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | f10efe378fb0fa90ca1ee5dcdfee615b1473a74e | 1686150490 | ->| 81408 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3819, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4611, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 76c28f712820786cbe6cbeb7f9789480a7ac3b23 | 1686150491 | ->| 81408 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3819, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4611, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 76c28f712820786cbe6cbeb7f9789480a7ac3b23 | 1686150491 | ->| 13890720 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9051048, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8736852, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 121299e36826d127762d70605c78118223be66a3 | 1686150497 | ->| 13890720 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9051048, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8736852, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 121299e36826d127762d70605c78118223be66a3 | 1686150497 | ->| 18482183 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6662509, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1459423, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6010aef2725e64cdeab0e91df479bf0e0a7be14c | 1686150499 | ->| 18482183 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6662509, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1459423, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6010aef2725e64cdeab0e91df479bf0e0a7be14c | 1686150499 | - - -### reversinglabs-titaniumcloud-yara-retro-hunt-actions - -*** -Perform various YARA retroactive hunting actions. - -#### Base Command - -`reversinglabs-titaniumcloud-yara-retro-hunt-actions` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| yara_retro_action | YARA retro hunt action. Possible values are: ENABLE RETRO HUNT, START RETRO HUNT, CHECK STATUS, CANCEL RETRO HUNT. | Required | -| ruleset_name | Name of the YARA ruleset. | Required | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.enable_yara_retro | Unknown | | -| ReversingLabs.start_yara_retro | Unknown | | -| ReversingLabs.check_yara_retro_status | Unknown | | -| ReversingLabs.cancel_yara_retro | Unknown | | - -#### Command example -```!reversinglabs-titaniumcloud-yara-retro-hunt-actions yara_retro_action="CHECK STATUS" ruleset_name=SuperHunt``` -#### Context Example -```json -{ - "ReversingLabs": { - "check_yara_retro_status": { - "estimated_finish_time": null, - "finish_time": "2023-05-18T11:31:12", - "progress": null, - "reason": null, - "retro_status": "FINISHED", - "ruleset_name": "SuperHunt", - "start_time": "2023-05-18T11:30:35" - } - } -} -``` - -#### Human Readable Output - ->{ -> "estimated_finish_time": null, -> "finish_time": "2023-05-18T11:31:12", -> "progress": null, -> "reason": null, -> "retro_status": "FINISHED", -> "ruleset_name": "SuperHunt", -> "start_time": "2023-05-18T11:30:35" ->} - -### reversinglabs-titaniumcloud-yara-retro-matches-feed - -*** -Returns a recordset of YARA ruleset matches in the specified time range. - -#### Base Command - -`reversinglabs-titaniumcloud-yara-retro-matches-feed` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| time_format | Define the time format that is used. Possible values are: utc, timestamp. | Required | -| time_value | Time value in the defined format. | Required | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.yara_retro_matches_feed | Unknown | | - -#### Command example -```!reversinglabs-titaniumcloud-yara-retro-matches-feed time_format=timestamp time_value=1686063146``` -#### Context Example -```json -{ - "ReversingLabs": { - "yara_retro_matches_feed": { - "rl": { - "feed": { - "entries": [], - "last_timestamp": 1686149546, - "name": "YARA Retro Match Continuous Feed", - "time_range": { - "from": "Tue, 06 Jun 2023 14:52:26 +0000", - "to": "Wed, 07 Jun 2023 14:52:26 +0000" - } - } - } - } - } -} -``` - -#### Human Readable Output - ->## ReversingLabs YARA Retro Matches Feed for time value 1686063146 -> **Last timestamp**: 1686149546 -> **From**: Tue, 06 Jun 2023 14:52:26 +0000 -> **To**: Wed, 07 Jun 2023 14:52:26 +0000 -> -> ### Entries ->**No entries.** - - -### reversinglabs-titaniumcloud-reanalyze-sample - -*** -Accepts a hash of a sample in the cloud that you want to reanalyze. - -#### Base Command - -`reversinglabs-titaniumcloud-reanalyze-sample` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| hash | Hash string. | Required | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.reanalyze_sample | Unknown | | - -#### Command example -```!reversinglabs-titaniumcloud-reanalyze-sample hash=21841b32c6165b27dddbd4d6eb3a672defe54271``` -#### Context Example -```json -{ - "ReversingLabs": { - "reanalyze_sample": "Sample sent for rescanning" - } -} -``` - -#### Human Readable Output - ->Sample sent for rescanning - -### reversinglabs-titaniumcloud-imphash-similarity - -*** -Accepts an imphash and returns a list of SHA-1 hashes of files sharing that imphash. - -#### Base Command - -`reversinglabs-titaniumcloud-imphash-similarity` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| imphash | Imphash string. | Required | -| max_results | Maximum number of returned results. Default is 5000. | Optional | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.imphash_similarity | Unknown | | - -#### Command example -```!reversinglabs-titaniumcloud-imphash-similarity imphash=fb815acbc7109e8c83537d7d9c7020be max_results=2``` -#### Context Example -```json -{ - "ReversingLabs": { - "imphash_similarity": [ - "0001af77206c3bc81b26d13bc5e6737770076dbd", - "0001d0cb17013c46d70d9f7bbb2adebf523c65c8" - ] - } -} -``` - -#### Human Readable Output - ->## ReversingLabs Imphash Similarity for fb815acbc7109e8c83537d7d9c7020be -> ### SHA-1 list ->|Hashes| ->|---| ->| 0001af77206c3bc81b26d13bc5e6737770076dbd | ->| 0001d0cb17013c46d70d9f7bbb2adebf523c65c8 | - - -### reversinglabs-titaniumcloud-url-downloaded-files - -*** -Returns a list of files downloaded from the provided URL. - -#### Base Command - -`reversinglabs-titaniumcloud-url-downloaded-files` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| url | URL string. | Required | -| extended_results | Return extended results. Possible values are: true, false. Default is True. | Optional | -| classification | Return only results with this classification. Possible values are: MALICIOUS, SUSPICIOUS, KNOWN, UNKNOWN. | Optional | -| last_analysis | Return results from the last analysis. Possible values are: true, false. | Optional | -| analysis_id | Return results from a specific analysis. | Optional | -| results_per_page | Number of results per query. Default is 1000. | Optional | -| max_results | Maximum number of results. Default is 5000. | Optional | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.url_downloaded_files | Unknown | | - -#### Command example -```!reversinglabs-titaniumcloud-url-downloaded-files max_results=2 url=https://www.nytimes.com/ extended_results=true results_per_page=2``` -#### Context Example -```json -{ - "ReversingLabs": { - "url_downloaded_files": [ - { - "classification": "KNOWN", - "first_download": "2022-02-26T15:52:16", - "first_seen": "2022-02-26T16:50:11", - "last_download": "2022-02-26T15:52:16", - "last_seen": "2022-02-26T17:05:38", - "md5": "8f16d9b505328d012335e15ad71dba04", - "sample_available": true, - "sample_size": 1188968, - "sample_type": "Text/HTML/HTML", - "sha1": "001647571e28b34d55e02c9ed298242bf8249931", - "sha256": "12ee005e585d8fce2023a848514b408b70ff4a6b4df5be44ee86d9db3960dadd", - "threat_level": 0, - "trust_factor": 2 - }, - { - "classification": "KNOWN", - "first_download": "2023-02-22T01:02:45", - "first_seen": "2023-02-22T02:00:22", - "last_download": "2023-02-22T01:02:45", - "last_seen": "2023-03-07T05:07:26", - "md5": "f9b456b6222561142301f223a2c7c9a9", - "sample_available": true, - "sample_size": 52579, - "sample_type": "Text/XML", - "sha1": "0034b543da787385621ef607153058aa176cfbdc", - "sha256": "f55bfb144d01e405ce6a2435292acd90d7292126e4b2c7ab17553c9c4c442a0c", - "threat_level": 0, - "trust_factor": 2 - } - ] - } -} -``` - -#### Human Readable Output - ->## ReversingLabs Files Downloaded from URL https://www.nytimes.com/ -> ### Downloaded files ->|classification|first_download|first_seen|last_download|last_seen|md5|sample_available|sample_size|sample_type|sha1|sha256|threat_level|trust_factor| ->|---|---|---|---|---|---|---|---|---|---|---|---|---| ->| KNOWN | 2022-02-26T15:52:16 | 2022-02-26T16:50:11 | 2022-02-26T15:52:16 | 2022-02-26T17:05:38 | 8f16d9b505328d012335e15ad71dba04 | true | 1188968 | Text/HTML/HTML | 001647571e28b34d55e02c9ed298242bf8249931 | 12ee005e585d8fce2023a848514b408b70ff4a6b4df5be44ee86d9db3960dadd | 0 | 2 | ->| KNOWN | 2023-02-22T01:02:45 | 2023-02-22T02:00:22 | 2023-02-22T01:02:45 | 2023-03-07T05:07:26 | f9b456b6222561142301f223a2c7c9a9 | true | 52579 | Text/XML | 0034b543da787385621ef607153058aa176cfbdc | f55bfb144d01e405ce6a2435292acd90d7292126e4b2c7ab17553c9c4c442a0c | 0 | 2 | - - -### reversinglabs-titaniumcloud-url-latest-analyses-feed - -*** -Returns the latest URL analysis reports. - -#### Base Command - -`reversinglabs-titaniumcloud-url-latest-analyses-feed` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| results_per_page | Number of results per query. Default is 1000. | Optional | -| max_results | Maximum number of results. Default is 5000. | Optional | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.url_latest_analyses_feed | Unknown | | - -#### Command example -```!reversinglabs-titaniumcloud-url-latest-analyses-feed results_per_page=2 max_results=2``` -#### Context Example -```json -{ - "InfoFile": { - "EntryID": "7704@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59", - "Info": "text/plain", - "Name": "ReversingLabs Latest URL Analyses Feed", - "Size": 782, - "Type": "ASCII text" - }, - "ReversingLabs": { - "url_latest_analyses_feed": [ - { - "analysis_id": "1686146896780f90", - "analysis_time": "2023-06-07T14:08:19", - "availability_status": "online", - "final_url": "https://ftp.mozilla.org/pub/firefox/releases/99.0b7/update/win64-aarch64/eo/firefox-99.0b7.complete.mar", - "url": "https://ftp.mozilla.org/pub/firefox/releases/99.0b7/update/win64-aarch64/eo/firefox-99.0b7.complete.mar" - }, - { - "analysis_id": "168614689679c15f", - "analysis_time": "2023-06-07T14:08:19", - "availability_status": "online", - "final_url": "https://ftp.mozilla.org/pub/firefox/releases/91.0b8/update/mac/be/firefox-91.0b5-91.0b8.partial.mar", - "url": "https://ftp.mozilla.org/pub/firefox/releases/91.0b8/update/mac/be/firefox-91.0b5-91.0b8.partial.mar" - } - ] - } -} -``` - -#### Human Readable Output - ->## ReversingLabs Latest URL Analyses Feed -> ### Latest URL analyses ->|analysis_id|analysis_time|availability_status|final_url|url| ->|---|---|---|---|---| ->| 1686146896780f90 | 2023-06-07T14:08:19 | online | https://ftp.mozilla.org/pub/firefox/releases/99.0b7/update/win64-aarch64/eo/firefox-99.0b7.complete.mar | https://ftp.mozilla.org/pub/firefox/releases/99.0b7/update/win64-aarch64/eo/firefox-99.0b7.complete.mar | ->| 168614689679c15f | 2023-06-07T14:08:19 | online | https://ftp.mozilla.org/pub/firefox/releases/91.0b8/update/mac/be/firefox-91.0b5-91.0b8.partial.mar | https://ftp.mozilla.org/pub/firefox/releases/91.0b8/update/mac/be/firefox-91.0b5-91.0b8.partial.mar | - - -### reversinglabs-titaniumcloud-url-analyses-feed-from-date - -*** -Returns URL analyses reports from the defined time onward. - -#### Base Command - -`reversinglabs-titaniumcloud-url-analyses-feed-from-date` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| time_format | Define the time format that is used. Possible values are: utc, timestamp. | Required | -| start_time | Time value in the defined format. | Required | -| results_per_page | Number of results per query. Default is 1000. | Optional | -| max_results | Maximum number of results. Default is 5000. | Optional | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.url_analyses_feed_from_date | Unknown | | - -#### Command example -```!reversinglabs-titaniumcloud-url-analyses-feed-from-date results_per_page=2 max_results=2 time_format=timestamp start_time=1685976746``` -#### Context Example -```json -{ - "InfoFile": { - "EntryID": "7695@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59", - "Info": "text/plain", - "Name": "ReversingLabs URL Analyses Feed From Date 1685976746", - "Size": 846, - "Type": "ASCII text" - }, - "ReversingLabs": { - "url_analyses_feed_from_date": [ - { - "analysis_id": "168597674625002a", - "analysis_time": "2023-06-05T14:52:28", - "availability_status": "online", - "final_url": "http://ftp.riken.jp/Linux/debian/debian/dists/bookworm-proposed-updates/main/i18n/Translation-en.diff/T-2023-06-03-1403.07-F-2023-01-20-0206.46.gz", - "url": "http://ftp.riken.jp/Linux/debian/debian/dists/bookworm-proposed-updates/main/i18n/Translation-en.diff/T-2023-06-03-1403.07-F-2023-01-20-0206.46.gz" - }, - { - "analysis_id": "168597674529c352", - "analysis_time": "2023-06-05T14:52:28", - "availability_status": "online", - "final_url": "http://cigarettescigs.com/marengo-cigarettes-c-226.html?zenid=1ur5fbj6tboo2ulacuejibatq2", - "url": "http://cigarettescigs.com/marengo-cigarettes-c-226.html?zenid=1ur5fbj6tboo2ulacuejibatq2" - } - ] - } -} -``` - -#### Human Readable Output - ->## ReversingLabs URL Analyses Feed From Date 1685976746 -> ### URL analyses from specified date ->|analysis_id|analysis_time|availability_status|final_url|url| ->|---|---|---|---|---| ->| 168597674625002a | 2023-06-05T14:52:28 | online | http://ftp.riken.jp/Linux/debian/debian/dists/bookworm-proposed-updates/main/i18n/Translation-en.diff/T-2023-06-03-1403.07-F-2023-01-20-0206.46.gz | http://ftp.riken.jp/Linux/debian/debian/dists/bookworm-proposed-updates/main/i18n/Translation-en.diff/T-2023-06-03-1403.07-F-2023-01-20-0206.46.gz | ->| 168597674529c352 | 2023-06-05T14:52:28 | online | http://cigarettescigs.com/marengo-cigarettes-c-226.html?zenid=1ur5fbj6tboo2ulacuejibatq2 | http://cigarettescigs.com/marengo-cigarettes-c-226.html?zenid=1ur5fbj6tboo2ulacuejibatq2 | - - -### reversinglabs-titaniumcloud-domain-report - -*** -Returns a domain analysis report. - -#### Base Command - -`reversinglabs-titaniumcloud-domain-report` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| domain | Domain string. | Required | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.domain_report | Unknown | The domain analysis report. | - -#### Command example -```!reversinglabs-titaniumcloud-domain-report domain=bloom-artists.com``` -#### Context Example -```json -{ - "DBotScore": { - "Indicator": "bloom-artists.com", - "Reliability": "C - Fairly reliable", - "Score": 0, - "Type": "domain", - "Vendor": "ReversingLabs TitaniumCloud v2" - }, - "Domain": { - "Name": "bloom-artists.com" - }, - "ReversingLabs": { - "domain_report": { - "rl": { - "downloaded_files_statistics": { - "known": 54, - "malicious": 1, - "suspicious": 0, - "total": 55, - "unknown": 0 - }, - "last_dns_records": [ - { - "provider": "ReversingLabs", - "type": "A", - "value": "85.187.128.34" - } - ], - "last_dns_records_time": "2023-08-25T09:34:16", - "modified_time": "2023-11-06T12:06:50", - "requested_domain": "bloom-artists.com", - "third_party_reputations": { - "sources": [ - { - "detection": "undetected", - "source": "phishing_database", - "update_time": "2023-11-06T02:25:55" - }, - { - "detection": "undetected", - "source": "0xSI_f33d", - "update_time": "2023-11-06T06:22:03" - }, - { - "detection": "undetected", - "source": "cyradar", - "update_time": "2023-11-06T08:15:05" - }, - { - "detect_time": "2023-10-22T21:13:34", - "detection": "malicious", - "source": "adminus_labs", - "update_time": "2023-11-06T12:06:50" - }, - { - "detection": "undetected", - "source": "apwg", - "update_time": "2023-11-02T17:30:36" - }, - { - "detection": "undetected", - "source": "netstar", - "update_time": "2023-11-06T11:39:40" - }, - { - "detection": "undetected", - "source": "threatfox_abuse_ch", - "update_time": "2023-11-06T08:20:49" - }, - { - "detection": "undetected", - "source": "botvrij", - "update_time": "2023-11-06T02:26:03" - }, - { - "detection": "undetected", - "source": "alphamountain", - "update_time": "2023-11-06T10:57:13" - }, - { - "detection": "undetected", - "source": "comodo_valkyrie", - "update_time": "2023-11-06T05:53:24" - }, - { - "detection": "undetected", - "source": "web_security_guard", - "update_time": "2022-01-21T06:56:15" - }, - { - "detection": "undetected", - "source": "osint", - "update_time": "2023-11-06T01:30:13" - }, - { - "detect_time": "2023-10-23T03:27:25", - "detection": "malicious", - "source": "crdf", - "update_time": "2023-11-06T08:34:19" - } - ], - "statistics": { - "clean": 0, - "malicious": 2, - "total": 13, - "undetected": 11 - } - }, - "top_threats": [ - { - "files_count": 1, - "threat_level": 5, - "threat_name": "Win32.Trojan.RedLine" - } - ] - } - } - } -} -``` - -#### Human Readable Output - ->## ReversingLabs Domain Report for bloom-artists.com -> ### Last DNS records ->|provider|type|value| ->|---|---|---| ->| ReversingLabs | A | 85.187.128.34 | -> -> ->**Last DNS records time**: 2023-08-25T09:34:16 -> -> ### Top threats ->|files_count|threat_level|threat_name| ->|---|---|---| ->| 1 | 5 | Win32.Trojan.RedLine | -> -> ### Third party statistics -> **CLEAN**: 0 -> **MALICIOUS**: 2 -> **UNDETECTED**: 11 -> **TOTAL**: 13 -> -> ### Third party sources ->|detection|source|update_time| ->|---|---|---| ->| undetected | phishing_database | 2023-11-06T02:25:55 | ->| undetected | 0xSI_f33d | 2023-11-06T06:22:03 | ->| undetected | cyradar | 2023-11-06T08:15:05 | ->| **malicious** | adminus_labs | 2023-11-06T12:06:50 | ->| undetected | apwg | 2023-11-02T17:30:36 | ->| undetected | netstar | 2023-11-06T11:39:40 | ->| undetected | threatfox_abuse_ch | 2023-11-06T08:20:49 | ->| undetected | botvrij | 2023-11-06T02:26:03 | ->| undetected | alphamountain | 2023-11-06T10:57:13 | ->| undetected | comodo_valkyrie | 2023-11-06T05:53:24 | ->| undetected | web_security_guard | 2022-01-21T06:56:15 | ->| undetected | osint | 2023-11-06T01:30:13 | ->| **malicious** | crdf | 2023-11-06T08:34:19 | -> -> ### Downloaded files statistics -> **KNOWN**: 54 -> **MALICIOUS**: 1 -> **SUSPICIOUS**: 0 -> **UNKNOWN**: 0 -> **TOTAL**: 55 -> - -### reversinglabs-titaniumcloud-domain-downloaded-files - -*** -Returns a list of files downloaded from a domain. - -#### Base Command - -`reversinglabs-titaniumcloud-domain-downloaded-files` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| domain | Domain string. | Required | -| classification | Return only files of this classification. Possible values are: MALICIOUS, SUSPICIOUS, KNOWN. | Optional | -| result_limit | Maximum number of returned results. Default is 50000. | Optional | -| results_per_page | Number of results returned per request. Default is 1000. | Optional | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.domain_downloaded_files | Unknown | The list of files downloaded from a domain. | - -#### Command example -```!reversinglabs-titaniumcloud-domain-downloaded-files domain=bloom-artists.com classification=MALICIOUS result_limit=10 results_per_page=3``` -#### Context Example -```json -{ - "DBotScore": { - "Indicator": "bloom-artists.com", - "Reliability": "C - Fairly reliable", - "Score": 0, - "Type": "domain", - "Vendor": "ReversingLabs TitaniumCloud v2" - }, - "Domain": { - "Name": "bloom-artists.com" - }, - "ReversingLabs": { - "domain_downloaded_files": [ - { - "classification": "MALICIOUS", - "first_download": "2023-07-08T06:13:02", - "first_seen": "2023-07-08T00:39:23", - "last_download": "2023-07-08T15:11:31", - "last_download_url": "http://bloom-artists.com/wp-includes/class-wp-image-editors.php?filename=winx32apideftype.exe", - "last_seen": "2023-09-26T15:25:41", - "malware_family": "RedLine", - "malware_type": "Trojan", - "md5": "2796bf32abbebdd11a35603f3453214d", - "platform": "Win32", - "sample_available": true, - "sample_size": 3697248, - "sample_type": "PE/Exe", - "sha1": "96826340af3f4708b16f8f0e3eb29ad0ce5bb6f8", - "sha256": "0edc6dae7ee848bf465be34edfc49377b7da304798445685e4a7d45d4983f166", - "threat_level": 5, - "threat_name": "Win32.Trojan.RedLine", - "trust_factor": 5 - } - ] - } -} -``` - -#### Human Readable Output - ->## ReversingLabs Files downloaded from domain bloom-artists.com -> ### Downloaded files ->|classification|first_download|first_seen|last_download|last_download_url|last_seen|malware_family|malware_type|md5|platform|sample_available|sample_size|sample_type|sha1|sha256|threat_level|threat_name|trust_factor| ->|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---| ->| MALICIOUS | 2023-07-08T06:13:02 | 2023-07-08T00:39:23 | 2023-07-08T15:11:31 | http://bloom-artists.com/wp-includes/class-wp-image-editors.php?filename=winx32apideftype.exe | 2023-09-26T15:25:41 | RedLine | Trojan | 2796bf32abbebdd11a35603f3453214d | Win32 | true | 3697248 | PE/Exe | 96826340af3f4708b16f8f0e3eb29ad0ce5bb6f8 | 0edc6dae7ee848bf465be34edfc49377b7da304798445685e4a7d45d4983f166 | 5 | Win32.Trojan.RedLine | 5 | - - -### reversinglabs-titaniumcloud-domain-urls - -*** -Returns a list of URL-s associated with the requested domain. - -#### Base Command - -`reversinglabs-titaniumcloud-domain-urls` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| domain | Domain string. | Required | -| result_limit | Maximum number of returned results. Default is 50000. | Optional | -| results_per_page | Number of results returned per request. Default is 1000. | Optional | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.domain_urls | Unknown | The list of URL-s associated with the requested domain. | - -#### Command example -```!reversinglabs-titaniumcloud-domain-urls result_limit=10 results_per_page=3 domain=bloom-artists.com``` -#### Context Example -```json -{ - "DBotScore": { - "Indicator": "bloom-artists.com", - "Reliability": "C - Fairly reliable", - "Score": 0, - "Type": "domain", - "Vendor": "ReversingLabs TitaniumCloud v2" - }, - "Domain": { - "Name": "bloom-artists.com" - }, - "ReversingLabs": { - "domain_urls": [ - { - "url": "https://bloom-artists.com/wp-content/uploads/2021/01/cropped-%C3%A8%C2%97%C2%9D%C3%A9%C2%BB%C2%9E%C3%A4%C2%BA%C2%AE%C3%A5%C2%8D%C2%94%C3%A6%C2%9C%C2%83-logo-1-32x32.jpg" - }, - { - "url": "https://bloom-artists.com/wp-content/themes/Avada/assets/min/js/general/avada-custom-header.js?ver=7.2.1" - }, - { - "url": "https://bloom-artists.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-animations.js?ver=6.2.2" - }, - { - "url": "https://bloom-artists.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.requestAnimationFrame.js?ver=1" - }, - { - "url": "https://bloom-artists.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-bg.js?ver=1" - }, - { - "url": "https://bloom-artists.com/2021/01/15/teacher-2/" - }, - { - "url": "https://bloom-artists.com/wp-json/" - }, - { - "url": "https://bloom-artists.com/2021/01/15/author-6/" - }, - { - "url": "https://bloom-artists.com/wp-content/plugins/convertplug/modules/slide_in/assets/demos" - }, - { - "url": "https://bloom-artists.com/wp-content/themes/Avada/assets/min/js/general/avada-live-search.js?ver=7.2.1" - } - ] - } -} -``` - -#### Human Readable Output - ->## ReversingLabs URL-s associated with domain bloom-artists.com -> ### URL list ->|url| ->|---| ->| https://bloom-artists.com/wp-content/uploads/2021/01/cropped-%C3%A8%C2%97%C2%9D%C3%A9%C2%BB%C2%9E%C3%A4%C2%BA%C2%AE%C3%A5%C2%8D%C2%94%C3%A6%C2%9C%C2%83-logo-1-32x32.jpg | ->| https://bloom-artists.com/wp-content/themes/Avada/assets/min/js/general/avada-custom-header.js?ver=7.2.1 | ->| https://bloom-artists.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-animations.js?ver=6.2.2 | ->| https://bloom-artists.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.requestAnimationFrame.js?ver=1 | ->| https://bloom-artists.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-bg.js?ver=1 | ->| https://bloom-artists.com/2021/01/15/teacher-2/ | ->| https://bloom-artists.com/wp-json/ | ->| https://bloom-artists.com/2021/01/15/author-6/ | ->| https://bloom-artists.com/wp-content/plugins/convertplug/modules/slide_in/assets/demos | ->| https://bloom-artists.com/wp-content/themes/Avada/assets/min/js/general/avada-live-search.js?ver=7.2.1 | - - -### reversinglabs-titaniumcloud-domain-to-ip - -*** -Returns a list of IP addresses resolved from a domain. - -#### Base Command - -`reversinglabs-titaniumcloud-domain-to-ip` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| domain | Domain string. | Required | -| result_limit | Maximum number of returned results. Default is 50000. | Optional | -| results_per_page | Number of results returned per request. Default is 1000. | Optional | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.domain_to_ip | Unknown | The list of IP addresses resolved from the domain. | - -#### Command example -```!reversinglabs-titaniumcloud-domain-to-ip results_per_page=3 domain=bloom-artists.com result_limit=10``` -#### Context Example -```json -{ - "DBotScore": { - "Indicator": "bloom-artists.com", - "Reliability": "C - Fairly reliable", - "Score": 0, - "Type": "domain", - "Vendor": "ReversingLabs TitaniumCloud v2" - }, - "Domain": { - "Name": "bloom-artists.com" - }, - "ReversingLabs": { - "domain_to_ip": [ - { - "ip": "85.187.128.34", - "last_resolution_time": "2023-08-25T09:34:16", - "provider": "ReversingLabs" - } - ] - } -} -``` - -#### Human Readable Output - ->## ReversingLabs IP addresses resolved from domain bloom-artists.com -> ### IP address list ->|ip|last_resolution_time|provider| ->|---|---|---| ->| 85.187.128.34 | 2023-08-25T09:34:16 | ReversingLabs | - - -### reversinglabs-titaniumcloud-domain-related-domains - -*** -Returns a list of domains related to the submitted domain. - -#### Base Command - -`reversinglabs-titaniumcloud-domain-related-domains` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| domain | Domain string. | Required | -| result_limit | Maximum number of returned results. Default is 50000. | Optional | -| results_per_page | Number of results returned per request. Default is 1000. | Optional | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.domain_related_domains | Unknown | The list of domains related to the submitted domain. | - -#### Command example -```!reversinglabs-titaniumcloud-domain-related-domains domain=smsv4.ufcfan.org result_limit=10 results_per_page=3``` -#### Context Example -```json -{ - "DBotScore": { - "Indicator": "smsv4.ufcfan.org", - "Reliability": "C - Fairly reliable", - "Score": 0, - "Type": "domain", - "Vendor": "ReversingLabs TitaniumCloud v2" - }, - "Domain": { - "Name": "smsv4.ufcfan.org" - }, - "ReversingLabs": { - "domain_related_domains": [ - { - "domain": "mstanley.ufcfan.org" - }, - { - "domain": "ketogendietmo.ufcfan.org" - }, - { - "domain": "vmze-crypto511386.marketscoin.ufcfan.org" - }, - { - "domain": "cxip-crypto665491.marketscoin.ufcfan.org" - }, - { - "domain": "xgzc-crypto767019.marketscoin.ufcfan.org" - }, - { - "domain": "dejar-de-roncar.ufcfan.org" - }, - { - "domain": "uolv-crypto969448.marketscoin.ufcfan.org" - }, - { - "domain": "nowornever1.ufcfan.org" - }, - { - "domain": "the.ufcfan.org" - }, - { - "domain": "onedrshapointooo.ufcfan.org" - } - ] - } -} -``` - -#### Human Readable Output - ->## ReversingLabs domains related to domain smsv4.ufcfan.org -> ### Domain list ->|domain| ->|---| ->| mstanley.ufcfan.org | ->| ketogendietmo.ufcfan.org | ->| vmze-crypto511386.marketscoin.ufcfan.org | ->| cxip-crypto665491.marketscoin.ufcfan.org | ->| xgzc-crypto767019.marketscoin.ufcfan.org | ->| dejar-de-roncar.ufcfan.org | ->| uolv-crypto969448.marketscoin.ufcfan.org | ->| nowornever1.ufcfan.org | ->| the.ufcfan.org | ->| onedrshapointooo.ufcfan.org | - - -### reversinglabs-titaniumcloud-ip-report - -*** -Returns an IP address analysis report. - -#### Base Command - -`reversinglabs-titaniumcloud-ip-report` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| ip | IP address. | Required | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.ip_report | Unknown | The IP address analysis report. | - -#### Command example -```!reversinglabs-titaniumcloud-ip-report ip=5.42.64.70``` -#### Context Example -```json -{ - "DBotScore": { - "Indicator": "5.42.64.70", - "Reliability": "C - Fairly reliable", - "Score": 0, - "Type": "ip", - "Vendor": "ReversingLabs TitaniumCloud v2" - }, - "IP": { - "Address": "5.42.64.70" - }, - "ReversingLabs": { - "ip_report": { - "rl": { - "downloaded_files_statistics": { - "known": 0, - "malicious": 0, - "suspicious": 0, - "total": 0, - "unknown": 0 - }, - "modified_time": "2023-11-06T12:00:35", - "requested_ip": "5.42.64.70", - "third_party_reputations": { - "sources": [ + "action_type": "file_written", + "file_name": "pstats.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "nntplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp874.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "entities.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Outlook.pst", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Outlook", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "codeop.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "_weakrefset.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "palmos.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "allsans.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "ipaddress.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pickle.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp037.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pty.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp864.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "log.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "argparse.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "utf_8.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "SOPHIA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "help.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "dis.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "keycertecc.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "_parseaddr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "rpc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "calltip.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "sre_compile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sre_compile.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "typing.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "smtplib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "config.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "enum.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "refactor.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "shutil.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "code.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "dd_SetupUtility.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "fileobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "streams.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "context.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "audio.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "_pyio.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "frameobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ceval.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pickle.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "odictobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "server.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp1252.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "spawn.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "list_tests.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "nturl2path.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pythonrun.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "pylifecycle.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "fractions.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp1254.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pipes.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "debugger.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "smtplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "crypt.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "tmpjnl2abyncacert.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "eval.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp852.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "patcomp.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp857.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "osmodule.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sched.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "getpass.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "antigravity.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "_aix.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "extend.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "bz2.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "mailbox.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp273.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "wave.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "dd_SetupUtility.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "listobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp866.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pyclbr.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "functools.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "subprocess.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "dictobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "asdl.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "_parseaddr.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "unicodeobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "shlex.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "keycert.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ascii.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp1006.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "genericpath.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "_bootlocale.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "client.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "compile.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "final_b.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "idnsans.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "gbk.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "symbol.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp856.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "grep.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "autotest.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "traceback.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "tooltip.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "ipaddress.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "opcode.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "parsetok.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp1250.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pymem.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "mailbox.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "ann_module5.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "asyncore.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "frameobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "pystrcmp.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pyexpat.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "NuGet", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "floatobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "README.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "warnings.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "linecache.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "threads.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "client.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "imp_dummy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pickletools.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "_sitebuiltins.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "cgi.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "bisect_cmd.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "genobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "feedparser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "zipfile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "longintrepr.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "ftplib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "errcode.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "bitset.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "encoders.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "generator.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "replace.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "hashlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "iomenu.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "random.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ceval.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "genobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp1257.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "keyword.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sequence.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "setobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "abstract.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "schema.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "uu.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "log.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "longintrepr.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "base.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email\\mime", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "complexobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "spawn.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "enum.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "bz2.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Common", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "context.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "bad_coding.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "log.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "fork_wait.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "bitset.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "io.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp932.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "bz2.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "objimpl.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "copyreg.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "configparser.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "abc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\collections", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "aifc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "fractions.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "9", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip\\cache\\http\\a\\1", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pyctype.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cProfile.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "dist.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "locale.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "core.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "CREDITS.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "has_key.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "hz.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "sre_parse.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "run.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "pyarena.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "ann_module7.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cgitb.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "io.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "difflib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "grammar.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "final_a.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "locks.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "imaplib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "message.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "cmd.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp500.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp866.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "codecs.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "modulefinder.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "textpad.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "_compat_pickle.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "mainmenu.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "contextvars.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "reprlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp424.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "sysconfig.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "rot_13.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "site.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "idnsans.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "_bootlocale.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "structseq.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp1006.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "longobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "dis_module.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "graminit.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "symbol.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "utf_7.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "encoders.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pyhash.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "ceval.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp1006.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "utf_7.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "argparse.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "object.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "schema.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "zipimport.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "squeezer.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "fnmatch.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cmd.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "doctest.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "codecs.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "this.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "selectors.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "mbcs.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "filelist.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "gzip.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp857.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "patcomp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pydebug.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "__phello__.foo.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "image.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "fileutils.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "_bootlocale.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp775.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "functools.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp1257.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "io.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "browser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "types.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "format.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "asyncore.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp1254.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "code.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "_osx_support.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp1125.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "johab.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "calltip.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "opcode.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "graminit.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "funcobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "rlcompleter.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "tasks.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "typing.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pdb.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "extend.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pkgutil.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp866.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pytime.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "abc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "classobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pickle.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "selfcheck", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip\\cache", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "abstract.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "fork_wait.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "dumb.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "listobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "chunk.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "complexobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "code.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "base64mime.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "ann_module6.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "longobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "utf_7.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "sre_parse.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "badkey.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pty.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "help.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "textview.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "stringprep.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "tabnanny.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "typeslots.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "py_curses.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pythread.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Files", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "textview.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pymath.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp852.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "SOPHIA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "stringprep.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "_weakrefset.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "os.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "marshal.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cookies.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "re.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "frameobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ieee754.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "Grammar.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "debugobj.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "statistics.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "gnu.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "dist.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "re.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "schema.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp1258.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "patchlevel.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "enumobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pystrcmp.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "rpc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "dataclasses.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pickletools.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp857.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pyfpe.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp1006.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "HISTORY.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "final_a.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "sre_constants.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "errcode.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pycapsule.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "opcode.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "configparser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Cache", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\NuGet", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "fractions.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "__future__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pdb.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cookies.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "code.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "selectors.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp1252.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pycapsule.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "decimal.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "boolobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ann_module.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "quopri.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "webbrowser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "sidebar.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "warnings.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "mainmenu.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "intrcheck.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "traceback.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "tupleobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "ftplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "antigravity.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pdb.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "keyword.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "grammar.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "traceback.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "odictobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "euc_kr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "tokenize.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp1250.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "iomenu.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "boolobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "bisect_cmd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "gnu.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "log.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "badkey.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\html", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp869.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "utf_32.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp1258.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "modsupport.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "asyncore.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "node.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "runpy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "config.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "header.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "audiotests.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pyerrors.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "methodobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "zzdummy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "grammar.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "audit-tests.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "debug.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "textpad.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "rot_13.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "sequence.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "methodobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pydebug.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "trsock.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "methodobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "wintypes.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "utf_8.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "imp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "shlex.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "CREDITS.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "getopt.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp855.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "contextvars.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pytree.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "tool.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp1026.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "ast.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "shlex.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "eval.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "_bootlocale.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "methodobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "shutil.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "linecache.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "socketserver.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "iterators.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "decoder.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "macosx.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "traceback.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "johab.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "keycert3.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "bad_getattr.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "node.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "site.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "compileall.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp1257.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp855.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "ann_module3.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "big5.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pyport.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "asdl.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pyexpat.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pythonrun.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "allsans.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "odictobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "util.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp855.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "longobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "_strptime.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "text.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ftplib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "__future__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "_threading_local.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "zipimport.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "string.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "longintrepr.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "uu.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "timeit.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "textwrap.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "filelist.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "memoryobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "tool.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp720.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "secrets.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp775.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "NEWS.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pipes.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "codecs.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "quopri.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "codecs.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "bz2.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "_py_abc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "_pydecimal.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "chunk.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ast.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ann_module3.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "keycert4.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "gnu.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "base64.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pyshell.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "_strptime.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Reader", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ndbm.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "ann_module6.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "pyerrors.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp1251.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "fnmatch.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pycapsule.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp949.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "__main__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "runners.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ceval.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "webbrowser.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cgi.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pygram.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "wintypes.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "filecmp.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "sndhdr.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "ast.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "NEWS.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "token.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "marshal.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "pycapsule.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "random.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "audiotests.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "rangeobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "lzma.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "_strptime.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp875.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "argparse.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cgi.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "xdrlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "utf_7.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "glob.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "token.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "pyhash.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "allsans.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "colorsys.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "outwin.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "dd_SetupUtility.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "binhex.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "_collections_abc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "dump.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "README.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pyshell.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pyshell.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "_compression.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "tree.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pyhash.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp857.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "hashlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ffdh3072.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "errcode.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "site.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "profile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "ntpath.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "zipapp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "header.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pyfpe.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pymacro.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "zipfile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "dis.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp860.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "text.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "_compression.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "unicodeobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "keycert3.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "inspect.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "memoryobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "tty.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "euc_jp.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "charset.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "tarfile.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "refactor.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "py_compile.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "structseq.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "imaplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "graminit.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "base.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "secrets.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "dataclasses.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp869.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "LICENSE.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "config.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp874.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "mailcap.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "grep.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "weakrefobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "__main__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp950.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pymem.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "encoders.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pydtrace.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "osdefs.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "log.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp1140.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "zipimport.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "typing.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "autotest.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "dictobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "hz.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "csv.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "aifc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp1250.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "runners.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "opcode.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "keycert3.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "datetime.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "audit-tests.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pyparse.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "rangeobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "contextvars.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "panel.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "autotest.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sndhdr.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "_threading_local.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "textpad.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "keyword.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "editor.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "asyncore.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "util.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "_pydecimal.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "idnsans.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "mbcs.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp273.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "typeslots.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "setobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "fileutils.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "ast.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pyerrors.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "socket.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "spawn.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "window.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "tty.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "difflib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "exports.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "csv.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "dis.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "numbers.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "spawn.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "dictobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "tasks.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "generator.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Python.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp932.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "CREDITS.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pydoc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "window.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "header.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "outlook logging", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "util.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "idnsans.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pyparse.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "tooltip.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "SOPHIA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pyctype.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "handlers.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "_osx_support.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "plistlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "SOPHIA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "grep.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "token.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "funcobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "utf_32.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "descrobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "tabnanny.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp500.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "gettext.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "uuid.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "_threading_local.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "statistics.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "Python.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "string.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "structmember.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "keycert.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "log.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "funcobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "floatobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "decoder.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "signal.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "keycert4.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pyctype.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "sched.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "moduleobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "textpad.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "doctest.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "final_a.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "floatobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pylifecycle.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "formatter.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "turtle.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ann_module.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "object.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pyconfig.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp273.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "tabnanny.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pprint.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "hashlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "koi8_r.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ucnhash.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "marshal.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp932.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "py_compile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "refactor.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mbcs.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "abstract.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "grep.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "keyword.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "complexobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sre_constants.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "handlers.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "_pyio.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "pystrtod.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "search.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "squeezer.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp1251.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "profile.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "sched.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "difflib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "bytesobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pydoc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "bad_coding.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Python-ast.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "ucnhash.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "window.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp950.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "graphlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "codecs.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp861.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "threading.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "colorsys.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "complexobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "intrcheck.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pyexpat.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pty.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "util.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "types.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "dumb.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "abc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "datetime.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pyarena.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "bdb.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp1252.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "1", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip\\cache\\http\\a", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Reader", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "symtable.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "bltinmodule.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "queues.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "events.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp775.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "patchlevel.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "_osx_support.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "main.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp866.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pyframe.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Outlook", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "imp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "README.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "_bootsubprocess.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "sliceobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "sidebar.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "LICENSE.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "util.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "idle.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "threading.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Files", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "filelist.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "gettext.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "socketserver.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "calendar.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "token.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "queue.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "errors.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "__main__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "rlcompleter.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "sidebar.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "audit-tests.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "parser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "ceval.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "search.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp720.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "posixpath.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "smtplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "bisect_cmd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "types.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "tokenize.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp1140.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "parser.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "telnetlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "tempfile.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "asynchat.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "charset.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "dumb.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "copyreg.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "ieee754.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "locale.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "hmac.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "unicodeobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "pymem.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "_aix_support.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "utils.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "imp_dummy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "intrcheck.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "util.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "functools.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "random.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "feedparser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "typeslots.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "structseq.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "SafetyTips", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "__future__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp1256.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "classobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "turtle.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "sysmodule.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp852.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Reader", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp949.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pycapsule.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "ann_module.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "signal.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "koi8_r.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "string.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp869.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "tasks.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "pythread.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "gbk.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Reader", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pyclbr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pytime.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp1026.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "sysmodule.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "opcode.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "outwin.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "debug.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "_pyio.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp861.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "codecs.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "_endian.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ucnhash.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "getpass.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "rot_13.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "iterobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "debugger.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "gb2312.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "tokenize.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "tmpjnl2abyncacert.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "_aix_support.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "bz2.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "has_key.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "euc_jp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "Outlook.pst.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Outlook", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "getpass.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pyparse.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "_compat_pickle.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "coding20731.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "object.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "__main__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "nturl2path.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "struct.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "utf_16.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "oem.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "iterobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "editor.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "runners.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "intrcheck.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "server.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp437.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "_collections_abc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cgi.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "warnings.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "operator.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp865.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp874.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "colorsys.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "chunk.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "zzdummy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "SOPHIA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat\\DC", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "AutofillStates", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "ast.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "keycert.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "fractions.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "context.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "nntplib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp852.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "dumb.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "glob.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pygram.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "run.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pydtrace.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "Outlook.pst.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Outlook", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "netrc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "refactor.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pyctype.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "symtable.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "mailbox.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "bytesobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "binhex.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "asynchat.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "dbapi2.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\sqlite3", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "structmember.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "base64mime.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cookies.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "squeezer.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pytime.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "config.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "fileutils.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "keycert3.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "fileobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "rangeobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "fileutils.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "tmpjnl2abyncacert.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "funcobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp850.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "SOPHIA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "argparse.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "sysmodule.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "util.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "genobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp500.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp437.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "LICENSE.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp1125.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "stat.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "turtle.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pymacro.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "memoryobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "memoryobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "NEWS.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "platform.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "configparser.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "threading.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "import.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "tracemalloc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "sequence.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pyshell.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "errcode.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "TODO.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "iterobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp037.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "TODO.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "difflib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "_markupbase.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "this.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "config.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp720.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "token.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp855.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "audiotests.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "keycertecc.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pyconfig.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "macosx.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "editor.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "warnings.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "descrobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "wintypes.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "os.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sslproto.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "node.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "modsupport.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "doctest.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "ndbm.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "quopri.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "dd_SetupUtility.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "contextlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "imghdr.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "node.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "py_curses.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "_weakrefset.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "sre_compile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "unicodeobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "_aix_support.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "sndhdr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pystrtod.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "PKIMetadata", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "sysmodule.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "lzma.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "pystrhex.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "replace.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp1256.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "hmac.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "utf_8.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "copyreg.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp860.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "mainmenu.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cProfile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cProfile.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "sslproto.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "palmos.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ascii.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "compileall.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "ascii.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp949.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp720.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "smtpd.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "setobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "code.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "pyctype.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "zipimport.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "setobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "copy.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "optparse.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "ntpath.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "objimpl.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pickle.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pyerrors.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pylifecycle.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "modulefinder.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp858.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "argparse.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "_compression.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "macosx.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "util.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "opcode.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "symtable.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "idle.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "SOPHIA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "_pyio.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "getopt.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp737.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "genericpath.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "help.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "big5.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pydtrace.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "code.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "ascii.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "smtpd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "hashlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "debug.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "_endian.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "csv.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "bltinmodule.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pystrcmp.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "main.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "scanner.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "scanner.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cookies.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "fileutils.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "gettext.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "Outlook.pst", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Outlook", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "parser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pyframe.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "hmac.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "tasks.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sysmodule.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "extend.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "tooltip.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "structseq.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "os.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "py_curses.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pytree.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "gettext.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pystrtod.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "feedparser.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pythread.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "_bootsubprocess.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "decoder.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "nntplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pty.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "tracemalloc.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "outwin.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "subprocess.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "parser.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "scanner.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "_aix.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp437.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "shutil.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "getopt.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "longintrepr.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp1026.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "imp.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "handlers.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "inspect.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "futures.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "ucnhash.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "asynchat.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp862.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "quoprimime.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "weakref.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cmd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "badcert.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "webbrowser.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mailcap.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "tracemalloc.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ann_module7.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "funcobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "tree.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "browser.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "linecache.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "autotest.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "iterobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "chocolatey", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "history.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "main.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "gb2312.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Files", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "fileobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\dbm", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "reprlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pymem.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "stringprep.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "Python.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp737.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "sre_constants.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "stat.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Files", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "plistlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "utils.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "tree.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "bad_coding.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp1253.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "SOPHIA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp869.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "sliceobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "poplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "debugobj.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "final_b.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "HISTORY.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp850.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "hashlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "panel.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "__main__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "fileobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "platform.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "koi8_t.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp861.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "trace.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "search.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "ceval.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "boolobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "node.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "NEWS.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "_markupbase.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "colorsys.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "__phello__.foo.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "graphlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "dis_module.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "osdefs.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "weakrefobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "bdb.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "textwrap.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "util.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "futures.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "tty.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pip", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "antigravity.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "code.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "ceval.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pyfpe.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "grammar.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pyarena.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "Python-ast.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "_parseaddr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "functools.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp1254.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "site.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "browser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp861.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "code.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "configparser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp863.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "shlex.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "audit-tests.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "client.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "asynchat.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "HISTORY.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "iterators.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp856.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "FORMS", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "contextlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pkgutil.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "util.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\importlib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "streams.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "_strptime.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pstats.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "npm-cache", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "this.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cp862.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "inspect.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "TODO.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp1254.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "ssl.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "weakrefobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "dis.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "tarfile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cp862.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "datetime.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "formatter.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "structmember.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "codecs.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ann_module5.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "compile.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "__future__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "koi8_u.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "exports.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "header.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp862.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "formatter.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp860.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "calendar.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "import.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pystrhex.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "tempfile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "tracemalloc.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "statistics.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "telnetlib.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "errors.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "tracemalloc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "posixpath.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "trace.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\http", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "utf_8.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "83d4f33bfdf82e45", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\D3DSCache", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "socketserver.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ascii.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\curses", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "debugobj.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "koi8_t.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "iterobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "warnings.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "codecs.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "pathlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Files", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA\\Reader", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "tool.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\json", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "utf_16.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pytree.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "__init__.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "filecmp.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cmd.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cp437.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "_pydecimal.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "_aix_support.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "fork_wait.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "context.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "symtable.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "base64.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "cp850.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "crypt.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "datetime.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "mbcs.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "enumobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Reader", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC\\SOPHIA", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "util.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "pyport.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "pymath.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "locale.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "core.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "handlers.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\logging", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "keycert2.pem", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "list_tests.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "Python-ast.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "glob.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "mimetypes.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "threads.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "bisect.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "object.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Programs", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "locks.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cellobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "_bootsubprocess.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "fileinput.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "abc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\collections", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pyport.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "pystate.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "badkey.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "hz.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\encodings", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ssl.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "NEWS.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "keycert2.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Crowd Deny", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "calendar.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "message.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\email", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "sequence.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\msilib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "contextvars.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ipaddress.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "bitset.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "util.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ntpath.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "sysconfig.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "pystrhex.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "ffdh3072.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\test", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "locks.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "runpy.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "odictobject.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "ndbm.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "cgitb.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "hmac.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "token.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "typeslots.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "signal.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sre_parse.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "compileall.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "antigravity.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "uu.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "server.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "a", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\pip\\cache\\http", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "abc.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib\\collections", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "trace.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "modsupport.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Reader", + "file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat\\DC\\SOPHIA", + "status": "success or wait" + }, + { + "action_type": "file_read", + "file_name": "pythonrun.h", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "copy.py", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\Lib", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "ceval.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Programs\\Python\\Python39\\include\\cpython", + "status": "success or wait" + } + ], + "modules_loaded": [ + { + "module_name": "C:\\Windows\\SysWOW64\\oleaut32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\msvcp_win.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\SspiCli.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\RPCRT4.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\WS2_32.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\USER32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\combase.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\win32u.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\windows.storage.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\propsys.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\OLEAUT32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\PROPSYS.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\iertutil.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\rsaenh.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\KERNELBASE.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\FLTLIB.DLL", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\Windows.StateRepositoryPS.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\apphelp.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\uxtheme.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\windows_shell_global_counters", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\IMM32.DLL", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\CRYPTSP.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\imm32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\kernel32.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\kernel.appcore.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\bcryptPrimitives.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\powrprof.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\bcrypt.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\msvcrt.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\CLDAPI.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\rsaenh.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\wow64.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\bcrypt.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\iertutil.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\sechost.dll", + "module_tag": "" + }, + { + "module_name": "unknown", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\wow64log.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\apphelp.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\WinTypes.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\wow64cpu.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\edputil.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\wow64win.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\clbcatq.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\UrlZonesSM_user", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\shlwapi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\ucrtbase.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\profapi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\KERNEL32.DLL", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\Windows.StateRepositoryPS.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\cldapi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\GDI32.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\cryptsp.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\WININET.DLL", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\wininet.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\WinTypes.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\urlmon.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\en-US\\propsys.dll.mui", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\cfgmgr32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\edputil.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\uxtheme.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\shcore.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\SHELL32.DLL", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\SysWOW64\\urlmon.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\apppatch\\sysmain.sdb", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\Windows\\SharedSection", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Registration\\R000000000013.clb", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\CRYPTBASE.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\gdi32full.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\ADVAPI32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls32\\ole32.dll", + "module_tag": "" + } + ], + "mutex_actions": [ + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Global\\SyncRootManager", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__terminate_handler_sh", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex", + "status": "object name exists" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__unexpected_handler_sh", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex", + "status": "object name exists" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-init", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5252:64:WilError_01", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5252:168:WilStaging_02", + "status": "success or wait" + } + ], + "process": { + "name": "rl_file.exe", + "parameters": "C:\\Users\\user\\Desktop\\rl_file.exe" + }, + "process_actions": [ + { + "action_type": "process_created", + "path": "C:\\Users\\user\\Desktop\\rl_file.exe", + "status": "success or wait" + }, + { + "action_type": "process_queried", + "path": "C:\\Users\\user\\Desktop\\rl_file.exe", + "status": "success or wait" + } + ], + "registry_actions": [ + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\LocalServer32", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\DocObject", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", + "status": "buffer overflow", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\TreatAs", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Internet Explorer\\Main", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\BrowseInPlace", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\.exe", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{00000323-0000-0000-C000-000000000046}", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0000032A-0000-0000-C000-000000000046}", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\rl_file.exe", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\NULL", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\BrowseInPlace", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\.exe", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\Folder\\Clsid", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Disable8And16BitMitigation", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocHandler", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocHandler32", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\Directory\\ShellEx\\IconHandler", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Policies\\Microsoft\\WindowsStore", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\IconHandler", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\Drive\\shellex\\FolderExtensions", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AllFilesystemObjects", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLEAUT", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\exefile", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}", + "status": "buffer overflow", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\LocalServer", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Drive\\shellex\\FolderExtensions", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\LocalServer", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InProcServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\Folder", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PropertyBag", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\NULL", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\TreatAs", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}", + "status": "buffer overflow", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\LocalServer32", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-602200000000}\\", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{75847177-f077-4171-bd2c-a6bb2164fbd0}\\InProcServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE\\Diagnosis", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\Instance", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows NT\\Rpc", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\.exe", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached", + "status": "buffer overflow", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\BrowseInPlace", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\Elevation", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\Elevation", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\Clsid", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{1649D1CF-DEAF-4A68-ABE8-5C9F68572FD1}\\InProcServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\Directory", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InProcServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER_Classes\\Directory", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\Clsid", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\AppCompat", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocHandler", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocHandler32", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001", + "status": "buffer overflow", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\Clsid", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\Directory\\Clsid", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1649d1cf-deaf-4a68-abe8-5c9f68572fd1}\\InProcServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocHandler", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\LocalServer", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocServer32", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}", + "status": "buffer overflow", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NULL", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}", + "status": "buffer overflow", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\ShellEx\\IconHandler", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Application", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\ZoneMap\\Ranges\\", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InProcServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\DocObject", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InProcServer32", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\TreatAs", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocHandler", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Folder", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\feature_localmachine_lockdown", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Main", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\Elevation", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\BrowseInPlace", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\LocalServer32", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\LocalServer32", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\IconHandler", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\Directory\\DocObject", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-100000000000}", + "status": "buffer overflow", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InProcServer32", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\internet explorer\\main", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\Folder\\DocObject", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\shell\\open", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\TreatAs", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\ShellEx\\IconHandler", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\DebugInformation", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00000323-0000-0000-C000-000000000046}", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\Application", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocHandler", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocHandler32", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{00000339-0000-0000-C000-000000000046}", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\LocalServer32", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\Elevation", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rl_file.exe", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\DocObject", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocHandler32", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{75847177-F077-4171-BD2C-A6BB2164FBD0}\\InProcServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\Folder\\ShellEx\\IconHandler", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\TreatAs", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open\\NULL", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Security", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}", + "status": "buffer overflow", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocHandler32", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\internet explorer\\main", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Clsid", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\rl_file.exe", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0000032A-0000-0000-C000-000000000046}", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\Instance", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-100000000000}\\", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00000339-0000-0000-C000-000000000046}", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NULL", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc\\Extensions", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\Clsid", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\DocObject", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\Directory\\BrowseInPlace", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\Setup", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\InProcServer32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-602200000000}", + "status": "buffer overflow", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag", + "status": "buffer overflow", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\CurVer", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\Clsid", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\Elevation", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\LocalServer", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\LocalServer", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer", + "status": "buffer overflow", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}", + "status": "buffer overflow", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\NULL", + "status": "success or wait", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\Folder\\BrowseInPlace", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_value_queried", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER_Classes\\exefile", + "status": "object name not found", + "value": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer", + "status": "object name not found", + "value": "" + } + ] + } + ], + "classification": "MALICIOUS", + "configuration": "MS Office 2007;Java 8;Adobe Reader 2020;Firefox 62;Google Chrome 69;Microsoft Edge 42;Internet Explorer 11", + "dropped_files": [ + { + "classification": "MALICIOUS", + "file_name": "Tox.exe", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", + "md5": "3133c2231fcee5d6b0b4c988a5201da1", + "sample_size": 636416, + "sample_type": "PE/Exe", + "sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271", + "sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "odictobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "3412092fc220a39ec4b4c1d533ae2c84", + "sample_size": 1384, + "sample_type": "Binary/None", + "sha1": "eb16fa73d98ecc868c92231fa192bb54c45e5ee2", + "sha256": "ae029452ce82c44e53360cfcc89ca05ae52217d189b10d9c748cc3606e7872ea" + }, + { + "classification": "MALICIOUS", + "file_name": "test_hmac.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "f261a5bd0bd375bee4b0062fe63815b6", + "sample_size": 26216, + "sample_type": "Binary/None", + "sha1": "08ba0b7446110fc8ef5a31feb831c8008dc65b5b", + "sha256": "759074fe4748e7f3499358cfb71d188841d1f9ae9cd960f353cec5b586e2da3a" + }, + { + "classification": "MALICIOUS", + "file_name": "optparse.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "3a53e441fa28fd3963e999722188b68a", + "sample_size": 62088, + "sample_type": "Binary/None", + "sha1": "c6b56469c904ed9471d612ac73f0189f01b6823a", + "sha256": "71d217728583495d032a5a92313960b0a8157e7c00e4eeec60cdbaed15fa77b1" + }, + { + "classification": "MALICIOUS", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter", + "md5": "17f96f772a1f0252d1926217c6e75238", + "sample_size": 174248, + "sample_type": "Binary/None", + "sha1": "ad15da194887ee846a37ce01c4afbe45c68b7d06", + "sha256": "12c7ced0659d6464ff1b8a418f0901208a0f1da4f8254476a8f6a331ad523d51" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ann_module7.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "1e8a3761bbd1df7937b782c41b95e113", + "sample_size": 344, + "sample_type": "Binary/None", + "sha1": "a450497ee7e6043d02e87c0800ff4c6c3065a154", + "sha256": "c6e4bf45ed7fdc512a052949440764d1a66a7b9bbb0a3635e509ad79118f099c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "config.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "md5": "6e8b8eb2cb962b299f40d5c2666b0223", + "sample_size": 5000, + "sample_type": "Binary/None", + "sha1": "bd9fb2a9afabbb0ed316bced48b862246350f436", + "sha256": "837b10f1a929cb9a0f4910b745e0a2221dbdd57906667673b6a5987c735d1487" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "sysmodule.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "c57c905d2db879b64ae473a1a6606c02", + "sample_size": 1320, + "sample_type": "Binary/None", + "sha1": "61863d1a1b2f83064067187f7723195e8a17e3f1", + "sha256": "c52889dfb203d4f5f591bc81132826a84ca3550df101f31d9b4ef2e8264ad371" + }, + { + "classification": "MALICIOUS", + "file_name": "Python-ast.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "9566a0f08c40e26128d70aefd0c3b171", + "sample_size": 26928, + "sample_type": "Binary/None", + "sha1": "f836741c794920552e44496143c1f626207417ec", + "sha256": "239979e48c0ea4c1853ebaef305cacd2b9340ef2e0d44d00b40a41e43cd36ecf" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "crypt.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "a9f1f6a649680786f943e038aebad4a7", + "sample_size": 3976, + "sample_type": "Binary/None", + "sha1": "fc989126594345c61e902683488e6523ebb1548b", + "sha256": "4d3fd020771b0cbee15d7a6510b1dfb6271f293301a8bd185a591217670a3cdc" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "grep.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "f1a02c2294063ff194372ec4df161616", + "sample_size": 7744, + "sample_type": "Binary/None", + "sha1": "5f5c290c91df881436bf9f0e0026a191af9e88ec", + "sha256": "504228636a38b270a970707fa773f83f9617c01e5cf372ad835fa6663f717778" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "life.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo", + "md5": "e55b94bbdd553ee65f17c31bf99bec08", + "sample_size": 9288, + "sample_type": "Binary/None", + "sha1": "e5f54fe7cae5e07b2c490a9a93489dffaa47d646", + "sha256": "81eeade43b61db361790edda80095fabc31980ceedca2da4ebecee3c5ffe335e" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_index.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "69caf5b809edfdd8121e26eebfaa0a61", + "sample_size": 8888, + "sample_type": "Binary/None", + "sha1": "542ca492e3d12cce69af522bebc3891b448ae15a", + "sha256": "60e8ad9d7ea6945fc26fc43ddfe8626d3e96f7f16eb8ea3c9c778f5216e998cf" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "types.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "aa91f21061e904d0ac11bdf5e80c89a7", + "sample_size": 10128, + "sample_type": "Binary/None", + "sha1": "ddf45d460dfda0121f8b820bb5f4a0bbdafc8ad9", + "sha256": "6a84fd532c6e54b8368741c4be54540327035a151a9bfa485e34c3cc6ff0d33e" + }, + { + "classification": "MALICIOUS", + "file_name": "compileall.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "7aed7bc548c2b6ccb5e862d4866872cd", + "sample_size": 20608, + "sample_type": "Binary/None", + "sha1": "2132f0781cfb765e9e7624b2073dbf578ceb8bf8", + "sha256": "08021d994fc6a753995efd1c348d53248681e5cdf02a9aaa85b978445cd98668" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "rlcompleter.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "1fd9bd53e1d19f5985b609936b6f4d28", + "sample_size": 7904, + "sample_type": "Binary/None", + "sha1": "88a086e6620940d8fee36b903b433485a86f17ef", + "sha256": "76e891a19766c9558064f541bbbc214d3c964c53afb42117176bd831c1003300" + }, + { + "classification": "MALICIOUS", + "file_name": "mailbox.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "a2a83788d1ecb65fd54d9a38cda077bb", + "sample_size": 80984, + "sample_type": "Binary/None", + "sha1": "ea91f4ceab77d85799ee28628d3c7076997e744f", + "sha256": "fcb3eb3123f6c699d63d471002beaa94b196840caa5195e9adca4f6d7634cba5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_glob.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "c6aaad71ef48383cac045fb5e6b42da8", + "sample_size": 13720, + "sample_type": "Binary/None", + "sha1": "f1956ff72c3ab9a31a1d2da012677d5010e64b4c", + "sha256": "3e2eabced61e713d8281dd0332f352176e7f5dc40536f8f646cd23e69a486c98" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp1254.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "e4786b5ab8611aec26acd351ffffe8a5", + "sample_size": 13848, + "sample_type": "Binary/None", + "sha1": "e2f79998765a905f39f1cb827f2f90814908d2ac", + "sha256": "eae5a3400e292091b55edb96cda546618c9ff45c67cae8baaddde8696383e737" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_flufl.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "715ecdd8edc7896fc93bb5a946153b48", + "sample_size": 1744, + "sample_type": "Binary/None", + "sha1": "6aaefdb390edc578db6b6ef4d3537f6f5a184f96", + "sha256": "9df31be7853e0b954e07ae9e553b891dff55bfb03f1459d5d0a6ba5df8cf9df5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_cgitb.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "fa95501b68ced5d56bfad4fd1e79df40", + "sample_size": 2704, + "sample_type": "Binary/None", + "sha1": "23c8ce7d1062d43e727047bdb91f9205b93eeecd", + "sha256": "0057f6013d9f20a1bda0a1552343199a1a2c094d750a425dc70d1d382b3cc0e2" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "keyword.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "58f23a24a99ad5ed49b87ef6cc4e72e5", + "sample_size": 1152, + "sample_type": "Binary/None", + "sha1": "d07ae2e8c068ffdb771534142c41393b09c282a0", + "sha256": "e476107c39da3ade0bb7b5596b1334a61a10ac498090d1d7650d3ee6812a8dbb" + }, + { + "classification": "MALICIOUS", + "file_name": "message.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "md5": "a1822585de59421400a506ff4a0f77f4", + "sample_size": 48272, + "sample_type": "Binary/None", + "sha1": "55adb9a724e49a3220a17a17198083b5d6e2b382", + "sha256": "61b18872a724e1edc38272ff3a6c024eeab0e51a9ae20fb76f8495fbfe811e4a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp949.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "1953005bfe38b2e9b5cb427a25ff0926", + "sample_size": 1104, + "sample_type": "Binary/None", + "sha1": "28ab4156acd49b1ee49e74dad4b57c6526321705", + "sha256": "44cbb980acad98a4bc2759f37e95bec531230f66ef9a994012a3f281a1023a72" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_ctypes.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "91c292b226eb7f28bcda6028d23da313", + "sample_size": 232, + "sample_type": "Binary/None", + "sha1": "90fcb690c4a857f8cda5e64e4dfe6bb224165ef8", + "sha256": "326b422636f59d3f96d41bf2aa6023b0955e404603f0b42135ae3b7fd8a3b6bc" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "list_tests.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "48122189b6162945482583ef27470217", + "sample_size": 18080, + "sample_type": "Binary/None", + "sha1": "5635d117c3455d2a19b5cdea060b06a55260f111", + "sha256": "dbd58c2b359b04591729b191d17244e06647fa3b5bb834e0e6b8e0558f9c9bce" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "osmodule.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "2515d8a5958b1f7428379a10f1f53c38", + "sample_size": 352, + "sample_type": "Binary/None", + "sha1": "0a8103966dcd8116e1790c9397804959ebea48d5", + "sha256": "a387446860c0f75598035d9306876e19ca4440d0d22e02c1096710441e331971" + }, + { + "classification": "MALICIOUS", + "file_name": "refactor.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "md5": "fadf8adb3de58f5a7a9875680375a063", + "sample_size": 28280, + "sample_type": "Binary/None", + "sha1": "46d3d649350d05400dd74cd54cfc9933792fa90c", + "sha256": "ac94a83d76a14388d36847da30a07536424672cc4b5ec2c130a9e74d6089a202" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ieee754.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "faa1501bdc9f63dd7e1ee95e0c192dee", + "sample_size": 3512, + "sample_type": "Binary/None", + "sha1": "0fa9cbf5ebaca670ebdeba4315189de2d56cadf3", + "sha256": "58c49ba733b7122ac44e83f5cbfe7bf9392a9e1e27bfc078f6d64dd172cac3b1" + }, + { + "classification": "MALICIOUS", + "file_name": "traceback.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "01d894e8ac8afa8b8df5345a113cd602", + "sample_size": 25344, + "sample_type": "Binary/None", + "sha1": "fd24dc7aceaabe8c5002e9d59b96c983af554cc1", + "sha256": "dcd71c15a5f646fc0c84231cffccd45242377fc4e765955fc28b839ef8c80217" + }, + { + "classification": "MALICIOUS", + "file_name": "test_time.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "d3a396057220daec13948937fdd02c1d", + "sample_size": 41960, + "sample_type": "Binary/None", + "sha1": "bdb547e8d9045d17600135e5b868270d0fc96af4", + "sha256": "29a6d0f410380f2139eeac85fec07319c1ac7182188598eded298930c01512fc" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__main__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "0b66c78eb0779c515dadb7c71e129f19", + "sample_size": 80, + "sample_type": "Binary/None", + "sha1": "3ea61edbc512e7f45f05f6f2c1d2b432eb97baaa", + "sha256": "a6fb14d10ae7acd0ea355bc6554227e2d2b8a9ddf702cf6fa723c3e9072cefdb" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "versionlist.xml.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager", + "md5": "d2c7d6d0a6d9f702f6e3936589a41ee1", + "sample_size": 15888, + "sample_type": "Binary/None", + "sha1": "6df1d1a5b93e6de37723c77db4e99ce5634f168e", + "sha256": "0b0946af895639845c342b648b93c9ea664011b3b6378385b2c47f1979e79312" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "palmos.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "1c9b481d20baa29974e3ad97abee89bb", + "sample_size": 13864, + "sample_type": "Binary/None", + "sha1": "608314aa13fce5eebbdcb46ad81544474002fad2", + "sha256": "755a43d498461631fdf69c9802b3e66583c6dfc94f44be4ea72035748d535e0e" + }, + { + "classification": "MALICIOUS", + "file_name": "gettext.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "f5824e7e554cb6d16fe72bb86ba69439", + "sample_size": 28096, + "sample_type": "Binary/None", + "sha1": "060187044018f9faeb9e982c3a28699c9fd47325", + "sha256": "f38122d0bf630cb6c5560167fe77901a44bd43b390f1cf822d24cb463921597c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp875.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "ae3340651634aa04bbcfc192adbc88d9", + "sample_size": 13200, + "sample_type": "Binary/None", + "sha1": "648f59444af950a7b302d7c32a2e4b4f1ce6b4fc", + "sha256": "0b99c9133a0a5ecc073ab9fc1121139e098aa2d8f8d1dc878c3ca4a50f876c4f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "imp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "88049f4c626c035185813d76427e8f36", + "sample_size": 10920, + "sample_type": "Binary/None", + "sha1": "edcbc7fd9b171a16674f09906134ccf9b1853c4c", + "sha256": "68eb0cf4faaac6d68ce831fc813e882a52e7b307c83ae21d2f5e6c835f8522fa" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "utf_8.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "22eddf8ea527b7c3fa04526ff5293468", + "sample_size": 1088, + "sample_type": "Binary/None", + "sha1": "733b3ba484e28dd859eeb55e272360a683db228d", + "sha256": "bb40a355f6471f3379534dc7ee7f10aa25ef9d608dc2bc602ab0fa336a8f6066" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ssl_cert.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "f21346295be38ca5fe8aaf947be6655b", + "sample_size": 1640, + "sample_type": "Binary/None", + "sha1": "33e928929d24251295d47c4fb165a1aefe05f309", + "sha256": "44cb7bc967a1aa78b1b4cf19424acb91067316dc16c16ca1dcb267d53db3dc7e" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp424.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "cf1b79349fe8adb644c130e4fa19facc", + "sample_size": 12400, + "sample_type": "Binary/None", + "sha1": "3fb8aae4df0c693a93561a5b7c0727e2dfb9ccd9", + "sha256": "9223e3aa5afc5105aba5935c36a35bb986b4f7f189aab69e979c37fa7c838755" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "search.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "bda64b0ab9a528aa95ab68b1c24bd38b", + "sample_size": 5768, + "sample_type": "Binary/None", + "sha1": "8658e11ae9875b73bb13740a0452c11d4bc7cbe9", + "sha256": "f0dd599d0d9310e0a28a0c355601668c1e7c816ced8f903338cccaf64067c392" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "node.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "02b1f0f7f0f3b09abfa43ca7fadbe350", + "sample_size": 1368, + "sample_type": "Binary/None", + "sha1": "ea25305df71d306e3c8ccf03b48bff9949ab71b4", + "sha256": "f93fd8511aa7e43b1237b320b585bfdb5c7ffd342f650e052b02947b5f5174e0" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\wsgiref", + "md5": "0426a70e5c32a1c7f2c92a30b525acaf", + "sample_size": 648, + "sample_type": "Binary/None", + "sha1": "50d1cba79a9db6a3f1e7e85e9240f758409ab718", + "sha256": "f5bd8778e4a570b9d51cbad09758fcd34178a2c450c45faccbac0876870877a2" + }, + { + "classification": "MALICIOUS", + "file_name": "test_pydoc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "0436c847cb40a7ae6bfab114dac9d3e7", + "sample_size": 63048, + "sample_type": "Binary/None", + "sha1": "5f827356a1a6d55c61133a85f83c3f2a8c755ab5", + "sha256": "a3b08652a6d1337dcccdd164efc3643be419fdb44980123c38ab96f79ff954a2" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "has_key.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses", + "md5": "2739b58d7dbdd42032eb2e43846c89af", + "sample_size": 5864, + "sample_type": "Binary/None", + "sha1": "db3820d780edac3eab83f616d87e67c1d5db392c", + "sha256": "afa15efe6dcf18f7c8c16460bd89d09d6567c1486c38548062b3307d2291e2ff" + }, + { + "classification": "MALICIOUS", + "file_name": "test_bigmem.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "6ac9ae12395538d9aef260c68d920053", + "sample_size": 47152, + "sample_type": "Binary/None", + "sha1": "d8eb27b21e3b2e8adc5526d93be3addaed20796c", + "sha256": "b25a6dd0a1e3ca5db6fded68a917c016955714067269b3ef0d6fa90fcb916d26" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "_compression.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "09c2a84ba47f6ad89de4b83a54b0e4c1", + "sample_size": 5536, + "sample_type": "Binary/None", + "sha1": "e487bb5affae4cb8a856aea5f6ba8612540a1580", + "sha256": "6b6597c03313ee132ca3a84cd16052d42a8cfc5d54db197d173f69f243941529" + }, + { + "classification": "MALICIOUS", + "file_name": "test_pdb.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "874847379a64bf64b850eacab378866e", + "sample_size": 63696, + "sample_type": "Binary/None", + "sha1": "a0f0e5b6463b8502e44e2a1efe7f02bbc3908555", + "sha256": "4a9ae47bd21f0afdba3260f4d9c941654e090fa4d56c040f5e8ec33ba52e48ee" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "textwrap.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "3c0a914769c28bb0ad5d8282b396f2d7", + "sample_size": 19936, + "sample_type": "Binary/None", + "sha1": "7675235e4935ce77a0355c9c1c725a9306b70ef3", + "sha256": "4e4fb8b39e63cc3bc9f50166ad4769f591fdf9fb19328638d5613b0dc5ea2031" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ann_module2.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "806eae64922b1b49eefbb32728bde83e", + "sample_size": 592, + "sample_type": "Binary/None", + "sha1": "d9785dff76a3bc509d0953afc2a82f6ffe386b29", + "sha256": "3677ee2e05f68da8bbc0738689b942b6983dd48144ccb48bc222e168497c6a1b" + }, + { + "classification": "MALICIOUS", + "file_name": "test_gdb.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "3f5a8acd3a41219ae7ed3bc8349b9e91", + "sample_size": 44648, + "sample_type": "Binary/None", + "sha1": "9a873a174c475ad3984b682a7971f45142ddbc97", + "sha256": "04b40b6854508fec5300cd3ff245e2719d165ea0376adc3c3d619b2d238ffe03" + }, + { + "classification": "MALICIOUS", + "file_name": "site.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "468dbab4ac2a0db0636b84a491757583", + "sample_size": 22248, + "sample_type": "Binary/None", + "sha1": "392bfbd8acc016263338a6865fb5217d2de40841", + "sha256": "47eb6c5e39791fc5e70cc54d81c90c24453ced167641a485398940238af3d1b3" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "help.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "1b38301097b7a00bc2e1f33e727daa22", + "sample_size": 12184, + "sample_type": "Binary/None", + "sha1": "57d37a1f3b674eb2dec5ea70ed80cbfb67910d13", + "sha256": "aeb1bee0d15646a143c07e570581aabf332dde7021e9abd1374c31b522b3c79e" + }, + { + "classification": "MALICIOUS", + "file_name": "rgb.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\pynche\\X", + "md5": "d3e9abfcd7c5ccc5ea1fea1c758674af", + "sample_size": 18168, + "sample_type": "Binary/None", + "sha1": "5f79be09b41bfb9aec5478d55581255df87f2346", + "sha256": "bcb2b7fd69e25a2e7bc23ab087f6e474ef1ac6f252212f913b449fbd4411be72" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "21d4feba3519c30e149fdf62432f198a.xml.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\ONetConfig", + "md5": "2d146083c1a3c4013d5d446a4f10d7f5", + "sample_size": 2168, + "sample_type": "Binary/None", + "sha1": "f29c4b146fc6889be9670c2d2e951c9472902224", + "sha256": "b6e8969b95ac44915fa0eb479fdda926b1bd727f87872e08d7f876ba0024126e" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "asdl.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "e1d9a79c12632dbf3411a83cdc528a68", + "sample_size": 1312, + "sample_type": "Binary/None", + "sha1": "5509a15d8d40512e524fb9dedca8488c080d0fac", + "sha256": "63586c2bdba98757348dc61f656becc2c75ba1f6d39281a043610d0631358ced" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "bad_coding.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "a2237c8c140eef72b383d307f63c4867", + "sample_size": 64, + "sample_type": "Binary/None", + "sha1": "6d73ea51c2e8b3a6fe5d0514404316929ee760c9", + "sha256": "bd6dc63d6492772a01583bdf35e714d73952598366b5144a2ff6971e4d455967" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "_tzpath.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\zoneinfo", + "md5": "511be2dcd551a40451264a5ff628ef92", + "sample_size": 5296, + "sample_type": "Binary/None", + "sha1": "43990a2a99d73aabc6ac9090b53a05bd74c843fc", + "sha256": "f154af54bae028885aaff76f70b26fa79f17fd635b9f06c78b87e24b2afa6885" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "funcobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "29ca31d1eba36a5ed07cd7ef8e1e9b72", + "sample_size": 4192, + "sample_type": "Binary/None", + "sha1": "1a34081326ccbdcab83ab5b73e12df4c421332a9", + "sha256": "7441173ec24f5cce065992be43358b11aa18f114131616a90ce0f0ca6578e5f3" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pycakey.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "45528037bec338cc533d2b4491d3f880", + "sample_size": 2568, + "sample_type": "Binary/None", + "sha1": "69c76af80ca1c262f84dbac20eb4566fbfd69e51", + "sha256": "d41b52332dab3e55eb96948ee888a4a49cf03306886e2d62c4a46ea01917ed26" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "oem.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "23bf9890d96475f939864b760b229b82", + "sample_size": 1104, + "sample_type": "Binary/None", + "sha1": "1dc2f93e767e5f21922781e00821c7af61e9b06f", + "sha256": "892cb42dd291316b38f46ac25be60c294d540f3153f6b796ef7d56ddd449f3e1" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_hash.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "5fae8ea103b79ab9e3fcabc5f4e99ebb", + "sample_size": 12112, + "sample_type": "Binary/None", + "sha1": "d60cc7ad5023661c5cdfc8d50099a2e89464d758", + "sha256": "d9417a4f45475818a83633037390e6c8bed0ec69082d71da6e49c05767b45f2b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "nosan.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "f9d9c7aba20ef821c8f21e4c40b71a30", + "sample_size": 7888, + "sample_type": "Binary/None", + "sha1": "ac6dcc9b5fe28d3cdbb069db07f790e909abab66", + "sha256": "24db772e81b7496c2590aef4882cc84e4e20a52ce463199846e9d5401bca151e" + }, + { + "classification": "MALICIOUS", + "file_name": "test_range.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "a06fc0291809bcac2aaec3946c849f8f", + "sample_size": 25656, + "sample_type": "Binary/None", + "sha1": "7e8be70aedd12c785213bc1c832a781206103749", + "sha256": "3907f55da5e48fd85210f0e739b9eb4675976c717aa1025b2db7cab4a0aefcd0" + }, + { + "classification": "MALICIOUS", + "file_name": "mimetypes.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "d970139acb7fabdc24657adaa08e9dd5", + "sample_size": 22216, + "sample_type": "Binary/None", + "sha1": "0a6a563abe9efbc1150548872ae5e68c0fb68708", + "sha256": "e6914937ecd57492121b9cdce72d92506719ad2b432941790651ea9d5ece7243" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "iterobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "d0b1451eb82831ff63a604c115f65f8b", + "sample_size": 584, + "sample_type": "Binary/None", + "sha1": "cfacf2f0852ebae3e37d09699ca79537d8a0ab14", + "sha256": "8e741c7670df9caf24158730dbc2e440d4de5f18547cd3939699a442b1dbf2c2" + }, + { + "classification": "MALICIOUS", + "file_name": "asyncore.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "a1e389796688969c4153ef385ecb6d99", + "sample_size": 20784, + "sample_type": "MZ/DOS", + "sha1": "3b42b184df1d638e48eb8a814fa7509d8dda7fc1", + "sha256": "5b43d6305571996b3b6756b3309b79c98c27e5627f6cf28b91345087713ca133" + }, + { + "classification": "MALICIOUS", + "file_name": "inspect.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "ab42fc8057d97aeb626f6e0a0252d06a", + "sample_size": 121448, + "sample_type": "Binary/None", + "sha1": "41ec7190d2a3e156e934aba192f532e2abbce555", + "sha256": "e623ec3a9fa5fd0aaf7cb13ce3ea96fca35c158d777693b85085b950b7e6e7b5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "intrcheck.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "6be212cc6a022c3491e894ca94bd462e", + "sample_size": 936, + "sample_type": "Binary/None", + "sha1": "13dd4cd171827fe5c991952428b685f1d36fc01f", + "sha256": "0356847870bd90e0dc8ee47e9b59cca8acae9532f74ee314d3b44548c7a30018" + }, + { + "classification": "MALICIOUS", + "file_name": "test_deque.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "b1c33bdb9ffe813ddb34f922c3885583", + "sample_size": 36480, + "sample_type": "Binary/None", + "sha1": "9766e2fcf6f0bf5056b12d8030d1d0307279c189", + "sha256": "978faccb7752a8ff21b5a2c5481d8be309585a325ed82e4d9924a9ebe215b721" + }, + { + "classification": "MALICIOUS", + "file_name": "test_sys.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "5926a6ea2ab1e33430c6b2eb5616f08f", + "sample_size": 57632, + "sample_type": "Binary/None", + "sha1": "9de125893099a684154125148bf4a199d4a3b7a1", + "sha256": "5ee19e3d218c847f94d1b3d6f3acd473a7c5516d099a882dddc3247a9bd8e6d6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "lll.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "ad7fc598c9b28c282bf4331620f2e0c1", + "sample_size": 816, + "sample_type": "Binary/None", + "sha1": "abc187688d88596322d48738070511604f0cea03", + "sha256": "fdd42e2a29115427e48387c4f2a96e617eb13ed10639958581845573701b4383" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "colorsys.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "96b862c2ee48e4fadc8eabe8f5ae7d77", + "sample_size": 4272, + "sample_type": "Binary/None", + "sha1": "99bb3573ff1e909905cdc78885b30fd6dc25fb76", + "sha256": "f201e68ac10ea4b17f2e87ae1f3d01dd7f5b597ff0fcec24242156067000b8f8" + }, + { + "classification": "MALICIOUS", + "file_name": "unicodeobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "db3c9ea5c9262124df1b1861e1b706b4", + "sample_size": 36496, + "sample_type": "Binary/None", + "sha1": "7330876ed97a00d8c307aa27f1e480293f34a3de", + "sha256": "6e017e5108dec71db4a30e68c49ba71a5a3525d99621c84b94da6e27cd22bf60" + }, + { + "classification": "MALICIOUS", + "file_name": "heapq.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "c6d6fdd7138baafe32f23dd2b5d610cd", + "sample_size": 23520, + "sample_type": "MZ/DOS", + "sha1": "21c1cc43af3c74a62c5023ae9c85902b710fd6ad", + "sha256": "21a4433eb21789bc6b83d78531b9d1d50ceed26ee3632d20528d38743db7a5dd" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "OneDriveMedTile.scale-100.png.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "md5": "f4aeb984224e155ff2044c28a147d9c1", + "sample_size": 696, + "sample_type": "Binary/None", + "sha1": "0d10103661ec7bbdec56180c562a3f9f6b44b30a", + "sha256": "e642022a7548826a8935b5dfb70262b09d3c3792bae20d4653c73ad1b2e511c4" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "dutree.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "15304a28cf88654d79b708abdf304bb6", + "sample_size": 1736, + "sample_type": "Binary/None", + "sha1": "c111b8136783d8eb396ee945ea7125bbc7c3b7e3", + "sha256": "cc995dc2f0cd643262257fcd978880d75805906d4bb8f658f84e18748b42944b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "methodobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "2dfbe1573e891b5b767aa3c026f9f1b9", + "sample_size": 3928, + "sample_type": "Binary/None", + "sha1": "337095093a283029cbda6eb48bfc805d424ceaec", + "sha256": "3b3ac3a391386984960f94fb31ca27ff002eecfdcc61359f831163f697cd14bf" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "graphlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "87063bc782da3f736632536d6799bf2e", + "sample_size": 9856, + "sample_type": "Binary/None", + "sha1": "0d1870d8d6a5e5516bc113e32629080db760b982", + "sha256": "e37cd60947f953757701b1cd13466bff483318bb090715e70ffb8de9d64219ce" + }, + { + "classification": "MALICIOUS", + "file_name": "request.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\urllib", + "md5": "a52631c7a7504d1caef54eca4d656f12", + "sample_size": 104480, + "sample_type": "Binary/None", + "sha1": "80dad4d4990dea35860737c974cec5e6abf18d03", + "sha256": "64de40be74c13b1c974592ded4dfe6e04d61e244f2c58996b67c857d2c71f752" + }, + { + "classification": "MALICIOUS", + "file_name": "cp858.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "a30b8cef211c8952723edf51575e8951", + "sample_size": 34752, + "sample_type": "Binary/None", + "sha1": "67ff2ce62f94b4b3642e67700a8d47852744db5e", + "sha256": "74e0bf72830fa11ea4ad7590fd0e4643944d6f097645a7f170e210c31a0325da" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "utf_16.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "b378315d8db81822878301a176b65d34", + "sample_size": 5432, + "sample_type": "Binary/None", + "sha1": "27d18e3e36fda87245e8ee0d80d23cbb4ddd7543", + "sha256": "f955a1fab1fb74d582a1f5959935ae14e2f7e9c575348827295e224716607ec4" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "mp_preload.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "127ac14ca6b3c47b732edf3cc06d2393", + "sample_size": 408, + "sample_type": "Binary/None", + "sha1": "cb361c8e03ea62f84d743b69b32664ec7a96ac4b", + "sha256": "827ef63ccc432d45ecc30d9dd8bf5fc8ed671f7c99b88371c807c8b9c5add008" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "stat.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "beb6824fd597c5213f0f11c89f02b5cb", + "sample_size": 5720, + "sample_type": "Binary/None", + "sha1": "d8ba469844b27f90f0b0b10c72cb23d6e4534338", + "sha256": "f4caf2fd411df4325887299810a54be22120665d2099840f717c8e321c92cc6f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pyctype.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "2beba29918db50da15ab0af409d9325b", + "sample_size": 1464, + "sample_type": "Binary/None", + "sha1": "59381523b01ea259cb914817882b8b1e67d61d53", + "sha256": "39fc6724c1a37fb1070f4cc7dff75e84d554bc074a594264d3d8b13d90f8d97a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "image.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime", + "md5": "ceac0890352945d3a21c155be4e2d208", + "sample_size": 1920, + "sample_type": "Binary/None", + "sha1": "7357a896eee2312c5542e8b0c2b210de61fd351f", + "sha256": "f1caa48d364c7a9729269ac3ee972e0eb3e823c4e05989f4c935782afcc8dac2" + }, + { + "classification": "MALICIOUS", + "file_name": "_pyio.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "c44009246b73337baecd41c47ca9b754", + "sample_size": 96048, + "sample_type": "Binary/None", + "sha1": "fd96f894775976271ba86018ce478190a5d44091", + "sha256": "c13ca72ec976993feebeb27dd249e8b42112253b0b1b307d1fdf393b07137e1f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "testcodec.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "a40a66f1c69fbb05b67cd370dbb58f27", + "sample_size": 1136, + "sample_type": "Binary/None", + "sha1": "d4f3098a7892b3edaef0926e3f3be29340fdc781", + "sha256": "2ceeee7bf456b693a2c58a9335e2f12c1c31611c58c19a43ec4c3396b5b56196" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "py_curses.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "432c00b59bfde7ffbeeaff6bf990d110", + "sample_size": 2616, + "sample_type": "Binary/None", + "sha1": "74d7a861759ed252c814c650fe365b0b96dfedf0", + "sha256": "a5515e6f6f1db2af7a4bc493410b5d016dca772b2d7b836cf27a7d34b94006bb" + }, + { + "classification": "MALICIOUS", + "file_name": "pathlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "9e7c8d7316fa9863e9315212467eb265", + "sample_size": 55704, + "sample_type": "Binary/None", + "sha1": "751de1b67f271c659fcae9597bf5a5c6132c1766", + "sha256": "32f8016123fd0c3e4fe3fc603cd806a5f081fde78106e3be8ef6e9246d1f97e5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ucnhash.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "b811a759052825666b897c889bb7fd55", + "sample_size": 1136, + "sample_type": "Binary/None", + "sha1": "c9a76bef9558f88b4850781f264e599a538c3fbb", + "sha256": "daf458f9c07c3136505944b03c72ec657b41afda9611459527073910a1aa82b9" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pulldom.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\dom", + "md5": "e37c70554fdff5536e793abc05cccb1e", + "sample_size": 12384, + "sample_type": "Binary/None", + "sha1": "3ab2dfb45db543e041758f61480c42edb6a7bb10", + "sha256": "f5f3416f309700d33c762444846cdd9ab4c690c6c4af6aefba3252a358413598" + }, + { + "classification": "MALICIOUS", + "file_name": "test_descr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "90e03709541bed9c6e7f05e132af58b7", + "sample_size": 201632, + "sample_type": "Binary/None", + "sha1": "2c0a237d11dbad9c9b415ed18ce6f31c128b1985", + "sha256": "f16b15e7d92f508808214fddd2e93aa75389449ddd0585c4393f5c4a72c98e16" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "descrobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "639bca8fc1b2c459a7ce79a5bc6994ca", + "sample_size": 3168, + "sample_type": "Binary/None", + "sha1": "e9ed1b10380aa8f9430b712c78f0721ec3f90701", + "sha256": "3cf3a37d2a7087a5cb17b82f0ed39b6cabddb7916d3081e2ad3caf671011f612" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "fileutils.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "ef812e94517e26060c88f5c8fd5f21ad", + "sample_size": 664, + "sample_type": "Binary/None", + "sha1": "58bd06e7b0ccf6ddbd2b846b51ca2d671968cfe8", + "sha256": "e97152ce1a3beec6728dfd9bd84394ef2d1b7a4bd208971ce4273d43ab80fff2" + }, + { + "classification": "MALICIOUS", + "file_name": "test_trace.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "9c37968c5bfa1ee0f82966d1865c3663", + "sample_size": 21048, + "sample_type": "Binary/None", + "sha1": "72eb8234f8436e68e0d0591389ac1f13437a90b6", + "sha256": "0ad0526c5af092a2c6367cd848b6b112f438b790cd5c6f684eb22fac8c07e26d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__main__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "ba33b01bf7a4a17949cc920e72645f40", + "sample_size": 208, + "sample_type": "Binary/None", + "sha1": "b83092a41d84552d408acedce04ed0b6f4f2c4e7", + "sha256": "67d3c69bdf6ec625ee91d2d6465f2770e86ecbe6e4c50385a746e82f385af141" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp874.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "60ef65f4d0d13494b42ad353c649c6c1", + "sample_size": 12944, + "sample_type": "Binary/None", + "sha1": "e1b83259cd4576b4680f412a6bd142a4e3af0aca", + "sha256": "3bd037554825f8874c62b07f68b270d2ab1001b853ed2db2469cf768feb546d0" + }, + { + "classification": "MALICIOUS", + "file_name": "cookies.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http", + "md5": "e376884a0a6851741389d1c2a09a3d8d", + "sample_size": 21136, + "sample_type": "Binary/None", + "sha1": "6396fa4474c43dd1b60648fcc5094fae4a5097bc", + "sha256": "7a36118441d557615a2ed6c25fa223318cfba5bb3c9003d52e8b0a76db036fa9" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "md5": "b4f36fb1ddce9cff6010ccd834d799cb", + "sample_size": 1368, + "sample_type": "Binary/None", + "sha1": "59dc845d2a06e5aac9e4e72ea6d13c6321c69656", + "sha256": "9ecf59246ff5de4aac92c53e26d3aa4e1cac391a6b2aae420d7e3f16b47aa67b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "queues.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "md5": "9413468505d48d099f7738bc50eb80fd", + "sample_size": 8600, + "sample_type": "Binary/None", + "sha1": "b0554b92476dcbc87e4b0f3dd27bb930eff7415d", + "sha256": "90b0bf10693d027502c3366e65dadcf469aec1f516ebbf45aa37c25e33b79454" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pydoc3.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "2289fccdd130388114df7b3b274f0ca9", + "sample_size": 128, + "sample_type": "Binary/None", + "sha1": "0242ea6afcf0de19a736594883533ba3aa48bd77", + "sha256": "e60a6137e3a54c0b1acc11c281c4609efffdcb7f273b59d3d4fc0bdd321ee0f3" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "log.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "md5": "e2e497ae520f0929870b11db3456bfbe", + "sample_size": 2088, + "sample_type": "Binary/None", + "sha1": "0058fc93ae183ad8ded96ff22f49890136a09224", + "sha256": "fa8d800eded09207f085bee25a7c08ad232313c96e69fb4d8fac5b93d398d386" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pycapsule.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "5147a1fe2cda56a3eaca3244882ad583", + "sample_size": 1824, + "sample_type": "Binary/None", + "sha1": "f68c1597b2a127d2303c00f8c00d07d419235bbd", + "sha256": "aa3616afb06c0842ab85a82eab070dc9868fbb41d818bbca2ad61a8198f00d08" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "datetime.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "463943789335006c73a385e1958cab76", + "sample_size": 9552, + "sample_type": "Binary/None", + "sha1": "8b99aaa6ea169a6bfbcc06c1ed39cbb57370a0b7", + "sha256": "0b47e0d40424dc12f49818a57eb47ce4f199bcf91ab451d8d354f4253a12c9ab" + }, + { + "classification": "MALICIOUS", + "file_name": "test_types.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "4de91b9d3a0e35297635278579870162", + "sample_size": 63040, + "sample_type": "Binary/None", + "sha1": "34d2364f4f4141746151b4014c6b860d026173c4", + "sha256": "3d4af3e66f5a83f870b6c68ab653fe46165d1788b77dab24a6d04e79423ef609" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "msgfmt.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\i18n", + "md5": "ec31205c053d9e6de5fae9682393a3c9", + "sample_size": 7880, + "sample_type": "Binary/None", + "sha1": "1cf2a8251de1aa15d994d5a64b9d98699b235649", + "sha256": "2c969afb2effb746737cd8c445cce399aaafda3d6eecc0a7c44b42608e88fc57" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "token.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "4049558267aa4a9db7fb26372958358b", + "sample_size": 2776, + "sample_type": "Binary/None", + "sha1": "a0827ed264a89663b9ee706ba93eeeb45f42fe70", + "sha256": "bb3c4552a09a6069c1125dfdc1e93cf28d4424911777bc9792cc5553040a5f85" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "fixdiv.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "0377a9fffa490df7b11443cb5bf50280", + "sample_size": 14656, + "sample_type": "Binary/None", + "sha1": "c6377cfd705485be28e531f16077e828a349e797", + "sha256": "146062f156161938024016cb342c4f138096b9c53fbfe0396b5ddcb83e625025" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "util.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\wsgiref", + "md5": "6fa33e658cff1f14b4cf336ef318ab83", + "sample_size": 6064, + "sample_type": "Binary/None", + "sha1": "972dbd8f1aa89ca577516ddbaf36625bf66e36ff", + "sha256": "cb7d538a6517390e819edd4e4b5d3afebb28a40d039c2ea79267143b0cdc0171" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "validate.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\wsgiref", + "md5": "e0fb79d45012836ef4f566e214ddbdba", + "sample_size": 15584, + "sample_type": "Binary/None", + "sha1": "08fb66e158ec27b9c0804d88ff8a0419234d7e80", + "sha256": "b1eeb5d4ef8c8abbf49f51c2fb9c9b99581416e22c614ecbbd2839f47b30c758" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pdeps.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "3bee533adc2c7d58fd36b8ddc3048da0", + "sample_size": 4192, + "sample_type": "Binary/None", + "sha1": "b8d1e1606071b1eab5db118adb12962110e9b580", + "sha256": "eb00ee1ec3f0b56a8504325478a8e2f9a23e6fecec00e657d7d8bb6de2fcff09" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp500.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "3e9379761095aad118d631e477fa2d32", + "sample_size": 13472, + "sample_type": "Binary/None", + "sha1": "c13c62b1f84cfb9638e913f83f2ad02eaedcd33f", + "sha256": "a95698398ba57a9718b9ca17eb1f1d022f647511049ce0fb2f7233c1132cf39a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "tree.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo", + "md5": "8b47e68baa273e23c4e528bd21c0fc56", + "sample_size": 1504, + "sample_type": "Binary/None", + "sha1": "180aa1ad20c9a66bf6e1247be38859c5ab7c2a17", + "sha256": "cc829c500a9be961bb5598c35633819a51dfa2dc13569849ac0a3934e0da7461" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "bad_coding2.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "c822e40270e9e8232b8f1cfb8e310082", + "sample_size": 72, + "sample_type": "Binary/None", + "sha1": "6063669a2f2d79b9eb7f145efbe3d7c53fd0478c", + "sha256": "e93125785a7547d863a0bd1886f042b4fd55ab87afc74b12b2341d8a6a455de9" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__main__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter", + "md5": "fcb45868f52229c37da01195ff8b9e78", + "sample_size": 192, + "sample_type": "Binary/None", + "sha1": "19af777d30aa6833b85c27ee5dd6e80bc33af4e5", + "sha256": "09af3d44939ff50de752bb4ad36d2f6af546aa07cb704361325c73ebebbc5c61" + }, + { + "classification": "MALICIOUS", + "file_name": "platform.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "2443d653bf5f09b67a65ef60c2cf4e1f", + "sample_size": 41912, + "sample_type": "Binary/None", + "sha1": "94e75f806ba4f098631393b09abd618097a9302f", + "sha256": "aaee38dfee7737b9fd28b74d013773cc066ef9a14b8eb727041a1106fd0c326f" + }, + { + "classification": "MALICIOUS", + "file_name": "os.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "dfece8b09e598b6c0a096d087e2c848f", + "sample_size": 40224, + "sample_type": "Binary/None", + "sha1": "7f042f159284150d3159167796b0e2429e2f11c5", + "sha256": "7c4c604a1b84fa876e9d6deef70223b9c5ad541a7e59864ba61acae973e94b71" + }, + { + "classification": "MALICIOUS", + "file_name": "test_socket.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "e7b9d4b2001fe721da77fe07fbc1eca2", + "sample_size": 256856, + "sample_type": "Binary/None", + "sha1": "a1d323e5a1480d11ef2708c44b221a5380065216", + "sha256": "1a4e931e958a0a16774072e4511eb831c8b30cd14235b4b7283ec87dae000075" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp1026.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "2fe5c7d813be03f4b50b8d44187575c4", + "sample_size": 13464, + "sample_type": "Binary/None", + "sha1": "f532dd3e44b2af0a2b1994885d8f97bffbc17862", + "sha256": "81b9fc314b5d1026ec098c9d1e5e5c94c3cbfabccbf2ffbc932fbed55a582fa0" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp1252.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "ad71af69b7e5a19e4feb4927223ba59b", + "sample_size": 13856, + "sample_type": "Binary/None", + "sha1": "ed2b7eb1bb4b53b5720a0fbc653b8eabb0ea8d80", + "sha256": "5d00afcb13e5ae2e5bc72d87b62863e8c4bf8dfd7e8bc25bde9ecfccf470e082" + }, + { + "classification": "MALICIOUS", + "file_name": "test_embed.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "b94ad25eaf057fcf681c5ef1e58e76c6", + "sample_size": 54160, + "sample_type": "Binary/None", + "sha1": "1176d7a8b6a5f6835d0d7f038744a5f479db7ff8", + "sha256": "ae294427988143e56a439bff8ffc8a8a19de1ef6dd06de796c27d6d534057740" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "weakrefobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "b45f0f2e139ffb91b5cf7c4749e90d5e", + "sample_size": 2992, + "sample_type": "Binary/None", + "sha1": "427b9ef8436420628f67130e63a8e206687f433c", + "sha256": "c43152c6d16c7b2e9691089325662e495c650034b6758419a6cb3be0e6b821b2" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "py_compile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "4c2c7f22c09ff58db5613a8f86e8649d", + "sample_size": 8400, + "sample_type": "Binary/None", + "sha1": "a3d44fd4ae89e06757b796a736dc5260e0073f8d", + "sha256": "cdd3c0b42a1efe504d872f01d868c778ccdd4a9ba28b12b1ac002ea5a511800e" + }, + { + "classification": "MALICIOUS", + "file_name": "test_ast.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "ac7168741a56d7c65e23825e795756fb", + "sample_size": 103024, + "sample_type": "Binary/None", + "sha1": "d3e98d5e07ab3f830e048c56d37dd10ab0815586", + "sha256": "88aa5184b917cf9df79d4eb28ae00645e5271f6aa0b93475248dff773b5314d4" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "which.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "0d4bcd15242583cf1f6133a16d6c97dd", + "sample_size": 1784, + "sample_type": "Binary/None", + "sha1": "188678eaf72668c0cc4ca8be849b026ebaab3563", + "sha256": "d6e0c3791becfef6a02281f1553ff6cfb4213002fa89606fe03ed0f58d277f6b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "iecompatdata.xml.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData", + "md5": "e9b79bfd19b685919696608d332437bd", + "sample_size": 3088, + "sample_type": "Binary/None", + "sha1": "6884c56614f1605f4942e81ecc9a37d49fc8acc9", + "sha256": "adc8b88eedd11bcfd1804d20e695d700f2622fe45be60326bee4bae30556159f" + }, + { + "classification": "MALICIOUS", + "file_name": "functools.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "1e612b0f8a4173385fa0d0d480ddfd77", + "sample_size": 39928, + "sample_type": "Binary/None", + "sha1": "fc6b143f9f6bf0bf4f0afff5f0e9f15958f2cebc", + "sha256": "ddf63bd7f8a1c939e66f0e12975ff2fb6eaa59b7c607f0cc31e846520333c75c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_select.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "ae039e0d7af9e9b42888a7dbb305e524", + "sample_size": 2880, + "sample_type": "Binary/None", + "sha1": "112c4ee127085278972c8947e3f7a873c6af1107", + "sha256": "1794e14e30eb9901ee34ff6ad394cafbb8fad6b7ca14502a554efa466c0d7a81" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ColorDB.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\pynche", + "md5": "d4f9ff96b939e5e16cc42b8a229c89bc", + "sample_size": 9112, + "sample_type": "Binary/None", + "sha1": "d07147c9eaad5f8f186ef2d832ad1e7fee169c37", + "sha256": "4b46b6ca550ddaa8267026e29aa1431ee5c66204f13bb57f516ee215a7578da5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "textview.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "6a5171b56cf56906d9c98b048cd2d035", + "sample_size": 7048, + "sample_type": "Binary/None", + "sha1": "55667872317142871db80a70354d2f041a64cc95", + "sha256": "94f068ed4ef68c25be38a3c50581e0a9a859ee93cb84dc6e3b492352bdd01de3" + }, + { + "classification": "MALICIOUS", + "file_name": "test_scope.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "ce979f84d8bc3f80f47e9a6c37d23ec2", + "sample_size": 21112, + "sample_type": "Binary/None", + "sha1": "3073e32590c2a5cc8bebd90f44e914038e965c03", + "sha256": "525c2eda03cf23e07e251c672fd1f5c2b87735e94ce08fc25c1524ea5464210b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cProfile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "fc8c685fcefe4ca51a1bfa889e2c6c5e", + "sample_size": 6568, + "sample_type": "Binary/None", + "sha1": "b62c05b1ac08cb129523f86a5a56c1b68072e3cd", + "sha256": "bcc3f948f0bfb7d48c2f84758562f06e17d3142474e39b73ddaf524cd8688230" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_heapq.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "38d777df2a99a8603c6e32bcffa2a53e", + "sample_size": 17304, + "sample_type": "Binary/None", + "sha1": "0f67761080f5cf0fbd3bddd05201680728156c97", + "sha256": "8768ca8681d0b3b541c1b395bb076f5173e141dec6e816b24e997d5e652af0b4" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "signals.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest", + "md5": "597a680d24773a70a6488ba4b110909a", + "sample_size": 2512, + "sample_type": "Binary/None", + "sha1": "0eebed14396ed3ed4d0532b476b5b84984fb2b5d", + "sha256": "75e3747762ce81dc3e634fcd6a9f1c6e68478d7dedae0e279232ca4b455bf2d3" + }, + { + "classification": "MALICIOUS", + "file_name": "threading.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "1533d5098af337d82a94bca1ccc8f918", + "sample_size": 55768, + "sample_type": "Binary/None", + "sha1": "ea32209e43277db2868cc1f09d8cc410d9959cd8", + "sha256": "04bbe7752f6447dda1e4dc24dc714a3324205453fb48b39cde2b8c90eeb7af38" + }, + { + "classification": "MALICIOUS", + "file_name": "test_zlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "30c7c104c7bd9578a7cadbbc6a008cd0", + "sample_size": 35736, + "sample_type": "Binary/None", + "sha1": "53ffa623977e6b139cfe3ea3be74ee18d9a995c3", + "sha256": "21ff64a5db6dcbe5e29d41ec6821be3f074694028fb7f8973fd666aa5f8449dc" + }, + { + "classification": "MALICIOUS", + "file_name": "test_fileio.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "bdf91f1d7b5c14ff8af75df0584b65e2", + "sample_size": 21016, + "sample_type": "Binary/None", + "sha1": "9cdaf9d46391e0ea806c69bf04ac404900f96f38", + "sha256": "5c318a51c280a38d5bcb2e669d6d485a28905f32ef98540d3b34c59633723a76" + }, + { + "classification": "MALICIOUS", + "file_name": "test_cgi.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "2e91740be7969e1841f52210e46ef122", + "sample_size": 23352, + "sample_type": "Binary/None", + "sha1": "864f765aefca591d2503348a5a6d5f030b07f5f7", + "sha256": "260cf6ce3e72697562313a669ccae7f57a5c7a82873c5b5f313e6c6d82b85076" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_pow.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "673d05d7ced7ba9070fa748121f92f3d", + "sample_size": 5760, + "sample_type": "Binary/None", + "sha1": "b51c642f8780258c25fdeb314a247e9e9136d1dc", + "sha256": "3fb7a7e09fcd9821222c99cfa221fc771927f6d12bbea1d13f5a5af3a1105df2" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_wait3.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "67b36b3d4130549cee4fc8db5883a812", + "sample_size": 1944, + "sample_type": "Binary/None", + "sha1": "f2cdcd6caf9f89b0b3ae4a7e5856f3d05b25cddc", + "sha256": "f6980b470c72dd361fe27ef1423597b60fb2707727dd85e205e07322a729828f" + }, + { + "classification": "MALICIOUS", + "file_name": "telnetlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "58fd2fe47fce1c540a275c60b436be9d", + "sample_size": 23968, + "sample_type": "Binary/None", + "sha1": "8011754504d58c074fd02187d9ff7cb2ccb32399", + "sha256": "07ac88b7ac6f66e01c153aac872ed8d6b40162549f4c8a38800ec89cd3ecccdc" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "autotest.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "09584e97f56a86b0841afe364f83e1e7", + "sample_size": 256, + "sample_type": "Binary/None", + "sha1": "9035f31cb0c1af464b19f2de556f832c9eca3eb1", + "sha256": "397dee4708b913d97b4a93d5975d750fec0fc2164b55e34aaecfe670372ec42a" + }, + { + "classification": "MALICIOUS", + "file_name": "test_ftplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "b5c7a4150ed564d8e006f6aab57787e4", + "sample_size": 43944, + "sample_type": "Binary/None", + "sha1": "1237afe8d1d22c22d9d11751edbec94c50430c51", + "sha256": "90f15e1ba80ee6907227b1f0f903b822772b1fd30aa555585eef7b6dc86fd0c9" + }, + { + "classification": "MALICIOUS", + "file_name": "abstract.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "9f661204496e0fc274bf1d3ad0869fb4", + "sample_size": 31368, + "sample_type": "Binary/None", + "sha1": "3069444588553408183f62de6b6eaff921853612", + "sha256": "4c0cbb6df347fc57ffc2e5557b991982a5c2f287f3bc64f89d88d923a7f83bee" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "chaos.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo", + "md5": "f7ae526ede12db546e9a9c066de31ae2", + "sample_size": 1048, + "sample_type": "Binary/None", + "sha1": "8c026d94efd29b4e51a3e9ade7bd3a6903da22a5", + "sha256": "ecb836c39463a7f44e1e7ccc54905993698e27649be4df274eb2ae25f649d76c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "_aix.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes", + "md5": "9088407c4128dd3722aa5240f82a5ba6", + "sample_size": 12944, + "sample_type": "Binary/None", + "sha1": "fd6899a95e9dbec59500078da4be4a2f9e52cd48", + "sha256": "e266da49ef7afd42bbfed57b1020a6866ce26411b6d44a2a3e8a1fff0583d3a4" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "tree.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "a351d0999391cbbbe69fd4697df9a705", + "sample_size": 16912, + "sample_type": "Binary/None", + "sha1": "8996d05ab569c55fbac0ffff065f9c02f97f460c", + "sha256": "5f5711ac692894860fcf51a5a29c6e5809fa84a0ed3a80a597dc0258ad639b06" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pipes.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "7f0530f2c1755279c93ab56ca03337d1", + "sample_size": 9200, + "sample_type": "Binary/None", + "sha1": "2233db5c43b073c1775814572a7668b12442c4fa", + "sha256": "1f6c2b5db58efeeffb47e2fb41f1964f5ded4b24120f8b4454c00904f27c228f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "util.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "3d5fb36411e5d879713a90559b09f580", + "sample_size": 784, + "sample_type": "Binary/None", + "sha1": "8ee30e546c97105b0852a811ca30d4b2974ef759", + "sha256": "f9b48594756c462db49ec588ea6634291f6a2d56a6bae9fe6790c538367148db" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "chunk.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "fcc443c51d2cdc408bcfa6a5203fa6ac", + "sample_size": 5648, + "sample_type": "Binary/None", + "sha1": "730582f8a1cea2ec13d4a2881eea67a6f47e512a", + "sha256": "2d9496a023fa823f227b1d00c82ccdcaf428e413eaaca1358b833cdad51127be" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pyarena.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "fcc0757a40f603ace9542e51a4ff395d", + "sample_size": 2848, + "sample_type": "Binary/None", + "sha1": "a12163e30bbe5695daeba26b9ed776c921ea8bf3", + "sha256": "3eb5970ff284265fcd0ee37dd15c6bba40b518f95852f7a6315cde65ab3b4c50" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "domreg.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\dom", + "md5": "dc62da81ce1beed1d4fcea7ac667e6d9", + "sample_size": 3592, + "sample_type": "Binary/None", + "sha1": "466d6f7a9e209d2e9a341cbccf991f771730bcbf", + "sha256": "fba7dfd284f1a66abd141f1df95fd7164b8f513d756cb8f231ec0b7cb8512dab" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "mcast.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo", + "md5": "5450ce5ba5abfc6290fbcf7fa781ae1c", + "sample_size": 2344, + "sample_type": "Binary/None", + "sha1": "243628c423ddf92def75e7f50080e834f39f6163", + "sha256": "3736e6ed2bc2eaf8ec91629a2ea8b6038427a6d7793571350bf58b15d437c334" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "exports.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "33ce00e3af1e792a38615bf5255c8d05", + "sample_size": 1168, + "sample_type": "Binary/None", + "sha1": "e5a300cebe4a50c26a22a34b65f457a7d24ce6ef", + "sha256": "806e5c4d22bf096a84a465b6a40d80fe4f9d956032d0829eaa664018ba7527d7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "sortperf.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "6bb0d99963a60fb18e3f69a19dafb845", + "sample_size": 5016, + "sample_type": "Binary/None", + "sha1": "76d208d9a15b88de36aa245cad9c6be55d3d8317", + "sha256": "e92d08f8a06f599cf287428728f5ffb05c1c2ad2b820b243e17b4bf8ae94df25" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "gb2312.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "37d3e883f282af9e0e55b07d4485bf2b", + "sample_size": 1104, + "sample_type": "Binary/None", + "sha1": "3fa3d6a33c8d71b3d71761f73abb7883bd212d7e", + "sha256": "093b2740074accfeeb67d997882c137ab89ad52abed59c8de859def9853ddb4a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_grp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "ec9eda32da881c2f1ceabd7f9284e33c", + "sample_size": 3776, + "sample_type": "Binary/None", + "sha1": "1d512ccb33c4f6512fd91248dfd3ab09c71cf278", + "sha256": "3f342ef9691707f9e8cd3a9eeb3fbee7f6294e7c96591457c10071f6b03e4799" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "memoryobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "5b534f65f5eb7dc9531df77fc7e0a311", + "sample_size": 2880, + "sample_type": "Binary/None", + "sha1": "e68d1c7dd169a171cab4c0a823a0af077364c13c", + "sha256": "ac6d0a4ace356981c6c710811e3a9c0c1de2aa1903faa2f5b0fc9590eb7bc8e0" + }, + { + "classification": "MALICIOUS", + "file_name": "test_venv.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "c56ae86292becdbf89f0f65af5c46a60", + "sample_size": 23136, + "sample_type": "Binary/None", + "sha1": "a0ed49f93f7808ae83c51cfa58551d50e2a5edb5", + "sha256": "b43222b100f7a13f5331de9707a56adc694d87d99182c74a3dc929bd20e01cf1" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "handler.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\sax", + "md5": "2859e962c5f50aadd8c5ada726d404c4", + "sample_size": 14304, + "sample_type": "Binary/None", + "sha1": "c6fe2596d89c7f545e62fddc04e7a535c597fa7f", + "sha256": "dd3df584a8d038605ca48cacffc2c88f7a38c6a40ca061791105d1144e83adc4" + }, + { + "classification": "MALICIOUS", + "file_name": "sre_parse.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "c3b490ee3098d6e6562749deb1635c1a", + "sample_size": 41896, + "sample_type": "Binary/None", + "sha1": "80386f9a638fc5eda7987bafc919f1aac6589a7f", + "sha256": "d0adc47c334942f661a86ed6175ad5f593a7eeee9a8b74e84f4c7bbf2f4e1c9a" + }, + { + "classification": "MALICIOUS", + "file_name": "test_parser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "ea9d710a1a9e88860f885681cd56b4e4", + "sample_size": 39800, + "sample_type": "Binary/None", + "sha1": "226b084c17373ffa7038ef6eec932dcb6c5588ed", + "sha256": "9e52c5c65cf4b12cc18f8f5a939c9ba58eae6fa45cd508f4ac3327a679351c7c" + }, + { + "classification": "MALICIOUS", + "file_name": "test_sax.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "409b3aebee89245fe10743668a07edc8", + "sample_size": 49080, + "sample_type": "Binary/None", + "sha1": "fd77219067f5a6ec0ce2c9ebd3c235eee0fbbb91", + "sha256": "8055ce99f4e6fc34712d9d8e6cfe715383e253f58e4f9f10c107c994c4be79a3" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "debug.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "md5": "c2ef13c7f1827dc0ece9543141006d7a", + "sample_size": 184, + "sample_type": "Binary/None", + "sha1": "01dfeb4725154def9acaf9c32e80aaa12e5a97c9", + "sha256": "d1f37b4ce125953a06e3058c814cdc27aba9211d25d6a71e12d02eef9f62c904" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "johab.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "e41dd224e89d72bce3b3d3a318aa828c", + "sample_size": 1104, + "sample_type": "Binary/None", + "sha1": "fcc0db20bf4c409db9772a100ddd0f3d14f8e2eb", + "sha256": "3db078ff2db3c9a01210fc661da3ae243716e0c0d0552155d58e65fcbf006229" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "byext.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "54d7a66d9188a7bfdf9e62c606157718", + "sample_size": 4080, + "sample_type": "Binary/None", + "sha1": "aba8de50d4f12b2bddea40100a1026e6bb0b8d9a", + "sha256": "eea1183a9e4aa8b778bcbb5f75b8c37cf135521bce0f9b33d322d9450f14fcb0" + }, + { + "classification": "MALICIOUS", + "file_name": "LICENSE.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39", + "md5": "d8cb21b989dcaec04d482206fa9fb421", + "sample_size": 32800, + "sample_type": "Binary/None", + "sha1": "8266fee0b58b113a8dac6b46455a56e2ae404595", + "sha256": "e7e4e65d7f2f19384587fb24a4c10159dce6fe1c9ec59849d1f3afa409488c55" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "binhex.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "ca4b3844535760a27da100aede9a0e58", + "sample_size": 15328, + "sample_type": "Binary/None", + "sha1": "9c87a2e994bb0650fdc367f08746dd812931445e", + "sha256": "28d3f039dcf2a39ee98318c25d60e03edcfd36958dea6d0959e55f4a7c86a1a4" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "genericpath.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "9f472529d22005ce558619ef63e38ab8", + "sample_size": 5168, + "sample_type": "Binary/None", + "sha1": "cb1cb11f0218d7de0d11e6f90861f135ce8b2819", + "sha256": "897461d5740a62b5e7ca4ade205bc1d6a8381eca40bfae6f83d372b7f8ba1aee" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "_threading_local.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "41640218095ca6a752bbd794c9cbe349", + "sample_size": 7504, + "sample_type": "Binary/None", + "sha1": "446aeb5562a1e1352c9e18ddab65f6858e5eaa44", + "sha256": "c7dc45bc8ecba584dc30496fbfeee7aeada0a4bb3f3caadcd558dbc22a500694" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "[Content_Types].xml.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Temp\\chocolatey\\chocoInstall", + "md5": "d9acc1eeb7e15c55607146459201ab97", + "sample_size": 976, + "sample_type": "Binary/None", + "sha1": "75cb2b18e787b105ac0041b8894b8e6e99859f43", + "sha256": "532a142e3d9307e3688e5652118cd8814a0f6facaed670847f3689eb412cdc10" + }, + { + "classification": "MALICIOUS", + "file_name": "zipfile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "2b29a8a1f34b339e6fcb553ad8191a9e", + "sample_size": 89968, + "sample_type": "Binary/None", + "sha1": "8bb635a6ca3492d490c8d86fd6a86de2af5f5926", + "sha256": "76b4e9f1e2a73fa512e35250ba1c3c63a35eef9a1094fb8156fcfc0a9153da1e" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "_weakrefset.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "4b742c0bfb6edf3e59c6ea38597953eb", + "sample_size": 6168, + "sample_type": "Binary/None", + "sha1": "3f57fd5a28d784e748106e495394becdf3545f51", + "sha256": "c4bdc0470c91a2dbbb0770e5379e150f10746eea8fc1cd1c415abc790d5d8f17" + }, + { + "classification": "MALICIOUS", + "file_name": "config.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging", + "md5": "6fe82253146058894de540a25888b94a", + "sample_size": 37368, + "sample_type": "Binary/None", + "sha1": "c654b8f56b0e368f37becba1be75ebcba26e8fad", + "sha256": "46ea30ed105a4dc71c6c27ee0c25053e85e4e8e71d473b60d40dd4b53406b6ab" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "codecs.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "5fb243f0c42b05f81bbde3a55252aab3", + "sample_size": 7072, + "sample_type": "Binary/None", + "sha1": "2c980d63a71ae937b5a357b0a7572bf784a7022d", + "sha256": "1c7320d69b1afc80299b4183136c5e17c895aa7215c50b9265a943dab644aab6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "contextvars.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "934851ebc01913a9a58825a1dbce3453", + "sample_size": 176, + "sample_type": "Binary/None", + "sha1": "bd0df87d8e15cd064a0d80440b2d9751c045f11f", + "sha256": "c2fe745455588b7e3ea8808f04c283dd1b85117518a17fa2b1b26873f5cc281a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp273.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "24a26996b1a680000ab163706c6da0df", + "sample_size": 14480, + "sample_type": "Binary/None", + "sha1": "2268d341ae93059238d139a55de23d15fadafc88", + "sha256": "7c39179ea290be8fc1f66ca017f310f589548db26459414be59f81cfbc538b40" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "code.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "1aaab50e4d41ff3ab12c7d9510281146", + "sample_size": 10976, + "sample_type": "Binary/None", + "sha1": "6e5674cd15494869945ee84756d4ed80da241310", + "sha256": "2a2e5b80d6ee44895473c2953916a6a23321c0f41994661030b2ff456bbb64b8" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "struct.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "190daeff86c2d5e9ac06f8f3904ead16", + "sample_size": 312, + "sample_type": "Binary/None", + "sha1": "000ec72c4a391923a783f17e032f37d4c31855c9", + "sha256": "0f1689036cf469de43ca9ae9795e9c586fd1caeb9c4e2c31ade1743aaf7ba458" + }, + { + "classification": "MALICIOUS", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging", + "md5": "1ddd6ecb9b38601388da1e6e4135483d", + "sample_size": 80864, + "sample_type": "Binary/None", + "sha1": "50a97eaf86bfc130f05e16ca5a31ed1676b846b2", + "sha256": "7bd8d6d7b9f28c7bbe84ba28d2b0cfb66c7b825949cfcaddff4d5d2dcf33b27d" + }, + { + "classification": "MALICIOUS", + "file_name": "events.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "md5": "59463001814d83b298045c5ee3bf3d69", + "sample_size": 27288, + "sample_type": "Binary/None", + "sha1": "774820047565046fe863b411033b99a44bb88e6d", + "sha256": "bd9823b9ba4e78c3ad0989fb159ed705cf89b63f59465a71a93a385b671bb464" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp856.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "0ac1a66b464217f967e8bd3d9921fbb6", + "sample_size": 12768, + "sample_type": "Binary/None", + "sha1": "1f9b84c6cdcce5bc1e71666a68304033b572e0fa", + "sha256": "495520b3f68ca5dde3f7baea56696390b3e51c2b39b3c00ebf414f6be8964da0" + }, + { + "classification": "MALICIOUS", + "file_name": "bdb.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "a7b43d38668ea30b5edb9b28eaa4f643", + "sample_size": 32296, + "sample_type": "Binary/None", + "sha1": "0e317560bbbc511a96d7ddeb02027f8df67086dc", + "sha256": "5c67e764bee8233ffab5e2f96fb434e4610fbd0fbb9d4366e1a02f560f37fee5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "signal.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "a46b567feb508e26cc34a89a0c97d259", + "sample_size": 2568, + "sample_type": "Binary/None", + "sha1": "37d9378cc0fde172945a0be6f08c2641ae63e573", + "sha256": "29fe343ef3fc3d2fbe115371c0110296c63a5cb40d499d3e45165e3d734b3bb2" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "bitset.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "b76d21dfebaa559eb2bced70de50981e", + "sample_size": 528, + "sample_type": "Binary/None", + "sha1": "275db74666c8960fc1efd3adbd2bc391533de63a", + "sha256": "e37fb4860f77c12e533feb8fa0740f2a742407903586856442218540562e16b5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "wintypes.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes", + "md5": "4c1fb4c78069f7ca75708beba376433b", + "sample_size": 5872, + "sample_type": "Binary/None", + "sha1": "21752240c8ec2c2be789c6a3abeeb88a7bdde4fa", + "sha256": "732ccc4ad60fac08e350960d69ff4fea075f4f0d90675377aceb9b48b1c5621d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_sundry.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "ffc3cf965a5edb79e6f5ca4276d515d1", + "sample_size": 2224, + "sample_type": "Binary/None", + "sha1": "b58dec1ebbd22095783363c6597345c559989f7f", + "sha256": "05171557c4ab3b11e1ff3d52d09375869bf56374400ff103bb66b45954088709" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ascii.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses", + "md5": "e909c04768e395db5ae037f825ae01f9", + "sample_size": 2688, + "sample_type": "Binary/None", + "sha1": "57aef8c64cda98662cb69db48f85405c836b5788", + "sha256": "6ae5768a4b9d76fda58959222e364134cfd07a0d686820e0829d6dc5622d2fe7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "futures.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "md5": "85d092ab94f19a5a0deaeafb617abc13", + "sample_size": 14504, + "sample_type": "Binary/None", + "sha1": "38f890578c76972df80f653eb92d62f83f5ea5a1", + "sha256": "d71b244aabe2c465790138c9f3d6eb0580501f758d3d848b3495bd1c169f27bf" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_spwd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "dbdf0d00e3bbd597a2f2e241fc24b66b", + "sample_size": 2888, + "sample_type": "Binary/None", + "sha1": "d56d43f625d72d12a9eccb5b4c9b94aa67541774", + "sha256": "c54de1f777b81d6bd90290d52b809c24973f73897526125a5dbee7fc9a995281" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http", + "md5": "b016764f240d4dbbefd915e4482234a5", + "sample_size": 6920, + "sample_type": "Binary/None", + "sha1": "7e7ed3aff20570ce660babd67d617e32370a2f4d", + "sha256": "de34fd6a203ca9b97a82ca775ca290ef2c4a5dd0078979917954caf02ff13144" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ann_module6.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "f00b13a488f40087518472725bf9c81e", + "sample_size": 184, + "sample_type": "Binary/None", + "sha1": "cd56f2a1aae4de7534de6cdedbbcde69d2a2c925", + "sha256": "33d3244a39ece9210297c735f2413433f4a42d281a94b6b232be519fe92ebd8e" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "dumb.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm", + "md5": "f269c5230683af15be562a7e7db43fd5", + "sample_size": 11896, + "sample_type": "Binary/None", + "sha1": "a23d351117c3cab7f636d88e7516c55ddadd826d", + "sha256": "ff38adcec95b89fc8d93e25fa16b7c6349deadecedfbe234fdffd618630d98a6" + }, + { + "classification": "MALICIOUS", + "file_name": "cp861.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "f6093bcfd3b416cf8c419eb35ee14bf3", + "sample_size": 35368, + "sample_type": "Binary/None", + "sha1": "35b6cb8cd27a0097de1b4fe67fbf9bfbea3b6c02", + "sha256": "5309df2b47d16cdcc14e596d5ac96592ae15ae4c14e866e9d7ecb2dfc04a0efe" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pystrtod.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "bbf098a0e33cc94149273822fb7de061", + "sample_size": 1568, + "sample_type": "Binary/None", + "sha1": "8dcaf4772b692e246cfce7836c0c71d25aef1c51", + "sha256": "8392fc0ad9bdc99c128d96d63bac403b236af3371b4c9877b4bff9accd41a95a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_repl.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "dc31304b545ad20afdc3af46179c3aa6", + "sample_size": 4200, + "sample_type": "Binary/None", + "sha1": "157c758977c97a43b4348f317d9666b06b287948", + "sha256": "6caa14c10d4fb843f28ba94928dca36282c67c3937691bbf769a9fc7b3244878" + }, + { + "classification": "MALICIOUS", + "file_name": "test_posix.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "1bdbc5c481209ae486a60ce2f8012d8f", + "sample_size": 89424, + "sample_type": "Binary/None", + "sha1": "c4b31b62121c4f4e4dae5dce96fecae76c85bc5b", + "sha256": "54ae76243c0f7431d453ca5d18b122dfd73b8e49bafb0131bdf49b6ffe18cd52" + }, + { + "classification": "MALICIOUS", + "file_name": "tix.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter", + "md5": "feddf2c4c15e4c09e3117dc9dd201c09", + "sample_size": 78824, + "sample_type": "Binary/None", + "sha1": "04bb32400fe2369589c6e3e033063afba428c780", + "sha256": "6d196f5b8d9ef4e9a09eafe860cb38965e105c4eeb77568614306ed5d3244068" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cmd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "337840b970c29645487a73f670020887", + "sample_size": 15304, + "sample_type": "Binary/None", + "sha1": "26022da188bb90c1924d1fdcf1c5a70fad2f8ef0", + "sha256": "22a054679ab697b0b5e8b9c79c7594c6c779165074dfefc3e0f6c90ec6f23092" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "tool.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json", + "md5": "5ad09c48dc1db0a8c1a90da83454d888", + "sample_size": 3464, + "sample_type": "Binary/None", + "sha1": "9ae54581b7244a689bb6229014b16c9bdce6df16", + "sha256": "78ab6b59dd530605aa9ba16fd769ca644fdd059eabf3f19cd53968925f0b8c91" + }, + { + "classification": "MALICIOUS", + "file_name": "enum.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "b1383138ac56ba612596e5df33c68a86", + "sample_size": 40528, + "sample_type": "Binary/None", + "sha1": "45fb8c381618ceebb9129ac5e462439558370f16", + "sha256": "5a5c9f0514363a94f3d8f20af59706708078a6293889c058a77bf3ee5f44618b" + }, + { + "classification": "MALICIOUS", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib", + "md5": "64b9f4fb28d839568a4fd72d71ddd794", + "sample_size": 18112, + "sample_type": "Binary/None", + "sha1": "c1e77bec85d534f59b001d81506c5bc4dc6281a4", + "sha256": "f6f463a153617d469aee14dc14b11e312f6d3b357777923ad90f250be7c3adf9" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "CREDITS.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "8c917479ea47c1991167cacefde059a0", + "sample_size": 1944, + "sample_type": "Binary/None", + "sha1": "be8235b3dd79ccee15318624d2c07fd80c10f2d4", + "sha256": "159b5de20fb0f254ed9f92774c8a44fae4889feaa2e51999e13f25c42d1b5c96" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "keycert3.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "ffe774a123fd79ec08922f062ca587d6", + "sample_size": 9656, + "sample_type": "Binary/None", + "sha1": "cc317770f58bdf370b8697d076556a38aa40e0ff", + "sha256": "d38888c71c7942a9a160e5fe6b02c693fb07d2b3ffcf069be0b219890e958a22" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pymacconfig.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "e2bd7d1477449a1bb55fe3dc0b1b5560", + "sample_size": 3128, + "sample_type": "Binary/None", + "sha1": "a35c6c625d62491f57ee7fa8ee9c207abd1946a2", + "sha256": "d3e590beece30b98e342f1d5b0406a130c589ed0637a352ad05229a4306f4f60" + }, + { + "classification": "MALICIOUS", + "file_name": "test_queue.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "927a18db1c158d22b73563688806ea40", + "sample_size": 21592, + "sample_type": "Binary/None", + "sha1": "1a774cae748d48038ed205dd899112775afb6713", + "sha256": "15d998a273f4a16a5b8245204080b080056627e4bb95805a9db3690950b556dc" + }, + { + "classification": "MALICIOUS", + "file_name": "_pydecimal.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "930d15c6adbf23ac6cfee4c932c50eec", + "sample_size": 235120, + "sample_type": "Binary/None", + "sha1": "58e09924e6a25ed7a2e1da5f9fcabd9e1fad016c", + "sha256": "376119b6517ad0e306e81ebcb84a77082be17b1679706e335abb8321e01d6649" + }, + { + "classification": "MALICIOUS", + "file_name": "pickletools.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "bd03dffb3b03644d76b3c518893acd60", + "sample_size": 96416, + "sample_type": "Binary/None", + "sha1": "2c5372c89bfda5fda3f46a94e3d4e38c57c162f3", + "sha256": "1cb0e57c82cb6215a4a23ac7063fca5ce7d79465003d82f8c2f9e037a3ea26f7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "error.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\urllib", + "md5": "03ce90cbb6abb07359ca68e09f170797", + "sample_size": 2752, + "sample_type": "Binary/None", + "sha1": "6e5b80fde7a2c1ba20201e9f454519c8ed13779c", + "sha256": "237afe68b02727991c0e45553aaa737404db2bfdbfd64ccdc83097ecd253eac8" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_quopri.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "3bc4af4b0409c56bd25a68b2078aaaa2", + "sample_size": 8216, + "sample_type": "Binary/None", + "sha1": "19f77efb1930425363d1dddfd00ebe7ec357d9ef", + "sha256": "6ed7135699d36893f5be2f9e8bbd4dd1aa202782314c6fa202ab4b1c65fe8386" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "decimal.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "dd01e7dc9cddbacefc3a292b1b843b22", + "sample_size": 368, + "sample_type": "Binary/None", + "sha1": "5b5d5d486169b4144c14ab0222ced4bd6951dd96", + "sha256": "470072198b11bdd708364ac0598b1dc5bd3844adcaafad731ed5e4c654fb9f5f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "chrome_shutdown_ms.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "md5": "ba895b335096ce366200354a1a81c8d1", + "sample_size": 48, + "sample_type": "Binary/None", + "sha1": "76685e4e5e99df3286102e7fa655ec7bad99a60e", + "sha256": "587576197204b771134784a0892404392e6c60831349984f49baee171062ff56" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "smelly.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "c2b9a9d6e69c086736269a9948fe1691", + "sample_size": 2352, + "sample_type": "Binary/None", + "sha1": "7c2deb8c68b25bec01965f4876422c9a9ec6d306", + "sha256": "7eb6ff7d417c9c943bde38678fea129962107329f8d1c3da16cfed55fd1fb548" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "suite.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest", + "md5": "4947bc91e903ecfd922120ea98b0bbc8", + "sample_size": 13928, + "sample_type": "Binary/None", + "sha1": "9e6096d47c6e047e9197e61aa8da6b1078dd8f11", + "sha256": "f033a73835d523ad7cbe3c6fa5eda7cd174e3d9892dbd7f945c8c22a7e7f18fc" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "regrtest.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "c2345212f4465742100e3177e03da30a", + "sample_size": 1384, + "sample_type": "Binary/None", + "sha1": "4edaae39ddd15351ca401e2d311340f2e931abb3", + "sha256": "62948c55718ef8038ff4ac4f3b9127c3fb2613552d2744ddeda0cdf2def43754" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "this.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "042ace1bbf7c313a60c7f9114fe02441", + "sample_size": 1072, + "sample_type": "Binary/None", + "sha1": "55e67420344d2034e986c3d89025722f5830309e", + "sha256": "84f2abdb9c477031791998b343ff4e545c2fce63b35737c1a0f99f0d15bb77e5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "text.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib", + "md5": "e77a92895fab71d5aa844da820a941bb", + "sample_size": 9184, + "sample_type": "Binary/None", + "sha1": "328d7b4aad7c8800a6e1909f83ef8b58050aa9d0", + "sha256": "b4ba31c1730f7273deacbb2afce7753eff2bf420b455bcbdf21fb8048e4fdeb3" + }, + { + "classification": "MALICIOUS", + "file_name": "test_string.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "85f131d9350a9fb3a585daf6979b89eb", + "sample_size": 20792, + "sample_type": "Binary/None", + "sha1": "39291c5865a8752863bb50975dd17545a349672a", + "sha256": "98a89581cbe3748680c819714f5884d7b2976840a2ee769c455df68a78b1a586" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp1253.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "ea3c190a27fb5cdf5fc4f94822ef6d4d", + "sample_size": 13440, + "sample_type": "Binary/None", + "sha1": "f813f41277a5c02c9a0fa03a453299a5fbee1dcf", + "sha256": "dd457cb3606dffa13aac5a123e23e93dace1231ec683220480b7dde4db63e2af" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "opcode.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "f638cc0ece4b3fbeb03c732e1d3eabf9", + "sample_size": 5920, + "sample_type": "Binary/None", + "sha1": "6a5007059f0b502ca458b0a7ebbfb29132c608ec", + "sha256": "5bbcb2646ec9fcdb4891be9c425e68d2d8a7ebded357dedf0af129bd93673a03" + }, + { + "classification": "MALICIOUS", + "file_name": "pydoc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "2d777d7544fcc4758c0160400cba9a6e", + "sample_size": 112480, + "sample_type": "Binary/None", + "sha1": "b8d9c8d4e48d8a83593d7166a969aea098e08758", + "sha256": "244b34c6e85060245e970e540b55927563e9158ab17eac629ac8fe0b7d1f2232" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__main__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\venv", + "md5": "d5eca958afcd6eb523c943367557bd1c", + "sample_size": 192, + "sample_type": "Binary/None", + "sha1": "5f8fdf4ad2d624fd53306bd321496578d9089c33", + "sha256": "fca300fa39032028342d7e8610e27d77595fc0542506a8b3baaac4b3f8796c24" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "spawn.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "md5": "8147403e9147e57c4972ccbd0d7c3b74", + "sample_size": 4832, + "sample_type": "Binary/None", + "sha1": "5b108c51ffbde4acf63cb113167ae29ea9e78e4e", + "sha256": "f3fd06bb77707bd47d48073388f8fd8fc7a8be9c0274304e796d6fc8c7c9e055" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "a85276be7c5fdd33ca1fcfb2610355cc.xml.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\ONetConfig", + "md5": "c3efef4c1f9d9f8511fda0f5b593ce83", + "sample_size": 2168, + "sample_type": "Binary/None", + "sha1": "401b373a4896aa3746d00f38cdfd8d4637e0144a", + "sha256": "2885502415cc30c28d97063740aa3d5920c3c2af8a11f8cfb877c444e5711176" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "mainmenu.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "9d82d8a91bd61202cdf1b786fb0479f3", + "sample_size": 4096, + "sample_type": "Binary/None", + "sha1": "bafe6e5e67b39071f5cf62932f88ce635f7759e8", + "sha256": "64b5a9659b383a31369472170faf4818849a73b1f13c622bf8faceeb913d1981" + }, + { + "classification": "MALICIOUS", + "file_name": "pyconfig.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "33a8fdec3a1a66ae95b973efa8d9d63b", + "sample_size": 21008, + "sample_type": "Binary/None", + "sha1": "ef86f9810b0918869d49b279645f55b11574f76f", + "sha256": "a48fed147b7fee6d8d70aed9397558dcd8407ad1654a3f060a400c8fc4e6e100" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_fcntl.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "550cbd6e02d4065a0472ad34218aec86", + "sample_size": 6880, + "sample_type": "Binary/None", + "sha1": "940bfcacc097edea1e988b4f47b4c2c1233539d4", + "sha256": "f808fdd26d671b9505102dd391339ed960b3b6b22ef4a84dc230a4925547d2bb" + }, + { + "classification": "MALICIOUS", + "file_name": "test_pprint.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "771ce1ebbb3291563d545f9f3effc56a", + "sample_size": 47552, + "sample_type": "Binary/None", + "sha1": "25920eec6acb3f183a45248797263216032e44d0", + "sha256": "5f651c91746ae05c49cd3c4dabc98104fd62cafe6dc45d64358c09af323ceaf9" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "_bootlocale.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "8ae49f651d1317e43c213589da3ea64c", + "sample_size": 1888, + "sample_type": "Binary/None", + "sha1": "30b9c9d45918f5ca4174b0159142e03d891da4a2", + "sha256": "6ea0db068df4788a7c1110db4181d324ea39aecd70a0b1a645ce4076a6430a71" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pymem.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython", + "md5": "20bec4519cf7a6e98829d42113c53dd0", + "sample_size": 3656, + "sample_type": "Binary/None", + "sha1": "36134d8a1bb9b8d132654ff18fd1f8790f40b70c", + "sha256": "29707826d9ee7e74aa2143a2bed537854e4ed22c8e7ac922e40d138d7beb0580" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp1250.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "0b82e8e23793591da8a8299800d98f28", + "sample_size": 14032, + "sample_type": "Binary/None", + "sha1": "94ded9449ed184f4f8a3f96b7777d073a9e085c6", + "sha256": "c70dc57f57fd1963eba95a3f28573bb6a537144568e9feef8a270244e4accf52" + }, + { + "classification": "MALICIOUS", + "file_name": "test_locale.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "8ae1592ed2d18ce5ef59b402977c9a9b", + "sample_size": 25072, + "sample_type": "Binary/None", + "sha1": "db650e3470c1f81d6536394b5bae5b2e6b9846a3", + "sha256": "475437ae07b4e7a045d0a8c7dc9faefa0bb6c38002ed02d893c113f4bc01c4e5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "response.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\urllib", + "md5": "2d93aaa1a2636338d8c3210f8082fcf0", + "sample_size": 2488, + "sample_type": "Binary/None", + "sha1": "5cc3a6e08be16fa2f7496736c90771675f1c9245", + "sha256": "5b171dc41062c48e6c11b9282a94f5734e4ba5c574ce98e4cab62709c37cfef0" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "OneDriveMedTile.scale-200.png.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "md5": "42f8edca65111b7bf42a7c0418f1960f", + "sample_size": 1432, + "sample_type": "Binary/None", + "sha1": "9e25c9b504e5abe9bc53003ce9972468d69afb6a", + "sha256": "4d0968d18e2b10db136b8688f00321f5fdcda43089da8dab267d133a8e652f60" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_syslog.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "060e249be28cc6752f72e0ce91809448", + "sample_size": 1256, + "sample_type": "Binary/None", + "sha1": "cbbb695706ab16df21fc3b394c4d33e5bab76a48", + "sha256": "f86c3d7c527b8938fb19bd9d5e0925a9ec343cb280575d166d90b15cc2a891d2" + }, + { + "classification": "MALICIOUS", + "file_name": "test_urllib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "65a851d4260f24398066e994924a9b2a", + "sample_size": 73336, + "sample_type": "Binary/None", + "sha1": "81c564fa8765066b1c47ee450e463034663954cb", + "sha256": "ec8dd435affa35c572a49e99290476a7e56f0815a15f3f0b8338b77e63b1adaa" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "runners.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "md5": "ac13ee2570c6013ceccdda9abc2b88b5", + "sample_size": 2240, + "sample_type": "Binary/None", + "sha1": "083cc9893f6aa11b0856a17d8a00c4fcbde76caa", + "sha256": "cc2570f523ac6fd49b6998ba20cd1887b2b84721adc07410c3cfeb58652845b3" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pygram.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "md5": "77b36060181e133f44696ca7645ffe23", + "sample_size": 1392, + "sample_type": "Binary/None", + "sha1": "f3994b1b8f40039090b4f2af8122dace0c772e61", + "sha256": "a1ff8806f4b7f216df9386c36e02a865f92a8bd9c474993a2752b4336964594c" + }, + { + "classification": "MALICIOUS", + "file_name": "test_set.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "efb681b55c3675e6c463b2f0c028aa98", + "sample_size": 73976, + "sample_type": "Binary/None", + "sha1": "36fcb2aa1201e4e99287778508a1d7ca4b01c447", + "sha256": "d27f621aec2c85bd9fb307ba6617163da091086411cbff1fc0d4aae9cd1aaaf8" + }, + { + "classification": "MALICIOUS", + "file_name": "DefaultLayouts.xml.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell", + "md5": "1b788da41d97ffd566055e304bc3971d", + "sample_size": 117984, + "sample_type": "Binary/None", + "sha1": "8438e0b406eb98b131e0d361415f5f5b98eb0e73", + "sha256": "8526fdd76e1dd266b18234e3ce0c586454999a276950495b06f4d4d25fce5ee5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_kqueue.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "3a0d6a1aac28067fba90ade5e2a5b68e", + "sample_size": 9264, + "sample_type": "Binary/None", + "sha1": "52deae9ed7a0a989719c83cf176615fcd35d20e9", + "sha256": "c96e107ab74b65bac24510a8d11547a3e23e06ccbda1d34ba74489c486623cf1" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_sndhdr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "7bf24847fbf6186b5a98d8dddc3daad2", + "sample_size": 1536, + "sample_type": "Binary/None", + "sha1": "515b8be6afc598e5567926fc1907826acbfdf3d5", + "sha256": "0b285d6ad485feccb9157243743d9ba98c64857d14d614a764905ee321bc9d2e" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "hmac.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "3673598e614bb6ac5dd3931ae954b02a", + "sample_size": 7248, + "sample_type": "Binary/None", + "sha1": "1e9f0e80884f28baa7904ec3802d77bef62aa489", + "sha256": "14f25585d5050d9b8e307144746ae4cc7f958bf4e41fdecdb6dd8822fa55efcd" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\dom", + "md5": "de647e7d039280e5a684db0206334dbf", + "sample_size": 4200, + "sample_type": "Binary/None", + "sha1": "b184b4a792c2e08bdb742b24b924036bea1813f7", + "sha256": "a8c5f4e1c3cb194565d3f0028e7d4c11a814c58f19cb42b42cccfac002c96600" + }, + { + "classification": "MALICIOUS", + "file_name": "cp855.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "22619b7935e66eddeb15ff57c7be3d63", + "sample_size": 34592, + "sample_type": "Binary/None", + "sha1": "26026537a6d2227d774de7566bd94880ffb8ae32", + "sha256": "c0c9242d54b5baa1a5dee32d97c0686e439564ad82622ed367aaee55ebb1d9a5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "symtable.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "8542a1beabcca630524b175ba38264b1", + "sample_size": 8200, + "sample_type": "Binary/None", + "sha1": "87b25dc170137b6f517f1f2018441bb768a26d99", + "sha256": "c133200e4f37d54bfd6a51552646682d3a7871aa8954fce3c99212b0b5f952ef" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "nokia.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "b8b9a116a89a043ce5b68215255d5453", + "sample_size": 1992, + "sample_type": "Binary/None", + "sha1": "6f0cdf96642bf3c814ce0fd801e62d0fc7f451c5", + "sha256": "46821058954c52dff709fc5bb6217ada5ea4da2baa7e4e4c38e86328f04d6706" + }, + { + "classification": "MALICIOUS", + "file_name": "subprocess.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "905e745c43cbaa066658899ef520679f", + "sample_size": 84768, + "sample_type": "Binary/None", + "sha1": "705323ffb97cc3a2061cb538193dca3f81d290b5", + "sha256": "c5575e1f4715a3c5fddbe74dd41b8e1461ef2f38f6874fa9a7aedbfa3f967bb5" + }, + { + "classification": "MALICIOUS", + "file_name": "test_winreg.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "4b276055548553d4a32662713ad5acf2", + "sample_size": 22312, + "sample_type": "Binary/None", + "sha1": "74ea531e2981a19d73ffd69b25752dcbe74f02f5", + "sha256": "07c64ea9a006f38621acba80691e43e2541d601c143051a47c386a2bd52b99d0" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "nim.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo", + "md5": "6c13fda54c749a3c47b0dc224c15a82c", + "sample_size": 6776, + "sample_type": "Binary/None", + "sha1": "3d32988f254872b26b3c8edeaca7a761e57f9011", + "sha256": "f3f239e493b0b6f14b138a8318fc1c3bf37f9c533e2c027f58eb749d56b4200d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "crlf.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "9247b53422c28a808f2cba8b86378512", + "sample_size": 696, + "sample_type": "Binary/None", + "sha1": "0c2cb3c53a822b3a8289a3b92c37a025ee02030c", + "sha256": "2659b04dab901f9ec04b6d699e99a7c178a21cace2771a804d689db287d31b32" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "rpython.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo", + "md5": "eb67d6c60d4e6dcd4136b2470fe1ce81", + "sample_size": 888, + "sample_type": "Binary/None", + "sha1": "ab8009952a67a55f3847d87d7dcfa5e6dc9c0a73", + "sha256": "f6fbf846e11b8dd431339648bcc9786eefe52094b6c27beeac82fd8b2ed19ddc" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "encoder.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json", + "md5": "46286a6a6bfa0f07fdc426d2e494e465", + "sample_size": 16552, + "sample_type": "Binary/None", + "sha1": "b0cab5d7fa833d0fa8162bfb8f8ad4e90c6ced05", + "sha256": "e5da3ca80d0c5909b37531343b9500b582e1691b83ff1ac9783aea08b54d1097" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_sqlite.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "78dfdccf37ed1daeee18c259d636dfb6", + "sample_size": 1016, + "sample_type": "Binary/None", + "sha1": "992760e459d8c2f8cc5e9112fdb45a1ca969ea09", + "sha256": "d0e15eda514a3a5dbf2c0b16f22d0a542727877b5743f5e328ccea63dcb3508d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cmd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "md5": "6c1113ffd746261104eba4c76d46e903", + "sample_size": 18520, + "sample_type": "Binary/None", + "sha1": "1840494051a10b49b93da1cd081081ae5ef0c20a", + "sha256": "084077af713192f39d93357e1fda3c12ecfdf945b9cb97ad47c10862d4648667" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "coding20731.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "14a59ba98833a9250888a0c4263f447a", + "sample_size": 64, + "sample_type": "Binary/None", + "sha1": "da43cc9e8bf359504110032946c23f934d6c4503", + "sha256": "dc8dafc47b64f62ebe0f8a51a66e768b2a5b2223c200aa2b1378568d44e11747" + }, + { + "classification": "MALICIOUS", + "file_name": "typing.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "955c72d24463a2f53e126fb9aa61a901", + "sample_size": 79344, + "sample_type": "Binary/None", + "sha1": "c54201d52c68480f7358a5c660db217e9f0e9ee4", + "sha256": "c560a2552f59f7a0d82ea4fc270258d276a4f64e3186dd51c0ed2563a723230a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "history.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "7286c5497e47bc484aff4818bf5ded77", + "sample_size": 4192, + "sample_type": "Binary/None", + "sha1": "d238cc9e5489e8886b8213392aca270573a85d21", + "sha256": "79534496e5d85b1f3f162889900d2a54719f0527f4493c87462471add16b185d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp720.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "6dd12ba7b4f67450099b1e8edd7577c3", + "sample_size": 14032, + "sample_type": "Binary/None", + "sha1": "eea745ee93eaf20ced689b250fc86437cdcf6b0c", + "sha256": "2f91028c5cf7cb96e16bc75a33214a686b84074254ce8500d90fd3f3f9ed1183" + }, + { + "classification": "MALICIOUS", + "file_name": "tempfile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "036d2399f06258baa1ce8b2671005acf", + "sample_size": 28552, + "sample_type": "Binary/None", + "sha1": "ee89dee5fccfcdbc647b5b535ef9c68130a041d6", + "sha256": "f68583e4da88322ba94e420474c42cf1191dc239b7028603566d4e53ac074458" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "relimport.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "007c21713f69ddb783d658201eefaabc", + "sample_size": 72, + "sample_type": "Binary/None", + "sha1": "b99e800ea448ecd10775ae66a34ca09580501b8a", + "sha256": "7932a7c3e0e65440dd417d274aff997e45e705b5935026417b6cccb586508493" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ptags.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "98b325981eb867fc2f64d6e74f5a244c", + "sample_size": 1408, + "sample_type": "Binary/None", + "sha1": "bbcb205b49347a62e93abf078586901ff83c9c05", + "sha256": "9c0d455c98a979431abd956fc6247f56400e1b0dc613e15f555fc207bd569a79" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_unpack.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "6b061fc62bc15d5d2f55fc7e9fdf93e8", + "sample_size": 3280, + "sample_type": "Binary/None", + "sha1": "01908b88800cfbec6a2b28481eca324adda197a5", + "sha256": "d01a41ec6a8acb7bded8a710afb56deeb415276fb5d693920d6ded22ffc5be75" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "secp384r1.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "70122c74599fb634efef7ae84aaef6ae", + "sample_size": 304, + "sample_type": "Binary/None", + "sha1": "10782fd734b3497878ca40d208762465fa459e99", + "sha256": "eed31ce91e2bcbbc26f190ef81f0693c41e0edfeea23ab25c223abe39bd2216b" + }, + { + "classification": "MALICIOUS", + "file_name": "pkgutil.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "6f03dff662d3b9a530e7af42e8eb5466", + "sample_size": 25024, + "sample_type": "Binary/None", + "sha1": "1878a91ce469207044ffa963fd8b6bffa77e8233", + "sha256": "29ee1b14f3fae319826709f96c2854ddf71138fc3692b5eec88b04b8318dcad2" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "main.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "md5": "e2dfc5db2eaf9fc87d343bfd47bf0800", + "sample_size": 12168, + "sample_type": "Binary/None", + "sha1": "c69e7b1d6132e7c3231dd4f9c081f2cbcb5daa90", + "sha256": "53d032b8a4907b8e95cd0030b7c591ba21aa5575132702129f472d740227ccfe" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "errors.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "md5": "5b9d9ada59d2b7729bfcdecdef9f9881", + "sample_size": 3800, + "sample_type": "Binary/None", + "sha1": "02f57b868f83782275c5cbc3599d93d689e8267a", + "sha256": "6525423da1edf825c94d14034d1c071d410c46b192209bd7fcef302f9585bd14" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__main__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "md5": "6526086852568a34bb5fc3d8ebe13b1d", + "sample_size": 3512, + "sample_type": "Binary/None", + "sha1": "3a369ac1c78bd08eb48daee7d0539eebed3a1b78", + "sha256": "3016fa4544ed5d5f87a331e0e4f00ef4461a4575d42b0168ff6610fdc88176b0" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_code.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "3aca1ca4f16065ec950092503b09de81", + "sample_size": 13256, + "sample_type": "Binary/None", + "sha1": "23d6c6a504aaf72ff430b7744ead5ce856d96fe1", + "sha256": "a64228798e7755e65b65da5f7b9c661d85e964288f619b4314a66a2d48b5a8ef" + }, + { + "classification": "MALICIOUS", + "file_name": "dist.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "md5": "6c50004cb74f64ba2acd7684fdf2a5ec", + "sample_size": 51680, + "sample_type": "Binary/None", + "sha1": "c85655e16e98ea642bee486fb7ddbbd6da07da4c", + "sha256": "059a46200565b849c4cd778860a52349709ee52687be78ca78732f8137fb83b3" + }, + { + "classification": "MALICIOUS", + "file_name": "smtplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "3c54a04ad405c4d352649d40096ebb1e", + "sample_size": 46584, + "sample_type": "Binary/None", + "sha1": "66e8ad136b191c571708c512140368f0e0f12192", + "sha256": "bb50d47777609ddf4c60fd376448f4ae59cb7f1f511d37ecc0a9648bbd3cea86" + }, + { + "classification": "MALICIOUS", + "file_name": "cookiejar.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http", + "md5": "be7e8f5e5b9270049f8c5cc2b685de5e", + "sample_size": 78992, + "sample_type": "Binary/None", + "sha1": "c4dc537dee3c90b766fc79f1deab044b55f49f4d", + "sha256": "ba177f6abf32316d1ab683a21ad437107eff6946a057be369dace69c6e84e917" + }, + { + "classification": "MALICIOUS", + "file_name": "test_capi.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "8f614c250d7f2ed27f78a7b549af0ebf", + "sample_size": 38776, + "sample_type": "Binary/None", + "sha1": "1fe13d4d2370da15f79d963c060a38fb1a5645d1", + "sha256": "1d17b6fbdd29fbb88245b3938cbddc9b45cb96f6b03897dad2c52c1ab974c0ce" + }, + { + "classification": "MALICIOUS", + "file_name": "test_with.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "faca21e67fb51fb35774b99dcf65175b", + "sample_size": 27408, + "sample_type": "Binary/None", + "sha1": "c1349f2eb8fa0743eadab0da81d4374e9d517102", + "sha256": "9fd0764e4619d282dc1e99049042ec89975b23ae0c4dee981c51dea147694a3a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "eptags.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "f8de45c97a5591dc9bd1b8d408047da1", + "sample_size": 1680, + "sample_type": "Binary/None", + "sha1": "41143218f16d6284ca4d7b8d7a21ed5fff9cf949", + "sha256": "212190de75af852266135aac6c4f91ac53e90930a71fa3afaec798d4dceb0587" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "rpythond.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo", + "md5": "536013a65b9700c0d743bbdb302d00cc", + "sample_size": 1424, + "sample_type": "Binary/None", + "sha1": "15add61c73284c86e68eeb5115129b862797e3ee", + "sha256": "68a6de19444e81c045a8111383c46ea9827fb72f4959c5e95f57f4b17cb5c553" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "saxutils.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\sax", + "md5": "9377de7b99379e9c17edd9daaa1fa502", + "sample_size": 12664, + "sample_type": "Binary/None", + "sha1": "2b55c5802ac869c1c01207b8d53a8f907036f563", + "sha256": "594f4b9586989973c35b6b8090f75a54df112d5263fac0faba7e09055a912dfb" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "enumobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "e58dd9b41592ed3b9901223f6e326a6a", + "sample_size": 312, + "sample_type": "Binary/None", + "sha1": "6a126f0e6f472eb527da53cd57911c0780a42a76", + "sha256": "b548967e73244f954608d3cad184f2c726b463db12c111a7de88f3eb875abcef" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "typeslots.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "0204f21f79dafe1b925a5d0d9cab03ed", + "sample_size": 2480, + "sample_type": "Binary/None", + "sha1": "2bf262413368a312fcaac3f493b683558230d15e", + "sha256": "23436f8a2251431b0a1e97bd5c309d8f622b2495114d202b92c1361b218084f2" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "dictobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "88a4bc235c0800f0fd24c12c28c57e83", + "sample_size": 3848, + "sample_type": "Binary/None", + "sha1": "2ed0fc3c3a874a59032685ca0aaea1693c902555", + "sha256": "0598f61729af1bab474c11c259c63abdbbc20bd176a085ed8eb7f396302a0e56" + }, + { + "classification": "MALICIOUS", + "file_name": "test_long.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "2a6fda1296f2515355a4cbb607866270", + "sample_size": 56104, + "sample_type": "Binary/None", + "sha1": "50bd867fb2798e7719ba58f68a9433821cd0fdf7", + "sha256": "d81405635b2eaba0e22b13752f732309de1f7b84a3b2ded92622177cef5d003e" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "rangeobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "6c5522995d346928e1d88ecc23e7d3ae", + "sample_size": 696, + "sample_type": "Binary/None", + "sha1": "7b167683321dc530749d4c3939a005a80a99a931", + "sha256": "2afbfdaccdeefd988e0e1e0fa5ee5a76f1f62eece18441b51272cb605796e7ce" + }, + { + "classification": "MALICIOUS", + "file_name": "test_random.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "4ac6a48b6ad3620e34457f6bb91ab682", + "sample_size": 54104, + "sample_type": "Binary/None", + "sha1": "d14731b3fe53a215b35576aca68dc3692b3b072c", + "sha256": "05656449601c282c77c8a0de0d0a546605541c95164da113b00ba499f233f5f6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "antigravity.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "0ae28f49543a65694bef01b74840a8b7", + "sample_size": 560, + "sample_type": "Binary/None", + "sha1": "143b9441b2449039612b4b19206a7064571d3a02", + "sha256": "817a14e28aff90509809f93d6b71e836a21b216653fbfbc3591e2720446c6954" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "threads.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "md5": "50d1e85d713ce25be803217e233405cd", + "sample_size": 856, + "sample_type": "Binary/None", + "sha1": "0695e083e266a43d5fdf0e024d94b120e6cc7f0f", + "sha256": "70748378b2ccf3184e2f8578f75bf344b05ad0fd9552a43eee93134256ef80c1" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ann_module3.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "8c6cc0bb9cd23bd8ffce7bae8b3e25ed", + "sample_size": 504, + "sample_type": "Binary/None", + "sha1": "3a43d397d420f7924e3148709e9e48a53be96321", + "sha256": "dd7f4e047e05b9b6c799338d2b19d2fb14e53433ae79d4f7f46fb50dacb4c9b4" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "tupleobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "69f13ec570dc450c70cf24ce0ebabd36", + "sample_size": 1704, + "sample_type": "Binary/None", + "sha1": "0086bb4864e36ba8dbae02b0846ed53a0408dce9", + "sha256": "5792f42ff251b16e2aaac505342e4e917029ed45294366d9c9359b282c7e0e04" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "nm2def.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "f6d6500f17a03523c3dda3cbb93a9d20", + "sample_size": 2624, + "sample_type": "Binary/None", + "sha1": "b43dc17f5df62cdc359578dd75db97f1de7e2286", + "sha256": "cfa8e3f004d369d85714b10e71ebb1e544c1619e6d84c9988afadcdbb91ef243" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp037.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "1d2fe9de34a75e22c14ef5746fc5b3a5", + "sample_size": 13472, + "sample_type": "Binary/None", + "sha1": "00d68dea9d9268a1e0121febaec3bd5168b80ebb", + "sha256": "6fcc7e00e6f54bce95f5792645cd8f3e366c172f0e29b30549f9d82bd060a29f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "tracemalloc.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "f6335423e19ea8df5c7df508a7192777", + "sample_size": 1192, + "sample_type": "Binary/None", + "sha1": "7eb2ad31240062a1e7141b18e3ff865323be6f07", + "sha256": "5d97c24c51abb680f8f98e76e37ec72fb3999880e550aa6fd3e00fc5fc161ebb" + }, + { + "classification": "MALICIOUS", + "file_name": "nntplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "3ddf886a18b21718ce22541a9cf04e58", + "sample_size": 42152, + "sample_type": "Binary/None", + "sha1": "cddab471ad8f8f9445bf8c8fc3702a3ac4718583", + "sha256": "8540990a6425acbb4d885c5fda29e5c7c2beec2fcbfa53ef409e6157946a3306" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "warnings.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "37c48c7801e514bc93bdebf2235c8b00", + "sample_size": 1880, + "sample_type": "Binary/None", + "sha1": "a9b0ee5ec55f7509a7891a2e99fa06770958f1d9", + "sha256": "4696e14b3e9c080c9e2332e71fab0fab3bf062a8968965d89442f953d99aa360" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "locks.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "md5": "637c0a34583332073b92b58627869001", + "sample_size": 15672, + "sample_type": "Binary/None", + "sha1": "26deaae3962bba97d7da53759ea80a5c39286bbd", + "sha256": "7142b22335ffa6036d9b3a84e0916ca4795f6f30bfb2fbea3450b70d15e3709e" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "setobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "97d69e652ab7b18ea6f8c5169b4f46fe", + "sample_size": 3472, + "sample_type": "Binary/None", + "sha1": "aa57a444cf1ee7b325c095337fb5a1320a94d468", + "sha256": "3b1ff61737b2c7db49d0fc8c334b5ba8bf5390a0efedb5b71b4fa06e1fc7f459" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_pty.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "447c4fff57213ccaedba535f70fbf977", + "sample_size": 12648, + "sample_type": "Binary/None", + "sha1": "a77b57e1f459f1539730ebad204276672341efd3", + "sha256": "210bdf0d533237aa2e73cdbbfd3c2d5fd01cad4c482005ffd2b81a91a6563e14" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "euc_jp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "3865dafad7247438c6852b0a470fc532", + "sample_size": 1104, + "sample_type": "Binary/None", + "sha1": "ddd0a12c8b8fdd76bfafff53c4939e3fb28cdc3e", + "sha256": "0c1710612066c8bc6f3b3b68aa9125cd9138ea2bd37cdb009f28ed587005f811" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "euc_kr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "406c6eca2597b6ec541c8274d2f9d53e", + "sample_size": 1104, + "sample_type": "Binary/None", + "sha1": "8990a7ac6c2c1af0d98253716e39050e6d095cf0", + "sha256": "425bb126fc158030d86066422ec32c4e85b8df0f68537ed4303c44ffa2cc801d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "base.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime", + "md5": "d17ba44bbe6e6361c18bfd9c2687ba7d", + "sample_size": 984, + "sample_type": "Binary/None", + "sha1": "c7032418e3a8c4b160789705d60c182c2c98b621", + "sha256": "8a68f359a398aba84f6bd92053e41f8e5effdabc71b1455c5c3faf1ff783a8c1" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ifdef.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "e8a0f91fc696a86c2d828183eed28a9c", + "sample_size": 3856, + "sample_type": "Binary/None", + "sha1": "f18bccc4c8c2971a7c31b639c247ee4f992ed8a8", + "sha256": "e0af55f553f6e46cae7ee78511bd15bf2065cca21f4870db9ba6ccd41c21d156" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "modsupport.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "d2dca7f063e8fcd6b2ea35859c78f025", + "sample_size": 10256, + "sample_type": "Binary/None", + "sha1": "409621a82c6ad2130cca24d02502a8620c5335b3", + "sha256": "d1fe6d0cdafd20b20bfc62e452a1e4f43a869490d360748f500a82d53d4bf260" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pystrhex.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "e1bb1756859262c5d969fc31c59ca90b", + "sample_size": 912, + "sample_type": "Binary/None", + "sha1": "ee9c9e460fbda8cddbf1ca742587239c864d7a11", + "sha256": "ca800d249b217b29c54141bcf8767b08c5d866320971bfd6d46b42767b86bb76" + }, + { + "classification": "MALICIOUS", + "file_name": "test_re.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "32156293eaf124448d487e607d891016", + "sample_size": 116920, + "sample_type": "Binary/None", + "sha1": "87015ed8dc378ccfe654199681d9a1703271fe4d", + "sha256": "c404052b700c9d35ed1c32474bd1967da039f54a1edcc126ba47e5641bf3080f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "rgrep.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "967e655f7a08826f9c4a2714d43c4fec", + "sample_size": 1688, + "sample_type": "Binary/None", + "sha1": "6bfbbf413ec05544c64ee95ee4d004047fc31a1b", + "sha256": "d61589dc52817bc7824cc62e57509608b7d48000967e4ffaf98249b78a4d563c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_frozen.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "e126104ffcb71fdb9b4aa460c37902f2", + "sample_size": 1016, + "sample_type": "Binary/None", + "sha1": "a34d8851ffe974a7868124c10dab8f0175b4635e", + "sha256": "033ff3bce254dd6f28cf9b85e36cbe0af1af3805651e5f1946762595c9bff1df" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "_aix_support.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "763076198a33247f3792b2d9f55de0ba", + "sample_size": 3520, + "sample_type": "Binary/None", + "sha1": "526392a6e1e30fd311be31214069b03adfeb2c17", + "sha256": "fee4243538392a7271f4eec4f7b7702635fa7ff55b38db2913e0595e627f6b9d" + }, + { + "classification": "MALICIOUS", + "file_name": "socket.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "89a1818bc2a9fb306a439f69f3e46995", + "sample_size": 37696, + "sample_type": "Binary/None", + "sha1": "f3a9eeae23c047641abdfbaef37e8017345155f6", + "sha256": "b529761360b6311474817c4cbf05654c04ed32507c8baf9085eaea39a72e983b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "floatobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "442f0c0feafce2b2d74c958791461d29", + "sample_size": 4520, + "sample_type": "Binary/None", + "sha1": "7cfd93bdfdb91685f3a95a376f8b4024acc67860", + "sha256": "73cf646da17fbad60020ba678d2da8d4093462d7fd74aa13a05db80f842b161c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_symbol.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "6d0d7bf1f13dd43c89426e4bf246fffb", + "sample_size": 2208, + "sample_type": "Binary/None", + "sha1": "db8a9cb3b1ae4a2ef07ac46a629d9ad75a7720ed", + "sha256": "def642fc7c9976296b0c205333d7b7b35dab3b5c57e2fb52a3efa5b3c092f07f" + }, + { + "classification": "MALICIOUS", + "file_name": "pdb.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "32538c439a2ea428ff970426359380c5", + "sample_size": 65032, + "sample_type": "Binary/None", + "sha1": "4ca4bb1548e37c153b86bc0ab102d499fb416eae", + "sha256": "8289c1c275b227d3f2be64389830290d68beaf0d2aa216759e707bd056b3e8dd" + }, + { + "classification": "MALICIOUS", + "file_name": "test_base64.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "79b6d49d59fb57051bb1a068a4fed68f", + "sample_size": 31328, + "sample_type": "Binary/None", + "sha1": "c99a596abcb2347b52e343972976f4627cbc5640", + "sha256": "700a8c041ce10d0125cac4d2d246702339d227ccd02f348836d72e02fcade0e2" + }, + { + "classification": "MALICIOUS", + "file_name": "cp775.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "4fca96573bc8701cf8eceb7423763d55", + "sample_size": 35216, + "sample_type": "Binary/None", + "sha1": "7a9bc72f3a8ab6ecda07d9e1c6a8e6cfdcbccc45", + "sha256": "8d511df04d2e0f48e3649d9ac5cca2b53f5eea09da002b998057498c25247c26" + }, + { + "classification": "MALICIOUS", + "file_name": "test_bytes.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "131cf6df12fd50ffe7088b3aaa9e5338", + "sample_size": 78472, + "sample_type": "Binary/None", + "sha1": "2e4f27c773c221efbbe6023089d4fa036547a146", + "sha256": "0c52ff650db1aba90bb14930c560eb7a852fca26019780086ddd0dcb08b3ef06" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "getopt.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "6dda199570dee28d0106efdadb8e5882", + "sample_size": 7744, + "sample_type": "Binary/None", + "sha1": "c67ee23b868f05c2dcf315be6b7c1098b0a13bc7", + "sha256": "a8f3b77227a40d2fe41e5c3d69dd48a5d19396eed6134ef0e74b138cec48bb98" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "marshal.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "bb56c65866797432ec1efe797334475d", + "sample_size": 872, + "sample_type": "Binary/None", + "sha1": "8656b6632955a92cd63d2da0acd59d1ecb5248f9", + "sha256": "df347fb65861e138e675171c42d8dd9169de637a445517df1e810814098ad84d" + }, + { + "classification": "MALICIOUS", + "file_name": "object.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "053224b3a05ce2664232806b2588fdfe", + "sample_size": 25320, + "sample_type": "Binary/None", + "sha1": "ba07ad752aedd3b24c62e29a751191c45b207946", + "sha256": "fee9fd4e51707ff48003c2f51aac158896f027f9b7c14c74709ec595b92e0bd2" + }, + { + "classification": "MALICIOUS", + "file_name": "NEWS.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "b7720f1efe6a1ac096034ee9ac817806", + "sample_size": 53256, + "sample_type": "Binary/None", + "sha1": "db7d2a354a78c4a13027377b80223f16c3dcd373", + "sha256": "81466e226b4ada88449a4caec832d7fd601dbae744f1672b3599d14ed82ad4b0" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_binhex.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "b866f7455c0ead4c33c62cd97c43efc9", + "sample_size": 2120, + "sample_type": "Binary/None", + "sha1": "6698532d394ca1200a207c640848985c7bf7de1f", + "sha256": "30c5fc728078ce3afbebaf00e9142274fa959b3bbcdfea2ed859241b8d219db7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp1251.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "cedb685f92aff3580a0090883b7dc69f", + "sample_size": 13712, + "sample_type": "Binary/None", + "sha1": "a9d8af6ba51aff0bbf3e5041250b8431af6bdb56", + "sha256": "deda35c9a4fb31e3a9974f1776653a7e8b7a750ba6212401a68919a38ac5a130" + }, + { + "classification": "MALICIOUS", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\venv", + "md5": "af93ff17a6600aa6eade509a3dfc3c52", + "sample_size": 23760, + "sample_type": "Binary/None", + "sha1": "b55b8fb553b1d685d95490944871421c3f037b8c", + "sha256": "99b41c0a6ae29c22a64d7c09e4d767d702adda589754295a1c80fec3a2988ac9" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "sndhdr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "f95f5b05f62497eb1f1a1a8794d3514d", + "sample_size": 7400, + "sample_type": "Binary/None", + "sha1": "4a3c530a1c7098933383441c7b5a0b11efda708e", + "sha256": "46eb904c39c5dbd510426aa6580ce121da2c7cf817b673481fb17c94019fad01" + }, + { + "classification": "MALICIOUS", + "file_name": "test_iter.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "30df9a468832d9d661fbd4cbc241dc21", + "sample_size": 34312, + "sample_type": "Binary/None", + "sha1": "ec973643ea0f2a604dbdd87ba315c5187dde936d", + "sha256": "a66c976d4fb7cfd4d7a165d7c086e5c66cc0ca65aa8d31cd1e7221490842c62f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_sunau.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "89978a6c4c38fa02cb6f2795e64071be", + "sample_size": 6320, + "sample_type": "Binary/None", + "sha1": "ec09eb7c4965806418aa2203384de5118c041091", + "sha256": "281b2b54be5732faf5a1db1744dfff4e154f8535d731059149f8ed2f6f7efe10" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "keycertecc.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "d97d08c82d38eef40ab285b780b36e44", + "sample_size": 5784, + "sample_type": "Binary/None", + "sha1": "8308f0138643050a0fe532a3e0d5507a66283ded", + "sha256": "13e3646ed13b6385df51577362f1e70cb86129d2cbacff266ef5fd34208ef283" + }, + { + "classification": "MALICIOUS", + "file_name": "lock_tests.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "34ae104c49960742fd54c2e32034b36d", + "sample_size": 31848, + "sample_type": "Binary/None", + "sha1": "726cc27f11440b382717549773aca87d5e681cc7", + "sha256": "97b765cad8173018d16182dd6826a402d3c298c26d30ae6ce10f38891c00b314" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_audit.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "5eac77aeaca363a71e4e3810fe4515d3", + "sample_size": 4432, + "sample_type": "Binary/None", + "sha1": "f7e2c5796a0ca133ff70759df2629623e66cc9dd", + "sha256": "ee776f6c2b6c1e6b9505968f2defccc13c0e2940081e18f9d4bfc3561294a415" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ffdh3072.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "f297f1d20bf7e20863c4927b335e2b75", + "sample_size": 2296, + "sample_type": "Binary/None", + "sha1": "77cb24426a5ecf77d9ff76275f4d3efe7a96f7f6", + "sha256": "d754b1d2363e4e51751ec2179b01d87a2c322d929302d9ea5d9f1948cd9ec19f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "grammar.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "637cb26cffb3a35bb1cb54888ed9ce36", + "sample_size": 1936, + "sample_type": "Binary/None", + "sha1": "bf49664f8c110b5e5ae1e455d48a061a6f89dd37", + "sha256": "2c57a622e7567b025c2b691a23d1490a9113fd68f0c736fed48f83163060163a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "opcode.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "af2ebe539760c6c4147a6892f7dbba73", + "sample_size": 5080, + "sample_type": "Binary/None", + "sha1": "fe3fae83451fd7fe2cc027baffde414946d35f8c", + "sha256": "535ea74715f94f34d3ba44608036da6f06c7122b5fb23dce03f59d28becaba21" + }, + { + "classification": "MALICIOUS", + "file_name": "test_bz2.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "ae787ff9a14ac980e900b84b2429679c", + "sample_size": 38888, + "sample_type": "Binary/None", + "sha1": "573e552f2860f32ce18e7e56210171282b3a8f48", + "sha256": "b0765f4e6afdd1b39cf0f70e4db05016282c1f1c1fa36e2b3edcae8ef42b86b7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_raise.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "c70212afdcbc0a66d108275ff49eefed", + "sample_size": 14312, + "sample_type": "Binary/None", + "sha1": "3b26b185a2022a91327b7ac7a2a2916efa36f827", + "sha256": "7002fca5ce377239a47dfffaa87e2574865b0edf547b845387c9df165f23462d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp932.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "2ec75a1bb2f3f60b44ea85310ca3326c", + "sample_size": 1104, + "sample_type": "Binary/None", + "sha1": "531f3e8da6d916d867ffe0429020f0713c168bcf", + "sha256": "252ec1085d49a2d123f5aa83c74186856404a20a73593d0b40bc817e6af773dc" + }, + { + "classification": "MALICIOUS", + "file_name": "dataclasses.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "b035a655316c7f0b78d69d741535ddce", + "sample_size": 50912, + "sample_type": "Binary/None", + "sha1": "ee7fd09dc897cb9e39f743fd043ad9b319e36624", + "sha256": "086dfc2d55f85b531cf0dc5bb835569ccd305b689d1e094b9561b3d768bbce0a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ascii.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "1b8c3adc428f944b08fd5b9246230033", + "sample_size": 1336, + "sample_type": "Binary/None", + "sha1": "fe917315a408bd8d21acd891e29dba9b5e59a76e", + "sha256": "4dd9362749281c341272f6eed789373937683b707936ec0da5484e7f3f13b33b" + }, + { + "classification": "MALICIOUS", + "file_name": "cp865.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "3bef7798050af77fd9bbd59c181b9f6b", + "sample_size": 35360, + "sample_type": "Binary/None", + "sha1": "44cf774723126449aabdc352343f6df2368ba5ed", + "sha256": "34f1e349317d35f55b19920a9c50f4758e719ae420ae1aefb242f96fb9fe08f1" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "fork_wait.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "3e9a7ff9b0eb1837fb5178b8f6523c1d", + "sample_size": 2352, + "sample_type": "Binary/None", + "sha1": "d6b07bf01f37612c7145d7585a03e3b987918283", + "sha256": "34d6a93c8dc6b8c99ff0f5a26fe6e7c9229e1b306186a5788c355306c14da615" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "_markupbase.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "e287befe23244f719f9aad6f58ef92de", + "sample_size": 15056, + "sample_type": "Binary/None", + "sha1": "3153f5862d63c29af2ad857f412de2b7d3c377f9", + "sha256": "b6aba95fe6f844f434a70563bcdea56fec1af9e22dc79b5fb7d45b2115954ac5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "dialog.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter", + "md5": "c77716cb4ddb35f10e2db9eea637b033", + "sample_size": 1632, + "sample_type": "Binary/None", + "sha1": "a251d442fe1799d144024d841c7a58f78f2baa71", + "sha256": "85ea01c90c0114139776463be60eaff03d6355c65c18b98a105ab130d9c3e27e" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "charset.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "md5": "f976732b40bd90bd60ba5c03a3e8f604", + "sample_size": 17576, + "sample_type": "Binary/None", + "sha1": "2c2c70517bfdf2bc2267d511c43df1381692bccb", + "sha256": "72a838834b36a76c63769b1fd9704d1fa3b945de995a3802201b54d2c6d59d90" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp1258.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "80fb8470ef2a0d1f8563b658d875ac05", + "sample_size": 13712, + "sample_type": "Binary/None", + "sha1": "045040eb6e77660961a7e82cfe4cace55e64f542", + "sha256": "4b2e44a15d3b1a9a91f38717f6552ed77c6b3df1050f602b8a1179d75e60eaf1" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xmlrpc", + "md5": "1336fd81c8877b29bce7c64d082ec47b", + "sample_size": 80, + "sample_type": "Binary/None", + "sha1": "929bec86b3220dc08c54d93a2c1d0ea49f2384db", + "sha256": "fccf29dfb18310ad514b3d198ef8d07a6d1e5a5abe893fa4a6bf586508de36e3" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "patcomp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "md5": "fcea4c5c64054117a4c9295e4a6196d9", + "sample_size": 7296, + "sample_type": "Binary/None", + "sha1": "5e624655229f671637c02980f3de50bef2a3ec28", + "sha256": "5ab8a6c0656989ddb4cac98715b7054804b25903b48e6cf177c60ff868b8d74a" + }, + { + "classification": "MALICIOUS", + "file_name": "cp850.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "6ed3f35ec46914673a5896b12bdd4599", + "sample_size": 34840, + "sample_type": "Binary/None", + "sha1": "13f35c9112add00b5c1aaa2ef79805bb742b0917", + "sha256": "32dc684fe8697160f93dc4c664abd2b622cf3f7f278c4c83e0221d93cd40057b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "imp_dummy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "571910322eb6dda5dee70505523d92a8", + "sample_size": 104, + "sample_type": "Binary/None", + "sha1": "c7811144884a9db38b0c4cc2d34bc1f38321618e", + "sha256": "e10e9a2c87bc8e632eb297984fc209981829c5b885fdeb0c80de645a2447ca1e" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "OneDriveMedTile.scale-125.png.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "md5": "389f464e3e60d3b5b80a1b3a655477e2", + "sample_size": 888, + "sample_type": "Binary/None", + "sha1": "dcbda158416d9c9841ad3de5d275059cd12e49cf", + "sha256": "52dda79726567ed2ae2cf3c2ea07089a5ba652eccf86e660df57244c0fcff0f5" + }, + { + "classification": "MALICIOUS", + "file_name": "client.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http", + "md5": "71deb93a46c2f97e5ddc1ef5fbe4cbd5", + "sample_size": 58112, + "sample_type": "Binary/None", + "sha1": "76941cc4dbfe293f3db5067122fd4924c518597d", + "sha256": "db53f27c48f1a1668a8c8d9a48f31a83cbb9bf60d2630aed9e5ce4d039f419a0" + }, + { + "classification": "MALICIOUS", + "file_name": "NEWS2x.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "9b50e9fb20d6a2cea2d6d0712c1e9ef1", + "sample_size": 27872, + "sample_type": "Binary/None", + "sha1": "4e19d665fbfd3aff7742bfea6be5a71bc938adeb", + "sha256": "7ddbbbbbe0dc19fd0bf4a3f5ab946b233e0ab84ecd8b8ee9cfadf0b5fe2795db" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "extend.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "09104c4c4491c76eba3bef46d58b3cca", + "sample_size": 3752, + "sample_type": "Binary/None", + "sha1": "1cd746eb60fe8ea7c61744420fd4ab40f7494c2a", + "sha256": "10df4f8a39f161bea89285ec0f8f6f5ad35598835c6a39a36b14c0b7c5c36e98" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "2to3.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "08e98543d7808dea5c9efd9875017943", + "sample_size": 144, + "sample_type": "Binary/None", + "sha1": "4a418fc18e04bf6c216fed801a7a4cb6b8b81c3a", + "sha256": "ce997dec1b2ff538fd4375e7c58c358e5b21dab39a063c369779ef26d6d54940" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "lfcr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "146431d711eb49d92a0b9611dd45398a", + "sample_size": 704, + "sample_type": "Binary/None", + "sha1": "e1d0d9bfe337e248836950aa856d01bc57040ead", + "sha256": "f2f2a8b2c6eda56fdc95dea93e9530aefcb14b6a2e25edc425a78ab48888906c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "nullcert.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "7df02e12f874adfe53efab4d9402c537", + "sample_size": 40, + "sample_type": "Binary/None", + "sha1": "649791b0eacb774edc70e6be7858f4d937f6a137", + "sha256": "b99f7a569222bd74e17f7b8215ba233150657e434ef38a74a17cc642e77fc8df" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_zipapp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "47f9544d30ad7632f7349490afb1eee7", + "sample_size": 16744, + "sample_type": "Binary/None", + "sha1": "e98afe05789cb9ffa7f0d5020494cf31c82f985c", + "sha256": "c9ad092fdc735691542c895161be7330fa88e7b09789f5a502e7c3767fb4868d" + }, + { + "classification": "MALICIOUS", + "file_name": "zipimport.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "e0acf27f463efd9e4beaafaab0df07b3", + "sample_size": 31600, + "sample_type": "Binary/None", + "sha1": "8fb9c31c498f748fc9fa074892f0526d21fe2b1e", + "sha256": "f6d5ae42402c2f1ee927798602cbf965d0404177017a5045753098390642d652" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_sort.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "4cfd89961675f4c9206fbc31b0fc437e", + "sample_size": 14168, + "sample_type": "Binary/None", + "sha1": "7950951826450193932134665cdf45aed67a4a7e", + "sha256": "06626deb8048a31f1cda63ee2075342c8db7ef48376e0e2f58fcf46203f8cc52" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ann_module5.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "20d19215dbc051ca9e36d7db57e8f814", + "sample_size": 256, + "sample_type": "Binary/None", + "sha1": "b9a6755944ae68f177efa99cd1943e8dfb8325df", + "sha256": "f8c5f9918eadbebb4f5e4afce74a3daf49b248c286755991f0852626809cb0ed" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_print.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "adfd7c554214487d407385fb759bc194", + "sample_size": 7808, + "sample_type": "Binary/None", + "sha1": "2dcb869376bd1c3f4f047a818d178905197c38f3", + "sha256": "a1d954156990294c0eb6d136bd3d7f9100c22aa70091ed302458605338079b04" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "quopri.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "e2c64b2dc47ff403bb640d01f7ed08bb", + "sample_size": 7552, + "sample_type": "Binary/None", + "sha1": "205e3bf6162488f046cae720018d900bcd0c75a0", + "sha256": "af96aaa2acf4437451c4f9421e37149c025d7663b54c2d47ceefee5bc27cc14f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "scanner.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json", + "md5": "f74b5a50309bfa097a0b4253636a1250", + "sample_size": 2536, + "sample_type": "Binary/None", + "sha1": "3ee22e8f6ac8bf33359084b9ffca43d2cbb4d3c8", + "sha256": "af6a98c25452e95fa873e0d0a0ff6da5f37e68892760edaad0f1762caf17742f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "moduleobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "b9d6572dfb309139aaef8e77e2a326ee", + "sample_size": 2488, + "sample_type": "Binary/None", + "sha1": "546b370fd927ac5be40f3076051f15cd6c55ce6e", + "sha256": "4930402f15ef3823bfab0e62e8598299b8ef904f34d4aef761ec9b42b8855171" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_eintr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "0572e96b88914ff23bbd3c20205a05ed", + "sample_size": 1432, + "sample_type": "Binary/None", + "sha1": "a8274e3e72620b9b84f8dcc646e334a7933a702b", + "sha256": "aefc3920371bec8e17b8ba611fbda2b952b5b50a452c8ef8093b070bfb04a74c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__future__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "3ad489ccad38b979221b71b405d00c98", + "sample_size": 5336, + "sample_type": "Binary/None", + "sha1": "2d324459f022c6b9ec8a6dbf02381566f7a3d2f9", + "sha256": "acfe7c727b5033e34a702c61a325ae29653773baf1abb50265afb5d58f99146c" + }, + { + "classification": "MALICIOUS", + "file_name": "statistics.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "14bb2df9b841f33f0a95de5d0d417e13", + "sample_size": 39224, + "sample_type": "Binary/None", + "sha1": "d75a36ff8f9bd18449927e35b83ba36b3bca9257", + "sha256": "eb05eb01380731752d68e734f5b868556ce737baca03463bfd1e002438c8b785" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "parser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html", + "md5": "854e913ae9f655bd5d392e0339d27865", + "sample_size": 17896, + "sample_type": "Binary/None", + "sha1": "f79bc8e11fc3cbff723d484dfd4a88a7cdcb8d4d", + "sha256": "46f7fbfa2ba01f36f19bb030ba2f51e00bd244bae233aa80a6c311148de1cd5a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_super.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "c75300d0f62e5a02e888f34ac13f3beb", + "sample_size": 10192, + "sample_type": "Binary/None", + "sha1": "69fee78273f2c1e8c7bf9a2bdb118f7ce567a462", + "sha256": "c379fb3bd6c92c04c306a498f7f3a74fcd90dad4637c06a7061a27d9256e6337" + }, + { + "classification": "MALICIOUS", + "file_name": "turtle.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "c1fded0b5d2cfc1f832cc78bb39fb9eb", + "sample_size": 147976, + "sample_type": "Binary/None", + "sha1": "3a35bae93a51913ece7858f9f29a3d468f7a2740", + "sha256": "af1aa3fa1492ce0b2c3ba817fcd8977ab1326ef423976000f1e3c0d5a453c649" + }, + { + "classification": "MALICIOUS", + "file_name": "weakref.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "0bbcbc567a5c87e9444d21f4fb0c3285", + "sample_size": 22272, + "sample_type": "Binary/None", + "sha1": "2ae7b57bf7d16ae01cecc313e2e6a09006a12d0c", + "sha256": "203fb7a37493935070916f962c58e87c419a7d0c493080dd02436ca1d96ee5a5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "dnd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter", + "md5": "ec757599731aef3b8a4e70af4647a098", + "sample_size": 11896, + "sample_type": "Binary/None", + "sha1": "d289e26342c8e81f3e703edb59afeed456e0d1c0", + "sha256": "5b649d63efea556b686146ed3ec6c619a6cd6a63987b3c54270f9324ff30f77a" + }, + { + "classification": "MALICIOUS", + "file_name": "test_math.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "f54beb542b56420da6734fe6ad409493", + "sample_size": 91696, + "sample_type": "Binary/None", + "sha1": "acf465745edfbad71162a058cd407230d16936ee", + "sha256": "e525e5ad6937f8aec2d94b13be2d5cf96480376d768175076a9420b6b71d428c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "brndlog.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer", + "md5": "1915baa033d1912e81ae60880429093c", + "sample_size": 6616, + "sample_type": "Binary/None", + "sha1": "6fe32dfba4daaa8c3d9f338dd6d4160e44f5c646", + "sha256": "81d796bb00b01238ec1dcef1b73c65bb58c1392cc0129029fa2aca495e8baa98" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "dbapi2.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3", + "md5": "5e3b75d66dacaf1067fea9c9361ebce4", + "sample_size": 2816, + "sample_type": "Binary/None", + "sha1": "4d47fd3eb1af0b499fded04f145b96ae5823391f", + "sha256": "6a9fc7958b4dd3f96f4b822b91b5618f91838e7ffc04d164d09b75426c70bc73" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "mbcs.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "00c32031127c30c3db11679d02b998be", + "sample_size": 1296, + "sample_type": "Binary/None", + "sha1": "255b47c3915dad244dbc1f4bb2fffa5b93e7664a", + "sha256": "f4b34475792d186316e60a7add8d7cba56386ab564608e02c5b15eb9f22d48d6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "sched.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "84efb2bf35cdcafa8a1b5ef1d173b89b", + "sample_size": 6648, + "sample_type": "Binary/None", + "sha1": "082b95ab73527f078f5d6cac729642459c281954", + "sha256": "c46c23e0349f59a82dc5e15f589add3a83007f74710cf3708b0de2975bbb7fe6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "getpass.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "b2059602ffcccc4ed07d19895d06636d", + "sample_size": 6216, + "sample_type": "Binary/None", + "sha1": "5c327d766ec72d62970fc06437c321e96ba75b0c", + "sha256": "ddec8d1db71f926b212ed3348eb28e1238fbe5fb468052b5a7ad2ef825cff4bc" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_turtle.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "3874eac32d6feb347c3fd644a8bdfeb5", + "sample_size": 13448, + "sample_type": "Binary/None", + "sha1": "4bd0d922b3364d0b892a552a683144092778b493", + "sha256": "6dd4ca15906b093c2ba4c182cf6db1176bf7cb4b82f37cd8e4fdf12860ca8ecd" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml", + "md5": "4a9a9a32fc5fb8d30d3f5606061dce9e", + "sample_size": 616, + "sample_type": "Binary/None", + "sha1": "95c3a5a49c74a0643a7e54a121109335d89a6f12", + "sha256": "c48328f5c14ab84b62d59262e00bbc6302c57bed47607ea17df3ab8892dc8fa7" + }, + { + "classification": "MALICIOUS", + "file_name": "minidom.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\dom", + "md5": "e6a45e247454243d800587c88be7b0cf", + "sample_size": 70120, + "sample_type": "Binary/None", + "sha1": "001c5b3f54cb0681a0c03fbaebc4d406f6ad9679", + "sha256": "82edb906b19b0e26767e169012e0619d40321cb9db07e2ac2404782e33b76240" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "gnu.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm", + "md5": "4cc3692e447461dcb4a04a53e894cfc9", + "sample_size": 112, + "sample_type": "Binary/None", + "sha1": "76c38918acf04bb29325b48cb718dbd2faaa0021", + "sha256": "22b7b16b0e0f93c659fd6f596f450518b9b025037ee75e45eaaf03f17c3be5f0" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "io.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "16a0eafd3d71f9cab100781d316d08e8", + "sample_size": 3680, + "sample_type": "Binary/None", + "sha1": "a62fda6a3946af46580321a0536a90f7e35e71ac", + "sha256": "77ded55468899ad948c69428995207865bad09d65155a538923dfe4e8063cc6e" + }, + { + "classification": "MALICIOUS", + "file_name": "test_int.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "a20ba19663c685388504bd66b0a479d4", + "sample_size": 21912, + "sample_type": "Binary/None", + "sha1": "b67e65f87e839dc48dafa12d996a6d155951978e", + "sha256": "2644355408e48173fb66932239bc5669047971e79a58d55d7278c179402c2d01" + }, + { + "classification": "MALICIOUS", + "file_name": "calendar.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "59f68e814bde3287490ec949b85aa5da", + "sample_size": 25640, + "sample_type": "Binary/None", + "sha1": "9a5c326642450f91151fcde77f272bea93e520bf", + "sha256": "6da4eb12f433dd2e0bf1fba598986734671d8e4e5b598a34864d24e939caf97e" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "policy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "md5": "35549a7f2c952f687ac9d35c3a152de1", + "sample_size": 10648, + "sample_type": "Binary/None", + "sha1": "b2b51c118c10924cc8c4780e2d1f60258e1ea066", + "sha256": "ff3126c2a0d16acf032dae8bd0f65127192a835848ed8e66fa5bcb953009ac6e" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "mailcap.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "1406ba76da23c156fd258f4dfb4f6d0c", + "sample_size": 1352, + "sample_type": "Binary/None", + "sha1": "d1666025e37a9853efe8edb53b80385c36ee80cf", + "sha256": "ababa37626163c5cbae15b83ad7721ac774832089a16ac2765bc6fbb373a7528" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_module.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "1a2a557d238f7949b9b28f754e0a66b1", + "sample_size": 10800, + "sample_type": "Binary/None", + "sha1": "a355b51559afe870fb1c4d4d1659d0560d7b310e", + "sha256": "ba9ebe16180fe511523f0938ceb90b41d02f16b895dbeedb413e6332f679e4aa" + }, + { + "classification": "MALICIOUS", + "file_name": "_parseaddr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "md5": "bdeede01604cefdccd3a234475b5eafa", + "sample_size": 18312, + "sample_type": "Binary/None", + "sha1": "bfe93621dfe525b46663d5af00cd4ab2727cb5fa", + "sha256": "b5458d5071e976c283180fb719ef0c01e93133ac6a6df33762b2e0bb7ae1f52c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "text.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime", + "md5": "ab6485c56bf4086866ba43036131541d", + "sample_size": 1520, + "sample_type": "Binary/None", + "sha1": "7165068d2c869508a9c7363425f47052c796488b", + "sha256": "74f034dda8839203ce86a972fadf9cc9f4f8bcc831112b640731e0f49eb6fae9" + }, + { + "classification": "MALICIOUS", + "file_name": "test_xmlrpc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "c415058b4d8692d2c05785277a56ecae", + "sample_size": 60104, + "sample_type": "Binary/None", + "sha1": "6a302419b7f29bcfedb3ed492ce8a21d4c7ee376", + "sha256": "c0c7d1e066a477854cced8758f4cdad775859371edb855968862274b0d93ac91" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "graminit.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "772b8eaf52568dc431007584d4593cd7", + "sample_size": 2256, + "sample_type": "Binary/None", + "sha1": "73c86b471954ba1cc9c97e1b43273bfd5e48890a", + "sha256": "7df1b32ba1e9ab5f547d706e94788d700975b0b525701b4f48825d653293f5f4" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "dis_module.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "1f1095b26f1fa07a879e09575f963dfd", + "sample_size": 120, + "sample_type": "Binary/None", + "sha1": "ad74d9e3f141fc87586a8e8796b9f8e165680a68", + "sha256": "66a5cd5f8c9d6e396c83762784a50a07fab0134c290103597567c0aefbc8deac" + }, + { + "classification": "MALICIOUS", + "file_name": "test_syntax.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "301fd37908d3c2c39d7ec29951510b7f", + "sample_size": 35960, + "sample_type": "Binary/None", + "sha1": "5cdc71559b2aca39517f8199efc1c55c0fd5e9b1", + "sha256": "23ebedb73dabafe93f6522f0e3511d3982e5275cee0d909563cfe82f2528c276" + }, + { + "classification": "MALICIOUS", + "file_name": "test_typing.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "59082522b347780aace84cdab59f3747", + "sample_size": 147848, + "sample_type": "Binary/None", + "sha1": "2ee8ba9d5aafe3102865f179d80d54c506499ac6", + "sha256": "c5d7588f82503b61927a7e61913cb6588d6fd7448d8cfa8c5c8dbfbe955cceea" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "fileobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "3024469e935f1d228bb70df7ab679fd9", + "sample_size": 1664, + "sample_type": "Binary/None", + "sha1": "02091011d261b11ce90bf23f53d03a15288979d4", + "sha256": "9d8bbfaf8ba44eeb53069509655cae7b0b4f115ad91e4ca657fedeeb78820eca" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "shlex.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "0b907c92f17acd6f33816b6a31f5c125", + "sample_size": 13888, + "sample_type": "Binary/None", + "sha1": "bebf58fc0e773f3f6228cc001b74b14fcffd4925", + "sha256": "9773003f815f2d28e2fbd1b5b9b210a5301d64aeccef4b33545a07bba57dbc18" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__phello__.foo.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "419a95edb628a40fb8ae9cabe7d70a75", + "sample_size": 104, + "sample_type": "Binary/None", + "sha1": "319ec899e1af20e503277b3b92e399a8bc976ec4", + "sha256": "0e1360dfd82b0045d1d48f5c588e203f4bf21ccfd68cb9b37570a772acc5b193" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\urllib", + "md5": "cec9bdb2b04b7844c36d7e81b2cac9ac", + "sample_size": 40, + "sample_type": "Binary/None", + "sha1": "de6abc27998f99f88fa150a86b0d041461ab3344", + "sha256": "a796a48eb3901bd65723a101ed02433af5fe686322541c4c2d8e3beb645276b1" + }, + { + "classification": "MALICIOUS", + "file_name": "NEWS.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39", + "md5": "603a5fe3fd01c8c3068a1347497e4632", + "sample_size": 1128128, + "sample_type": "Binary/None", + "sha1": "10489d490e9e6da9427043891da39202f0db52b5", + "sha256": "a6627de09cc72ee3bef146faa655000aff0cb8fd6f6404626062cfeafe5f93e2" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "copy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "d283bdeca1b74ab081ac7091661859bf", + "sample_size": 8992, + "sample_type": "Binary/None", + "sha1": "02a556fd4f5fce2892e90ecc1e763093d5239f5c", + "sha256": "9bfd80da299dafb79ab4ab932c0c230bc9ef1daa084dbcba4199c10ff8b46f4d" + }, + { + "classification": "MALICIOUS", + "file_name": "imaplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "9a64b5a289d1aae27f1efde0ceb01fab", + "sample_size": 56592, + "sample_type": "Binary/None", + "sha1": "b5ab853cf1b629ac789e5f50459cf7b2f1c866a9", + "sha256": "6089e95054f17d3ec207f08ee82a05cd0878af009e5e17603d2b21fc5cef59f3" + }, + { + "classification": "MALICIOUS", + "file_name": "test_codecs.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "5d5fca7e95701aea7845e490a2ce1f61", + "sample_size": 138360, + "sample_type": "Binary/None", + "sha1": "4b617a1a92475ab987915945efc0971fd03c82b9", + "sha256": "7576007fdb2bd1e091ab63cab56c310de27ce1ae99faded0c637e1bb0e21e52a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "copyreg.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "803eb04f7b43aaee675593c103be57c4", + "sample_size": 7528, + "sample_type": "Binary/None", + "sha1": "a5dcf94b9c9dcb86333bcd869aa650f98f8d9f6f", + "sha256": "786817dc83366d77c4df8938fadf82a0f29e4e1eecc9f562ef443f5b7da1bcbf" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "objimpl.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "19b78b6d5dd3487f0d39a277d1035931", + "sample_size": 8680, + "sample_type": "Binary/None", + "sha1": "ec729042751a8e179f053908f5366210edacba50", + "sha256": "2f2b15b905fbbedfe4f1a008fd741942e550798b98ae8869a3e3ace305d3edfc" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_bool.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "64ecd0d65ac24f9f27ba3076c79ea51d", + "sample_size": 13144, + "sample_type": "Binary/None", + "sha1": "843eb0e2b7fd8ac5065e78737240c39e0a478c99", + "sha256": "63b87d9b93914930fa6efe97dcefa82abce79aa1c7f84daf99cba17578c38910" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "mock_socket.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "351bf7f6463e3776200c5771764cfcc2", + "sample_size": 4000, + "sample_type": "Binary/None", + "sha1": "ab55d87fd164f915087d237c920d92594ed242c5", + "sha256": "42ba26107f3cdb80b45f36a0faf14a0e16fe4f6b4b972a106e130aba371448eb" + }, + { + "classification": "MALICIOUS", + "file_name": "config.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "e0176b5c804c63554ee5b763aa9266d4", + "sample_size": 39128, + "sample_type": "Binary/None", + "sha1": "157c073c89f64c61cb153459e124a1da50f286c2", + "sha256": "074bfa7f168a0ed336aa0b95c75bc1ea2c88fd5ed3e9351a6464d923a34bac18" + }, + { + "classification": "MALICIOUS", + "file_name": "test_struct.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "1a6d3866f41637109edba58e787a480c", + "sample_size": 36920, + "sample_type": "Binary/None", + "sha1": "31cb71b2a6a981a10cad76c0faf355d34b9dcdfc", + "sha256": "ffd496c63f931a897c19f13c285114386bf1d07ed1b889c0dbb1f5898828a5c3" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "trsock.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "md5": "69fa60534dc812e7c1db9871d2238b2a", + "sample_size": 6120, + "sample_type": "Binary/None", + "sha1": "657bd68fc30c64520c9211c293216532906b765f", + "sha256": "2079c96fcef6520be733145787d7771f1e418fe84791500f61298b7488210499" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_pyclbr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "a08233d6a5cc0be4e9131e156b7ec188", + "sample_size": 10424, + "sample_type": "Binary/None", + "sha1": "540c6e4afeae627e03e42c1214295c0041343e68", + "sha256": "fcbe107aa4aa769a501a5a2cd58aec0d79595a3237b5054ecb3264a02b849ee6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "result.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest", + "md5": "e2f2b5d7ff9b48ef4a1aabe77ce53278", + "sample_size": 8648, + "sample_type": "Binary/None", + "sha1": "b7ee4e70ae85f63e5e62954ecd6ae18dec14695e", + "sha256": "dd9a18f8a3c8e1db5af5d0542d37b41bc2ace3e913be3c3a3de52352c7fdb7b5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json", + "md5": "90c12c6b8d1df189e55a0791af16f88a", + "sample_size": 14416, + "sample_type": "Binary/None", + "sha1": "9dfe2d0ea8af71477865c4340d4a594a9597acee", + "sha256": "21c0bddfbf1bd94076d78c8782d6d9e0a13e59630a38520e42ef18f6f71a2501" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pydoc_mod.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "ba561bf0724efc566b8aa1f67ea78b91", + "sample_size": 1024, + "sample_type": "Binary/None", + "sha1": "fe30ba351c198b3d73d846ecad00e6ef81346031", + "sha256": "464936bce9f33b544c226a79febdec8f418f259d8427bc0047c3f8f609a120d7" + }, + { + "classification": "MALICIOUS", + "file_name": "test_strtod.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "af6478c51d9773ac90294eaae645e683", + "sample_size": 21008, + "sample_type": "Binary/None", + "sha1": "41c8a51b2d6d82d4d2178f8fc6d068a0b595af2f", + "sha256": "076c35eff357fd4047370ea898e5aad2c701e3d98b7622f986da79b776015e04" + }, + { + "classification": "MALICIOUS", + "file_name": "_collections_abc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "33446187c1bfebb8a33b40f59cce0ee1", + "sample_size": 30528, + "sample_type": "Binary/None", + "sha1": "d39792fd0eb2cbb244e55c4cffbf3227aebf1575", + "sha256": "2ebe2f6b0bf0d6ace528d6a0c4dd6f76ab0f0bff287ad5dd6d80eac94fd5e83b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "abc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\collections", + "md5": "afb04740450b86d9c91c6820c6c4f513", + "sample_size": 160, + "sample_type": "Binary/None", + "sha1": "36b8173c0ba27634299f824a4152ee20ed6a0361", + "sha256": "d4139383335a43b57cd2882ca24e9434088cdfedd8a0edf32533e65867e42f16" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "code.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "7bc4e58ec6effe3b7da5079dc8a57901", + "sample_size": 376, + "sample_type": "Binary/None", + "sha1": "d1768cb56e348ba81cedcfde17d8dd90d5863bb4", + "sha256": "d3323d5e4d76a5512600ccaa90f6824c97636548f16a43bf773d5503f71d0e36" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "hz.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "8bedf55ebe9f66fcb368d25273d42726", + "sample_size": 1088, + "sample_type": "Binary/None", + "sha1": "26ef67678665e87f4cb824666a5a04fcc755928c", + "sha256": "45e02030a3d642e2c222e332a0fd9046961d7b3a0e3d40fbf07c56e4d866838f" + }, + { + "classification": "MALICIOUS", + "file_name": "cgi.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "0ae3f1aab5fb99c1714012425750a2b8", + "sample_size": 34976, + "sample_type": "Binary/None", + "sha1": "383f4344c1d90022cef1368a17cc3d98ff596041", + "sha256": "7e0064864a95dfa486eaa44608824cbc3c273e88657a1a84d4e2986d54732b41" + }, + { + "classification": "MALICIOUS", + "file_name": "tokenize.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "9f9855f3cefa20102f99cb8a7b2a4b24", + "sample_size": 26608, + "sample_type": "Binary/None", + "sha1": "1455e52a03928ed7a79392b2d58e3b5af583bb98", + "sha256": "4f081061a633ee3d309d4d9726c8a1e41d5ccd54fce56d59959ee13a0b13bf8f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "asynchat.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "c582ddb0f5deff5cae8f1249541899a7", + "sample_size": 11672, + "sample_type": "Binary/None", + "sha1": "7f96fb666518cef966c8602f08e58531ec0f68de", + "sha256": "408a2ad407cf6531910df8784d92fa151721c70a8c10daca1fd3629b3e39fe53" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "util.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest", + "md5": "2658c1d90c40e9c21488419fd37e8b49", + "sample_size": 5424, + "sample_type": "Binary/None", + "sha1": "6d45c279b1d5c761fbdf600ece8958a785350c59", + "sha256": "ae28f83ac9c8d63e4a85b1758c79bdc125fd6f3aa6e1eca319bfde78b7d30029" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "bisect.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "3b3b3a09ed8c4df48a46e3dc0cceab3e", + "sample_size": 2472, + "sample_type": "Binary/None", + "sha1": "855d6a58fa1b4c3a96a21fa6c838f280340638ba", + "sha256": "4400fdd44ac9e6302c51c9c26c74556c500ecc622ce0eec81d2040fd08956cc7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_pwd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "4c0b1b6896dd42dc7ddd26bb572225c9", + "sample_size": 4424, + "sample_type": "Binary/None", + "sha1": "065efb7634692af8d62c60f9e908c3a89e5a9ac0", + "sha256": "02ad2080a8cd8929a926d773fbd0c1a7cb13615a4c1dcedf2e0847c7f1aea2d3" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "netrc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "e12379309fbd495b77dfed3d1624f424", + "sample_size": 5744, + "sample_type": "Binary/None", + "sha1": "f5491a08ccdd8d75bc4b9097a3e46d2dc7c38235", + "sha256": "904a6af2fd76ad9e2a867ae4ba3ceafe426463438cdcd4085c14751c86e014c0" + }, + { + "classification": "MALICIOUS", + "file_name": "test_uuid.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "c4477e89de3fb84d7ec44985bf1fbeec", + "sample_size": 41840, + "sample_type": "Binary/None", + "sha1": "e67bf563b4b0c63e72f43616ce56e00a51e1f13b", + "sha256": "713f2e52b1a036a95d5304a15c35a8b21ab97893263fe6eaf0d4930bc4be4b5b" + }, + { + "classification": "MALICIOUS", + "file_name": "difflib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "ac87c7694a4af8dfb3573b511790b975", + "sample_size": 85400, + "sample_type": "Binary/None", + "sha1": "626bcd00e32315545ac031504483b14715ebf5c4", + "sha256": "1edda22f5f711c48f98606ab259e5ed6c3804e9edfa7b7b3f91288b94a5c4e97" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_ucn.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "82779106573c832f69d6546f59e680b9", + "sample_size": 10008, + "sample_type": "Binary/None", + "sha1": "95a62197f64abb4c9c24237cc1b09cf90418a136", + "sha256": "a00a40b67ef5ea10737d4f49668c2209291c1a65158b8107d69abe9259b0f42d" + }, + { + "classification": "MALICIOUS", + "file_name": "_strptime.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "51831ace09258f406a8f1994b3ef7e14", + "sample_size": 25896, + "sample_type": "Binary/None", + "sha1": "ed39f797e5a1940992345b4117792d356e0478ed", + "sha256": "d9fcc382755cff81e058bddf09033f1b5d8369b7875e303a1751da8fb766f433" + }, + { + "classification": "MALICIOUS", + "file_name": "test_ntpath.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "985eeaea91050ac80677cdc970b0bc45", + "sample_size": 36752, + "sample_type": "Binary/None", + "sha1": "008c60cfec0c7cb6c73d1114edc7acee5b4d872a", + "sha256": "fd1ed6f8d3cc7297d75d90350c6697432e583043b0df1aacb3fa96aaea4ca4f7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "md5sum.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "fcb51262793214cf78a0bccbe4198aed", + "sample_size": 2648, + "sample_type": "Binary/None", + "sha1": "96a89873d6f31a9d19082ed54d28ddbf619d94c1", + "sha256": "989d1e45d29fb82b161271fad2dfa6ba0e5b44c62e86a373017823458ae4c7ad" + }, + { + "classification": "MALICIOUS", + "file_name": "pyport.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "f5b36e69fd60d45f0f07ba9384803a09", + "sample_size": 32192, + "sample_type": "Binary/None", + "sha1": "fb37113e3203090e1f4253b29470eb60a7bc93c3", + "sha256": "21436f22befed7eebe016fdb398aba2f113dcb94526a8e817930abe7493c100f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "runpy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "9b51bad4bb5f07f144a5b6689da69489", + "sample_size": 13448, + "sample_type": "Binary/None", + "sha1": "cbba87749bda3b85156dc3eb757e1d9c7d02f4d8", + "sha256": "de1b808512c20b83166bf7ab193765ad8ba2da300caa079493562aacbde86e65" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_poll.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "27b6e21d3b6dc2ec9345d2cd10b6b7d0", + "sample_size": 7624, + "sample_type": "Binary/None", + "sha1": "36810d287e09ec9054705ee40b5d29685690c927", + "sha256": "6e9c51727515924e56d3e9800a9e3e196dc3b49ffd2d8060ed2d312594d2da49" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_nis.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "cf6e2d92951bfee6602764b29b30da6e", + "sample_size": 1232, + "sample_type": "Binary/None", + "sha1": "606572de67046389d69d2aab3523276fedcacb45", + "sha256": "337aa5edbd2d54ed5bbec3c668cdf1033576f01145dbf631961327211dd1ee30" + }, + { + "classification": "MALICIOUS", + "file_name": "util.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "md5": "af238f030b09f47ea71f0047e4ed6663", + "sample_size": 21512, + "sample_type": "Binary/None", + "sha1": "2185bfabac49addd02ca3b10c67c1d1a5dc0c1f9", + "sha256": "1d6f298e7b7e60a8a28899aea3af53b99a2474baa899a2847c471d0f863906b5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "reprlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "13f7331049c6748a92b2514147c0e246", + "sample_size": 5472, + "sample_type": "Binary/None", + "sha1": "0af04dfbdcea61da17b1374a3489c6f01de1e9ec", + "sha256": "dd69b855055aea741acb67dab31dae937cbfddf43413a8df234015808a5c9fba" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "bad_getattr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "aab66c0b2a30d430cfe4d8a4d3b2ae90", + "sample_size": 104, + "sample_type": "Binary/None", + "sha1": "cf92ed8a4489ccfeeb3ae600b2d7c0becd8e0557", + "sha256": "d56291a768f1e340e9bf053f550ab90275376963e79399b002aa30031cfa8984" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "serve.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "c1fb7f6b390dee9b71faacad189d4bfa", + "sample_size": 1304, + "sample_type": "Binary/None", + "sha1": "531901b0dfe99db9673a8ce6086314d34e57722c", + "sha256": "23d5441583a5b560e51ce9b5ee3da7ea945d0de289549bd17a93eaef0920f85d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "peace.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo", + "md5": "798b5d0e97480ff2cd565172d8d9f97b", + "sample_size": 1168, + "sample_type": "Binary/None", + "sha1": "4234c25f2bc8bedc20711e9579ae9eec17b23611", + "sha256": "e5b699eb8b4f5c9393ae0e8ed0c1d159fc5f5b5aef3a78396a89058714316afb" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_epoll.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "e6b5a89b91e830ec7f72085cceb14472", + "sample_size": 9656, + "sample_type": "Binary/None", + "sha1": "1a041df4be1f9c1e3de7f84d57817738e3d5c272", + "sha256": "890761fd71b04c0ca9861d4a87fc20081162fb43f8bf3644608ffa3bd9ecbfb0" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "Python.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "46f52455174838d02cefc46dd12eb146", + "sample_size": 3728, + "sample_type": "Binary/None", + "sha1": "769b22ae0189506b31611d6f0048e18762aceb6b", + "sha256": "c34db47202cf3d12f0558fe5740622e6ceef1eab48260e2a8590539a19e3189d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "symbol.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "8442ba218685a92985e6569aaa26f942", + "sample_size": 2440, + "sample_type": "Binary/None", + "sha1": "f9cb4f776361fecb26ad065a50b883ab3075c0ab", + "sha256": "6881f6da9d41da5d2b60f649e7f70023688d652038469eae5a850d44c4fb7d23" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_timeit.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "66a4f2418808aa363ecd59afebc2696c", + "sample_size": 15584, + "sample_type": "Binary/None", + "sha1": "840291da49c5b32edbbe774aecedd5d98e5a75ef", + "sha256": "01e64f66c14f9e5a7d661b816663bed52dd1a27d71cd20877e42a58cac8f82b2" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_uu.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "ce0c7e3fbf8455e0a4118a4282aefb79", + "sample_size": 8512, + "sample_type": "Binary/None", + "sha1": "c25d9911970d3151288d7e63700a650f3c7bca0b", + "sha256": "501a9051e42a2362c830e2c3df67b600b74a14e0840ba3e650be605f3bea8b8b" + }, + { + "classification": "MALICIOUS", + "file_name": "test_mmap.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "4d3694fb379fdf697cbd8919ff0ae84a", + "sample_size": 32464, + "sample_type": "Binary/None", + "sha1": "6101c6124a772f45001ddf405b433df4d87b9a73", + "sha256": "2fddca12b6d5294bba9fe9a980ed455f78defdab8127ca0f5862233619080797" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_dtrace.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "13ee7158909f86a9115a4c446efadfb7", + "sample_size": 5472, + "sample_type": "Binary/None", + "sha1": "73fb098668378ca9a6512b47d53149a55acad598", + "sha256": "257f1a9986b438da783721da9b9b14cdc6af5f1b732a3d82fa903d01e316fd25" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "keycert4.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "3ff51c878947549f996a42a8a68cefee", + "sample_size": 9664, + "sample_type": "Binary/None", + "sha1": "945a1c5b165eac28b2a4ab769bbad1cefd54cc82", + "sha256": "7abf1c6adefbc9d18944f52a66fc1d0ae12985a9e712a74513f1d08ea2473fe6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "numbers.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "2d71b0cc769f50ba633f49d59e5147ca", + "sample_size": 10768, + "sample_type": "Binary/None", + "sha1": "e13bac5e727c6f421fb0ae90f4d7cb05c27867f0", + "sha256": "21d4ed53768924090d3e675409d3b180863162d0fb0d3e44fe4ddd44525fe091" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "allsans.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "7be9b62b4b42b1bdf343d7cffacb0a97", + "sample_size": 10312, + "sample_type": "Binary/None", + "sha1": "f40419374976deef55694b1fe530ba78cfe20ac8", + "sha256": "c18b08c89776ed699b3e756ae26c9010598e81780862ef1dbbd3c5172e2692a2" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "formatter.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "761b6e80feca5d78cea6538698a6805a", + "sample_size": 15632, + "sample_type": "Binary/None", + "sha1": "73bb241894fa18288eccfbf599da84a1b520eadf", + "sha256": "4bd4e0204231ffda2421bf5099eda1ede56fba06bf21a3b82bb0f030602d4764" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "TODO.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "911a5d127af31a8089ec19766fe0864b", + "sample_size": 8728, + "sample_type": "Binary/None", + "sha1": "5924193c99876cc360e1a6d9e628a02a393e073a", + "sha256": "2b7b7d73575b69bc079326c383ba48e14a716206d2ea2658393572e340a20643" + }, + { + "classification": "MALICIOUS", + "file_name": "test_site.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "caad29ebaa49e0b074c58f9f975dbfff", + "sample_size": 26512, + "sample_type": "Binary/None", + "sha1": "61ac0c09960b72b6528e142c9c81f4a06a350990", + "sha256": "222cfbc6a230e102101fc132d7e624e220bdb3a675e5c43e7d1addaf2c7269e7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "fileinput.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "09ba580bd07b25e7bb058898264bee7d", + "sample_size": 15264, + "sample_type": "Binary/None", + "sha1": "cb1b73504268c288bcc63f4ebe682a70062a3da2", + "sha256": "abb6758aa6920ba1294224cca033e005eba55db6ecd9b645e883bf789790e628" + }, + { + "classification": "MALICIOUS", + "file_name": "test_clinic.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "bbc679a6cca808b2e61fe6eba627078f", + "sample_size": 22888, + "sample_type": "Binary/None", + "sha1": "af7f8c29b8b9413ac9042f4eae1ce74d68925246", + "sha256": "e01f668519a4f2acaae62dd4aeeb402b14405a555b67f7b04d28514bb063e0bc" + }, + { + "classification": "MALICIOUS", + "file_name": "schema.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib", + "md5": "16889e99e43167cea23217dc74c47d76", + "sample_size": 82624, + "sample_type": "Binary/None", + "sha1": "a1906063991b3dfc0476b3b47890c9b26f141a75", + "sha256": "9057307749f2109386d11d8c13e8ab82b0270cddc409242d0f7c8f041b1cfc4b" + }, + { + "classification": "MALICIOUS", + "file_name": "ipaddress.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "fa6e4e69437b1981151022ec34442eb3", + "sample_size": 76936, + "sample_type": "Binary/None", + "sha1": "fc56e2e8d559c7cf1a97955b5ca565d21bc4acd9", + "sha256": "e67b97b4122c5c346e75ae8c261e4e048d7297b1ebaecbdd64862defd09d2d8e" + }, + { + "classification": "MALICIOUS", + "file_name": "_osx_support.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "3630c93ecc68fdca0bccfd410fa81dcd", + "sample_size": 22392, + "sample_type": "Binary/None", + "sha1": "2936c31ce52122908e78909d50f6069868aa8edc", + "sha256": "4aab2db84316a0d3eb8f57a3cc74b0c048deea3c582154ebf3a6157f6858e2c5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_abc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "dcb493d8cbe8c5adac0fd33527811c8d", + "sample_size": 20416, + "sample_type": "Binary/None", + "sha1": "009e49bacbbd8cc737c9aced1c1d16de181baed2", + "sha256": "03f2c13428d73da63c7c35d6c39ecbc33a8c2d43a90eeea8de0449b381ea504f" + }, + { + "classification": "MALICIOUS", + "file_name": "warnings.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "bafbee4d7e8522eca0acf66dcf080ab2", + "sample_size": 20280, + "sample_type": "Binary/None", + "sha1": "ff57a13d6868c43834c3bc8e189defe4a353168a", + "sha256": "50752e70e762aa62639df374df90b70fcd6d85bbaf72af2811ebd8153f7f405a" + }, + { + "classification": "MALICIOUS", + "file_name": "test_cmath.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "eef3fb2240a3b27e05fb46c10a69f2d9", + "sample_size": 25328, + "sample_type": "Binary/None", + "sha1": "bbc3d018f44c74d693135886feae23b598d258f2", + "sha256": "79643d366051aa27f142d9a43d1fd3e8a518db3bcb59da38ade7a30311eabb35" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "complexobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "5f4752edfb601a17dc88ab53e989da4f", + "sample_size": 1912, + "sample_type": "Binary/None", + "sha1": "a300ae5e72784939b8a151173aae793543d37e56", + "sha256": "35a07e579eeffafc96c4a59ad7e9890f5d79b2089135e44471966d2f3ea40812" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp1006.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "fe959ac1cd8bd302b87cacb7a993061a", + "sample_size": 13912, + "sample_type": "Binary/None", + "sha1": "3f8403e7f5a36982084f19aaaaf2fa14fc7647f8", + "sha256": "757c496bce358e2f6afe63f3d0ebbb88803b2fd308dc8a4d184b6d1087505104" + }, + { + "classification": "MALICIOUS", + "file_name": "configparser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "4b30dca69595b76e5dd88e0f10a11774", + "sample_size": 55992, + "sample_type": "Binary/None", + "sha1": "7edd70667e09ea5b4bdcac16d6d325c1106639f0", + "sha256": "a2ce23196318e68e4e94771243ee5b7e740faee7c4289fd730fc44904e5e4895" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "msapplication.xml.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940", + "md5": "a1948cb7ca07338189b0b41ab9d7e329", + "sample_size": 416, + "sample_type": "Binary/None", + "sha1": "a8c4c10b479e7f43d01d3753bed9e72e7ccb4307", + "sha256": "01c861d441f5140db8594622ff2f1673e6199f5881475870229515655f6a7660" + }, + { + "classification": "MALICIOUS", + "file_name": "test_curses.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "ae2a3efe91201eb230562acf8f5e5850", + "sample_size": 48736, + "sample_type": "MZ/DOS", + "sha1": "6aace8f340abdb4e2abb8784555207704b5a39d7", + "sha256": "7c8174e994eb813c6c0dec3bdfc008d674bf47bf7e645d766f38cb95492e9b53" + }, + { + "classification": "MALICIOUS", + "file_name": "gzip.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "613ddeb33487b303fdf99e8532ac08da", + "sample_size": 22424, + "sample_type": "Binary/None", + "sha1": "1b6203ab0e58de99d361977c489be2001216b53e", + "sha256": "a86576e8557be61800794e4662ad69299042501ebe400e8d45f8839b87564f29" + }, + { + "classification": "MALICIOUS", + "file_name": "codecs.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "c41b7945e58aa82086ef6abe3baf7e8e", + "sample_size": 37840, + "sample_type": "Binary/None", + "sha1": "72972802b935fd94197a8b631d66f2a046d4c9b2", + "sha256": "1f966a5fa6d713ce395cc31728b03b6a181adef0406544247ecc7209ae1ad1f6" + }, + { + "classification": "MALICIOUS", + "file_name": "cp852.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "6cd466799e2d09bb67e52e165ecfc13e", + "sample_size": 35744, + "sample_type": "Binary/None", + "sha1": "2f7060a32baf3276af7f6532e8bb77018b28df3d", + "sha256": "aa295286aaadb11267a22447e7a8dffba7909567c2a4f6d15d3954c47ca2d836" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "secrets.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "67fe873044660b749ecde0ba02326f70", + "sample_size": 2152, + "sample_type": "Binary/None", + "sha1": "c8e0dd8bfdb151212049f4b5cbbc61db61acd2b8", + "sha256": "6da9c41b0be537ffe5da75e94ecbca17cc9e15605e7a59526d5d011a0ec1a79b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "keycert.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "08ae4efd79b02593151e0f95bdcf7225", + "sample_size": 4168, + "sample_type": "Binary/None", + "sha1": "548ea5fea0b25fe637e60e42a87df05c61eb06ce", + "sha256": "9f15c9a3c48f9f36f56e0062e2aec1362c3250ff4bc508ca5212d2f532afa77c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "badcert.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "b59225f9ece54cd3debbe544cea38594", + "sample_size": 2008, + "sample_type": "Binary/None", + "sha1": "eca2a81b919ccae2cdcac97cc442769e108ecedb", + "sha256": "f0a1451910c6f017a5aa88eed219bfda5bb775fe796021de46b573b572d97aef" + }, + { + "classification": "MALICIOUS", + "file_name": "feedparser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "md5": "7fb7399a4284a8b4b052c2d245ebafea", + "sample_size": 23360, + "sample_type": "Binary/None", + "sha1": "f914b142133e8072232b7004590f5864a4a1d36d", + "sha256": "d615a8ccee220fcd92c24ef6761b1bbf9d0ec0bb8e7e7e4b1cc26b5777a828df" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_xdrlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "c24c69c1460cfaedc750612b51887d6e", + "sample_size": 2344, + "sample_type": "Binary/None", + "sha1": "c1a7c7b09f22bbbe3c4fbaf0e7167d6f0d363ec7", + "sha256": "c19489e7862a221bd730c043928d408e6c6d73468eabd4823af6f76840d24b5d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "kz1048.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "7d3a05eb1819a6b8e6681c10930109b9", + "sample_size": 14072, + "sample_type": "Binary/None", + "sha1": "906abe52aed82f0b92a6eb49ac75107ba6a05ebe", + "sha256": "7edb243634918ec16ea63fc6193ef0748490b0fa02b2d75447a0568359518b27" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_idle.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "bdf1565e7eb9afd5d1a06687279b49ac", + "sample_size": 1072, + "sample_type": "Binary/None", + "sha1": "4800ae11a3430796ff69db0835afe35708913f41", + "sha256": "c005cb6e258bfbe98e5adf7c8e38fcce9d642833046429da797b5e399f5ac922" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "csv.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "18f507bee42feefb49ad2b9819007a04", + "sample_size": 16632, + "sample_type": "Binary/None", + "sha1": "a94125b1b48f47c96c4759cf44989068c9d74c9b", + "sha256": "e3335eab94b890e83cb7528c17e0477a547d79cc91cfc2909b23090ea9c840d6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "operator.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "456f61450e22f9e06dada81524d4d87a", + "sample_size": 11248, + "sample_type": "Binary/None", + "sha1": "dec421328bb2ea5233a6f8275116aea310aeb02e", + "sha256": "0e1218d801db5840b384d028d1b54b8c3dbcbbd4a3c5bd200f5c0f25580b0147" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_shlex.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "3be3375b1aa18e8ab306f82e4ac39310", + "sample_size": 14216, + "sample_type": "Binary/None", + "sha1": "47ed54f0537dcfa92a50380b804d185061ac2215", + "sha256": "10d97cd751634c7ce6c0f64ab8f108a5eccbc10207d696ce718cd16b1d4a58be" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "eiffel.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo", + "md5": "428f641ee77363ff4bab3fbd88202908", + "sample_size": 4096, + "sample_type": "Binary/None", + "sha1": "898e4232f06f8b47aef01ff3672a03d10ea87a4b", + "sha256": "af9d9537a2d29494454ee776cee486acb28416c8eeb5b9b91c9f286a822c8dd7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pythonrun.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "232e9419549781cd07da0d9c6ab44ab3", + "sample_size": 7928, + "sample_type": "Binary/None", + "sha1": "4ecea3b7fe916cead3b257eceeef0e22f2bc21db", + "sha256": "5173d5da46f13a5185f98fef65c812d86479fc67f38ff4748b1e16c012b8c11b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "util.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes", + "md5": "fbb1af8234ae7d455a41e7d168899a68", + "sample_size": 14296, + "sample_type": "Binary/None", + "sha1": "549d202daba3ef470abd2530f2230276e28144c9", + "sha256": "24cc4d3267e3429281fa0f5195e3d68e3e288eed883ca25b3e956a5b57aa0b3c" + }, + { + "classification": "MALICIOUS", + "file_name": "test_pickle.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "0ea9581b0d33a015f157c2cba09f8afd", + "sample_size": 19976, + "sample_type": "Binary/None", + "sha1": "76e0f893d8c97420473fa4fd986460d2f0428c65", + "sha256": "fff0ec1d24d18e364a2ad57dd167d901ac9443522f28af0ee8c3996dd16f6f60" + }, + { + "classification": "MALICIOUS", + "file_name": "plistlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "35f42906126c7fe8e095a27680c2ff76", + "sample_size": 29192, + "sample_type": "Binary/None", + "sha1": "44adcb0d63d6ee4d131fbf8b53abafde94dc6e29", + "sha256": "39a5a853d1607b80647093db77995014949855a68b4349e05991e8d7fde527cf" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "fixcid.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "784de6f0a7e2e656b0226f2954b73071", + "sample_size": 10520, + "sample_type": "Binary/None", + "sha1": "37af98fbf444711019b4c8dad0d05006bd42b0c0", + "sha256": "3c98dee435faec13def58d8f24f329907672fde6311ff9db166abb0300335f1a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "Grammar.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "md5": "a65a007c963d2c51b4743b6b1a28494d", + "sample_size": 8936, + "sample_type": "Binary/None", + "sha1": "263003accdd46f055306f48c513e513947e6fd18", + "sha256": "cdff580c895d6d810a034f12cc911e79bd3c8b57c04eba6daf1729785cadf61e" + }, + { + "classification": "MALICIOUS", + "file_name": "mock.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest", + "md5": "9ae2ba358ff3c504d4979f533fad45de", + "sample_size": 102152, + "sample_type": "Binary/None", + "sha1": "873a72f86f6d542ff3e0be0e9ab041658eed5c8f", + "sha256": "fc3ae5358df9e1ed546b161ffb9a9a20096b5ccde92d1255d8b4161e8cee931c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ndbm.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm", + "md5": "eb55b810c9919a8af2b8f7a723020c59", + "sample_size": 112, + "sample_type": "Binary/None", + "sha1": "19edbdab9b21d9a6a3e6549bff29b33e1b9af358", + "sha256": "15a8ef152162f5a836a658a1bd6b8d18748e066dc281b1b8a2ebece544898d29" + }, + { + "classification": "MALICIOUS", + "file_name": "handlers.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\wsgiref", + "md5": "b71025ad1d5e8c1b0f52e5147621b30a", + "sample_size": 22280, + "sample_type": "Binary/None", + "sha1": "c9dff191a98c2b4f89c1039b3fff4156d83fed84", + "sha256": "35522a7d1b1a3d175a51bdb78907dc56aa3effae12225cbb3850eb4fe05937c9" + }, + { + "classification": "MALICIOUS", + "file_name": "tarfile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "2025c3c3f53d4821feac543eca335f0a", + "sample_size": 97776, + "sample_type": "Binary/None", + "sha1": "adb8c2f11aa09860b0fd298dfeb83e3b690eee8c", + "sha256": "7283cb47bca324cc649ebc236b87aeb01c5f8000d2562ec538597cf089b5e4ab" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "osdefs.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "147bb6d0cb61efb4d8662f3b51eb5080", + "sample_size": 832, + "sample_type": "Binary/None", + "sha1": "89e00fdf8bdde8f81aa59b9846b58b4fdfbc36a3", + "sha256": "2c7196859729fd65a703c224dce2ef069002201e8128347b0a2d52427b28e380" + }, + { + "classification": "MALICIOUS", + "file_name": "case.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest", + "md5": "fe0c8bc641812106c52a8c717591a71c", + "sample_size": 58640, + "sample_type": "Binary/None", + "sha1": "0f9eb51d45f6be0f0cb6d56dc41384db040f71d2", + "sha256": "ac2c2d3b3de55a112db28242d6264d06f06d206856081d43cd5c71ab9d593185" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cellobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "44d432dcb10813c2c4a2981cf1b1ce78", + "sample_size": 784, + "sample_type": "Binary/None", + "sha1": "a0b388492945a77bb363452942c18343249d3785", + "sha256": "e6fe40ab6ace2063b0fa054f54125a3ce8385c39c547ca3acf9190207faf6ae4" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "tracemalloc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "a1e6893c2820f121cf4fe7ca6f0587bb", + "sample_size": 18648, + "sample_type": "Binary/None", + "sha1": "aafd6ac88f5df11bfe3b2f1c40dc2e6bef81ddcc", + "sha256": "c9535daf4b02183b97d6086237c1367088be0adeb83911ffd302d988ba0e531e" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "eval.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "98cdf78e94bbea864d2d6e33fcb91450", + "sample_size": 1288, + "sample_type": "Binary/None", + "sha1": "1dbbf331114cb9d0c672646a916c4174ff2f06c5", + "sha256": "b8925a659b92611f15a77cbd3bbc386d6d46ae571325d2818b3f4edca9a2506b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "md5": "6108f9e4e4d7aec582ee7a6d338c8794", + "sample_size": 1872, + "sample_type": "Binary/None", + "sha1": "98db0c1c6b2f6d77242c6ae8d8cef13edf7f4adf", + "sha256": "c9f6a8b332b4bd23b1e67502c78dbe7631ac33f7d472b77929dde5aa677d9a2d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp1257.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "007ce8c277b7b74830886a1c0f6fb653", + "sample_size": 13720, + "sample_type": "Binary/None", + "sha1": "6a3042a8c0d657d6bf36d2b34a2bbe929ac86199", + "sha256": "08eb8b6f8648d7db1c7032256295ecba9761efea8628bacd65c626139a8ebf14" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "replace.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "8e680f68479554c0834f3a118272d847", + "sample_size": 10144, + "sample_type": "Binary/None", + "sha1": "51231cad7b65fee330e81f1e2a6d2c4616f76457", + "sha256": "66953a4bb442476b68b308231ba7eb6be38ed3b7534a9a0890a4181b736bfb37" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "_common.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\zoneinfo", + "md5": "d4494a7c5b6511f43edaca16d44ba133", + "sample_size": 5528, + "sample_type": "Binary/None", + "sha1": "90b5d1a1996ab126cfb4c0c948653fc15e019c64", + "sha256": "66cd9802d30e435b734f444b66655b34052d9ded98d769a8df2fb0b80e68989c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_slice.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "569f76a5c3e709464022d22e272889ee", + "sample_size": 8744, + "sample_type": "Binary/None", + "sha1": "56426d38f3bf485f6414198f91063e92e9e53413", + "sha256": "7d74e39d40e666374cbcf193fa3437ea61e85002bde8ae27c5cb7bda8cf9ac93" + }, + { + "classification": "MALICIOUS", + "file_name": "ast.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "21be9ad49cbab31bce530ae611676db8", + "sample_size": 57816, + "sample_type": "Binary/None", + "sha1": "f2c7ebc41bc02a0e64a75e14f6af0dfce535f8a5", + "sha256": "37303936a6ecd34b08c3a85b4ddd330ca5993917f5f74b8448db66cb8ce679e7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_wave.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "62bd3bff519f8350c668e198b952a02c", + "sample_size": 6904, + "sample_type": "Binary/None", + "sha1": "0715e75f8b2a03d077c926c3a14b60482994e813", + "sha256": "71a42747d4341bea19fe1b46c0eaaf2e519642cdf463cca492b71631c838ec6f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "string.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "95721cb5004e7aa8f53edf36ec21ac0f", + "sample_size": 10888, + "sample_type": "Binary/None", + "sha1": "b94d0c84b67ca661c313c498afb072140086fd86", + "sha256": "a1e9dcbea07812aa7de6871301bfa08ad13aeb56be87fef0e01ca07b9630c405" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pystrcmp.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "ae2f6f4333fbca051f2394d7f5f85e02", + "sample_size": 496, + "sample_type": "Binary/None", + "sha1": "7b3adad73f1f758b31369ffa5f3b251c5b3afcc1", + "sha256": "7203884875f33c890f3d17dd20ae2d3566bb020689c9d83429687dfe836123ab" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "_endian.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes", + "md5": "45a53aadf7c0c0626082b8dd4bb46e37", + "sample_size": 2104, + "sample_type": "Binary/None", + "sha1": "b5fa6c42bf0109bca6237ecf943e8a46bd6f2e91", + "sha256": "2721d4865ebe0cfb24edc2279b717d0b2ddcd1d5aaf624db492e27e13398e6e7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "queue.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "bcc03246744b38e7a0f73300c1f42870", + "sample_size": 11864, + "sample_type": "Binary/None", + "sha1": "adb2615f7ef1b39f6bfd89397c6ae751167c81a9", + "sha256": "445df1e324dfe5f7c700997d917d6e9557be38152b2e3f5efe2d756dc3445801" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_popen.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "26b6a9e8c77222de31e32551f25cf721", + "sample_size": 2160, + "sample_type": "Binary/None", + "sha1": "729c819b73b73b64de6150e30b42a4cb48e01a91", + "sha256": "21b9c41229eccee417565cce40b8f3341a9fea153ebca77bf7ba5f11227558f0" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "listobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "d98e418bff0a138e2ede1d55954f49e2", + "sample_size": 1872, + "sample_type": "Binary/None", + "sha1": "ebd52182215f21aebd3fbe16d9ff741ca0fce936", + "sha256": "5bea23779b2c59220cde0cb273d97b79248b6e7cc4c8ba56c324c9579d93f6cd" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_wait4.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "7d560d245d5104bef367780d4bb70dbc", + "sample_size": 1272, + "sample_type": "Binary/None", + "sha1": "168db583d9380e68d24f28ecbda9e1bc91d6cdc7", + "sha256": "4dafd3c907c25e79098eca1bf92edef0d1d6a97f9f46229759c6eac64aac3260" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "tabnanny.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "347b82b2847137e546b503e01a1ce36e", + "sample_size": 11784, + "sample_type": "Binary/None", + "sha1": "46df1885168b384e4719a4feeb04f2cb800055c3", + "sha256": "7102a59f6c2a240d8fde7a18a8e83e6fe4893a9e9e621be9aa4b31ea710552b5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ceval.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "53cc7b7ebe1b9438c5c076c258d4a91f", + "sample_size": 6160, + "sample_type": "Binary/None", + "sha1": "13466c2a9bfc43ce832c4f227e8e4b9a801dcbe7", + "sha256": "177e80eed57511319fa8b1a7dbf9dccc17991005674ce6311efde21124d9d1cc" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "filecmp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "6b296832b511dca2d3872bc3b4a04af8", + "sample_size": 10376, + "sample_type": "Binary/None", + "sha1": "e4ea237e95fd6d50207837aff3608d8e698e9b13", + "sha256": "ada29e694d2da6f848e9ed0b6844d441a1d020076fdc6cbef1411101867d832e" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_pipes.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "cfe9b01c2ca47877537907764b3a6cfd", + "sample_size": 6952, + "sample_type": "Binary/None", + "sha1": "27d009ce9863cb81aba14b569b4b97cb16bf296e", + "sha256": "8d1154f7e9f94aca5296e6109e79c41bb589648e9292f12451ad9e1b4d5b70c6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "rot_13.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "84b2595bb47d92bf3aa0502f453d08db", + "sample_size": 2600, + "sample_type": "Binary/None", + "sha1": "b8d1ab8cf5c905dd85e01a3bf655f5006254251d", + "sha256": "fa933dc25a340ff61eae7f48ea6d0d4dc3266f6b7ddd9cae71522fac0e16e260" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "abc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib", + "md5": "dbaadc0b2a6f529a20ebe1f817bd112b", + "sample_size": 15440, + "sample_type": "Binary/None", + "sha1": "62227329a3fd2bcd6f60ef1f5a1159becdca795a", + "sha256": "c7b8b96d086f8a85cf1aff6006e1c81cdd32f109d3f4016ebb4d2bd85ab724c6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_pstats.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "913857301f85d49a5fa983bbccb48870", + "sample_size": 3784, + "sample_type": "Binary/None", + "sha1": "ea1472efb0e126b72229b3203e919cd6edaad04d", + "sha256": "c7936ce1bc3d8dd6d4403f3502dad12e048cc9b328864d6d994f9ceb8b99db38" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "symtable.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "93b677a3471b1e0556743eb3850bc5c6", + "sample_size": 5472, + "sample_type": "Binary/None", + "sha1": "4f042f89eab4235d886d14a744551818aa062ce5", + "sha256": "c9f628c1a8b089c0edfa49d2fb87ede13d5ed903f3425d15662add850dbf3049" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "decoder.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\json", + "md5": "d9d8ee040854d1541b1902694c78770b", + "sample_size": 12872, + "sample_type": "Binary/None", + "sha1": "77635994701cfcd5ded2736abc41f0fb332a8fbe", + "sha256": "37a3fae51f8c628e28043607c5a55a19651dfcfcbcf05867fc81909d70576f21" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "panel.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses", + "md5": "b407b84fe419a3e623f3c345fc32c7b9", + "sample_size": 136, + "sample_type": "Binary/None", + "sha1": "353c56f782198e0431bf1750fc16e5c6c473fcbd", + "sha256": "2eba029733b728e685915b99bc54c017f70278342f2c85b0174a83fbc1897c89" + }, + { + "classification": "MALICIOUS", + "file_name": "debugger.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "801973c054e4684cd39dac1ebeda5093", + "sample_size": 19696, + "sample_type": "Binary/None", + "sha1": "dbf4762979aa891ecbf07b15ac194e948f97ce42", + "sha256": "14a2389af8bbf686ba9e68fbbb64338bb9c7a5150ba8bbdb1195d1b8c793fab0" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_thread.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "ef25b439c9374b85aa6a31938922a716", + "sample_size": 8936, + "sample_type": "Binary/None", + "sha1": "61b6f2989df64e0061f1c4632517853e539ef8e7", + "sha256": "f35d267ce86ae3c7af2c48c0a2a92ee1baf62bc423e67ca7b257bc0220fb2b45" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pymath.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "3d66b0d6c2412c38c274096f7e6e3580", + "sample_size": 8856, + "sample_type": "Binary/None", + "sha1": "54112bd964ca4b01f30d001ea235d501edadf888", + "sha256": "96d5401e38762acbac297d8ea34ade3a0b9f1b36f887bce65cf54e7a3b562ba4" + }, + { + "classification": "MALICIOUS", + "file_name": "header.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "md5": "ee29df90f4eb62411922f426058c528f", + "sample_size": 24720, + "sample_type": "Binary/None", + "sha1": "2fd1fcca743851036653307068db66bc042b3393", + "sha256": "179f22c0554c488993758edc819f1098db91909087a6537ca2a2ca14b71f3923" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "base64.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "0631e66a08401f6fd8919e0722a23260", + "sample_size": 20480, + "sample_type": "Binary/None", + "sha1": "4127bf098fe896d591c7d431f9abc5579969d1b8", + "sha256": "c937d294cabda9321bd037fe505d1458a980003d595842d0c010159893543366" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_dbm.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "00b04cb11a54050d0bded60b7fd7d645", + "sample_size": 6456, + "sample_type": "Binary/None", + "sha1": "ca0c405a34f122f6a7f4d7e103597b4a3a139ba8", + "sha256": "a690e5ce7c6a903eaa056ddf3c0631fa45ce43b8f5c0736666cea9e57775aa93" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "766da2c6798b190b7d963cd07894980d", + "sample_size": 448, + "sample_type": "Binary/None", + "sha1": "c258e3482c6d5738bbc25441e9fd2ca8430a05d5", + "sha256": "9eab7412cd335f727689709ec1ada8e9d259194719ae4b80dadaaae2abb740bb" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "koi8_u.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "fbd6073090e688339a45a6a99ea2c26e", + "sample_size": 14112, + "sample_type": "Binary/None", + "sha1": "934303939601a9f26de5ac62ce5d3f3b81fc2731", + "sha256": "079feb31b7e34b1f9677cd84cdae88c044fd53b7d1b3f93ad91c1455cf98b85f" + }, + { + "classification": "MALICIOUS", + "file_name": "profile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "e8a1bba7eebf72a968ab8c71e1d056de", + "sample_size": 23520, + "sample_type": "Binary/None", + "sha1": "b8ab5269b04efb0edd6d75aa4929c855ab694a56", + "sha256": "97ed5eb0d33671b7efeefb85d22375aa14893dcae94e04a7f853723c7674ce0e" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "glob.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "cfc2c957dc972f8392853f6113a085dd", + "sample_size": 6040, + "sample_type": "Binary/None", + "sha1": "9f73967fce9dfd1906cbc804a37b72c3c75a1c1f", + "sha256": "83b2ed1e5af2c7d0202b70a676348164661aa34072543a784b49ed51b8c3e084" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "koi8_r.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "c8ab92a8312e64a642620626efb2f4b7", + "sample_size": 14128, + "sample_type": "Binary/None", + "sha1": "893a7c7b59bd00a22f639dc7b17d4759389d1071", + "sha256": "955cfda1b6c1a463561c56ccefadd673cdfcf0b859532d717c0f64b9f6a1417a" + }, + { + "classification": "MALICIOUS", + "file_name": "test_tuple.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "57f43d7f96a9ba6ffde4cea81fc6ac16", + "sample_size": 19832, + "sample_type": "Binary/None", + "sha1": "5bb9aeb54eaebb67525a0372244a7bb1d866264b", + "sha256": "20d99f61eb0fe3c28cc375c25cda6a75e5a30e0a10975f58c0209b529768a32b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "structmember.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "17d5f8cc649e2838909c26a435b909f2", + "sample_size": 2144, + "sample_type": "Binary/None", + "sha1": "efd24571f96b7b86c0a9c08872e9009fc54b3c05", + "sha256": "c71f620efcf56e0cafd3a9576fc77f009ea76aba7f0e98da6f70720ed6c1b60a" + }, + { + "classification": "MALICIOUS", + "file_name": "cp437.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "c23de8e3508bb0145ced4e409cbb2e00", + "sample_size": 35304, + "sample_type": "Binary/None", + "sha1": "8362d6685b633f5e73e7ca048b074d00df31219e", + "sha256": "77e3338746a7b3b1899797c0bb34b9d5d6ef962c648a2d7eff235b076d45e774" + }, + { + "classification": "MALICIOUS", + "file_name": "test_float.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "c7dbfb93418f3df543e8359979169ff7", + "sample_size": 68608, + "sample_type": "Binary/None", + "sha1": "1987cb19a8057dfc459d70cac9ea0b7357c0aff0", + "sha256": "ce332a9270fe920175eebd155ad9187f89839548522a83ee83a8b3afebd32bac" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "lzma.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "071995617f04c552dc0aeca952da8517", + "sample_size": 13624, + "sample_type": "Binary/None", + "sha1": "b6a63d0846e187339d1f42294227622f64a9fe0a", + "sha256": "25d9ab8fa8b261e74a890195ef8e7e9480af1f412a23919192ca9556f9c39dc5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_poplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "61c510f0af2d4cae0238de0a987a1109", + "sample_size": 18352, + "sample_type": "Binary/None", + "sha1": "894720bee7de0186445617e662be7fc890893472", + "sha256": "8c4d559f617adb83bcb40d93d841f11b34b619ba721f4ca842f98f6f1bdbd56a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "redemo.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo", + "md5": "14bd7d7719b86ff0bb30118ec9c0a67b", + "sample_size": 5960, + "sample_type": "Binary/None", + "sha1": "f45bd83bc0f1e6ae51a377cf2e54de2a3427a963", + "sha256": "ee9ee581f3a1f2a08172a68def910d6a266f6ecd1dd79b07a3878e366aba7298" + }, + { + "classification": "MALICIOUS", + "file_name": "test_copy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "620073c56def16c3b96967d221f00b51", + "sample_size": 27552, + "sample_type": "Binary/None", + "sha1": "9f234e5b676896201c686165705a4fd53ed6a757", + "sha256": "bcd329f5932884b51af9bdda9a96584c63ef278a4c4a2d20871510f395ba9229" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "6aef86385eb595f3ec4505e72ecf0360", + "sample_size": 88, + "sample_type": "Binary/None", + "sha1": "592547a9b3e1ec7d4444e54e2a25b20c28b31d56", + "sha256": "0535510eda7b8edd4c128f8c35b5e391b0034538999b8074fb21c7558d6eb680" + }, + { + "classification": "MALICIOUS", + "file_name": "posixpath.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "6558fd4cc6a546eac0108939b1c74a4e", + "sample_size": 16288, + "sample_type": "Binary/None", + "sha1": "9e5160b0616afd097833e1a67470b34b1c932887", + "sha256": "befe7af1c70807efe190f278d561a42162aedd4d5e62d6b417a0c8ab2a84e7a3" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "clock.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo", + "md5": "72aff96b317a0b85e1e47bf3343489ea", + "sample_size": 3376, + "sample_type": "Binary/None", + "sha1": "0551beebc3d5511dcd6107e2bbc68c58136080fe", + "sha256": "f35f5f00cc0c88dfbc98646b8c23d45be897383a639757090979ad4f3e60d2bd" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ndiff.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "d2d0a62e7821de3ad17f0777d4541f79", + "sample_size": 3992, + "sample_type": "Binary/None", + "sha1": "198d2484fdd46e9724ba0fcc0b83040b9207d991", + "sha256": "bf778aee2f97f0d1102b350f48ad89e5735159efec54049746e3b5cf475a1fe7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "mailcap.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "74624605edb8c62732c3e368a83f3c75", + "sample_size": 8472, + "sample_type": "Binary/None", + "sha1": "521908d933ad77e3888491cf94d49352fd4ee1bf", + "sha256": "94e35986b8623d4c4eca21d13746b0a7c4757b6e80cf64d88e5aff164de520af" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "google.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "cee5028dffa1d03e92e5b2b3946490e5", + "sample_size": 568, + "sample_type": "Binary/None", + "sha1": "6665a43dbeb3acf28726b16c175d811bb6b26dfe", + "sha256": "6c317ceee06a7f11e9121a6681a9c227c1a4b243bbf949748d6ae04d5e68655b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "imghdr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "364830de676b260f64bf37ad4859dee0", + "sample_size": 4016, + "sample_type": "Binary/None", + "sha1": "dd920d8c06a92b7dd07d05d5de3b7d6ea2dd49c6", + "sha256": "8cb30fcfd58a6b7f030fe9b4f0868172bc39058bbd8e0fcde11905c41acf7f22" + }, + { + "classification": "MALICIOUS", + "file_name": "ttk.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter", + "md5": "8f34267757d882632d6fcb5ba2714ffb", + "sample_size": 58840, + "sample_type": "Binary/None", + "sha1": "32d182adea22b8792221a203515496c09573553d", + "sha256": "92e8c2f1653e6da58851c602511135ee38083bdcc32cce839b26fbbe070c31c7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "gbk.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "7a237c8f8dcf9f613eb1abe11d01a1a9", + "sample_size": 1096, + "sample_type": "Binary/None", + "sha1": "308291588246ccc1a94c5a647486d0e6eda9194b", + "sha256": "fb55c866619ce82abd07dde2b0dde759867eb6e5495066242cd9900008c3d49f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "structseq.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "b434f8c6536a58315a68e41acdf37f53", + "sample_size": 1480, + "sample_type": "Binary/None", + "sha1": "ae1316981b93d18f6b3498d76e66728608a05e40", + "sha256": "c93680ae4d27dc538fd1892fc0bb2fcafda9018d40cad8dbdb7fe466501d78ca" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "audit-tests.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "7c9f3e6fb2a6fc4c6efd468c84faf37a", + "sample_size": 10352, + "sample_type": "Binary/None", + "sha1": "c1b71a88b341c38c3b70b178d420145b0bea6c98", + "sha256": "6828086d3228ca2d44d3e8ef9969f590089fccd5abbf0d574854e738f7d9a917" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "fnmatch.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "4d091b8a5e7639e496dfe0f0a59216cd", + "sample_size": 6224, + "sample_type": "Binary/None", + "sha1": "4191d80475a399778771f8612037e2d345fa940a", + "sha256": "f3b6f4f1d555352fb7e4e03d4519f0fe96e77b4ff6233ad52c4c99cd34c6ce10" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "queens.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo", + "md5": "6974f8549cee36704585acf09cdba9ba", + "sample_size": 2392, + "sample_type": "Binary/None", + "sha1": "cc79324f56e2a0923d21a3ac192a6c48c6033730", + "sha256": "fcd12d593d051494a559f46bd53e7f72dea5bb834a8697aee400beba6d924a7a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "quoprimime.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "md5": "fd490a5b38b0a3a0c73ed2d1e8041b4e", + "sample_size": 10200, + "sample_type": "MZ/DOS", + "sha1": "6a099d1b9e8fb88bd4296cc384f3addb8d3d9df8", + "sha256": "a5c6d72f7c69becb278753abb87c06d7a74b56aaa06ae8aa59439a221e6fde4c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_codeop.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "e0bd2f349e09fe50241ca4e57567648b", + "sample_size": 8816, + "sample_type": "Binary/None", + "sha1": "f090549f923ad65f1e3960d8d65f41164aeae669", + "sha256": "03b9540d29240c42b42d24ed99f7c3af6da243fca5cd95fc38f145545afef709" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "patchlevel.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "d1ce3c47010e059d54ac797b058afb2b", + "sample_size": 1376, + "sample_type": "Binary/None", + "sha1": "abe19bb7ca869400031623a72d9f00dd2078c446", + "sha256": "382017c73c824badd623f3b6e63898852cfaafb797ddc490a514ff72485ae1ce" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "codeop.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "1932c60a57decaf1f915a5bce00fa37e", + "sample_size": 6544, + "sample_type": "Binary/None", + "sha1": "55e4f1e5bff75d05db1f37b546ffb4b0eef40c8c", + "sha256": "21e043e74ffe2d69905d36c91e126e82cd461d3bea29cdab046b3e1e62773b67" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_crypt.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "0cfaa91f08222757e5f5dc30da85c266", + "sample_size": 4392, + "sample_type": "Binary/None", + "sha1": "0aab8ce6cc23249875c30fb05c3dcb4dea953122", + "sha256": "5b68eee8549f4ade6783b72512ad0c1e0e824a77b28381df88641ea00efa8dab" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "code.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython", + "md5": "ed831fea262d534bf28f8dd3f3466f64", + "sample_size": 7192, + "sample_type": "Binary/None", + "sha1": "4437fc239f27a97a49f84fbab1e4f2773f9304d7", + "sha256": "8dd4b1759a29553c870d43f7283091132688e34a94591d45b03408c9c6c2877a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pyhash.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "9a08377d25ef15fec3158ea12b8f6f15", + "sample_size": 4448, + "sample_type": "Binary/None", + "sha1": "d5f04638044b60af265ac7fff93fa5f84c2cb8ee", + "sha256": "a97038bb1ce3ee27694a2530fdc4e0fc9ccdc1f94c42a1f66b2a25e7c25c1fb6" + }, + { + "classification": "MALICIOUS", + "file_name": "random.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "3491d1842035db52ba57f94a3037be59", + "sample_size": 32416, + "sample_type": "Binary/None", + "sha1": "6c5c6c6cbf166ec5ce5f72767fd62082d00fdd01", + "sha256": "d1215dc08bf0df8fc9bf8da9e0c79f1c751465330711c8466abf96e0bddb5dd5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html", + "md5": "a2f668c46fa323da7b05b86c793a2561", + "sample_size": 4928, + "sample_type": "Binary/None", + "sha1": "5dfd4482da5f3e3e16e2cd2c35e84cc2c50fbd6a", + "sha256": "9c6fd3b109a6b8cc7993c802a87058d40d40e45681cd2d618f7b9326af2c57da" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "zipapp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "149906e70db72e066109d9daa7514cb4", + "sample_size": 7784, + "sample_type": "Binary/None", + "sha1": "a8116e4dacdc047a9408fd63615972fe8f6fcb8f", + "sha256": "07e0247f142e83db698a8c2e6826e7310e472b29af091780e0dd3ebe355f7fdb" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "squeezer.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "32e91f701e2e59e2f61aad16a6bc6ff7", + "sample_size": 13208, + "sample_type": "Binary/None", + "sha1": "5aac3d963583ecbfb6902ffe3e2aa2a9343af432", + "sha256": "97b9baf99e66029b34e013e2226a51ba832f1eeaa859834845acafa1f33bf6b5" + }, + { + "classification": "MALICIOUS", + "file_name": "smtpd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "88cd50b900d9239f757f64f9d81760a0", + "sample_size": 35832, + "sample_type": "Binary/None", + "sha1": "07dc8362ffeac7ad509274eda4cba997497acd0c", + "sha256": "6b5696f5ec2c5eeedc971d81261e79d0f6e25146527a4fa00e30947036d8018a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_netrc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "ff6eaee08880602f0a9aed3d6bd4a137", + "sample_size": 6312, + "sample_type": "Binary/None", + "sha1": "da14205e9128096abb0d5f12ca10b2428720d1bc", + "sha256": "274074b2bc77acdc77b22073aad9b11898640bdc89c40b8f5da6cc21f83c67e4" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_sched.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "8df06e1927b3537f53d67680a5801a3c", + "sample_size": 6784, + "sample_type": "Binary/None", + "sha1": "34ca597d71064b399a6094721cdd71d8695ece2c", + "sha256": "800d46caa1ba07312a3fbda5cdf73a2959bc2ac5134069615d2df9f7e4f97e78" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "xdrlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "504838e547453c6649866cfde5c4d5a7", + "sample_size": 6192, + "sample_type": "Binary/None", + "sha1": "5de7e5a06175fbd98ab9475e9af72e47c0bad2ba", + "sha256": "c9fbe3e69db1424c8ad6a22500e30d0eb341465dc423718eca82e957010cfc83" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "Main.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\pynche", + "md5": "ed751f4f4d850e1fb638975ee784e354", + "sample_size": 6672, + "sample_type": "Binary/None", + "sha1": "67615b3d30f9a10338acfd62e3c5300c1c13801b", + "sha256": "f0948f6bff49620c428bc4da338695850971acb73d0466d494f23bf622863820" + }, + { + "classification": "MALICIOUS", + "file_name": "cp869.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "aaa4f6246bccc7ed38711a30662f580a", + "sample_size": 33696, + "sample_type": "Binary/None", + "sha1": "848188498fe3137fbbbcc12c9cc29018d97d2c01", + "sha256": "740884bee1b290854202379582ea573daae0974e4530a2cf2523d772b024a976" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pyerrors.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "86c71f4c87b5bec9c1b56bd0ccd68916", + "sample_size": 12792, + "sample_type": "Binary/None", + "sha1": "1cf1b0965cc758fde9217a614ec44f371627e406", + "sha256": "4b5085c966be042bb5bbc99b9e9fed828f6cc28717c70d6e8735635c04c8236e" + }, + { + "classification": "MALICIOUS", + "file_name": "re_tests.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "5106ea12b22aa392c7db5a2c963aa2e4", + "sample_size": 27160, + "sample_type": "Binary/None", + "sha1": "9e207fa50c104c80c724ec7cc95767fb88615a1d", + "sha256": "8149f247b4579efcae2d224838ac47f7023a351bf566437b7588ae45fe505145" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "final_b.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "3197358f6acaace84db86b8e9fce121e", + "sample_size": 472, + "sample_type": "Binary/None", + "sha1": "3fb86986def0db21b68d549985925b323f373400", + "sha256": "cc1c6b9e250feabb2a3ec2c19372452cc6ddd4389934ff0460cc77b440a7bdb7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "_bootsubprocess.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "9f0dc23a9196287e2f3559845313c588", + "sample_size": 2816, + "sample_type": "Binary/None", + "sha1": "d309396b6e15557dfe3cb290fef0f50fa38591bf", + "sha256": "c3ec08669e001639fec3fc025ac42d96e007353d985ffae46fc7455d78b4591f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pty.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "1ce8828ff8b743f3c21bec299acf0d02", + "sample_size": 5016, + "sample_type": "Binary/None", + "sha1": "7ae15e4c8a839226f4df0a648e6afdf891da7855", + "sha256": "50569aaebd389736f7588d8e37ddb777742924955c8e682d1085bfa09413a2e0" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "sunau.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "a6cdb6264ebeb72bf00361152bb2f9f9", + "sample_size": 18728, + "sample_type": "Binary/None", + "sha1": "6f407d34b4c0414861cb71f71859deb7fc2f057c", + "sha256": "5e63963b0d3a52e09611346fd4a492e888c3f8b5a99df5d4057d17fb30472639" + }, + { + "classification": "MALICIOUS", + "file_name": "shutil.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "54691644e071d127fca331f0525ae5e8", + "sample_size": 54280, + "sample_type": "Binary/None", + "sha1": "dd2b1771cd6894e50208b15a4f6d27b347b4cbe7", + "sha256": "a7c0831be1580d458709592db853446b5fef59df5655442a1fc54412beaa9ea8" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__main__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "md5": "bf7a8a06c645cb3eefe3d05933e3b37b", + "sample_size": 112, + "sample_type": "Binary/None", + "sha1": "4dd79669b0687e3863ee0448c0401a875ead46d8", + "sha256": "64c17d2a470952f6c44026473812299cafedeedde21916a05d51307286a8bd8e" + }, + { + "classification": "MALICIOUS", + "file_name": "ftplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "c3c81779734d71270dedee55ef8ab7f2", + "sample_size": 36520, + "sample_type": "Binary/None", + "sha1": "ff28427bfff901e5f3576e4353a89f50bdd582bc", + "sha256": "c4b1896e3cd13cf6070d238fb3edf9236b0b4313176142f2465d5049481eb048" + }, + { + "classification": "MALICIOUS", + "file_name": "test_format.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "654317c8954632a348a2180d9083d75f", + "sample_size": 25040, + "sample_type": "Binary/None", + "sha1": "28aa1580c07a0cbaf090b19b0b148f1408392ded", + "sha256": "c54b0b6094c6804e4f68d76e7b458934d5194f78226e7e1f95e9d008a0b4c8e2" + }, + { + "classification": "MALICIOUS", + "file_name": "fractions.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "15221724e7924a4958fc7248e1331f9b", + "sample_size": 25008, + "sample_type": "Binary/None", + "sha1": "1eb4c8c91edf96679747c0772de1d53eede004ed", + "sha256": "af16e688d13302a7782d56ed4f9d77ba0ed736e645fa52388674473cf507ecc7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "OneDrive.VisualElementsManifest.xml.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive", + "md5": "4226b724dcdddd8aa43db19b985e9d68", + "sample_size": 384, + "sample_type": "Binary/None", + "sha1": "4f0b217f37ec4a5a91fc56e4e493cc4575605915", + "sha256": "017c8faa6a646c27576c92a46ce875e30db2c3b5d013dee7de8a730731fb11cc" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pyclbr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "58015ed3998014838a00cf118dbbe264", + "sample_size": 15696, + "sample_type": "Binary/None", + "sha1": "893172a10618e344663f82a2bb528a6f6853cc7c", + "sha256": "df8bfcf5dde08ef7b0b457c07bf9e6046525955fc3e44b4ec14049f339ae2030" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "parser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "md5": "7eff848eb316738239024ca16b99c0c8", + "sample_size": 5216, + "sample_type": "Binary/None", + "sha1": "7679c13a9ca95ded2ef91800d33067a6ed39d141", + "sha256": "c545645b60c322525a48268e70c35b5dfa92dd0eab2f9b3e9d03da68a64d1465" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "util.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\importlib", + "md5": "717e8c30d0c68d29cf64ba3f5880bd93", + "sample_size": 11664, + "sample_type": "Binary/None", + "sha1": "7479c793151153915b7d897bc556922fb178a1db", + "sha256": "41a5fd197a713fd3b37537d821d59396308408d1fc0ad74068573f20f1ae1083" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "zzdummy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "ae706df91aa4fcd5ade1775448dfe33a", + "sample_size": 2120, + "sample_type": "Binary/None", + "sha1": "a8adadad9c576055f7720efb6e9b196de39f5b47", + "sha256": "f59665c0b7c90b558b7024f2914ae161960a0f902440f92478fed8e2cbb8a069" + }, + { + "classification": "MALICIOUS", + "file_name": "cp860.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "232b7d61b2727b2cf1fd12e89da2f0b8", + "sample_size": 35416, + "sample_type": "Binary/None", + "sha1": "a6cf2d3e7622306c3b645216a8a572cc8a984745", + "sha256": "d13d74edf5ec21ae7d3c43b73b6080e64a17ae0f868b430981289602f41c3f95" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "sre_constants.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "9458f5cbc647966279c2c7cc013b35c6", + "sample_size": 7480, + "sample_type": "Binary/None", + "sha1": "633fb5fd94a4b512c4163a3f7bbbf36d0acbb6e6", + "sha256": "f5a99b350ba2fff84eb56233449722fcd8772d9b6cadeaa211d8699b582c1d8c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_errno.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "d6ca8b00eb8d672e2f4153aca5f6bd9f", + "sample_size": 1144, + "sample_type": "Binary/None", + "sha1": "a59f9acb4b68e0450e23ade1bf772b8238f440f6", + "sha256": "9894486dc1a36e698e8f8674316f37115b7dee73ff70af9152d7034b39714a5f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "bltinmodule.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "47c853b05d08af5f7e7af8aa0e6b89e1", + "sample_size": 320, + "sample_type": "Binary/None", + "sha1": "3c08ae9dbdf8cfe5f35a11213949e4dc61213ac8", + "sha256": "1ed3ff6171a472d18d114d7ccac52406b92d24ee5f90459a5406473f900d2144" + }, + { + "classification": "MALICIOUS", + "file_name": "test_tcl.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "2716e04cd0d83c5e6f3457e9e0df2975", + "sample_size": 32864, + "sample_type": "Binary/None", + "sha1": "4a6c0f36a937d51428d326d7be7a3baec6c4e846", + "sha256": "53e3b03d6f83a6c57bcdd316cb8ea4f2994ad2987339a3cfea150a63d487359d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "encoders.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "md5": "489eb892a32a599319e3ec162e7d31da", + "sample_size": 1896, + "sample_type": "Binary/None", + "sha1": "5acb5ef7aef1721180b1cbf4d63a8cdc1f68bb00", + "sha256": "336533773b0345a319499e023afac893a3df088d20c2db0ad0d94f6208b3006c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "idna.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "56400328c970672e89df5279f5f00edc", + "sample_size": 9520, + "sample_type": "Binary/None", + "sha1": "0e77e068f11bb9cf62e298d05b19bafbad583b8e", + "sha256": "b02891317f53b6fbf724dc2eab4128992c5aea10af1d079ddcdf85f8c3dc6558" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ssl_key.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "63c9974cc22ec4d79645249f75788e4f", + "sample_size": 2568, + "sample_type": "Binary/None", + "sha1": "071b9154f8b0b0dad5c1f5b01867b0d6945bb98d", + "sha256": "390b8abfddccdff2bac105bb1edeb958bd893a7de191a69087d56d6728dc0997" + }, + { + "classification": "MALICIOUS", + "file_name": "uuid.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "71730a1aaf15f4d4185d40ac0032010b", + "sample_size": 28096, + "sample_type": "Binary/None", + "sha1": "9fa7f3bbd57908acee11a0f949b1ec9773d07496", + "sha256": "399d11a2c84598a683458f0bbdd62e9ec3cb2330d4685d50df79e2b720108380" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "_sitebuiltins.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "7dfa800c9f0b9e48a689d8a4df55a8a8", + "sample_size": 3256, + "sample_type": "Binary/None", + "sha1": "abab6ca1986575339ba3b51b21526ee03529ddc7", + "sha256": "b927b53a8cc6af8a2fe81ca9bbaeade4a70364f16c7a8a0fdd804306af8be293" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "genobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "fa868e96f093aa8c10b94528c7d49fc7", + "sample_size": 3664, + "sample_type": "Binary/None", + "sha1": "19daad26b714e573fa9f9863c1bf24a7865ed559", + "sha256": "9b279c00d0b4717c1bd597bdd75cfa60efb6984ce36301e5da0171018cffe438" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "utf_32.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "fc285c2cf2c0418e51bb972a15f7ccb8", + "sample_size": 5320, + "sample_type": "Binary/None", + "sha1": "d56ba7c5617a1e942f502d17cee188d5109bd4f7", + "sha256": "902f2b626e479983e3df2f367e51391a2da8fa5b980df474a41fc242c59e8683" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "textpad.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses", + "md5": "29de496cd66b27f3e793f59d8ffcc763", + "sample_size": 7896, + "sample_type": "Binary/None", + "sha1": "366d6e1f52af1b9a6a155119d030a00564bd461d", + "sha256": "3019e40c6464b6df2b6bad041075d0e1d7791ce8dead806279b4772e7712a24c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "reperf.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "29fc5437a588720d580daf425beb70f5", + "sample_size": 600, + "sample_type": "Binary/None", + "sha1": "f17c3ff5555f3ee309a5b4ac6586f8ace57315ce", + "sha256": "5fbcbbc68acda85e4109a8dac251ceefec5a103b188fa91d0043e96bf590785d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "keycert2.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "9f7b3d895af5be16092f93a5c6518297", + "sample_size": 4184, + "sample_type": "Binary/None", + "sha1": "9ddabbc95956e9b301716cd60efb5e0f183ee0bc", + "sha256": "b3158d805c42cd9bd62e9f6ce1984247d1def84e85a06a85579f6043ed101d5a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "frameobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "81d9d4ccc40a8563bc7bac4b5e7b1a37", + "sample_size": 400, + "sample_type": "Binary/None", + "sha1": "7588e52729653d15a6512278812c036588761338", + "sha256": "9a45674769e29bfd20f075d035718784b5876c0e20d8df2b0334f0fa29369d53" + }, + { + "classification": "MALICIOUS", + "file_name": "pprint.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "fe9e2147cdac3cfe73f0234eb67fc28b", + "sample_size": 23208, + "sample_type": "Binary/None", + "sha1": "33ca47f36063839ca6571fb23163a7c8cd90e21a", + "sha256": "1919a0fa9585d49ba7867f96c30115c5c9b932b1973af8901546a74508616e0b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "fa48130888c03243bb703187ff31f948.xml.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\ONetConfig", + "md5": "51635f7091b4a6337aff17a3cc75c7c3", + "sample_size": 2168, + "sample_type": "Binary/None", + "sha1": "aee92b43f1271af29d25282feb8a9f6d3686fc33", + "sha256": "62670bc96a53ccdcbdc85024997312be5b4f3a1160becc071b929db322730e0f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "fixps.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "b026c106e2fce51247c9a299fd51e50a", + "sample_size": 960, + "sample_type": "Binary/None", + "sha1": "3c43dc44e66dbc1038fb5f632d30b04142697ca2", + "sha256": "02e47fdf58a00cc701bfb9fe735b45af2fae7c0ae72c268d6643148700e22a02" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "suff.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "045f6b57e0da830424437ba4c3383e0d", + "sample_size": 576, + "sample_type": "Binary/None", + "sha1": "aefdb2c14b822c5f35836900cf0fa38de5ec1d95", + "sha256": "a38c64ad9231301917549810f894c06192238876ba573dd39af1f99622de3c4a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "bytesobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "b84c76eb4a3c1f5ed3075ce281781b87", + "sample_size": 3168, + "sample_type": "Binary/None", + "sha1": "39b30d3971ef8b0dfec314ce0e6903a41d7860fe", + "sha256": "9c724e8e530046f9ffd0cf479a6b9765450d35395211cce1923e2705afecb464" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "bz2.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "add98fd118be288e1f7d6b6737476dc3", + "sample_size": 12848, + "sample_type": "Binary/None", + "sha1": "2da676894d0a1cd51cd0ad93ffd20b2b9ad9a9f6", + "sha256": "e669fa3fe7a4ac5e23ae19b6eb60180f7fe7ac8daa7d09a3f079c7af0fef1bda" + }, + { + "classification": "MALICIOUS", + "file_name": "test_gc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "e2d8065f65b277651b1c2dad3e5e5137", + "sample_size": 48392, + "sample_type": "Binary/None", + "sha1": "15b42dfb5705fdd45e949a9f62245dd0f8cb0673", + "sha256": "b2ecdc5e5c2e56154a3e0221b8fd06862967d3586b1762de4123a07f05c1ec90" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_tk.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "aae98fcd462195c898e94815be55e472", + "sample_size": 560, + "sample_type": "Binary/None", + "sha1": "8e28e44aa9ef6363230f659be2c36864f334b82e", + "sha256": "f9b78ed491e72c99a1219695d1d6ea29314de652f46ef00f2f645be60bf0d516" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_stat.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "cca5bafb869fd1cc3c06dd7aac10f897", + "sample_size": 8776, + "sample_type": "Binary/None", + "sha1": "b1e1bd0c52b5440c4574228da8e0e2dbc0afdaaf", + "sha256": "d9db1f6769146cd4579d135a6a0cbe275ddeaf8b85b20cb9baab3e5b2ae1ea5a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "final_a.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "b48ed43e6571bf9a20ccf1e133e408ca", + "sample_size": 472, + "sample_type": "Binary/None", + "sha1": "4b3e9be6361f0757124dbebb94c5046310e1965c", + "sha256": "f8fefd8e0a5ae0db8d90791645899ed6c9a8f2db077da5d51734b02d0ef18f4c" + }, + { + "classification": "MALICIOUS", + "file_name": "modulefinder.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "72de8fc219244198642ef06e4c47afeb", + "sample_size": 25128, + "sample_type": "Binary/None", + "sha1": "7f07fdf271f4f94e0b8b86e3b9b09389be1904a5", + "sha256": "75526c85c4027e5ecd668f7129652cfad7e683c310c648dfe0d113f3146d0a4d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "idle.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "c31322ca69847578b96a0510e55f2468", + "sample_size": 512, + "sample_type": "Binary/None", + "sha1": "b847b2d3eacb4c7e226c92973e2ddc31b7861748", + "sha256": "937ce40eb1363dfea6bbe42b175c013e8664d89f97fd5ad1e1f3d5ea7cb9c0a6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "tty.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "e8e834af46bc8ea4387a1aee45f109d1", + "sample_size": 952, + "sample_type": "Binary/None", + "sha1": "08219bbc03b41506a6089d04f1de153281e2b8e9", + "sha256": "d8d4ce8e64a050d6413bdf15705fa7dd55130c8c981fc6927904fc06b4ad3e85" + }, + { + "classification": "MALICIOUS", + "file_name": "streams.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "md5": "6c20d739996bf8ca8bc959b32f46d648", + "sample_size": 27440, + "sample_type": "Binary/None", + "sha1": "3a2178912304e8da9dbc84336cc59ea8262aab87", + "sha256": "6a54b02dac7bee517d9ee01d4205a97d762e76afd69a6294edbf923f7eca2ba8" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "HISTORY.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "db46b1c2022262071af15a8eaf044c01", + "sample_size": 10648, + "sample_type": "Binary/None", + "sha1": "5d958910d0cf8a7cde87e27670b7e2314922ffef", + "sha256": "dc7ad0ca3e9de7f6aeb10ab69f392a719438044bc1a7e1422888f323272d1d93" + }, + { + "classification": "MALICIOUS", + "file_name": "sre_compile.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "86e9b1919383a83fdadda385b3b53279", + "sample_size": 28824, + "sample_type": "Binary/None", + "sha1": "9540426877ebd84cc07a6068d76613d3eb7e7562", + "sha256": "f86f241ecb1bc8e06af7882321a43646835486f9850966969ca2e23ce30a212a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "md5": "6b95bcadd8f86dd2a5053e730d43abbc", + "sample_size": 208, + "sample_type": "Binary/None", + "sha1": "395afb9f067adcfac997b8a91aa362f0e437158c", + "sha256": "e57239c1be07fb902314d813055fc36de27b4f0326816fee67532e9fb22863f9" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "dd_SetupUtility.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "md5": "a031d1d6be8d2cfb66f3bae9bea89b0e", + "sample_size": 2496, + "sample_type": "Binary/None", + "sha1": "e6bc781b92c0d5ca529ee071355fa2ac94f61525", + "sha256": "cc8c0933883a37f0a971718bbc88f159fe8bbcc2fe221ab54b8ce86238c14f2a" + }, + { + "classification": "MALICIOUS", + "file_name": "test_lzma.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "0f06da11bc416aa0be711e29455716de", + "sample_size": 92032, + "sample_type": "Binary/None", + "sha1": "8ab5a35437d9de71963eee812eb0508c4fddf95e", + "sha256": "344520af934b0d92da708d22d91a366c5916b8dfb58ae012af2119aed257ed67" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "_py_abc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "364b5f38fd33ddef379cbdbf0fa06c8f", + "sample_size": 6376, + "sample_type": "Binary/None", + "sha1": "bc2532f968297df05c5073423aaf44ad98e7aba7", + "sha256": "ba8e20ca82f095e320df3c8313c114d79f9d92d474016fa77d134dd363ab92d6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "dump.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3", + "md5": "d3b8c3108df5ac46a2de7013f84b1519", + "sample_size": 2936, + "sample_type": "Binary/None", + "sha1": "63c2da13bf41721b49f8d5c9fd0ebb5d0f96506d", + "sha256": "7f3c3ba94fe0c1146903b0f3760c8c10afb0356aa0e5d081b94b6064e9e42351" + }, + { + "classification": "MALICIOUS", + "file_name": "test_runpy.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "f1eac9fb99ae6eb01c8560589ffbf29d", + "sample_size": 35488, + "sample_type": "Binary/None", + "sha1": "519590d26d958039fe3953dc81865adef5304bd3", + "sha256": "f96c2f7276ea09f05b5ff3d6fb767fafa60839e3975125fdf260f55130fd3564" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "profilee.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "453afcf97c8b179b0c8e7d69fd453a90", + "sample_size": 3200, + "sample_type": "Binary/None", + "sha1": "5122a4556018e96d8cf8c00c0c0e1935847f65cc", + "sha256": "8696f8a93fd9b842fea40cfe748fa1e050765345404656f5e1d0668e6531ba2d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "big5.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "a1acddbc2112fc71f7e35d75b9139e2e", + "sample_size": 1096, + "sample_type": "Binary/None", + "sha1": "2dc3f8094d55832a81041657dd5ae6c581c0f1bd", + "sha256": "7b95bced1bce6d27afff6411181b4540ec0ba7a62c1932537aca432cd207ddf9" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pydebug.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "73871ebf514eba78feeb9e3773af8e26", + "sample_size": 1168, + "sample_type": "Binary/None", + "sha1": "f8213aea2e5513d95397006b1be285ac0f030d4b", + "sha256": "7a0ed3e09a5f194414b0dac4b59ac4dc04880115e35efec62a1ffa64451b77bf" + }, + { + "classification": "MALICIOUS", + "file_name": "re.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "ea52122c7037d97ad64068f6e26fe26f", + "sample_size": 16288, + "sample_type": "Binary/None", + "sha1": "c399ccb0192e1a642ff799b535e7ff32521dc0bb", + "sha256": "2b4fcdc5659d815495eeb43b6594ce97fd7ec6f8380eb71c80b31de216196016" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_html.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "39c01a5b9c60ca69fecfc35b70c74008", + "sample_size": 4480, + "sample_type": "Binary/None", + "sha1": "7996dc55be107326945690e8c1198cbb9676e0ba", + "sha256": "6e33af31929c5b49d671789e99a665b2afb02bfbb04a6312c460f68a349d2a95" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "koi8_t.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "b16d6b7c2b452d37921a813eb5481892", + "sample_size": 13544, + "sample_type": "Binary/None", + "sha1": "31c04bef67540ee13e50a6b803bc5812971aaf46", + "sha256": "d6e90ef1e6e93e52d00357a2dbd07a49c5bcfe6d05161aee4ff4524cc7d550b9" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_bisect.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "54307ee457ff8922bf33d9304fa07162", + "sample_size": 14328, + "sample_type": "Binary/None", + "sha1": "141e348e9ffd696a67010326c6966ad092b222b9", + "sha256": "6064dc75a092037a9298c9344034df34f56481607f4f2de1f63baa86b342619b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_fork1.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "6f8c9a7e74965adec6b581a2c9778bc8", + "sample_size": 3456, + "sample_type": "Binary/None", + "sha1": "519cc6926dc4f38f78578c5a49f32b71f4c0a7e5", + "sha256": "344bbfff310b550698b0f1e1c1517b1f56ef4a462aa94276dac37d0629733c6d" + }, + { + "classification": "MALICIOUS", + "file_name": "test_array.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "22d90065df8e163969b218b60460ccc1", + "sample_size": 54472, + "sample_type": "Binary/None", + "sha1": "041d267fcdbca06b905469674560b0e6facd8a02", + "sha256": "e441cb0d82b0b88f055e011dbb1e5207c125b2124558e9fa50ffd42333656e8f" + }, + { + "classification": "MALICIOUS", + "file_name": "sortvisu.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo", + "md5": "e35b47efdf9ad31c1d95b4b648e306f8", + "sample_size": 20664, + "sample_type": "Binary/None", + "sha1": "10ebc50e6e2d0c793248606419040883cc8f23e3", + "sha256": "9b8989e3e397e33afaaba4f6ceb55b96cff64c8d36750821275e9cd3679ec92c" + }, + { + "classification": "MALICIOUS", + "file_name": "test_dis.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "932312ddcbc3a2d3b95098db67b9f65f", + "sample_size": 55808, + "sample_type": "Binary/None", + "sha1": "a5c9227ee90649fa572eaa25e19b8c1f130c27ec", + "sha256": "d8fd69c9f01b1b490e99f55609f9ca8a8fa6112eaee04499fb1db4183607ec65" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "OneDriveMedTile.scale-150.png.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages", + "md5": "64ee12ca8b02bfdceab2c18bafa1ad2e", + "sample_size": 1032, + "sample_type": "Binary/None", + "sha1": "44d1588b7c5ff34b97f542f1eacdc2f922612277", + "sha256": "3664864abe07d7216037b1a71421c1f6c246ed3839c581799a8d186ef278a867" + }, + { + "classification": "MALICIOUS", + "file_name": "test_smtpd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "43a99f48777edc3219dce4415d5a3e7e", + "sample_size": 42344, + "sample_type": "Binary/None", + "sha1": "a4c0b983ef903bf00dcaaf8cf913f39f4c1c646f", + "sha256": "9feaff08719c930daf44faaf849f2ea741d25e41635be94236e3314bc1b37779" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "classobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "e9d24a3d2efe08b18ac80b3678d53a4f", + "sample_size": 1752, + "sample_type": "Binary/None", + "sha1": "12d25a3557ea0e14b5dcbc11b5cb4bb740953c07", + "sha256": "fd1a15d321eee6fe4e753cb69352529462cc265e27fec5cae207a9f22b88b7ac" + }, + { + "classification": "MALICIOUS", + "file_name": "cp737.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "8f9a3be08291534e8d6290966c737f38", + "sample_size": 35416, + "sample_type": "Binary/None", + "sha1": "c64e8d910b450f9654a60a96df07b53234831aa3", + "sha256": "3435bd1f997128472f01b3cb1102729751b1211e8f294df9cea109139d89cc7e" + }, + { + "classification": "MALICIOUS", + "file_name": "Outlook.pst.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Outlook", + "md5": "75c5e5597dbfac35729da1e48812f250", + "sample_size": 271400, + "sample_type": "Binary/None", + "sha1": "6660271a0eea85460b60e82b2b091092dcbe511e", + "sha256": "ca983b39a4d8ea244ea2ba30aa933ac69cc33c51658fb4f9129d9cbaf20395f6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "log.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "md5": "b7729f563203c5df5b4daacc6beb1301", + "sample_size": 168, + "sample_type": "Binary/None", + "sha1": "2209fbb1e18308726b9c33ccc262dc5b97e35a7c", + "sha256": "dc1fb7242be1dc6de6a0ad1593469b871007ea587b6f6045221702cb2b0cfff3" + }, + { + "classification": "MALICIOUS", + "file_name": "client.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xmlrpc", + "md5": "fd1d2932a1e9c44cf914401a35342fec", + "sample_size": 50960, + "sample_type": "Binary/None", + "sha1": "b624519b6ec50a2202ac95ba5507f09a3769b9a3", + "sha256": "1c94aec1481239c6553ff834726e1ddbd78ab44113431148c5f349e36eb77c6f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_global.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "7caebef3d8ec208e37794dae3ba82879", + "sample_size": 1480, + "sample_type": "Binary/None", + "sha1": "df6bc63d3b252e75f40e33d3c769a842aac2a467", + "sha256": "8bf01edebfcacf3df03b2dea5a5ebb01f4940f2585df13c176f288fec5e3f9ac" + }, + { + "classification": "MALICIOUS", + "file_name": "cp866.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "28ae97e7c9a21c0ba58f664e6886063c", + "sample_size": 35136, + "sample_type": "Binary/None", + "sha1": "8e81f74480e48c3ae0e084d3e4216c03f79d00fe", + "sha256": "e833c4b9474cf8f07edbaf43c2c0d79162a55c4363e8eb4a924227e6c79b68ba" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "_compat_pickle.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "6b75b7cf1328b2a5abb008eade222e86", + "sample_size": 9040, + "sample_type": "Binary/None", + "sha1": "94e5d375c8cfaf7424ddc815c9bb58a65d726d36", + "sha256": "2b021d82962df91f12924d23ffb8c367f7035b241a6c218b55f524ce474e3466" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp1140.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "2f2196e0a20acc656884b2f8db62b655", + "sample_size": 13456, + "sample_type": "Binary/None", + "sha1": "81676670b7948f4f783b79d9ec3b22c2dc06f694", + "sha256": "0f74db111afd4a51157b29e84e2a7b104cf7a3c525360b97999296020db2c522" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "sliceobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "4ee7a4b613302187c6b2e3efdc62f1b2", + "sample_size": 2624, + "sample_type": "Binary/None", + "sha1": "440b5b102bb0663f047cdb27ee4d77a70870ae01", + "sha256": "2959f1dda83b7a92382fcd2a16969ff659a9ca006cd6a682a9fbaab287528749" + }, + { + "classification": "MALICIOUS", + "file_name": "test_dict.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "93d247d84bcb48a7caf4c663f209b05c", + "sample_size": 48904, + "sample_type": "Binary/None", + "sha1": "3975b067e88be9191de5c0946c53be1400c81685", + "sha256": "85aa0e73eb54afea8d6bdb28afd495a4bce92be51ab01bc7b8b22731976c3c75" + }, + { + "classification": "MALICIOUS", + "file_name": "pickle.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "5bb787804b84e7d54b7589b594452f6f", + "sample_size": 66776, + "sample_type": "Binary/None", + "sha1": "b43f955f23de79a2bf27897cc0e3cbfb8cc72059", + "sha256": "f4fcd36faf62f34f6ccf8ac3b152bf1b62126a093307b0b0431c94ff292af882" + }, + { + "classification": "MALICIOUS", + "file_name": "doctest.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "e493ae2e52284208cc611823a8bc6a2d", + "sample_size": 107400, + "sample_type": "Binary/None", + "sha1": "7ba09ce476399f20a6f6fef34e66cb7709d5bfbe", + "sha256": "f69820e6db476f35480ede0ca1de3039ed8d9998c0bdb19b0fa8fdb9337d1fbf" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pydtrace.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "7977eceae2b0c5940150de1053881a92", + "sample_size": 2512, + "sample_type": "Binary/None", + "sha1": "a9969c423f99989f9f04c8892db26d1b80404f2f", + "sha256": "9d46d14b573c5efa3819b01500e698aeec1d6f0fd7d282ab4d16d350c714beb2" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "macosx.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "569901b10c41db8780f4fc070cd29bcc", + "sample_size": 9992, + "sample_type": "Binary/None", + "sha1": "962026bf78eea5a0d4bf455d20b077a158309186", + "sha256": "abe6bdfd68c0eebdf982cea563185ad3259eb465caa81983cc92e99468178f07" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pyexpat.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "54d5dc7aa9572815511929032703c03e", + "sample_size": 2544, + "sample_type": "Binary/None", + "sha1": "39cdc2a5701d7b67c2d7d8b7b6e9e9ef41e28db8", + "sha256": "b6a8748a4dc263671c0347a8c6c1ab485ff97879d17e5c1bf92029f1dea8010d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "uu.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "6a0e3dee217ca96bedfda8bcde31fe0d", + "sample_size": 7208, + "sample_type": "Binary/None", + "sha1": "962907f6ed266de5679a97f1c210ed0da77e5fac", + "sha256": "dcca7d1e7bc29638231cf39414bb083f3a405605303bef07ef38ee0200ef9b80" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pyfpe.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "8269c9baa59a65e22b21ab20a5d1ef87", + "sample_size": 496, + "sample_type": "Binary/None", + "sha1": "d9481297a124308c5f9e3468a6b3f37e7f398f9a", + "sha256": "cccdacf67ed35a703eec3ff1b186130439e7a3e68ec43055a09768a9c2b8f0ac" + }, + { + "classification": "MALICIOUS", + "file_name": "aifc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "178366fab9d4fa87a2e23610fc74a8ae", + "sample_size": 33592, + "sample_type": "Binary/None", + "sha1": "ac8adfdcf14d3bc50038097012908cb959e55869", + "sha256": "c78e88e30d5e7811110b318085577bb6c9cce7600a4f36b4526aef84fd078113" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_imghdr.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "2f9d96d927225d0a99bcddcd3664cf2d", + "sample_size": 4944, + "sample_type": "Binary/None", + "sha1": "e86853dfe6eb6e2b6298df3040f68f003d97dc53", + "sha256": "de43f6844d3c20db4bb0d028ab0f957af16493a312650284ce867b372110e666" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "token.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "a27a2afbb63e92ac4179dc27302b93ba", + "sample_size": 2544, + "sample_type": "Binary/None", + "sha1": "d8a7c4a5ac1dde8f8c663c446488c4db4d081d51", + "sha256": "4a3f570b875969b96033fa14ca37286ada07303d7dfa6ca1d9be8419f27741c4" + }, + { + "classification": "MALICIOUS", + "file_name": "cp1125.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "433bed5d884f9dad4729467f8d375e11", + "sample_size": 35336, + "sample_type": "Binary/None", + "sha1": "5ec5a3af280495e45c727ab1e3dd8fa43342dd72", + "sha256": "c83112fa1134984f14ffb81f5ec164adca5d90be24c9212ef2ac8ccaa28d68ea" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "base64mime.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "md5": "76272492c530fedf6cd4720a996fa309", + "sample_size": 3720, + "sample_type": "Binary/None", + "sha1": "7340e255447ad7a6df89d08936d1acdb5aafbf49", + "sha256": "87170847dcf6f6d6fcc5e63b929efa4bd65dae79184867cccea7b5bdbb073c30" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "markov.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo", + "md5": "2a3c8617b241a4af766d5487a0f6effe", + "sample_size": 3856, + "sample_type": "Binary/None", + "sha1": "c5cb531d99e3e8d1bef41f6f6c45547f2f365a59", + "sha256": "22a9f6b7ad4b26cde1eb04874c164c455f10e5cafcb4a3e0d3615360aebe8bfc" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "mkreal.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "f8c9e73e281fd62bf0b28c151b25f16e", + "sample_size": 1736, + "sample_type": "Binary/None", + "sha1": "81dc7eb7061c1723fe0739ba610a8a719bdd79cb", + "sha256": "2638b56639357a5fe175066413ab092568ff36cbd1c1fd119b20f73b624c14ba" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_binop.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "710e43ed98625c959544dc3f3900d4af", + "sample_size": 14960, + "sample_type": "Binary/None", + "sha1": "a6aecfbeace3c69b969862dbaf2f5511e88c0347", + "sha256": "508626328612bfc74ed38ecb65bd59ccb5b10f2729bcfad35eafa944fa8d2e53" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "nturl2path.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "106d9f15a6a1500262d9904d8cd82a66", + "sample_size": 3008, + "sample_type": "Binary/None", + "sha1": "566cbf78e111f55afb23c697e5cfa7b7d1e26179", + "sha256": "c111144619e6dced6966172cc7f93167f5a99a56f1b30afa789bf25af871d2cb" + }, + { + "classification": "MALICIOUS", + "file_name": "pythoninfo.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "26d0a48d3428bc28234b34a37661304e", + "sample_size": 23648, + "sample_type": "Binary/None", + "sha1": "a2503adaf50eabd0ff11f272601b36800dae53ea", + "sha256": "cc87a70cf0bd60b3231e7ec4270ded2c38740bb12e65dd0784c240368533319b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "utils.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "md5": "24aa2348f9bae0ded94e5be980d94efe", + "sample_size": 13688, + "sample_type": "Binary/None", + "sha1": "6881bf5583aa63385160fad51509dca3fcf363da", + "sha256": "00ebb5a53b22be0e73feb32830665fce9c9ea0f604b46ad139c748433e4f3d32" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "stringprep.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "59e704e7e560bd15cad0cdaf1674190b", + "sample_size": 13232, + "sample_type": "Binary/None", + "sha1": "16b1f60b806e8e73664ad66bba89433e1199a725", + "sha256": "5c929cc6c442b9380a7e69e2ea6448f0f498cd34be183b680730a9e0fc5b65ff" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_msilib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "1241651d54adb5fee66cc7a6b1b54e02", + "sample_size": 5344, + "sample_type": "Binary/None", + "sha1": "8cc6a6eb026162b7a3cf9766949b020c884804cf", + "sha256": "0893fac20d7ffdb9b8c5a91a7638233f84bfdfb984404d817b86478d1bc084f2" + }, + { + "classification": "MALICIOUS", + "file_name": "test_call.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "01a3bc8cf630638b0415f07d0aaf7cac", + "sample_size": 25376, + "sample_type": "Binary/None", + "sha1": "a09e223086a131df97e893b2faf27170727a9ae6", + "sha256": "fbeb73a49233d189a7bfbd746bfc410d51a8765894757c027ab3604b04036c56" + }, + { + "classification": "MALICIOUS", + "file_name": "webbrowser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "d83516a5ba6c42c75c4d87e9d9cc9129", + "sample_size": 24840, + "sample_type": "Binary/None", + "sha1": "08775620d44c36cf8e3f8d5bc3d6514bef2bf06f", + "sha256": "363acfb97d7c95b68341d1f34638421e2bfe7f2099a2618249cb60e8d51789f3" + }, + { + "classification": "MALICIOUS", + "file_name": "loader.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest", + "md5": "d758a34f59e262d8056aee42483e0f30", + "sample_size": 23256, + "sample_type": "Binary/None", + "sha1": "d877869eca585620ec67bd41691a43cd5248d8e7", + "sha256": "f3fde0ae44b803c51d13d6b17b6b8556dc9306b335b9902c06ec5f35264379b8" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "outwin.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "c1cbb297b9c6efaeeda0560a76639c73", + "sample_size": 5936, + "sample_type": "Binary/None", + "sha1": "9a123ff5ce25cb18db837713cee812e8670c2ec2", + "sha256": "7884ef82789acf8ee308918989f46adc4adbb726b7c79746acd26990b4118662" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pydocfodder.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "cf9b14b9aa7e0623ba5cb65b329e1af3", + "sample_size": 6592, + "sample_type": "Binary/None", + "sha1": "9f1a82971854f5e73cb5cc21ffdc26e613380d7d", + "sha256": "06a8c01d43df302d10d9438b678381c638483ad732797e59930764de28751819" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "undo.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "c883a291d48498dd2a765ece0b46f159", + "sample_size": 11456, + "sample_type": "Binary/None", + "sha1": "42b426b6c54d15b1acf09309d18107f3392333fc", + "sha256": "3445c4a17a5787882e441f7ca3556680904a19bbccd43e513e357b0fd5da8665" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "compile.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "92aebfd06372d5760a4492cdecc90816", + "sample_size": 3936, + "sample_type": "Binary/None", + "sha1": "6fea8ade8bde9e8f5bc0369125182ca3d26f7c97", + "sha256": "b72c6bdb20a21addfa8a68bc98de5fcd84d26dfbdb3dfd34bdcf71e8d1ca51f5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_eof.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "3f22c4cfbae39eaa43e7316a66649808", + "sample_size": 2592, + "sample_type": "Binary/None", + "sha1": "a105589949be91eb13f4c0e67aea34f3ab4c2d87", + "sha256": "8e0d53ab86fb44cec9ef649fb7f8fb8fc77b0f979d1e6deba9bec3033d4889f3" + }, + { + "classification": "MALICIOUS", + "file_name": "pyparse.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "fb0c693ead3e5bba59e60218f7f8cd4d", + "sample_size": 20496, + "sample_type": "Binary/None", + "sha1": "4f56abf1e8c76ead6539b3c03443d96a72a27a72", + "sha256": "8561a9f93ec982b56480592d39f9c6bebbb2de2a8db731c4c1472dcc74f8a3d8" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "paint.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\turtledemo", + "md5": "a8e5dac553b7da7a0b139f235a0a0671", + "sample_size": 1384, + "sample_type": "Binary/None", + "sha1": "033198e6bb62762db8f57c25f8f55f015af3f06b", + "sha256": "233c370367f9873c4d045608d66ed03b91c343ee61b97fc5cb0c958085cba5d5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "traceback.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "c6cbd5f911bbc0cbe0ddbb57cf2a96be", + "sample_size": 648, + "sample_type": "Binary/None", + "sha1": "391d3e737ef7f8a4dd09f16c1db46b779d185086", + "sha256": "845f9d1d154f59bf3e27bb57fe5867ee813ac432499b09f20d5e0fff9278004a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "README.txt.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "b65d51f7dbf4025ffbac06a38bfc3a59", + "sample_size": 9976, + "sample_type": "Binary/None", + "sha1": "7068f4836af51225fda3b757e0a3cf05e89fb9af", + "sha256": "c8e629051ce9dfdf817ddbacc35d2080f4bb255cf97791dd72271acc797874c2" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_shelve.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "5b288a90e28416a90545a8e8e2649058", + "sample_size": 6344, + "sample_type": "Binary/None", + "sha1": "8c2d96940d1b46cdfa7ca63a4cd264acd5050ced", + "sha256": "1646c4e11e361e7a39729347a657fc93d200b7d9df3dc9927add2d719b1249f2" + }, + { + "classification": "MALICIOUS", + "file_name": "contextlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "f7f39eedfb9a2a51e3382727b37501f4", + "sample_size": 25360, + "sample_type": "Binary/None", + "sha1": "8d4d0d23c852173447295acb77776343abaf8ab3", + "sha256": "b8eaeb6d1b014cda35471c15747dd9fd32373dd4bae04a083e5357a0fe4b9840" + }, + { + "classification": "MALICIOUS", + "file_name": "socketserver.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "c950aaa184f197c45f38cfb8398a20b9", + "sample_size": 28184, + "sample_type": "Binary/None", + "sha1": "491f585f5c4030ac94cbae07b5508fb674f0ed68", + "sha256": "5f5d3ba2ff34c22e356be7689a0e202578085b6818fea14ec71d7f77da947024" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "seq_tests.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "50bafc3a81a876733e2e9e3b3df5ab3c", + "sample_size": 15696, + "sample_type": "Binary/None", + "sha1": "900de59dfcb583bcecb2283c70dd127b94b56487", + "sha256": "9a3a6c259064ecd78c656fa5823839506fa38a2c085ed750f2f0ae4047cbe06d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "shelve.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "357c32ce2c811c1c78a942448d73f6d5", + "sample_size": 8808, + "sample_type": "Binary/None", + "sha1": "01ed01b57dd096767ac49247400279aab5c5b37c", + "sha256": "6a6a58a4e9e0c5c8aaa959a67d1beed42c1b361581206f4e76f8ea732a58f0f5" + }, + { + "classification": "MALICIOUS", + "file_name": "run.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "917b83951da145e17460f91f3e044a85", + "sample_size": 21712, + "sample_type": "Binary/None", + "sha1": "03f50beee07aaf0c8904f9b122be51c268af254f", + "sha256": "1c7d2a55133ede983fb96ac42b806372eed42ed9682fd37d8b19f86151754f71" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp1255.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "72dfe0ce6f968186f380808420ba1146", + "sample_size": 12816, + "sample_type": "Binary/None", + "sha1": "227e0137ccdbaef6217adc19adac2bfbd8f41937", + "sha256": "11ecee10c3bff7b0b08a134aee475af1920d3e2716f75280120f1f1b8b46aedd" + }, + { + "classification": "MALICIOUS", + "file_name": "wave.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "f05ec732171bf44a800373481f048809", + "sample_size": 18560, + "sample_type": "Binary/None", + "sha1": "5416ef9ae8922af841c1355f4217f79b97a2acd5", + "sha256": "ba593b4eef9eb4f83fedd2797ead8e763095bd5d20a61c686912f4628ea8f16c" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_list.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "1d0f637aeaec9df4e713d50676bd759b", + "sample_size": 7992, + "sample_type": "Binary/None", + "sha1": "62d2c16375326ef57b725d9831213c2ad50daba1", + "sha256": "f7d9e13a9b3ced0c47bf3a55c89ef8cd886e7447b2d4974907b610f6c7a7bfdb" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_bufio.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "ed4e016c479435e11dadadb8166cb891", + "sample_size": 2712, + "sample_type": "Binary/None", + "sha1": "7c5f9dd0afd3708d408fb865bd3ec53ef43a02f4", + "sha256": "13a56f4409f3e0b5f4197d0ba0265e5230f0bcf7b6c6d4f18356028ffb387eaa" + }, + { + "classification": "MALICIOUS", + "file_name": "locale.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "60ed9caf9b6a7562fa6889bed9a319ab", + "sample_size": 80064, + "sample_type": "Binary/None", + "sha1": "bd89f956f31435319c671cb774cdfb328239ffed", + "sha256": "2b743ebdc1c51cfa700fb18d6d133b4330850e72ace559a5508750f25ca61cda" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "window.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "7059cae7a1455d4bd6eb78a72f63f964", + "sample_size": 2752, + "sample_type": "Binary/None", + "sha1": "0889cd6699c0efffdf4c5df2d65a0a09a63a2f82", + "sha256": "442b20fcb2df72dd16d91e8613eb31d04848d41fe2457b470f1b9280ee33efc5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "calltip.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "d0489b35fd641d4e600abcf98ba47877", + "sample_size": 7512, + "sample_type": "Binary/None", + "sha1": "e7ae840f462e98b89c282985e2d4d56e355a268f", + "sha256": "e601f30e8fc702d989d07a0b4783b5f4c6c682153dca9b2de9e0e271e4d0e619" + }, + { + "classification": "MALICIOUS", + "file_name": "test_os.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "6aa19cc4afc53429cf78e8b2ec996458", + "sample_size": 167216, + "sample_type": "Binary/None", + "sha1": "f3961e88e8ed0accd2ddd187aae5197ccc75dab9", + "sha256": "d2ef4d3aa919c267ee272e086b907d3671ccb91fac6ad11bcd64bf11e5202f00" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xml\\sax", + "md5": "e502bc9cdbd6ad99ddb49a137740231d", + "sample_size": 3792, + "sample_type": "Binary/None", + "sha1": "6d95a538727cea86333cfd62d8c14bb4fc9d4623", + "sha256": "2284695239544fd10331aeef6cea797f45c2dff2a5a2628d6f41e42c8578e0b8" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\ctypes", + "md5": "8eb95d1f666a789546944980bcc87e1e", + "sample_size": 18592, + "sample_type": "Binary/None", + "sha1": "02517ba564347dac716c6937991b35fc27fbfea0", + "sha256": "fe7102740122286fbae40e27b14f340d555408f8755fbcf72b5266b8c252740a" + }, + { + "classification": "MALICIOUS", + "file_name": "test_io.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "7c8a3c620fc757c73a6568fe1dc3fc9c", + "sample_size": 175280, + "sample_type": "Binary/None", + "sha1": "b1188cc68339b19374f0b8a5893ee055b53a6d09", + "sha256": "9276373a12ffbbd455b9f18b92a790b6dcdd5d2bedfe80dbd38dbe9ec4ac8908" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_atexit.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "75622fe47cc698feed1caa00a7772393", + "sample_size": 6216, + "sample_type": "Binary/None", + "sha1": "cd85cc7c4e444fb80e95521d152dc1a148daed6c", + "sha256": "39ce3e26dd6e7a2e6c9add767d7903f8464835e63524a95e9420b4d4cfa8dc90" + }, + { + "classification": "MALICIOUS", + "file_name": "test_aifc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "0734abdf7da25fdfc91419bb15d493cd", + "sample_size": 18600, + "sample_type": "Binary/None", + "sha1": "a5e1158535d743640a86e3a3f778841cebde473e", + "sha256": "6b0e2d9255906cb23d73886ab1d1aeb1ad9f48031f2791860bbc539bf983c1e9" + }, + { + "classification": "MALICIOUS", + "file_name": "test_enum.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "c256a0841490e1b780f11428ae496148", + "sample_size": 125448, + "sample_type": "Binary/None", + "sha1": "5a68d7705a9d5628ec1447a5ed4e40cf278b1a4e", + "sha256": "186a8fc45e742804e8c43da07dae7d28a332d688256287d5dcae84fdf6af6b8a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ceval.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include\\cpython", + "md5": "aa99db677a15cc3553784a012f3b61f7", + "sample_size": 1616, + "sample_type": "Binary/None", + "sha1": "bf669278778c1db80bac0914b38f4d2b3739b9f9", + "sha256": "9315dfb90c9075e467d08d9074fcf0737de0e8ef87fe4e0916703f39e8c72790" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pymem.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "8fb4872f535207e82cbf5a1b74d08324", + "sample_size": 4560, + "sample_type": "Binary/None", + "sha1": "e241e7d581cd862e2610b66b54ce1ede0826e6ec", + "sha256": "e1a88a03bd2eeef81a5c57a871773e8ab0249aa9e76f53c64bc7bdddf8e74edf" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\dbm", + "md5": "04b2dac8ae2c21f83d2b537650d99355", + "sample_size": 6072, + "sample_type": "Binary/None", + "sha1": "e46e92d6d2297f48aeac2271feafdd11ea9979d1", + "sha256": "10eb08ccaa117e7915c5573cc011361004f26f3e7b1a1e82b8a204d1d9ddf3f5" + }, + { + "classification": "MALICIOUS", + "file_name": "nmakehlp.c.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\tcl\\nmake", + "md5": "b012da0069dfb5fc3b595c97049928a7", + "sample_size": 21984, + "sample_type": "Binary/None", + "sha1": "e4956d4722a3843913c4ee6964e555c1d85ec1a1", + "sha256": "dcdac09158d167840de917bf986ae1dae8b0687e703f70a83beb535223dc3e71" + }, + { + "classification": "MALICIOUS", + "file_name": "test_buffer.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "b0f155dbe20d558a8d0d2ee0f974ef50", + "sample_size": 168592, + "sample_type": "Binary/None", + "sha1": "47e6ecfbb70014d4de374fa1d76deaae8bf37e27", + "sha256": "01b9b36cd0f9f2196d04dff359b837204b83aa9a6548fba544722686940cc4c0" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_imp.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "bb20f00ce74852273f90e675c1edbd18", + "sample_size": 18656, + "sample_type": "Binary/None", + "sha1": "a213a487c7e8606a7e3df630c3d3ef3754bd7117", + "sha256": "f21c39bfedd99a6bccefa254a1f31327e55802ea37be249abc484391bfb05178" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "_log.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest", + "md5": "59237a5ec84118b47cc455767fc9648b", + "sample_size": 2408, + "sample_type": "Binary/None", + "sha1": "77f6139f9099fc9e45030d6758b3c45df2610690", + "sha256": "f3f7879f886f66c217c1221d86c29b51e72126a55fdafe1a24312be08e7a9b1f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "beer.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo", + "md5": "91d0b3cdeb80e0b7aab9d2d082246be6", + "sample_size": 632, + "sample_type": "Binary/None", + "sha1": "10c32d90f7de34a8dfafcadfe0e3200723d4011f", + "sha256": "ab0a6aa9490f55389a23f088d48a74891a63639fb2767a413ba03903c45626fc" + }, + { + "classification": "MALICIOUS", + "file_name": "cp857.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "b84d8943ffc9f10c637e926183198303", + "sample_size": 34640, + "sample_type": "Binary/None", + "sha1": "353a223340804503bcc9d34ada2d8b73ba651d96", + "sha256": "9800d8aa58217cf53aab22aec8045fbb78354c9216ecd4b14b253b62bf89c78c" + }, + { + "classification": "MALICIOUS", + "file_name": "test_ssl.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "69551f600d7ebf6e6c87f1d9e4b1aeb2", + "sample_size": 213480, + "sample_type": "Binary/None", + "sha1": "0d8a3e0a033a52b36680cd3f3138d3dab4574c1d", + "sha256": "bf8230984e3266784a3445765d5db9110a67db3d6cac674a0380e0e7f4fb805d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_tix.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "e4fdcba4393ffd8bab9399373206cc27", + "sample_size": 1008, + "sample_type": "Binary/None", + "sha1": "c372a194bdb742d59f8f2abcdd734768802c887e", + "sha256": "22e72dc812aa7048d8216e3e1a3395e8b30583265e31aa080d4170ff551991b7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pylifecycle.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "515f8ea944259eb9465e7d6d295421e0", + "sample_size": 2256, + "sample_type": "Binary/None", + "sha1": "aaacc9fc2c70883025b01a7b186c844ab1a0df7a", + "sha256": "0e38f7bcc5c86a62e118b0635be59f92eb70ba4dbf45152007270106d3946af4" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_ioctl.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "9e1ee88b2b53766626d83d0e8e0977e1", + "sample_size": 3408, + "sample_type": "Binary/None", + "sha1": "5efbfaf8baf728456c7b5fa088b3b336df338727", + "sha256": "1f23ee502aa64cad421cf226cb7a955ec8ff99830c40be788bef62d2ea2ffaa5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "abc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "1a90ca944fabc2457e725126ad8e0b94", + "sample_size": 5112, + "sample_type": "Binary/None", + "sha1": "a758edabb99ebcfe93b06b9562c5b8be62b75ade", + "sha256": "a6138e664b176cd900b48c97fbdc30c38c8ddc15bd1559e82652c9f98f1d96e6" + }, + { + "classification": "MALICIOUS", + "file_name": "test_csv.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "713a3942fa3cb875e6c84901ecb5e86c", + "sample_size": 51512, + "sample_type": "Binary/None", + "sha1": "91b0bae7b492c1d960e992d2c1ac3c491165a50a", + "sha256": "c1825718cdd133223a04a5d489e14c48491770446cef03acfa32e50152d9d2b2" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pystate.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "ad48467e51aa0e8561700cace0224d2d", + "sample_size": 5440, + "sample_type": "Binary/None", + "sha1": "b443a9bf94e5243471eecdcc25d323188cc7e6cd", + "sha256": "e6c82ba2571be52efa2ec0f2eb56abb4625c3fdaaab30fd4950a4eed563dee11" + }, + { + "classification": "MALICIOUS", + "file_name": "test_class.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "6e9225dd9dad200bc36a2ebc2a95700c", + "sample_size": 18544, + "sample_type": "Binary/None", + "sha1": "79aa25b4b820c7069fb644a3f82f5ab6dbc918d8", + "sha256": "757c7836a3a036ab2083341854510f750f5b91b6e37129ceba800f8a5e782f02" + }, + { + "classification": "MALICIOUS", + "file_name": "ntpath.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "61a18760086aba0d88ad90ef833dab70", + "sample_size": 28568, + "sample_type": "Binary/None", + "sha1": "54ed0cfb1a9b65b68c0da1215484499e4eddf3b5", + "sha256": "d71c3e5a51b53c986a7e4e93aaf889d99bccb1bde24419bdb54fe342ff6bf84f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "boolobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "f2a985c2fdc3198b0bc1e8020abaeb6b", + "sample_size": 960, + "sample_type": "Binary/None", + "sha1": "de53e990ccd95c75832304ed692417274ca10af7", + "sha256": "7cd0b8a4c857508677fd12823f395db583550bc66ed4e68010dd34176637d8af" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "sidebar.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "309157c18b97fd0b09f907d523977806", + "sample_size": 13968, + "sample_type": "Binary/None", + "sha1": "644b15087016e6a789ca3fb6b74988f7c48978e6", + "sha256": "885cbc65e6f5e2e75c8b8d38c56861c38511590408c199b97cdbc9e67bedd34b" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "audiotests.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "33e6cc8991482f1bdd95add91d2ad477", + "sample_size": 12760, + "sample_type": "Binary/None", + "sha1": "752e4689a59ed4e517f862d43e8cb4ceabf2299e", + "sha256": "850e40158397a29b6c80641b6a8882926845da8c311d3658dc8b2beebcec03a6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "browser.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "38b3fc9a94ffa70c36e7bf6207033178", + "sample_size": 8600, + "sample_type": "Binary/None", + "sha1": "9709bc3e35e4bda71481a0aa75626861d42e5644", + "sha256": "81141adfcaa8c6c1acdaa8e813b2ad3594626428a15cf2609ae6297d272cb9a4" + }, + { + "classification": "MALICIOUS", + "file_name": "trace.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "6ae6daf2cf64f51b283a165db6c9bc85", + "sample_size": 29976, + "sample_type": "Binary/None", + "sha1": "db298b7d625564df410489e4f485c159fdfb4ef0", + "sha256": "ad482fbdf429047cc5e3f0c40e4cc69a5d59417f405d2c34b22c5e7edcec2324" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "hashlib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "ae121bc208e03d0af125243670764b6a", + "sample_size": 10312, + "sample_type": "MZ/DOS", + "sha1": "01490c527b94ab99655846826dcf852014c12e30", + "sha256": "a409aee307ca44a46a765c07139a5d522640d1186b7598ad6b2cf5542c8ed4db" + }, + { + "classification": "MALICIOUS", + "file_name": "handlers.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\logging", + "md5": "a765315e6953b8cafe0869270655fa6c", + "sample_size": 62032, + "sample_type": "Binary/None", + "sha1": "3fcf591792f38293b7c85091e5e2f496878d5a88", + "sha256": "c091cc66f3ad6fee8f1bff404144415230f11c78d5592e7cae5bd103633a9911" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "bisect_cmd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "86041789713339250d9f0416138c1274", + "sample_size": 5560, + "sample_type": "Binary/None", + "sha1": "fef692b7dc0ad9c1f03183de83107da0bc15e77a", + "sha256": "43d43d732050e63e76afe9dae39822ff9be032227e6ea0c83780bd3c63cdb81c" + }, + { + "classification": "MALICIOUS", + "file_name": "pytree.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\lib2to3", + "md5": "9574d0f84037a23a665cf61231168bdf", + "sample_size": 28864, + "sample_type": "Binary/None", + "sha1": "baa95b094ed4bfa8b1e578eb38e63629b57da8c2", + "sha256": "544db153dd1f23bc44edc02d680a8fcfc3fb73c64118527c777ce8ef36e26224" + }, + { + "classification": "MALICIOUS", + "file_name": "tmpjnl2abyncacert.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "md5": "dd21df9dbd7b4171c3bc9a9953783536", + "sample_size": 266008, + "sample_type": "Binary/None", + "sha1": "4cf6b423754facf94d2f51b899120e0d85c4ae8e", + "sha256": "cbceb201271ea2a599f3c8e1c4064b9c1e714b7c6c925f2f3f60952dec74c0c3" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp1256.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "238cc213acd321cf066cec287f49cd2b", + "sample_size": 13160, + "sample_type": "Binary/None", + "sha1": "577d95396ba77ce515ba2d96dd0ff309742afda2", + "sha256": "c2f7639889073185bb8cc7612b2be86d6ae4048e05b254f66f4174b88b9ace34" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pytime.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "567011b04cf2305d53536e9386ffa35f", + "sample_size": 9216, + "sample_type": "Binary/None", + "sha1": "ffcb2057af6b7d633c7ed4e142e4cbf41b671dd0", + "sha256": "3d42038fd2e476eb68cc7a4a3627dc05678943ec361dbab1cfbcf2ebd028fb70" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "errors.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "md5": "b88f19829ed47e07b0b6d100b2ece2a3", + "sample_size": 3712, + "sample_type": "Binary/None", + "sha1": "919ff94eaab2b57893d2eeacd2b18a04535ae977", + "sha256": "a43fcd2dc8b8f28919c36bf40263b40ddba364e5a25fce5f0bd1ff5427f157a3" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "TK.cs.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\tcl\\tix8.4.3\\pref", + "md5": "ad6cac133a844162a9d90e09b2948749", + "sample_size": 1096, + "sample_type": "Binary/None", + "sha1": "18ac8f1fd279ceba9dbb0311ec914e34ffb9cba1", + "sha256": "4a5b3e288f80940739129f3b77f6258f233fcf5e097938a80815c5fa81534388" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "context.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "8684073c3e06f447bd5360e98bd2c96f", + "sample_size": 2080, + "sample_type": "Binary/None", + "sha1": "490605ef9143a981bdeabb80403edf5e0efff657", + "sha256": "a2bfdbb39c2fe5ef3bf48f9e409ceaf787115410ea91351f363cba86579bd387" + }, + { + "classification": "MALICIOUS", + "file_name": "pygettext.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\i18n", + "md5": "74cb4050c6be6aaf98afdb39eb3bca08", + "sample_size": 22208, + "sample_type": "Binary/None", + "sha1": "08b1271b68322d8f4dbf1f8bfee89ffd1766e25f", + "sha256": "033d415f514a431a7de76d93029197868fc802956e6cf59b636b6a171db170e3" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ast.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "3cad2a71cb4f220c287a476226cd10d1", + "sample_size": 1024, + "sample_type": "Binary/None", + "sha1": "e5accc9eb172ede4cb3edfa68349478bc436bfa2", + "sha256": "150bddf777b57e2a13364fe80f4ec376b2785d5a8d7953219362b53ee8d99cad" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ssltests.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "3f8a5cd23c493117f20d5346f3d5c74f", + "sample_size": 1128, + "sample_type": "Binary/None", + "sha1": "9169480a73de2cb59057aa063bcdffad37151b39", + "sha256": "620f901c74211b73d059c45d5ee0608e3d8252f69d2aff2a0841c81523c7be95" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "vector.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo", + "md5": "4d9769b3f062060072a7883d842cc52c", + "sample_size": 1568, + "sample_type": "Binary/None", + "sha1": "96e7c8e9efac8e32e08bf403c94cb1f2046567b3", + "sha256": "76cb310b9b1604febccc2a255c6dbaab8f7919af136e6daeb8f214e74b6e8e33" + }, + { + "classification": "MALICIOUS", + "file_name": "editor.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "22afad8f02a4112857b209fa2af04ed7", + "sample_size": 67448, + "sample_type": "Binary/None", + "sha1": "d35bb20df36ab037a034ab3ac457df2e842285c8", + "sha256": "06d5999ee4e5ec5a1984ffd3e3dad051de12cc00150db799c49ac65fdeb0120d" + }, + { + "classification": "MALICIOUS", + "file_name": "parse.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\urllib", + "md5": "9f13a3a136af4df91e1b8b6db572c3d5", + "sample_size": 43552, + "sample_type": "Binary/None", + "sha1": "7c73130677167366ad66059c699859f3551f743e", + "sha256": "82eabfaea8eba7f679e80749243cd3e12769a7b7627091b0f9566090fa7d8e75" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "badkey.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "4e8200b6030c213d203bf4443dff9440", + "sample_size": 2240, + "sample_type": "Binary/None", + "sha1": "09fa070aa06809e657661101a5c48e9194585f2e", + "sha256": "e4238f9fdbe3b07806d1e80ef81c643b3ee7fcf2f3a7c35e37d0f01d0db91372" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_future.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "731a017eafc9d6822bc6de9b99b42afe", + "sample_size": 13672, + "sample_type": "Binary/None", + "sha1": "e5dacab821f8bc0c70194cfe3244377586689eee", + "sha256": "b6a630fdb34a47f0e449dd8bdadd124fa87bdf3139d6b7c74cb8d02fcc0384f6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "sequence.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\msilib", + "md5": "b6c547f2e47756d06d8c1093e36ffa41", + "sample_size": 4096, + "sample_type": "Binary/None", + "sha1": "0dc59105f86a299b268a1e2dce5a1ad3d7aacd79", + "sha256": "0049582a95af06ca508cd280e95008befc7b2ec53e551ef40ef7425668774cb6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "iterators.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "md5": "ff8e99ed6d0e2190180e1a2de8efb811", + "sample_size": 2248, + "sample_type": "Binary/None", + "sha1": "5f6ad08eb9c626acdb602452d74a5c592a832e42", + "sha256": "7bf273792320fdfe24e83ddac1a769f0037d9ee4f96ee674412eb5a923f35038" + }, + { + "classification": "MALICIOUS", + "file_name": "argparse.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "31df238dd44c26060b4261c1a37661a2", + "sample_size": 100744, + "sample_type": "Binary/None", + "sha1": "711e78113746cd8de1202bc6986e705463010128", + "sha256": "ce70fd5f0a8c62068e34207a5e2103eea7806d12f44917664cab2ebfa41916f8" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "font.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\tkinter", + "md5": "3d5269df79862c744d18f0baf3288280", + "sample_size": 7096, + "sample_type": "Binary/None", + "sha1": "bbb5a1af27e7ffbd570cbc601b5df7bcc445036c", + "sha256": "d9c9b33cb67d7305984b2c47133460fe2df8e409e74bfba2ee01cebbf63274c0" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\curses", + "md5": "c6adcb3445104f5626d10d9f545dbabb", + "sample_size": 3512, + "sample_type": "Binary/None", + "sha1": "0873c9b2810be1c39dd077f68397b88577455a87", + "sha256": "0532163f2192f4e5f5a95f8173db54c01a1535b8adb9cd1b2a149721795d8818" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "longintrepr.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "1723b99627e4bdf720027582b983ae6a", + "sample_size": 3936, + "sample_type": "Binary/None", + "sha1": "e0150934b85d54c20eaa34a84a8379f58be2086e", + "sha256": "dc3db19dede7d4277778149aefe58bb9da8eaf5bdab79ac2975d3997a422d2ca" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_cmd.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "b84f0463c8519e86c8c136afd0bb3e39", + "sample_size": 6528, + "sample_type": "Binary/None", + "sha1": "f398989b5d69d7972bc137d2da6699592177678c", + "sha256": "a777aee97c2524c4024c00f61d6669d2a6528e5e0f5e916125e804bf009355ee" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "diff.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\scripts", + "md5": "61f06a47b45479b63c57f0cb49e713d5", + "sample_size": 2360, + "sample_type": "Binary/None", + "sha1": "07dca015053ca1cf3899a2554db56f801d308a17", + "sha256": "cbaa8b8db12c60690bee81d87455d5461063f05749585d30e825b4cb873a26cb" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "gdb_sample.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "da878be3c3beb17e3552246be730e946", + "sample_size": 208, + "sample_type": "Binary/None", + "sha1": "2397e6a8fc7676a9fd85d5dd4bf62e21d1f4a02e", + "sha256": "414f4a44a68b7354e6ab05db4bbcf8aefefefcf518497cdb02cd403a58c8a172" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_unary.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "38bb72a64b91b6b167514a2d9af86caf", + "sample_size": 1760, + "sample_type": "Binary/None", + "sha1": "3a1f071cd7c249d5bd16cee6563acdfa40897701", + "sha256": "f738fcaa4adbed539668e45a94cdbd98e38494d91abd752b50f3c706baa85aff" + }, + { + "classification": "MALICIOUS", + "file_name": "entities.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\html", + "md5": "dc95235177e97927ce2ab38e09ca1eb2", + "sample_size": 77936, + "sample_type": "Binary/None", + "sha1": "bb798146c3a6bbd6a252e5b58e8e3c3b0986ce8f", + "sha256": "844c4ce8feae28e95c3bd9981ca4effc935dcfb061a9f7bf2248e51a655c8842" + }, + { + "classification": "MALICIOUS", + "file_name": "test_signal.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "b7e1d7f97195feb2f50f7ea7492a1b6c", + "sample_size": 50560, + "sample_type": "Binary/None", + "sha1": "5864185114dca1cc0363efa0738e583b56ad5562", + "sha256": "a0b8c4c04078263c4ef286dc34cba3f4db552e9558878807ee71c5bd4d81b8af" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_getopt.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "a89d45ccf05f7ca33384548b0553ce6e", + "sample_size": 7136, + "sample_type": "Binary/None", + "sha1": "9380ee8e05d23de393ccdb50d1a6da7de6ffb8bf", + "sha256": "1f87328e23560bf321ef4304c1c5c30a9f17a13af26fe3e6386a71654ba52c72" + }, + { + "classification": "MALICIOUS", + "file_name": "dis.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "6af48ff39dbdaeb5037626f988bd9095", + "sample_size": 21160, + "sample_type": "Binary/None", + "sha1": "03d01700a73822b74dca04d7d8f9627ce3a6c1fa", + "sha256": "e66384a92d233cf3ad782f29919a5d23e4249ffad7ce1f35427e3255ef511fc4" + }, + { + "classification": "MALICIOUS", + "file_name": "server.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\xmlrpc", + "md5": "7123342a3f6864ad33881ebef8a1548e", + "sample_size": 37704, + "sample_type": "Binary/None", + "sha1": "da78c94c57d7ca8b624ef07bfdcd60db7e7a1515", + "sha256": "cbd089b3a28dacd1082feebaa416077437d037c591d27876dc7bc95c838bbab6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "utf_7.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "92377baf49dd717debe3b84e6b7d5ba9", + "sample_size": 1024, + "sample_type": "Binary/None", + "sha1": "a5cae271da87ab0cd02d41469e35f8ecb4410217", + "sha256": "00e8835c3c710aad3c01590c7b63e3f577547fbeabc12e57fc505358538dc523" + }, + { + "classification": "MALICIOUS", + "file_name": "test_bdb.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "f521a2f49de062f370c75430a49e33f7", + "sample_size": 43592, + "sample_type": "Binary/None", + "sha1": "117551b54a7c0c052494fe1aec5bc1b1821204cd", + "sha256": "c6baf66b4475397f29436566c7f2ffac7e9fb39b62643885cc80a9ce9a52a06d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "tooltip.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "7caff095de72d8087feb869b97dacf02", + "sample_size": 6784, + "sample_type": "Binary/None", + "sha1": "64e4570663d2d6a945becf1a34b47c8ab4068a39", + "sha256": "f67b6edc28a90f3ebec421c43b4fd43621f437819faf8883005b8a290a7ba736" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "longobject.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "c35322dd297009f73ca4c8129d2a2856", + "sample_size": 9792, + "sample_type": "MZ/DOS", + "sha1": "c0397f2e60c21e33c8ccbcd70c5e63172663e4a3", + "sha256": "97e2ca05e5ec70cfdd5d3d1696241038acaf6ae3bb9bf815136bb324bccec454" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "hanoi.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Tools\\demo", + "md5": "6507207d236f00155cd00f20c3717be2", + "sample_size": 4808, + "sample_type": "Binary/None", + "sha1": "014dd80dd31d0bb6dfa022eaf45641b583b8a279", + "sha256": "60272955c879ef39e9f3dbd4e7296556c88d064641a473663de54b1a7f38dc7a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "iomenu.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "63354eb59874777b43f43a3f6cba70dd", + "sample_size": 16312, + "sample_type": "Binary/None", + "sha1": "cbdd8058b3554b97bdae9dc24dc8182b4cd15e7c", + "sha256": "edc22804ace0cb83bb6bc4f1b6eeea5304a0a116d281ea7c448b1a73ffd0d618" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "timeit.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "8ca7686c055460a56f8eb2d3b6637f61", + "sample_size": 13896, + "sample_type": "Binary/None", + "sha1": "fc3fd89d86fd03b16f378ba237bf20d410ae0a8f", + "sha256": "07bf88763d28266cab5ade1eab7a666672a23406b0da3cafd9c3c73f96d426b6" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "format.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "c2b940c1b75e8b365ddeebbc30760494", + "sample_size": 16240, + "sample_type": "Binary/None", + "sha1": "927a07752cee74376f37b392e684b5cebfb5553e", + "sha256": "57f1d099125d74f3795ad087392c9bb021d2ca57a9e95bb85568f945b493bc7a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cgitb.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "4dac5d43582618862deb77de2babda13", + "sample_size": 12456, + "sample_type": "Binary/None", + "sha1": "5e37d236b663b652f15cd5f9fc6ca3298b31d79f", + "sha256": "695bb83ab13bc6e85edcc96b3acb90dff94e5f2038e19aa0fc6a2a7d9a63cf93" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "cp950.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "19e867ff5fc9f93821102b49a1bb0d20", + "sample_size": 1104, + "sample_type": "Binary/None", + "sha1": "19da0527784a5f1c7deb71561acc4be6ed9f89e9", + "sha256": "cd84df10ff9443a8bb8ce9c099f67f7a856428c2ac5bc577938167f83c69f06d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "poplib.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "73001bf8bb135daeb8aada07ac429a89", + "sample_size": 15720, + "sample_type": "Binary/None", + "sha1": "13d86e5812432bd59f8cf769ecb8a3288c527808", + "sha256": "03b30cf06facc4a882961de7db095047369404b6206590784b493fee51d1774d" + }, + { + "classification": "MALICIOUS", + "file_name": "selectors.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "d994316f941d88692a3ee31a6951cd41", + "sample_size": 20192, + "sample_type": "Binary/None", + "sha1": "8a8f875e85b1c489915e421be7933f4655941560", + "sha256": "04dce8dd06e2167c1bb13c8fd114aa57b2ca82b2c2778f87d297b9ccde900ef3" + }, + { + "classification": "MALICIOUS", + "file_name": "pyshell.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "05c2915d97cf340947cd8000049e1419", + "sample_size": 59232, + "sample_type": "Binary/None", + "sha1": "1d4249b1aa37ba3c4e1bb0ace862003445e5a3ed", + "sha256": "35d01047d9d857f5a07a16e566192ddbc25cf78d7993f2e8d413b5021983cfdd" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "idnsans.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "39adbd8b498b0d5572be51e13e9abed1", + "sample_size": 10152, + "sample_type": "MZ/DOS", + "sha1": "deb03c95ebb092305f6ca9caec75c1299349a1c9", + "sha256": "de046c48cd112e979b2a68ff1fb840e2fb9100da3529e1e3be5084eac4fa886f" + }, + { + "classification": "MALICIOUS", + "file_name": "cp864.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "edf555d2e3f74e8173f852198135a6c9", + "sample_size": 34392, + "sample_type": "Binary/None", + "sha1": "1bc09dd060df8d292c8f36f198f195a26464abfe", + "sha256": "7e45d52b96738515b6375bfdeb64c2acf577fc158aab67c84e9786c736e44b00" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "query.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "8fc082f1304ccb82b518afde8e540d2a", + "sample_size": 15504, + "sample_type": "Binary/None", + "sha1": "10549debf746b444563eff4b90d5ed4727b53456", + "sha256": "30eadf95f4625a137f63218a024c4a1b8cfcfa155139b20d12a9e405bd4c06c5" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ssl_servers.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "2db2b517a2ff4da36dfcc96b0334b491", + "sample_size": 7528, + "sample_type": "Binary/None", + "sha1": "4bda8591c54fc4dc7853ebdf6b2e2e3c9cecdc6a", + "sha256": "947a6ba50436d6e2526409831cb4b5bdad027d4b141e018b6c71e958c82f5133" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "main.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest", + "md5": "735fe7cb4e618022989ac9dc75ba79e1", + "sample_size": 11568, + "sample_type": "Binary/None", + "sha1": "7945040cd3604f3553c37eea3a380d5f8ecdc0e2", + "sha256": "fdf866c2b7cd7c777df2755a3a5b76d4abe7dbdc3954e468ce29c5c659ec01a3" + }, + { + "classification": "MALICIOUS", + "file_name": "sysconfig.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "f0fabb4ca0556e6e9300464627fca3e8", + "sample_size": 25680, + "sample_type": "Binary/None", + "sha1": "eac2e5ef1ce7a19827948f510a60781cde4c4a58", + "sha256": "8b6ce9e32face516055ad61ebeffd3204a6eac13726de134e76b2ac9ed464bb2" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pycacert.pem.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "0d75b8b2a4fc0b6d9a2b202d05e61562", + "sample_size": 5800, + "sample_type": "Binary/None", + "sha1": "03f3088147d0cfc7a03f1ea536523c5d38d08f1d", + "sha256": "deb2bf3126b09b3ec97b3a639b265a6b83fe4bb5cc8b62fa6f4d2de3278fc1e2" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pyframe.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "d18ac835715af1f40626f05a75fd59ea", + "sample_size": 528, + "sample_type": "Binary/None", + "sha1": "87fecae0b6b8358ba2c265fb2cf53e24d8b03539", + "sha256": "0d100fc7a5f109ba456c05922be44f2b21ea1314d505374c91c968af27375093" + }, + { + "classification": "MALICIOUS", + "file_name": "generator.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email", + "md5": "bd5b9ddbf7194ab2964370e376cf92bf", + "sample_size": 20752, + "sample_type": "Binary/None", + "sha1": "4fb1b5d709e3bf81a0623d1df96615a66ede7c7a", + "sha256": "7d8caacc64756c706d5dd1fe26a3e79d8e1c71431f64208a3a0a1d90315d208d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "au-descriptor-1.8.0_371-b11.xml.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Temp", + "md5": "54b0891167272da470696c9f3f1fb728", + "sample_size": 6872, + "sample_type": "Binary/None", + "sha1": "09c294fb3feef54edd18dfe2104767e9700131ab", + "sha256": "00794d1c19081d14eefb33da7d229c34c8f1336179b88647cf7586f894a9386f" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "runner.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\unittest", + "md5": "6a164e99308737873671f632affd0315", + "sample_size": 8320, + "sample_type": "Binary/None", + "sha1": "9c4254dd3c2aac961c1211a11a8e3583af6a874b", + "sha256": "00be5a4ee498dc74aad7a6b8819c36a9baf7005f85b4da7ece45f3f64265bf20" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "import.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "df59afa9ffc38048390c63b83fa848bf", + "sample_size": 3168, + "sample_type": "Binary/None", + "sha1": "45f43c3c90d264bcd1e42947b4b4ef7eecd24b08", + "sha256": "200e500090f676aabbd6f2adbd55be1d743b005bcf45a636e24202dc76de4293" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "parsetok.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "6c5ba6b6741f0ceba9e30ab36ff31634", + "sample_size": 3112, + "sample_type": "Binary/None", + "sha1": "193d1bf3c1fc6f5480f4d0b83d76f7215659c517", + "sha256": "28765097f0bf88e54f12f2af929069658762bcfe8a2d7565bbeb245a9c91e1f9" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "xmltests.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "1d2f44db4f359a98cf07c364940db5f5", + "sample_size": 560, + "sample_type": "Binary/None", + "sha1": "c763c6adcdf10ea366995408510c8a3e11b0e028", + "sha256": "655bf9d69af0c1ec41fef625de5ea4b34bd503b24386e3e42a09d994b4e650c0" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_frame.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "7f47173650e4e29856f21ec78c7ab359", + "sample_size": 6056, + "sample_type": "Binary/None", + "sha1": "bac3b60588da442f28300cedf60cf06be9ea1e5b", + "sha256": "7474254e8ecf26a21ff84b485984ad428d3f5df07007efd2047e3623b524bd24" + }, + { + "classification": "MALICIOUS", + "file_name": "cp863.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "34985d254506b2dbbf7aff0cd0a8c606", + "sample_size": 34992, + "sample_type": "Binary/None", + "sha1": "31fda7d0d2dd6bed3a6919704ae1bce57ae57de8", + "sha256": "3472ceb372a1372e37cfbe0f8dcfb2003ffdaa58917e0c2666e037e3057f83aa" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "filelist.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "5e43b1c795f0fbd27e7d15863f1beef6", + "sample_size": 4048, + "sample_type": "Binary/None", + "sha1": "c555aa076f1ee5edfd69fe0372f1041a27237d31", + "sha256": "3c3891eef7167f1eeb34bb23036658302585ec1f134cd7e1dd3c62c03d73e985" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_file.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "a32d95d8f5daa84a1f3f2bca83a992f2", + "sample_size": 12344, + "sample_type": "Binary/None", + "sha1": "f8d48ec64aec40c4a713c92e9ccbf76f402b1c50", + "sha256": "9871462f91b8cc7e941ada6fbd68ac5fc60badb7c57199d81c5c4c0150de6743" + }, + { + "classification": "MALICIOUS", + "file_name": "test_gzip.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "21e2eb43689719dedb6bb74f31071379", + "sample_size": 31776, + "sample_type": "Binary/None", + "sha1": "e28fda1464e185031c6cdfaa3087f862706a02b1", + "sha256": "29e1d1c29a5560dcb3efe7aa693f48bd30f6463e7e7e9985faee4c532cdd8eef" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "__init__.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\sqlite3", + "md5": "ec34839e24c17652d98377ae7da847a3", + "sample_size": 2112, + "sample_type": "Binary/None", + "sha1": "ed94d31a40322008e892e9e8dfaeed17f9263b4a", + "sha256": "b89e9802131ce32d4162654e8da8b080fe8de5cc26dd2600122c01da9a9bfa95" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "debugobj.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "6365f84afa2357ee7ae246fe563a6b5c", + "sample_size": 4240, + "sample_type": "Binary/None", + "sha1": "3ccfec0c42f7e2ac014a0f478b6d87ed1f6de661", + "sha256": "f68b53231485ebfa45f92dcbb0169d5876af77916fc104cf7b2171573e3ca357" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "errcode.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "f8094036a3ebf5fe26070936aa906d19", + "sample_size": 1704, + "sample_type": "Binary/None", + "sha1": "21a3b03749bcbc6d5205e23d5061350a42f92b9d", + "sha256": "2de188f03d93fe3703ad060126e42452d6f57f80f89c4928239b19458393587c" + }, + { + "classification": "MALICIOUS", + "file_name": "tasks.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "md5": "c552e2b110d748d471cd14d7fb7069c2", + "sample_size": 35448, + "sample_type": "Binary/None", + "sha1": "39ddc696d55b757785bb36662df5413bdf57e288", + "sha256": "62fa157d75c088a7980a247793b23625beb4530989da6e763bb60d4e94f29439" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "audio.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\email\\mime", + "md5": "5854888ff17abbca6edb03e0e1fb8c39", + "sample_size": 2856, + "sample_type": "Binary/None", + "sha1": "644a62687f78740c1d3fa2582167e1f75e91eb82", + "sha256": "ac73331166b36c1840889a6ec0e41bde6c9c111653e64e1a388e56df1a0fa5f7" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "5c4702cd526cc48a8ca08b053b04c176.xml.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Office\\ONetConfig", + "md5": "d4df5d2f0b54b4708314b3ce2a692e0b", + "sample_size": 2168, + "sample_type": "Binary/None", + "sha1": "f2b6afd485689228062bab5f453fa2b5a0ba4f63", + "sha256": "8757531e09e21f0fdaa18c1a7fe1923157eeef9f2967e428aa4860ac0a52abd8" + }, + { + "classification": "MALICIOUS", + "file_name": "pstats.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "fd20728c75685f8d9f8d2459a892e015", + "sample_size": 30144, + "sample_type": "Binary/None", + "sha1": "49661a36c53a151ccd24b130fba94ff3286aad93", + "sha256": "de6857475be57b465eb1f5b3a21ff2216448afec0f59c33b206fb64b7412ddba" + }, + { + "classification": "MALICIOUS", + "file_name": "datetime.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "90bedd604a02e5969bbb471537b0696b", + "sample_size": 91776, + "sample_type": "Binary/None", + "sha1": "a529353fddf007810cd37d60c859320fee694fdf", + "sha256": "e7d518e0c9a73eb55acd007674e89b9f916dfe3da77960eccadd55108a768f39" + }, + { + "classification": "MALICIOUS", + "file_name": "test_shutil.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "9689aa8beff05a81bf28ba34d6b2e18f", + "sample_size": 108864, + "sample_type": "Binary/None", + "sha1": "09361dc6d08bd5be81bcf4e5f21591e2c700b8bb", + "sha256": "0c23344518e05d5868a8a346c87128e9aed1fa9bd00649ccce18be2b2ada4fa6" + }, + { + "classification": "MALICIOUS", + "file_name": "sslproto.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\asyncio", + "md5": "e98b3e0347f854f6f8ebb9238ea5280b", + "sample_size": 28240, + "sample_type": "Binary/None", + "sha1": "95f874031d161426298ef90b89aaa70c06a9ddcf", + "sha256": "0bcd98cb477a99d325fa0dfe6a81c040d9cb2bed786f715060af4971af70003f" + }, + { + "classification": "MALICIOUS", + "file_name": "rpc.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\idlelib", + "md5": "3172623b5df9b23c04e7e3c3c1512c50", + "sample_size": 21752, + "sample_type": "Binary/None", + "sha1": "799babf5c16623165b3f17ebc709e7f897cd9b16", + "sha256": "eadd94f4719731b6c33b1293fb2cdfdc24e7e3f405411612731fbcc8ac04e19a" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "linecache.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "cafbcfd1b6c907735333c426792229c5", + "sample_size": 5680, + "sample_type": "Binary/None", + "sha1": "a71b95f5fb587235218d01dcd39d6e35b1d551e7", + "sha256": "1e20834489ff00871dc5854eddf241bb1bdf75d89feaf163940273720b5de892" + }, + { + "classification": "MALICIOUS", + "file_name": "ssl.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib", + "md5": "b051959fa90489c3d55edfa7a4656ac9", + "sample_size": 52288, + "sample_type": "Binary/None", + "sha1": "de6b7b8efe92736c319e4f276625d4986b26ca7e", + "sha256": "135c41557a44f703c0cf9f48b59941d7c4f369ac3dd1e7fd926c976b52f32b19" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "ann_module.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "30272649ed2d747db3ce1b7cab85fe30", + "sample_size": 1208, + "sample_type": "Binary/None", + "sha1": "a81ac9f957f084f37e026429390c08af83b2c45f", + "sha256": "e92694e7993570a95ac9625741cf7fd7aaccb059deebb8c50be6975510e96d17" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pythread.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "88a6f2d25b7f404dc45ead21c2854ac9", + "sample_size": 6144, + "sample_type": "Binary/None", + "sha1": "cf6554637b90dda0af507ea0a4a0342739ca8512", + "sha256": "8e86f854f055bc80c5f539042c64d54a5ae17f1d7cf8895e25f0bb4330721c6d" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "core.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\distutils", + "md5": "eb5dff40652ae7dd1995d5ccc54701b2", + "sample_size": 9152, + "sample_type": "Binary/None", + "sha1": "54f02c84de55e086fddb52f4a12995a45722edc5", + "sha256": "02177c597f6a5c7a7f993161a7b14f65154959fbb29719b9f047626c6c94c146" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "pymacro.h.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\include", + "md5": "41b5134d662b68d9a990f710456acf80", + "sample_size": 5096, + "sample_type": "Binary/None", + "sha1": "7335f23165f42a1fc2802be0cf0020248548db93", + "sha256": "1194056fe6cd6699aa5e907d60297f7fe0537853bcb038dd354e8d30749e5d99" + }, + { + "classification": "MALICIOUS", + "file_name": "server.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\http", + "md5": "edf08c57b83eae98274cabbcd0669e87", + "sample_size": 48712, + "sample_type": "Binary/None", + "sha1": "11a4bc5c1f21810405b2104aecc4daab4a17f007", + "sha256": "231b9733ffa226da62ee9436c3a77b0c155ef3ea4ed37e765d8312665e37a916" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "headers.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\wsgiref", + "md5": "340d1ef349d9abca1bef4e1df2730dec", + "sample_size": 6992, + "sample_type": "Binary/None", + "sha1": "68f18461c9e58eb15a8bb08d4d6416e8c3ec0fdf", + "sha256": "e7f46189affdb87a0e0338b747e463ca6c5ed68ad3d8abb07f36cef79ee2d544" + }, + { + "classification": "NO_THREATS_FOUND", + "file_name": "test_pkg.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\test", + "md5": "a1c43319ad3407421c40eca1cb5f3ddd", + "sample_size": 10160, + "sample_type": "Binary/None", + "sha1": "73252e34437f9344acc784b8439ffe4b048918a7", + "sha256": "a2deb4ae5a106bef23236a3dd07ff6f5385782d28b7f53b99fe27d28aa291b52" + }, + { + "classification": "MALICIOUS", + "file_name": "cp862.py.toxcrypt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Programs\\Python\\Python39\\Lib\\encodings", + "md5": "1957097ab8f3948d2797c5707a2a6195", + "sample_size": 34112, + "sample_type": "Binary/None", + "sha1": "20a216c817f032232a38ef7dbe42a2bb3687ad90", + "sha256": "f9b18890c0233ecc0d425656b6564aa22fb09a7b75214ad95a4d2fd56d464574" + } + ], + "dropped_files_url": "https://bucket.reversinglabs.com/rl-cloud-sandbox-dropped-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_08249dbc-77bf-482e-be4d-b8fa58de01c7_dropped_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024237Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=0754967f88b69419f9aabe99ae040632546210ba012cbc35b19839ec8e5a60c5", + "md5": "d5720ea13de22edcbe76d20c7908c0bf", + "memory_strings": "https://bucket.reversinglabs.com/rl-cloud-sandbox-memstrings-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_08249dbc-77bf-482e-be4d-b8fa58de01c7_memstrings_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024237Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=d09eaaf10332e5b4dfc8de433a19ba90d3f39c779b7241f5217184045018ff85", + "mitre_attack": { + "matrix_list": [ + { + "name": "Enterprise", + "tactics": { + "tactic_list": [ + { + "id": "TA0005", + "name": "Defense Evasion", + "techniques": { + "technique_list": [ + { + "id": "T1055", + "name": "Process Injection" + }, + { + "id": "T1027", + "name": "Obfuscated Files or Information" + }, + { + "id": "T1036", + "name": "Masquerading" + }, + { + "id": "T1140", + "name": "Deobfuscate/Decode Files or Information" + }, + { + "id": "T1027.002", + "name": "Software Packing" + } + ] + } + }, + { + "id": "TA0007", + "name": "Discovery", + "techniques": { + "technique_list": [ + { + "id": "T1083", + "name": "File and Directory Discovery" + }, + { + "id": "T1082", + "name": "System Information Discovery" + }, + { + "id": "T1124", + "name": "System Time Discovery" + }, + { + "id": "T1518.001", + "name": "Security Software Discovery" + }, + { + "id": "T1016", + "name": "System Network Configuration Discovery" + } + ] + } + }, + { + "id": "TA0002", + "name": "Execution", + "techniques": { + "technique_list": [] + } + }, + { + "id": "TA0011", + "name": "Command and Control", + "techniques": { + "technique_list": [ + { + "id": "T1105", + "name": "Remote File Copy" + }, + { + "id": "T1573", + "name": "Encrypted Channel" + } + ] + } + }, + { + "id": "TA0010", + "name": "Exfiltration", + "techniques": { + "technique_list": [] + } + }, + { + "id": "TA0004", + "name": "Privilege Escalation", + "techniques": { + "technique_list": [ + { + "id": "T1547.001", + "name": "Registry Run Keys / Startup Folder" + } + ] + } + }, + { + "id": "TA0003", + "name": "Persistence", + "techniques": { + "technique_list": [] + } + }, + { + "id": "TA0009", + "name": "Collection", + "techniques": { + "technique_list": [ + { + "id": "T1560", + "name": "Archive Collected Data" + }, + { + "id": "T1056", + "name": "Input Capture" + }, + { + "id": "T1005", + "name": "Data from Local System" + } + ] + } + }, + { + "id": "TA0040", + "name": "Impact", + "techniques": { + "technique_list": [] + } + }, + { + "id": "TA0006", + "name": "Credential Access", + "techniques": { + "technique_list": [ + { + "id": "T1003", + "name": "OS Credential Dumping" + } + ] + } + } + ] + } + } + ] + }, + "network": { + "url": [ + { + "source": "memory", + "url": "http://127.0.0.1:90500123456789ABCDEF" + }, + { + "source": "memory", + "url": "http://dist.torproject.org/torbrowser/4.5.1/tor-win32-0.2.6.7.zip" + }, + { + "source": "memory", + "url": "http://gcc.gnu.org/bugs.html):" + }, + { + "source": "memory", + "url": "http://curl.haxx.se/docs/http-cookies.html" + } + ] + }, + "optional_parameters": "internet_simulation=false", + "pcap": "https://bucket.reversinglabs.com/rl-cloud-sandbox-pcap-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_08249dbc-77bf-482e-be4d-b8fa58de01c7_pcap_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024237Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=d0a36b3fb2b6682dade177a83c5119b0e725bb4ad0a2d28fd2a3a7a0dda56a35", + "platform": "windows10", + "process_tree": [ + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 1040 + }, + { + "name": "rl_file.exe", + "parameters": "C:\\Users\\user\\Desktop\\rl_file.exe", + "parent_process_id": 4160, + "process_id": 5252 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 1040, + "process_id": 1076 + }, + { + "name": "rl_file.exe", + "parameters": "\"C:\\Users\\user\\Desktop\\rl_file.exe\" ", + "parent_process_id": 5252, + "process_id": 7716 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 1428 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 1428, + "process_id": 4548 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 7620 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 7620, + "process_id": 7568 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 7892 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 7892, + "process_id": 7880 + }, + { + "name": "Tox.exe", + "parameters": "\"C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe\" ", + "parent_process_id": 4160, + "process_id": 8020 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 3456 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 3456, + "process_id": 6668 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 5256 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 5256, + "process_id": 6932 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 3816 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 3816, + "process_id": 6064 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 8140 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 8140, + "process_id": 3916 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 3764 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 3764, + "process_id": 7428 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 3516 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 3516, + "process_id": 7652 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 5540 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 5540, + "process_id": 2636 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 7452 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 7452, + "process_id": 5268 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 4576 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 4576, + "process_id": 4588 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 1552 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 1552, + "process_id": 8060 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 5596 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 5596, + "process_id": 8132 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 7848 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 7848, + "process_id": 8112 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 6164 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 6164, + "process_id": 1848 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 3816 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 3816, + "process_id": 8160 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 3400 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 3400, + "process_id": 6168 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 4068 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 4068, + "process_id": 6288 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 1076 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 1076, + "process_id": 6680 + }, + { + "name": "ipconfig.exe", + "parameters": "ipconfig /renew", + "parent_process_id": 7028, + "process_id": 3908 + }, + { + "name": "conhost.exe", + "parameters": "C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1", + "parent_process_id": 3908, + "process_id": 7696 + } + ], + "risk_score": 96, + "screenshots": "https://bucket.reversinglabs.com/rl-cloud-sandbox-screenshots-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_08249dbc-77bf-482e-be4d-b8fa58de01c7_screenshots_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024238Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=8984143143aa69d5eb2e5bd990a0e4d4e32822c2b1e67502e05c805e47d34301", + "sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271", + "sha256": "0b5225517dcd1faf1de7b9c770baedbe000f8f2eacc22e8759970e26d446ec19", + "signatures": [ + { + "description": "Reads ini files", + "risk_factor": 5, + "sig_id": 1257 + }, + { + "description": "Creates a start menu entry (Start Menu\\\\Programs\\\\Startup)", + "risk_factor": 7, + "sig_id": 1376 + }, + { + "description": "Disables application error messages (SetErrorMode)", + "risk_factor": 5, + "sig_id": 1397 + }, + { + "description": "Uses Microsofts Enhanced Cryptographic Provider", + "risk_factor": 7, + "sig_id": 1312 + }, + { + "description": "Contains functionality to enumerate / list files inside a directory", + "risk_factor": 5, + "sig_id": 1088 + }, + { + "description": "Found string decryption functions", + "risk_factor": 7, + "sig_id": 1600 + }, + { + "description": "Found inlined nop instructions (likely shell or obfuscated code)", + "risk_factor": 7, + "sig_id": 1537 + }, + { + "description": "Creates temporary files", + "risk_factor": 5, + "sig_id": 1276 + }, + { + "description": "Tries to harvest and steal browser information (history, passwords, etc)", + "risk_factor": 8, + "sig_id": 1272 + }, + { + "description": "Sample reads its own file content", + "risk_factor": 5, + "sig_id": 1571 + }, + { + "description": "URLs found in memory or binary data", + "risk_factor": 5, + "sig_id": 357 + }, + { + "description": "Contains functionality to download additional files from the internet", + "risk_factor": 5, + "sig_id": 1090 + }, + { + "description": "Uses an in-process (OLE) Automation server", + "risk_factor": 5, + "sig_id": 1458 + }, + { + "description": "Sample is packed with UPX", + "risk_factor": 5, + "sig_id": 1366 + }, + { + "description": "Creates a DirectInput object (often for capturing keystrokes)", + "risk_factor": 7, + "sig_id": 1339 + }, + { + "description": "Stores files to the Windows startup directory", + "risk_factor": 7, + "sig_id": 1352 + }, + { + "description": "Creates a process in suspended mode (likely to inject code)", + "risk_factor": 7, + "sig_id": 1790 + }, + { + "description": "Spawns processes", + "risk_factor": 5, + "sig_id": 1271 + }, + { + "description": "Creates mutexes", + "risk_factor": 5, + "sig_id": 1150 + }, + { + "description": "Detected crypto function", + "risk_factor": 7, + "sig_id": 1826 + }, + { + "description": "Sample is known by Antivirus (Virustotal or Metascan)", + "risk_factor": 5, + "sig_id": 1532 + }, { - "detection": "undetected", - "source": "adminus_labs", - "update_time": "2023-11-06T12:00:35" + "description": "Contains functionality to register its own exception handler", + "risk_factor": 5, + "sig_id": 1094 }, { - "detection": "undetected", - "source": "apwg", - "update_time": "2023-11-01T21:23:52" + "description": "Classification label", + "risk_factor": 5, + "sig_id": 420 }, { - "detection": "undetected", - "source": "threatfox_abuse_ch", - "update_time": "2023-11-06T08:20:49" + "description": "Uses 32bit PE files", + "risk_factor": 7, + "sig_id": 621 }, { - "detection": "undetected", - "source": "alphamountain", - "update_time": "2023-11-06T10:57:13" + "description": "Contains functionality to query local / system time", + "risk_factor": 5, + "sig_id": 1103 }, { - "detection": "undetected", - "source": "osint", - "update_time": "2023-11-06T01:30:13" + "description": "Multi AV Scanner detection for dropped file", + "risk_factor": 10, + "sig_id": 1524 }, { - "detection": "undetected", - "source": "feodotracker", - "update_time": "2023-11-06T05:28:24" + "description": "Drops PE files", + "risk_factor": 7, + "sig_id": 1167 }, { - "detect_time": "2023-10-27T03:54:23", - "detection": "malicious", - "source": "crdf", - "update_time": "2023-11-06T08:34:19" + "description": "Multi AV Scanner detection for submitted file", + "risk_factor": 10, + "sig_id": 362 + }, + { + "description": "Contains functionality to query CPU information (cpuid)", + "risk_factor": 7, + "sig_id": 1326 + }, + { + "description": "Uses code obfuscation techniques (call, push, ret)", + "risk_factor": 7, + "sig_id": 1577 + }, + { + "description": "Drops PE files to the startup folder (C:\\\\Documents and Settings\\\\All Users\\\\Start Menu\\\\Programs\\\\Startup)", + "risk_factor": 8, + "sig_id": 1378 + }, + { + "description": "Creates files inside the user directory", + "risk_factor": 5, + "sig_id": 1145 + }, + { + "description": "Reads software policies", + "risk_factor": 5, + "sig_id": 1460 + }, + { + "description": "Writes many files with high entropy", + "risk_factor": 8, + "sig_id": 2072 + }, + { + "description": "Binary contains paths to debug symbols", + "risk_factor": 0, + "sig_id": 1248 + }, + { + "description": "Enumerates the file system", + "risk_factor": 5, + "sig_id": 1173 + }, + { + "description": "Uses ipconfig to modify the Windows network settings", + "risk_factor": 8, + "sig_id": 1281 + }, + { + "description": "Sample execution stops while process was sleeping (likely an evasion)", + "risk_factor": 7, + "sig_id": 1681 } ], - "statistics": { - "clean": 0, - "malicious": 1, - "total": 7, - "undetected": 6 - } - } + "threat_names": [ + { + "threat_name": "Unknown" + } + ] + }, + "requested_hash": "21841b32c6165b27dddbd4d6eb3a672defe54271", + "requested_id": "08249dbc-77bf-482e-be4d-b8fa58de01c7" } } } @@ -54865,514 +41039,6568 @@ Returns an IP address analysis report. #### Human Readable Output ->## ReversingLabs IP address report for 5.42.64.70 -> ### Downloaded files statistics -> **KNOWN**: 0 -> **MALICIOUS**: 0 -> **SUSPICIOUS**: 0 -> **UNKNOWN**: 0 -> **TOTAL**: 0 +>## ReversingLabs Sample Dynamic Analysis output for sample 21841b32c6165b27dddbd4d6eb3a672defe54271 +> **Classification**: MALICIOUS +> **Sample SHA1**: 21841b32c6165b27dddbd4d6eb3a672defe54271 +> **Sample MD5**: d5720ea13de22edcbe76d20c7908c0bf +> **Sample SHA256**: 0b5225517dcd1faf1de7b9c770baedbe000f8f2eacc22e8759970e26d446ec19 +> **Last analysis**: None +> ### Full report is returned as JSON in a downloadable file > -> ### Third party statistics -> **CLEAN**: 0 -> **MALICIOUS**: 1 -> **UNDETECTED**: 6 -> **TOTAL**: 7 -> -> ### Third party sources ->|detection|source|update_time| ->|---|---|---| ->| undetected | adminus_labs | 2023-11-06T12:00:35 | ->| undetected | apwg | 2023-11-01T21:23:52 | ->| undetected | threatfox_abuse_ch | 2023-11-06T08:20:49 | ->| undetected | alphamountain | 2023-11-06T10:57:13 | ->| undetected | osint | 2023-11-06T01:30:13 | ->| undetected | feodotracker | 2023-11-06T05:28:24 | ->| **malicious** | crdf | 2023-11-06T08:34:19 | - - -### reversinglabs-titaniumcloud-ip-downloaded-files - -*** -Returns a list of files downloaded from an IP address. - -#### Base Command - -`reversinglabs-titaniumcloud-ip-downloaded-files` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| ip | IP address. | Required | -| classification | Return only files of this classification. Possible values are: MALICIOUS, SUSPICIOUS, KNOWN. | Optional | -| result_limit | Maximum number of returned results. Default is 50000. | Optional | -| results_per_page | Number of results returned per request. Default is 1000. | Optional | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.ip_downloaded_files | Unknown | The list of files downloaded from an IP address. | - -#### Command example -```!reversinglabs-titaniumcloud-ip-downloaded-files ip=61.253.71.111 result_limit=10 results_per_page=3 classification=KNOWN``` -#### Context Example -```json -{ - "DBotScore": { - "Indicator": "61.253.71.111", - "Reliability": "C - Fairly reliable", - "Score": 0, - "Type": "ip", - "Vendor": "ReversingLabs TitaniumCloud v2" - }, - "IP": { - "Address": "61.253.71.111" - }, - "ReversingLabs": { - "ip_downloaded_files": [ - { - "classification": "KNOWN", - "first_download": "2023-07-07T17:19:28", - "first_seen": "2023-07-07T17:19:28", - "last_download": "2023-07-07T17:19:28", - "last_download_url": "http://zexeq.com/lancer/get.php?first=true&pid=C3B16B41D6F86B32953BEB04946D0A6E", - "last_seen": "2023-07-07T19:59:59", - "md5": "797eccd405422c693c0191979ff6ef4a", - "sample_available": true, - "sample_size": 556, - "sample_type": "Text/JSON", - "sha1": "91b32dca495014f75ffdee6faa698bdf6434d8fb", - "sha256": "4b89d4825098a840cd456b2b5885dcb2877f64860849241fa1f61ae222ad17bf", - "threat_level": 0, - "trust_factor": 5 - }, - { - "classification": "KNOWN", - "first_download": "2023-06-02T11:22:59", - "first_seen": "2023-06-02T11:22:59", - "last_download": "2023-06-02T11:22:59", - "last_download_url": "http://zexeq.com/lancer/get.php?first=true&pid=254EAF666E5FA09BE8619B6A01AF9288", - "last_seen": "2023-07-24T13:15:30", - "md5": "c64e2b30fda16b0196942265d3dd5fef", - "sample_available": true, - "sample_size": 560, - "sample_type": "Text/JSON", - "sha1": "d8e27451c3045d36059275900c471d6fbb0cabf4", - "sha256": "196a50b5dd9a72e24acb81c757df553d1e0f5c072d52672decb5c598f203b4c5", - "threat_level": 0, - "trust_factor": 5 - }, - { - "classification": "KNOWN", - "first_download": "2023-07-06T13:27:18", - "first_seen": "2023-07-06T13:27:18", - "last_download": "2023-07-06T13:27:18", - "last_download_url": "http://zexeq.com/test1/get.php?first=false&pid=DF224B838A5638467035D81D43816702", - "last_seen": "2023-07-13T18:31:02", - "md5": "4dea2d4466b52c08d0b8276dd0c45172", - "sample_available": true, - "sample_size": 556, - "sample_type": "Text/JSON", - "sha1": "e8f717a59b8c1c5290797642d9442612ea234657", - "sha256": "8575ac48af341192f571d55002370cc945c56dd43655731d76348f4df6d232a7", - "threat_level": 0, - "trust_factor": 5 - } - ] - } -} -``` - -#### Human Readable Output ->## ReversingLabs Files downloaded from IP address 61.253.71.111 -> ### Downloaded files ->|classification|first_download|first_seen|last_download|last_download_url|last_seen|md5|sample_available|sample_size|sample_type|sha1|sha256|threat_level|trust_factor| ->|---|---|---|---|---|---|---|---|---|---|---|---|---|---| ->| KNOWN | 2023-07-07T17:19:28 | 2023-07-07T17:19:28 | 2023-07-07T17:19:28 | http://zexeq.com/lancer/get.php?first=true&pid=C3B16B41D6F86B32953BEB04946D0A6E | 2023-07-07T19:59:59 | 797eccd405422c693c0191979ff6ef4a | true | 556 | Text/JSON | 91b32dca495014f75ffdee6faa698bdf6434d8fb | 4b89d4825098a840cd456b2b5885dcb2877f64860849241fa1f61ae222ad17bf | 0 | 5 | ->| KNOWN | 2023-06-02T11:22:59 | 2023-06-02T11:22:59 | 2023-06-02T11:22:59 | http://zexeq.com/lancer/get.php?first=true&pid=254EAF666E5FA09BE8619B6A01AF9288 | 2023-07-24T13:15:30 | c64e2b30fda16b0196942265d3dd5fef | true | 560 | Text/JSON | d8e27451c3045d36059275900c471d6fbb0cabf4 | 196a50b5dd9a72e24acb81c757df553d1e0f5c072d52672decb5c598f203b4c5 | 0 | 5 | ->| KNOWN | 2023-07-06T13:27:18 | 2023-07-06T13:27:18 | 2023-07-06T13:27:18 | http://zexeq.com/test1/get.php?first=false&pid=DF224B838A5638467035D81D43816702 | 2023-07-13T18:31:02 | 4dea2d4466b52c08d0b8276dd0c45172 | true | 556 | Text/JSON | e8f717a59b8c1c5290797642d9442612ea234657 | 8575ac48af341192f571d55002370cc945c56dd43655731d76348f4df6d232a7 | 0 | 5 | - - -### reversinglabs-titaniumcloud-ip-urls +### reversinglabs-titaniumcloud-submit-url-for-dynamic-analysis *** -Returns a list of URL-s associated with an IP address. +Submit a URL for dynamic analysis. #### Base Command -`reversinglabs-titaniumcloud-ip-urls` +`reversinglabs-titaniumcloud-submit-url-for-dynamic-analysis` #### Input | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| ip | IP address. | Required | -| result_limit | Maximum number of returned results. Default is 50000. | Optional | -| results_per_page | Number of results returned per request. Default is 1000. | Optional | +| url | URL string. | Required | +| platform | Desired platform; See the API documentation for possible values. | Required | #### Context Output | **Path** | **Type** | **Description** | | --- | --- | --- | -| ReversingLabs.ip_urls | Unknown | The list of URL-s associated with an IP address. | +| ReversingLabs.detonate_url_dynamic | Unknown | The dynamic analysis. | #### Command example -```!reversinglabs-titaniumcloud-ip-urls ip=61.253.71.111 result_limit=10 results_per_page=3``` +```!reversinglabs-titaniumcloud-submit-url-for-dynamic-analysis url=http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt platform=windows10``` #### Context Example ```json { - "DBotScore": { - "Indicator": "61.253.71.111", - "Reliability": "C - Fairly reliable", - "Score": 0, - "Type": "ip", - "Vendor": "ReversingLabs TitaniumCloud v2" - }, - "IP": { - "Address": "61.253.71.111" - }, "ReversingLabs": { - "ip_urls": [ - { - "url": "http://zexeq.com/lancer/get.php?first=true&pid=254EAF666E5FA09BE8619B6A01AF9288" - }, - { - "url": "http://zexeq.com/lancer/get.php?first=true&pid=C3B16B41D6F86B32953BEB04946D0A6E" - }, - { - "url": "http://zexeq.com/test1/get.php?first=false&pid=DF224B838A5638467035D81D43816702" + "detonate_url_dynamic": { + "rl": { + "analysis_id": "033ae6c3-b6e3-4dcc-9544-e394401b92d6", + "sha1": "01b57da1914cff3920cf2ce6ae03001a3ba8e76f", + "status": "started", + "url": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt", + "url_base64": "aHR0cDovL2NsYXNzaWNhaXJqb3JkYW5zaG9lcy5jb20vY2xhc3NpYy1haXItam9yZGFuLTktYy03Lmh0bWw_emVuaWQ9ZWdibW1iaTAzOWlxbXM1aG81ZHQycW51bm0wbWV0dHQ" } - ] + } } } ``` #### Human Readable Output ->## ReversingLabs URL-s associated with IP address 61.253.71.111 -> ### URL list ->|url| ->|---| ->| http://zexeq.com/lancer/get.php?first=true&pid=254EAF666E5FA09BE8619B6A01AF9288 | ->| http://zexeq.com/lancer/get.php?first=true&pid=C3B16B41D6F86B32953BEB04946D0A6E | ->| http://zexeq.com/test1/get.php?first=false&pid=DF224B838A5638467035D81D43816702 | - +>## ReversingLabs submit URL http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt for Dynamic Analysis +> **Status**: started +> **Requested UR**: http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt +> **URL SHA1**: 01b57da1914cff3920cf2ce6ae03001a3ba8e76f +> **URL BASE64**: aHR0cDovL2NsYXNzaWNhaXJqb3JkYW5zaG9lcy5jb20vY2xhc3NpYy1haXItam9yZGFuLTktYy03Lmh0bWw_emVuaWQ9ZWdibW1iaTAzOWlxbXM1aG81ZHQycW51bm0wbWV0dHQ +> **Analysis ID**: 033ae6c3-b6e3-4dcc-9544-e394401b92d6 +> -### reversinglabs-titaniumcloud-ip-to-domain +### reversinglabs-titaniumcloud-get-url-dynamic-analysis-results *** -Returns a list of IP to domain mappings. +Retrieve dynamic analysis results for a URL. #### Base Command -`reversinglabs-titaniumcloud-ip-to-domain` +`reversinglabs-titaniumcloud-get-url-dynamic-analysis-results` #### Input | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| ip | IP address. | Required | -| result_limit | Maximum number of returned results. Default is 50000. | Optional | -| results_per_page | Number of results returned per request. Default is 1000. | Optional | +| sha1 | URL SHA-1 hash. It can be found in the response while submitting the URL for analysis. Mutually exclusive with url. | Optional | +| url | The requested URL- Mutually exclusive with sha1. | Optional | +| analysis_id | ID of a specific analysis to fetch. | Optional | +| latest_analysis | Fetch the latest analysis. Possible values are: true, false. Default is false. | Optional | #### Context Output | **Path** | **Type** | **Description** | | --- | --- | --- | -| ReversingLabs.ip_to_domain | Unknown | The list of IP to domain mappings. | +| URL.Data | String | The URL. | +| DBotScore.Score | Number | The actual score. | +| DBotScore.Type | String | The indicator type. | +| DBotScore.Indicator | String | The indicator that was tested. | +| DBotScore.Vendor | String | The vendor used to calculate the score. | +| ReversingLabs.url_dynamic_analysis_results | Unknown | The URL dynamic analysis results. | #### Command example -```!reversinglabs-titaniumcloud-ip-to-domain results_per_page=3 ip=61.253.71.111 result_limit=10``` +```!reversinglabs-titaniumcloud-get-url-dynamic-analysis-results url=http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt analysis_id=0f57134a-ecb8-4f8f-ad60-903b63bf8bc4 latest_analysis=false``` #### Context Example ```json { "DBotScore": { - "Indicator": "61.253.71.111", + "Indicator": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt", "Reliability": "C - Fairly reliable", - "Score": 0, - "Type": "ip", + "Score": 1, + "Type": "url", "Vendor": "ReversingLabs TitaniumCloud v2" }, - "IP": { - "Address": "61.253.71.111" + "InfoFile": { + "EntryID": "8959@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59", + "Extension": "html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt", + "Info": "html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt", + "Name": "Dynamic analysis report file for URL http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt", + "Size": 348681, + "Type": "ASCII text, with very long lines" }, "ReversingLabs": { - "ip_to_domain": [ - { - "host_name": "zexeq.com", - "last_resolution_time": "2023-07-07T17:19:28", - "provider": "ReversingLabs" - } - ] - } -} -``` - -#### Human Readable Output - ->## ReversingLabs IP to domain mappings for IP address 61.253.71.111 -> ### Domain list ->|host_name|last_resolution_time|provider| ->|---|---|---| ->| zexeq.com | 2023-07-07T17:19:28 | ReversingLabs | - - -### reversinglabs-titaniumcloud-network-reputation - -*** -Returns network reputation for requested network locations. - -#### Base Command - -`reversinglabs-titaniumcloud-network-reputation` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| network_locations | A comma-separated list of network locations. The list should have no spaces. | Required | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.network_reputation | Unknown | Network reputation. | - -#### Command example -```!reversinglabs-titaniumcloud-network-reputation network_locations=http://43.138.221.139/jquery-3.3.1.min.js,61.253.71.111,bloom-artists.com``` -#### Context Example -```json -{ - "ReversingLabs": { - "network_reputation": { + "url_dynamic_analysis_results": { "rl": { - "entries": [ - { - "associated_malware": false, - "categories": [ - "phishing", - "command_and_control" - ], - "classification": "malicious", - "first_seen": "2022-09-11T11:54:39", - "last_seen": "2023-04-14T11:15:51", - "reason": "third_party_reputation", - "requested_network_location": "http://43.138.221.139/jquery-3.3.1.min.js", - "third_party_reputations": { - "clean": 0, - "malicious": 2, - "total": 19, - "undetected": 17 - }, - "type": "url" + "report": { + "analysis_duration": 166, + "analysis_id": "0f57134a-ecb8-4f8f-ad60-903b63bf8bc4", + "analysis_time": "2024-01-18T02:33:30", + "behavioral": [ + { + "file_actions": [ + { + "action_type": "file_opened", + "file_name": "tzres.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "chrome.dll", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "sortdefault.nls", + "file_path": "C:\\WINDOWS\\Globalization\\Sorting", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "KsecDD", + "file_path": "\\Device", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Endpoint", + "file_path": "\\Device\\Afd", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "tzres.dll.mui", + "file_path": "C:\\WINDOWS\\SYSTEM32\\en-US", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "NETBT_TCPIP_{7F50E9BE-7F02-49EC-B525-546E3FB9A32B}", + "file_path": "\\DEVICE", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Users", + "file_path": "C:", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "chrome_200_percent.pak", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Secur32.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "chrome_100_percent.pak", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "PROPSYS.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "SSPICLI.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Local", + "file_path": "C:\\Users\\user\\AppData", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "WINMMBASE.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "user", + "file_path": "C:\\Users", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "dhcpcsvc.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "Network Persistent State", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "CMApi", + "file_path": "\\Device\\DeviceApi", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "TransportSecurity~RF29560.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "chrome_elf.dll", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "ff81d8f6-8d3c-47ae-8fd7-925ada68e204.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "TransportSecurity", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "113.0.5672.93", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ntmarta.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "Network Persistent State~RF29512.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "AsyncConnectHlp", + "file_path": "\\Device\\Afd", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "VERSION.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "Network Persistent State~RF37a23.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "RasAcd", + "file_path": "\\Device", + "status": "object name not found" + }, + { + "action_type": "file_opened", + "file_name": "IPHLPAPI.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "etc", + "file_path": "C:\\WINDOWS\\system32\\drivers", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "AppData", + "file_path": "C:\\Users\\user", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "f0e922b5-ad04-4bc2-ab8c-40e96d299d06.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "hosts", + "file_path": "C:\\WINDOWS\\system32\\drivers\\etc", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "SCT Auditing Pending Reports~RF2696e.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "32e90c66-6d69-4e6e-8b26-a251eaa42ab8.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ole32.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "UIAutomationCore.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "DWrite.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "C:", + "file_path": "", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "SCT Auditing Pending Reports~RF268b3.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "en-US.pak", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Google", + "file_path": "C:\\Users\\user\\AppData\\Local", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "CNG", + "file_path": "\\Device", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "NLAapi.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "CRYPTBASE.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "USERENV.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mswsock.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "WINMM.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "SCT Auditing Pending Reports", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Nsi", + "file_path": "", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "fe60b991-49ae-459c-8360-27762fd34053.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "dhcpcsvc6.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "DNSAPI.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "bcrypt.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "WINSPOOL.DRV", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "icudtl.dat", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "dbghelp.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "NETBT_TCPIP_{C8C115D0-C73A-11E8-B003-806E6F6E6963}", + "file_path": "\\DEVICE", + "status": "object name not found" + }, + { + "action_type": "file_opened", + "file_name": "v8_context_snapshot.bin", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "WINNSI.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "WINHTTP.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "resources.pak", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "crashpad_4464_DXVJSNHTQUJMXMSE", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "IMM32.DLL", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "rasadhlp.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "554b2999-c537-47d5-9ab6-a243b9192aec.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "status": "success or wait" + } + ], + "modules_loaded": [ + { + "module_name": "\\KnownDlls\\DWrite.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\USER32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\combase.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\secur32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\Secur32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\dbghelp.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\kernel.appcore.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\dhcpcsvc.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\ntmarta.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\msvcp_win.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\en-US\\tzres.dll.mui", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\CRYPTBASE.DLL", + "module_tag": "" + }, + { + "module_name": "unknown", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\OLEAUT32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\rasadhlp.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\userenv.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\bcrypt.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\rasadhlp.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\winnsi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\WS2_32.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\nlaapi.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\ntmarta.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\UIAutomationCore.DLL", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\version.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\profapi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\NSI.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\gdi32full.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\DWrite.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\USERENV.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\VERSION.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\cryptbase.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\dhcpcsvc6.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\ucrtbase.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\winmmbase.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\DNSAPI.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\SSPICLI.DLL", + "module_tag": "" + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_100_percent.pak", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\ole32.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_200_percent.pak", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\UIAutomationCore.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\WINMM.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\propsys.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\CRYPT32.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\Windows\\SharedSection", + "module_tag": "" + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources.pak", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\dhcpcsvc.DLL", + "module_tag": "" + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\WINNSI.DLL", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\sechost.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\cfgmgr32.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\mswsock.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\v8_context_snapshot.bin", + "module_tag": "" + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\icudtl.dat", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\bcrypt.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\ADVAPI32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\WINTRUST.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\KERNELBASE.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\Locales\\en-US.pak", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\bcryptPrimitives.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\dbghelp.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\PROPSYS.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\shcore.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\dnsapi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\FLTLIB.DLL", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\WINHTTP.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\mswsock.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\winmmbase.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\msvcrt.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\imm32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\WINSPOOL.DRV", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\windows.storage.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\WINMMBASE.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\KERNEL32.DLL", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\MSASN1.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\powrprof.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\shlwapi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\win32u.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\winmm.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\IPHLPAPI.DLL", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\dhcpcsvc6.DLL", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\winhttp.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\RPCRT4.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\shell32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\IMM32.DLL", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\NLAapi.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\sspicli.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\winspool.drv", + "module_tag": "" + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\IPHLPAPI.DLL", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\GDI32.dll", + "module_tag": "" + } + ], + "mutex_actions": [ + { + "action_type": "mutex_created", + "name": "unknown", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:2960:304:WilStaging_02", + "status": "success or wait" + } + ], + "process": { + "name": "chrome.exe", + "parameters": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1816,i,13857433630562973425,11579335400417572304,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8", + "parent_process_id": 4464, + "process_id": 2960 + }, + "registry_actions": [ + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Network\\Location Awareness", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Dnscache\\Parameters", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\Protocol_Catalog9", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip6\\Parameters", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters", + "status": "pending", + "value": "", + "value_name": "" + } + ] + }, + { + "file_actions": [ + { + "action_type": "file_opened", + "file_name": "CMApi", + "file_path": "\\Device\\DeviceApi", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "AutoIt3", + "file_path": "C:\\Program Files (x86)", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "sortdefault.nls", + "file_path": "C:\\WINDOWS\\Globalization\\Sorting", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "chrome_elf.dll", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "113.0.5672.93", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "crashpad_5400_BFYJTIUXOZXDCSEH", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Application", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "VERSION.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "CRYPTBASE.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "IMM32.DLL", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ntmarta.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "CNG", + "file_path": "\\Device", + "status": "success or wait" + } + ], + "modules_loaded": [ + { + "module_name": "\\KnownDlls\\profapi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\windows.storage.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\gdi32full.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\msvcp_win.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\KERNEL32.DLL", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\combase.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\shcore.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\VERSION.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\shlwapi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\sechost.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\cfgmgr32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\RPCRT4.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\cryptbase.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\ucrtbase.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\ntmarta.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\ADVAPI32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\USER32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\KERNELBASE.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\CRYPTBASE.DLL", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\kernel.appcore.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\IMM32.DLL", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\bcryptPrimitives.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\win32u.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\FLTLIB.DLL", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\ntmarta.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\SHELL32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\msvcrt.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\version.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\powrprof.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\imm32.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\Windows\\SharedSection", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\GDI32.dll", + "module_tag": "" + } + ], + "mutex_actions": [ + { + "action_type": "mutex_created", + "name": "unknown", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5400:304:WilStaging_02", + "status": "success or wait" + } + ], + "process": { + "name": "chrome.exe", + "parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" \"http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt", + "parent_process_id": 4536, + "process_id": 5400 + }, + "process_actions": [ + { + "action_type": "process_terminated", + "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", + "status": "success or wait" + }, + { + "action_type": "process_created", + "path": "unknown", + "status": "success or wait" + } + ], + "registry_actions": [ + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_value_modified", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty", + "status": "success or wait", + "value": "NU LL ", + "value_name": "StatusCodes" + }, + { + "action_type": "key_value_modified", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon", + "status": "success or wait", + "value": "2", + "value_name": "state" + } + ] + }, + { + "file_actions": [ + { + "action_type": "file_opened", + "file_name": "AutoIt3", + "file_path": "C:\\Program Files (x86)", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "bg", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "computed_hashes.json", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\hangout_services\\_metadata", + "status": "object path not found" + }, + { + "action_type": "file_deleted", + "file_name": "lv", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "gu", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "upgrade-index", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.6768.3236221341262871307", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Local", + "file_path": "C:\\Users\\user~1\\AppData", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "CMApi", + "file_path": "\\Device\\DeviceApi", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Windows.UI.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ARIAL.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Application", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "prefs.json", + "file_path": "C:\\Program Files\\Google\\GoogleUpdater", + "status": "object path not found" + }, + { + "action_type": "file_deleted", + "file_name": "pl", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "VERSION.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "Preferences~RF27e1f.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "km", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ntshrui.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "lv", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "craw_window.css", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "SetupMetrics", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ro", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\uk", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "KBDUS.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "en_US", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "hu", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\tr", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "AppData", + "file_path": "C:\\Users\\user", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "zh_TW", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\da", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ko", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ja", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF272c5.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\zh_TW", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hi", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "verified_contents.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_metadata", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.2472.9884927993438869709", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hu", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "nb", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "tzres.dll.mui", + "file_path": "C:\\WINDOWS\\SYSTEM32\\en-US", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ml", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\en", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "msvcp110_win.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "Module Info Cache~RF2b04b.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "page_embed_script.js", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ja", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "Preferences~RF368bd.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "computed_hashes.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_metadata", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF25bb2.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "113.0.5672.93", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "1.66.0_0", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "id", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "af", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fr_CA", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "vi", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cversions.1.db", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "de", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ca", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "Tabs_13341351141015311", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sessions", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "user~1", + "file_path": "C:\\Users", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cscui.dll", + "file_path": "C:\\WINDOWS\\System32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.2472.9830066675901148501", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "Caches", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows", + "status": "object name collision" + }, + { + "action_type": "file_opened", + "file_name": "cryptsp.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "dwmapi.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\lt", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "b1ccf6d4-6223-4726-a8e3-ea766a35ff39.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403", + "file_path": "C:\\WINDOWS\\WinSxS", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "Preferences", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "WindowsCodecsRaw.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "topbar_floating_button_maximize.png", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\si", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\de", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ur", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\kk", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Users", + "file_path": "C:", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "gpapi.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "dhcpcsvc.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "verified_contents.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_metadata", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ActXPrxy.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "fil", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fil", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "hy", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "sortdefault.nls", + "file_path": "C:\\WINDOWS\\Globalization\\Sorting", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "gl", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "fi", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "RTWorkQ.DLL", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "tr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "twinapi.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\tr", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "en-US.pak", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pt_PT", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\id", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "zh_CN", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ne", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "es_419", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "inetcomm.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\is", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "dbghelp.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "_locales", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "chrome_BITS_4464_1275025057", + "file_path": "C:\\Program Files", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pa", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.2472.16657403304667141561", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ar", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "twinapi.appcore.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "BitsProxy.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "bn", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "tr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "chrome_200_percent.pak", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "dlnashext.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "iw", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "SSPICLI.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "fwbase.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\cy", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sl", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "WTSAPI32.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "Module Info Cache~RF3756f.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ms", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sw", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "MountPointManager", + "file_path": "", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "CRLs", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "eu", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ARIALBI.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "KERNEL32.DLL.mui", + "file_path": "C:\\WINDOWS\\System32\\en-US", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\bg", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\it", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF25cdb.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "computed_hashes.json", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\pdf\\_metadata", + "status": "object path not found" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF256ff.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pt_BR", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\zh_CN", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pt_PT", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lt", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "topbar_floating_button_pressed.png", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mscms.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "DPAPI.dll", + "file_path": "C:\\WINDOWS\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\th", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.2472.597526722011020277", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "Local State~RF27c69.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "BrowserMetrics-65244C60-125C.pma", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\BrowserMetrics", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Secur32.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ml", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "chrome_BITS_4464_1160353240", + "file_path": "C:\\Program Files", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_CA", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "topbar_floating_button_hover.png", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\es", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\eu", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "bcrypt.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ca", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\lv", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF256e0.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "temp-index", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ka", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Caches", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "wlanapi.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "it", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fr", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "000001.dbtmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\gdaefkejpgkiemlaofpalmlakkmbjdnl", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "default_apps", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "chrome_BITS_4464_1160353240", + "file_path": "C:\\Program Files", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ARIALI.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF27277.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ta", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ru", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "wpnapps.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "FirewallAPI.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_CN", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "WINHTTP.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.2472.6408347921924087484", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "sRGB Color Space Profile.icm", + "file_path": "C:\\WINDOWS\\system32\\spool\\drivers\\color", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ta", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ko", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "MSOHEVI.DLL", + "file_path": "C:\\PROGRA~1\\MICROS~1\\Office12", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_GB", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF272a5.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "IPHLPAPI.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sr", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sk", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "no", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "images", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "ef0ebb1a-af16-40a8-b462-7f58367a723f.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sv", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "WINSTA.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ARIALBD.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\iw", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "hr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "tbs.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "srmshell.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF262e6.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ka", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "lt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\mn", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sk", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "dxgi.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "USERENV.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\te", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "manifest.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF26bfe.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "bfc3761f-a788-4a60-8860-db27b3bf6826", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\blob_storage", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "chrome.dll", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "IMM32.DLL", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "chrome_BITS_4464_743776994", + "file_path": "C:\\Program Files", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fa", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "webcheck.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "craw_window.js", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "it", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "fil", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Endpoint", + "file_path": "\\Device\\Afd", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "usermgrcli.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "TIMESBI.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "te", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "stobject.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "manifest.json", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\MEIPreload", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "WorkfoldersShell.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ja", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\PersistentOriginTrials", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\nb", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "icon_16.png", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\az", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "TIMES.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "dataexchange.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "_metadata", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "DWrite.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ru", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\no", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "kn", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "21396532-59c8-445f-8958-2ec00a2eaf8f.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "shellext.dll", + "file_path": "C:\\Program Files\\Windows Defender", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.6768.15204235271995857199", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\vi", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\de", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "th", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF272b5.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "hi", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\gu", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.2472.16472181969836552073", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "CoreUIComponents.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sl", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "PCPKsp.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fi", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "WINMMBASE.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Certificates", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_HK", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "MDMRegistration.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "computed_hashes.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_metadata", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ntmarta.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF256ff.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fi", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "zu", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_written", + "file_name": "unknown", + "file_path": "", + "status": "invalid handle" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\km", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.6768.11328892739696708463", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ARIBLK.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "topbar_floating_button.png", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "NLAapi.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "wkssvc", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "WINMM.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "wshext.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ro", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF272d4.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "NETBT_TCPIP_{7F50E9BE-7F02-49EC-B525-546E3FB9A32B}", + "file_path": "\\DEVICE", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sr", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\my", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\kn", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF27286.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "colorui.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "en_GB", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "msoshext.dll", + "file_path": "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF25951.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "chrome_BITS_4464_743776994", + "file_path": "C:\\Program Files", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "manifest.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ar", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sv", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "topbar_floating_button_close.png", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "CRYPTSP.dll", + "file_path": "C:\\WINDOWS\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "en_GB", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "nl", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "dc884606-ac61-47a5-a5bc-48b0aa09da61.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pt_BR", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ja", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "da", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "WINDOWS", + "file_path": "C:", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "lt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\cs", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "wab32.dll", + "file_path": "C:\\Program Files\\Common Files\\System", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\th", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "chrome_BITS_4464_1160353240", + "file_path": "C:\\Program Files", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "es", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "_metadata", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\es_419", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "lo", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "Preferences~RF2f3ad.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "CRYPTBASE.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "128.png", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "TIMESI.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "CTLs", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "TPM", + "file_path": "", + "status": "object name not found" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "MMDevApi.dll", + "file_path": "C:\\WINDOWS\\System32", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "Local State", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "trusted_vault.pb~RF26567.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "uk", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "_locales", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\et", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sl", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ne", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "user", + "file_path": "C:\\Users", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\et", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "todelete_68aa47498e871c55", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "html", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.6768.14971157679118795413", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pt_PT", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "th", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\am", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "manifest.json", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\WidevineCdm", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.2472.4007764809113624998", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Google", + "file_path": "C:\\Users\\user\\AppData\\Local", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "fr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.2472.5565757489325583308", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "cryptext.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "PROPSYS.dll.mui", + "file_path": "C:\\WINDOWS\\SYSTEM32\\en-US", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lo", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "c6edabb6-ec20-4a4e-9383-cae641afdc1a.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF272c5.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "dhcpcsvc6.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "craw_background.js", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "the-real-index~RF2bb57.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "XmlLite.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "CoreMessaging.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "cd7d8d4a-3c95-44cc-aab3-1bd9b1572265.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "wintypes.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "mr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pt_PT", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "trusted_vault.pb", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\gl", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "PROPSYS.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF262c7.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.2472.10638128438253861259", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "fi", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ncrypt.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "my", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "eventpage_bin_prod.js", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "el", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "etc", + "file_path": "C:\\WINDOWS\\system32\\drivers", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\el", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ro", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "icon_128.png", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "dasherSettingSchema.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "wlanapi.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "UIAutomationCore.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "USER32.dll.mui", + "file_path": "C:\\WINDOWS\\System32\\en-US", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "bg", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "Secure Preferences~RF27de0.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "nmmhkkegccagdldgiimedpiccmgmieda", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "RMCLIENT.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.2472.16434957911034825091", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hi", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "et", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "en", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\id", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "Secure Preferences", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hr", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "CNG", + "file_path": "\\Device", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "tzres.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "Local State~RF37531.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ca", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "26c0be8d-6788-4528-b222-7d81c12e24e6.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pl", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "chrome_100_percent.pak", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "preloaded_data.pb", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\MEIPreload", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pt_BR", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "css", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "chrome_elf.dll", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sk", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "CMNotify", + "file_path": "\\Device\\DeviceApi", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "kk", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "appresolver.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "index~RF25cdb.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ARIALN.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "hosts", + "file_path": "C:\\WINDOWS\\system32\\drivers\\etc", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\mr", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "InputHost.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "zh_TW", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\it", + "status": "success or wait" + }, + { + "action_type": "file_created", + "file_name": "chrome_BITS_4464_743776994", + "file_path": "C:\\Program Files", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "AppData", + "file_path": "C:\\Users\\user~1", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "wkscli.dll", + "file_path": "C:\\WINDOWS\\System32", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "Module Info Cache", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hy", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF25bc2.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "TextInputFramework.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "si", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "the-real-index", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fr", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.6768.4112476090139924661", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "el", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "crashpad_4464_DXVJSNHTQUJMXMSE", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}", + "file_path": "", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "pl", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sw", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "fr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "KsecDD", + "file_path": "\\Device", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ms", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "OneCoreUAPCommonProxyStub.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "uk", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "netutils.dll", + "file_path": "C:\\WINDOWS\\System32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.2472.7285083756700285552", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\bn", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "nl", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "DMCmnUtils.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "index", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ARIALNB.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "zh_HK", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ghbmnnjooekpmoecnnnilnnbdlolhkhi", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "TIMESBD.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ur", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "d3d11.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "atlthunk.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sl", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "NTASN1.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\el", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cs", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ru", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "manifest.fingerprint", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "rpcss.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\es", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\da", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hr", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sv", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_TW", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "de", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "resources.pak", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "external_extensions.json", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\default_apps", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "COMCTL32.dll", + "file_path": "C:\\WINDOWS\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "BrowserMetrics-65A90BDD-1170.pma", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\BrowserMetrics", + "status": "cannot delete" + }, + { + "action_type": "file_deleted", + "file_name": "be", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sk", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\uk", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ARIALNI.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\af", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "R000000000013.clb", + "file_path": "C:\\WINDOWS\\Registration", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF2574d.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "chrome_shutdown_ms.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "d2480ed6-5de2-4863-a1f6-04e0f239b467.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Local", + "file_path": "C:\\Users\\user\\AppData", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "et", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\nl", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pa", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "computed_hashes.json", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\network_speech_synthesis\\_metadata", + "status": "object path not found" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_US", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ko", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "az", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "shell32.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cy", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "en_CA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "OLEACC.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "Session_13341351140337548", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sessions", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ARIALNBI.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zu", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "b5a27007-5488-4fed-89ab-77b5a0a7fd13.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "SEGUISB.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "hi", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "flapper.gif", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000022600000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}", + "file_path": "", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "NETBT_TCPIP_{C8C115D0-C73A-11E8-B003-806E6F6E6963}", + "file_path": "\\DEVICE", + "status": "object name not found" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF27277.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "c4cb84b2-d95d-4ddd-8db7-6ae006a2da1c.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "explorerframe.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ru", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pt_BR", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\nl", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "fr_CA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "uxtheme.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Windows.Media.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "fa", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "1.0.0.6_0", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "hu", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "en", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "EhStorShell.dll", + "file_path": "C:\\Windows\\System32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\vi", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "is", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "LINKINFO.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "es_419", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mswsock.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "netapi32.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ca", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "da", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "am", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "WINSPOOL.DRV", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\en_GB", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "computed_hashes.json", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\web_store\\_metadata", + "status": "object path not found" + }, + { + "action_type": "file_opened", + "file_name": "C:", + "file_path": "", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "zh_CN", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.6768.6604557809140870167", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "DEVOBJ.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ncryptprov.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "sv", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Google Chrome.lnk", + "file_path": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "rsaenh.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "DSREG.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ro", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "vi", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ole32.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "AppContainerUserCertRead", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "mn", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "cs", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "directmanipulation.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "es", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lv", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "desktop.ini", + "file_path": "C:\\Program Files (x86)", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hu", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\cs", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "ColorAdapterClient.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fil", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.6768.5186517594773466940", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\es_419", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "hr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "OLEACCRC.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pl", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "WindowsShell.Manifest", + "file_path": "C:\\WINDOWS", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "Nsi", + "file_path": "", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "craw_window.html", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\html", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "SEGOEUI.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "status": "success or wait" + }, + { + "action_type": "file_moved", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "dcomp.dll", + "file_path": "C:\\WINDOWS\\system32", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\be", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\bg", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "icudtl.dat", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "id", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.2472.1477200718984232282", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_opened", + "file_name": "mojo.4464.2472.9824906432084518089", + "file_path": "\\pipe", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "LOG.old~RF25ba3.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database", + "status": "success or wait" + }, + { + "action_type": "file_deleted", + "file_name": "ko", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "status": "success or wait" + } + ], + "modules_loaded": [ + { + "module_name": "\\KnownDlls\\DWrite.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\dpapi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\USER32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\combase.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\secur32.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\dsreg.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\rpcss.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\winsta.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\Secur32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\dbghelp.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\rsaenh.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Fonts\\arial.ttf", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\kernel.appcore.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\uxtheme.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\devobj.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\twinapi.appcore.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\XmlLite.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\dhcpcsvc.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\msvcp110_win.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\ExplorerFrame.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\ntmarta.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\msvcp_win.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\MMDevApi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\WINSTA.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\ncryptprov.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Fonts\\ariblk.ttf", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\PCPKsp.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\en-US\\tzres.dll.mui", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\WINHTTP.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\CRYPTBASE.DLL", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\dcomp.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Fonts\\ARIALNB.TTF", + "module_tag": "" + }, + { + "module_name": "unknown", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\OLEAUT32.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\d3d11.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\wlanapi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\usermgrcli.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\en-US\\kernel32.dll.mui", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\TextInputFramework.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\ncrypt.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\nlaapi.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Fonts\\segoeui.ttf", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\MMDevAPI.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\actxprxy.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\ntmarta.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\SHELL32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\UIAutomationCore.DLL", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\CoreUIComponents.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\version.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Fonts\\arialbi.ttf", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\winhttp.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\linkinfo.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\explorerframe.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\ActXPrxy.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\mdmregistration.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\CoreUIComponents.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\wpnapps.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\InputHost.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\dwmapi.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\CoreMessaging.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Registration\\R000000000013.clb", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\RTWorkQ.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\profapi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\WINSPOOL.DRV", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\gdi32full.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\wtsapi32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\uxtheme.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\shcore.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\USERENV.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\en-US\\user32.dll.mui", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\VERSION.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\Windows\\ThemeSection", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\mscms.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\cryptbase.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\dhcpcsvc6.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\ucrtbase.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\SETUPAPI.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\NLAapi.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\coloradapterclient.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\mswsock.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Fonts\\timesbd.ttf", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\SSPICLI.DLL", + "module_tag": "" + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_100_percent.pak", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\msvcp110_win.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Fonts\\seguisb.ttf", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\ole32.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_200_percent.pak", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\UIAutomationCore.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\ncrypt.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\tbs.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403\\comctl32.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\xmllite.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\twinapi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\dataexchange.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\MSCTF.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\WINMM.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\usermgrcli.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\gpapi.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\propsys.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\twinapi.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\AsyncKeyStateTrackerSharedMemory", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\tbs.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\oleacc.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Fonts\\ariali.ttf", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\Windows.Media.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\Windows.UI.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\cryptsp.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\CRYPT32.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\Windows\\SharedSection", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\twinapi.appcore.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources.pak", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\dhcpcsvc.DLL", + "module_tag": "" + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\BitsProxy.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\dxgi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\WS2_32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\NSI.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\WinTypes.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\KBDUS.DLL", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\sechost.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\cfgmgr32.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\winmmbase.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\clbcatq.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\DSREG.DLL", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\netutils.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\TextInputFramework.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Fonts\\arialbd.ttf", + "module_tag": "" + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\icudtl.dat", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\en-US\\propsys.dll.mui", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\ADVAPI32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\WINTRUST.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\KERNELBASE.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\WTSAPI32.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\winmm.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\ole32.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\HWNDInterface:10328", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\mscms.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\Locales\\en-US.pak", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\dwmapi.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\KBDUS.DLL", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\RMCLIENT.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\dmcmnutils.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\bcrypt.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\FirewallAPI.dll", + "module_tag": "" + }, + { + "module_name": "\\Windows\\Theme3268744372", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\netutils.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Fonts\\ARIALNBI.TTF", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\dbghelp.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\netapi32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\PROPSYS.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\LINKINFO.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\DWrite.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\CTF.AsmListCache.FMPDefault1", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\rmclient.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\HWNDInterface:402da", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\FLTLIB.DLL", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\BitsProxy.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\wintypes.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\mswsock.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\cryptsp.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\winmmbase.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\msvcrt.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\dcomp.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\imm32.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\wkscli.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\gpapi.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\FirewallAPI.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\Windows.Media.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\MDMRegistration.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\windows.storage.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\WINMMBASE.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\dxgi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\KERNEL32.DLL", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\Windows\\Theme1581511869", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\MSASN1.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\PCPKsp.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\powrprof.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Fonts\\ARIALNI.TTF", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\CRYPTSP.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\win32u.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\bcryptPrimitives.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\DEVOBJ.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\directmanipulation.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\windows_shell_global_counters", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\IPHLPAPI.DLL", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\dhcpcsvc6.DLL", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\wpnapps.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\bcrypt.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\OneCoreUAPCommonProxyStub.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\atlthunk.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\RTWorkQ.DLL", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\userenv.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\SHLWAPI.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\InputHost.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\Windows.UI.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\ColorAdapterClient.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\RPCRT4.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\d3d11.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\ncryptprov.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\CoreMessaging.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\wlanapi.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\IMM32.DLL", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\atlthunk.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\sspicli.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\winspool.drv", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\fwbase.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\WindowsShell.Manifest", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\DataExchange.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\OLEACC.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\DMCmnUtils.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\fwbase.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Fonts\\timesbi.ttf", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\IPHLPAPI.DLL", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\ntasn1.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\rsaenh.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\oleaccrc.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Fonts\\ARIALN.TTF", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\netapi32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\directmanipulation.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\wkscli.dll", + "module_tag": "" + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll", + "module_tag": "" + }, + { + "module_name": "C:\\Windows\\Fonts\\timesi.ttf", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\DPAPI.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\GDI32.dll", + "module_tag": "" + }, + { + "module_name": "\\KnownDlls\\NTASN1.dll", + "module_tag": "" + } + ], + "mutex_actions": [ + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4464:120:WilError_01", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "unknown", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\{A946A6A9-917E-4949-B9BC-6BADA8C7FD63}", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!", + "status": "success or wait" + }, + { + "action_type": "mutex_created", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:4464:304:WilStaging_02", + "status": "success or wait" + } + ], + "process": { + "name": "chrome.exe", + "parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --start-maximized \"about:blank", + "parent_process_id": 4536, + "process_id": 4464 + }, + "process_actions": [ + { + "action_type": "process_created", + "path": "unknown", + "status": "success or wait" + }, + { + "action_type": "process_terminated", + "path": "unknown", + "status": "process is terminating" + }, + { + "action_type": "process_created", + "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", + "status": "success or wait" + } + ], + "registry_actions": [ + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}\\LastWasDefault", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_USERSS-1-5-19\\Software\\Microsoft\\Cryptography\\TPM\\Telemetry", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\PriorityControl", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_value_modified", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon", + "status": "success or wait", + "value": "2", + "value_name": "state" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_value_modified", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\StabilityMetrics", + "status": "success or wait", + "value": "0", + "value_name": "user_experience_metrics.stability.exited_cleanly" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\crypt32", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_deleted", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_value_created", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings", + "status": "success or wait", + "value": "1741B0A8517BEBEA259AF9047ECAAEFB3246AD31AF1113DAD021745EB94724CC", + "value_name": "ahfgeienlihckogmohjhadlkjgocpleb" + }, + { + "action_type": "key_value_modified", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\LastWasDefault", + "status": "success or wait", + "value": "26 F2 46 FA CC 6D 2F 00 ", + "value_name": "S-1-5-21-987036132-2528391375-4088684000-1001" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\Extensions", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Cursors", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Chrome\\Extensions", + "status": "object name not found", + "value": "", + "value_name": "" + }, + { + "action_type": "key_value_created", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\LastWasDefault", + "status": "success or wait", + "value": "42 43 17 FA CC 6D 2F 00 ", + "value_name": "S-1-5-21-987036132-2528391375-4088684000-1001" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_created", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_created", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Network\\Location Awareness", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Dnscache\\Parameters", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\Clients\\{8A69D345-D564-463c-AFF1-A69D9E530F96}", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_created", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}\\LastWasDefault", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\DWM", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_value_modified", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty", + "status": "success or wait", + "value": "NU LL ", + "value_name": "StatusCodes" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\StabilityMetrics", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_value_modified", + "key_name": "HKEY_USERSS-1-5-19\\Software\\Microsoft\\Cryptography\\TPM\\Telemetry", + "status": "success or wait", + "value": "AF AD E5 C6 01 4A DA 01 ", + "value_name": "TraceTimeLast" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_value_created", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default", + "status": "success or wait", + "value": "AC35DEE0912DD800572E8342460606D73D3EA35BDF0C54722EE54206F8552A2F", + "value_name": "prefs.preference_reset_time" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\Protocol_Catalog9", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip6\\Parameters", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463c-AFF1-A69D9E530F96}", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\CA", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\Extensions", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_value_modified", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463c-AFF1-A69D9E530F96}", + "status": "success or wait", + "value": "13350051039534355", + "value_name": "lastrun" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_value_deleted", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\FirstNotDefault", + "status": "success or wait", + "value": "", + "value_name": "S-1-5-21-987036132-2528391375-4088684000-1001" + }, + { + "action_type": "key_value_deleted", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default", + "status": "object name not found", + "value": "", + "value_name": "extensions.settings" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_created", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome\\Extensions", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_value_modified", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default", + "status": "success or wait", + "value": "81046E921B34925EF9312C9A62CC5AFFB0D63E7CA2C13AC486278B291F7C08F2", + "value_name": "media.cdm.origin_data" + }, + { + "action_type": "key_opened", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings", + "status": "success or wait", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome\\Extensions", + "status": "pending", + "value": "", + "value_name": "" + }, + { + "action_type": "key_monitored", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "status": "pending", + "value": "", + "value_name": "" + } + ] + } + ], + "classification": "NO_THREATS_FOUND", + "configuration": "MS Office 2007;Java 8;Adobe Reader 2020;Firefox 62;Google Chrome 69;Microsoft Edge 42;Internet Explorer 11", + "md5": "", + "memory_strings": "https://bucket.reversinglabs.com/rl-cloud-sandbox-memstrings-prod/01b57da1914cff3920cf2ce6ae03001a3ba8e76f_0f57134a-ecb8-4f8f-ad60-903b63bf8bc4_memstrings_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024259Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=d53fcc0454ee985a12bea8ef65dbb4ed5f8d7f13c51332e4968ac735fd2cb8c0", + "mitre_attack": { + "matrix_list": [ + { + "name": "Enterprise", + "tactics": { + "tactic_list": [ + { + "id": "TA0005", + "name": "Defense Evasion", + "techniques": { + "technique_list": [ + { + "id": "T1055", + "name": "Process Injection" + }, + { + "id": "T1036", + "name": "Masquerading" + } + ] + } + }, + { + "id": "TA0007", + "name": "Discovery", + "techniques": { + "technique_list": [ + { + "id": "T1046", + "name": "Network Service Scanning" + } + ] + } + }, + { + "id": "TA0011", + "name": "Command and Control", + "techniques": { + "technique_list": [ + { + "id": "T1071", + "name": "Application Layer Protocol" + }, + { + "id": "T1095", + "name": "Non-Application Layer Protocol" + }, + { + "id": "T1105", + "name": "Ingress Tool Transfer" + }, + { + "id": "T1573", + "name": "Encrypted Channel" + } + ] + } + } + ] + } + } + ] }, - { - "associated_malware": false, - "first_seen": "2023-11-06T13:10:15", - "last_seen": "2023-07-24T13:15:52", - "requested_network_location": "61.253.71.111", - "third_party_reputations": { - "clean": 0, - "malicious": 0, - "total": 7, - "undetected": 7 - }, - "type": "ip" + "network": { + "dns": [ + { + "address": "none", + "process_id": 2960, + "type": "65", + "value": "www.google.com" + }, + { + "address": "142.250.186.36", + "process_id": 2960, + "type": "A (IP address)", + "value": "www.google.com" + }, + { + "address": "none", + "process_id": 2960, + "type": "65", + "value": "clients2.google.com" + }, + { + "address": "none", + "process_id": 2960, + "type": "A (IP address)", + "value": "wpad.example.org" + }, + { + "address": "37.72.184.59", + "process_id": 2960, + "type": "A (IP address)", + "value": "classicairjordanshoes.com" + }, + { + "address": "none", + "process_id": 2960, + "type": "65", + "value": "classicairjordanshoes.com" + }, + { + "address": "142.250.27.84", + "process_id": 2960, + "type": "A (IP address)", + "value": "accounts.google.com" + }, + { + "address": "142.250.186.110", + "process_id": 2960, + "type": "A (IP address)", + "value": "clients2.google.com" + }, + { + "address": "none", + "process_id": 2960, + "type": "65", + "value": "accounts.google.com" + } + ], + "http": [ + { + "method": "GET", + "process_id": 2960, + "url": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt" + } + ], + "tcp": [ + { + "destination_ip": "142.250.186.110", + "destination_port": 443, + "process_id": 2960 + }, + { + "destination_ip": "37.72.184.59", + "destination_port": 80, + "process_id": 2960 + }, + { + "destination_ip": "142.250.27.84", + "destination_port": 443, + "process_id": 2960 + }, + { + "destination_ip": "142.250.186.36", + "destination_port": 443, + "process_id": 2960 + } + ], + "udp": [ + { + "destination_ip": "8.8.8.8", + "destination_port": 53, + "process_id": 2960 + }, + { + "destination_ip": "239.255.255.250", + "destination_port": 1900, + "process_id": 4464 + }, + { + "destination_ip": "8.8.4.4", + "destination_port": 53, + "process_id": 2960 + } + ], + "url": [ + { + "source": "network", + "url": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt" + } + ] }, - { - "associated_malware": true, - "first_seen": "2023-10-22T21:13:34", - "last_seen": "2023-10-23T03:27:25", - "requested_network_location": "bloom-artists.com", - "third_party_reputations": { - "clean": 0, - "malicious": 2, - "total": 13, - "undetected": 11 - }, - "type": "domain" - } - ] - } - } - } -} -``` - -#### Human Readable Output - ->## ReversingLabs Reputation for the following network locations: http://43.138.221.139/jquery-3.3.1.min.js, 61.253.71.111, bloom-artists.com -> ### Network locations ->|associated_malware|categories|classification|first_seen|last_seen|reason|requested_network_location|third_party_reputations_clean|third_party_reputations_malicious|third_party_reputations_total|third_party_reputations_undetected|type| ->|---|---|---|---|---|---|---|---|---|---|---|---| ->| false | phishing,
command_and_control | **malicious** | 2022-09-11T11:54:39 | 2023-04-14T11:15:51 | third_party_reputation | http://43.138.221.139/jquery-3.3.1.min.js | 0 | 2 | 19 | 17 | url | ->| false | | | 2023-11-06T13:10:15 | 2023-07-24T13:15:52 | | 61.253.71.111 | 0 | 0 | 7 | 7 | ip | ->| true | | | 2023-10-22T21:13:34 | 2023-10-23T03:27:25 | | bloom-artists.com | 0 | 2 | 13 | 11 | domain | - - -### reversinglabs-titaniumcloud-network-reputation-override - -*** -Sets and removes user-requested network reputation overrides. - -#### Base Command - -`reversinglabs-titaniumcloud-network-reputation-override` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| set_overrides_list | Network locations whose reputations should be overriden. The locations should be written as a string in the following format - 'network_location,location_type,new_classification\|network_location,location_type,new_classification\|network_location,location_type,new_classification'. | Optional | -| remove_overrides_list | Network locations whose reputation overrides should be removed. The locations should be written as a string in the following format - 'network_location,location_type\|network_location,location_type\|network_location,location_type'. | Optional | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.network_reputation_override | Unknown | Network reputation user override. | - -#### Command example -```!reversinglabs-titaniumcloud-network-reputation-override set_overrides_list="http://163.197.220.144/5x8x,url,suspicious|http://163.197.220.144/j.ad,url,known" remove_overrides_list="http://43.138.221.139/jquery-3.3.1.min.js,url"``` -#### Context Example -```json -{ - "ReversingLabs": { - "network_reputation_override": { - "rl": { - "user_override": { - "created_overrides": [ + "pcap": "https://bucket.reversinglabs.com/rl-cloud-sandbox-pcap-prod/01b57da1914cff3920cf2ce6ae03001a3ba8e76f_0f57134a-ecb8-4f8f-ad60-903b63bf8bc4_pcap_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024258Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=1e09709a9d68055c3a631f515f253d01b57e6ee797790d89f0e4c198a86eb270", + "platform": "windows10", + "process_tree": [ + { + "name": "chrome.exe", + "parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --start-maximized \"about:blank", + "parent_process_id": 4536, + "process_id": 4464 + }, + { + "name": "chrome.exe", + "parameters": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1816,i,13857433630562973425,11579335400417572304,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8", + "parent_process_id": 4464, + "process_id": 2960 + }, + { + "name": "chrome.exe", + "parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" \"http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt", + "parent_process_id": 4536, + "process_id": 5400 + } + ], + "risk_score": 0, + "screenshots": "https://bucket.reversinglabs.com/rl-cloud-sandbox-screenshots-prod/01b57da1914cff3920cf2ce6ae03001a3ba8e76f_0f57134a-ecb8-4f8f-ad60-903b63bf8bc4_screenshots_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20240118%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240118T024259Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=28da467b004a3d9f270379b1440b6d155247d7351acf0c03074cbfe4b36b18f6", + "sha256": "", + "signatures": [ + { + "description": "Downloads files from web servers via HTTP", + "risk_factor": 5, + "sig_id": 349 + }, + { + "description": "Performs DNS lookups", + "risk_factor": 5, + "sig_id": 353 + }, + { + "description": "Classification label", + "risk_factor": 5, + "sig_id": 420 + }, + { + "description": "Uses HTTPS", + "risk_factor": 5, + "sig_id": 392 + }, + { + "description": "Sends SSDP (simple service discovery protocol) broadcast queries", + "risk_factor": 5, + "sig_id": 447 + }, + { + "description": "Uses HTTPS for network communication", + "risk_factor": 5, + "sig_id": 1549 + }, + { + "description": "Creates files inside the program directory", + "risk_factor": 5, + "sig_id": 1143 + }, + { + "description": "Performs connections to IPs without corresponding DNS lookups", + "risk_factor": 5, + "sig_id": 472 + }, { - "classification": "suspicious", - "network_location": "http://163.197.220.144/5x8x", - "reason": "user_override", - "type": "url" + "description": "Spawns processes", + "risk_factor": 5, + "sig_id": 1271 }, { - "classification": "known", - "network_location": "http://163.197.220.144/j.ad", - "reason": "user_override", - "type": "url" + "description": "Creates a directory in C:\\Program Files", + "risk_factor": 0, + "sig_id": 1665 } ], - "removed_overrides": [ + "threat_names": [ { - "network_location": "http://43.138.221.139/jquery-3.3.1.min.js", - "type": "url" + "threat_name": "Unknown" } + ], + "warnings": [ + "Exclude process from analysis (whitelisted): MpCmdRun.exe, conhost.exe", + "Excluded IPs from analysis (whitelisted): 142.250.186.131, 34.104.35.123, 142.250.181.227", + "Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, dl.google.com, update.googleapis.com, clientservices.googleapis.com", + "Not all processes where analyzed, report is missing behavior information" ] - } + }, + "requested_base64_url": "01b57da1914cff3920cf2ce6ae03001a3ba8e76f", + "requested_id": "0f57134a-ecb8-4f8f-ad60-903b63bf8bc4" } } + }, + "URL": { + "Data": "http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt" } } ``` #### Human Readable Output ->## ReversingLabs Network reputation user override -> ### Created overrides ->|classification|network_location|reason|type| ->|---|---|---|---| ->| suspicious | http://163.197.220.144/5x8x | user_override | url | ->| known | http://163.197.220.144/j.ad | user_override | url | -> -> ### Removed overrides ->|network_location|type| ->|---|---| ->| http://43.138.221.139/jquery-3.3.1.min.js | url | - - -### reversinglabs-titaniumcloud-network-reputation-overrides-list - -*** -Lists the active network reputation overrides. - -#### Base Command - -`reversinglabs-titaniumcloud-network-reputation-overrides-list` - -#### Input - -| **Argument Name** | **Description** | **Required** | -| --- | --- | --- | -| result_limit | Maximum number of returned results. Default is 50000. | Optional | - -#### Context Output - -| **Path** | **Type** | **Description** | -| --- | --- | --- | -| ReversingLabs.network_reputation_overrides_list | Unknown | Network reputation overrides list. | - -#### Command example -```!reversinglabs-titaniumcloud-network-reputation-overrides-list result_limit=10``` -#### Context Example -```json -{ - "ReversingLabs": { - "network_reputation_overrides_list": [ - { - "network_location": "https://cisco.com/", - "type": "url" - }, - { - "network_location": "http://banco.colpatria.com.co/banca-virtual/login/", - "type": "url" - }, - { - "network_location": "http://cvisd.com/", - "type": "url" - }, - { - "network_location": "https://ca-sil.com/", - "type": "url" - }, - { - "network_location": "http://partner.frontread.com/", - "type": "url" - }, - { - "network_location": "https://eclipse.org/", - "type": "url" - }, - { - "network_location": "http://163.197.220.144/5x8x", - "type": "url" - }, - { - "network_location": "https://ajestudios.com/", - "type": "url" - }, - { - "network_location": "https://openairmt.org/", - "type": "url" - }, - { - "network_location": "https://synnexfpt.com/", - "type": "url" - } - ] - } -} -``` - -#### Human Readable Output +>## ReversingLabs URL Dynamic Analysis output for URL http://classicairjordanshoes.com/classic-air-jordan-9-c-7.html?zenid=egbmmbi039iqms5ho5dt2qnunm0mettt +> **Classification**: NO_THREATS_FOUND +> **URL SHA1**: None +> **URL BASE64**: None +> **Last analysis**: None +> ### Full report is returned as JSON in a downloadable file +> ->## ReversingLabs Network reputation active user overrides list -> ### Network location list ->|network_location|type| ->|---|---| ->| https://cisco.com/ | url | ->| http://banco.colpatria.com.co/banca-virtual/login/ | url | ->| http://cvisd.com/ | url | ->| https://ca-sil.com/ | url | ->| http://partner.frontread.com/ | url | ->| https://eclipse.org/ | url | ->| http://163.197.220.144/5x8x | url | ->| https://ajestudios.com/ | url | ->| https://openairmt.org/ | url | ->| https://synnexfpt.com/ | url | diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py index 259b44aeda67..81335efb37b8 100644 --- a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py +++ b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py @@ -8,7 +8,7 @@ from ReversingLabs.SDK.helper import NotFoundError -VERSION = "v2.4.0" +VERSION = "v2.5.0" USER_AGENT = f"ReversingLabs XSOAR TitaniumCloud {VERSION}" TICLOUD_URL = demisto.params().get("base") @@ -82,6 +82,7 @@ def classification_to_score(classification): score_dict = { "UNKNOWN": 0, "KNOWN": 1, + "NO_THREATS_FOUND": 1, "SUSPICIOUS": 2, "MALICIOUS": 3 } @@ -902,8 +903,8 @@ def analyze_url_output(response_json, url): return results -def detonate_sample_command(): - sandbox = DynamicAnalysis( +def create_da_object(): + da = DynamicAnalysis( host=TICLOUD_URL, username=USERNAME, password=PASSWORD, @@ -912,17 +913,26 @@ def detonate_sample_command(): verify=VERIFY_CERTS ) + return da + + +def detonate_sample_command(): + da = create_da_object() + sha1 = demisto.getArg("sha1") platform = demisto.getArg("platform") try: - response = sandbox.detonate_sample(sample_sha1=sha1, platform=platform) + response = da.detonate_sample(sample_sha1=sha1, platform=platform) except Exception as e: + if hasattr(e, "response_object"): + return_error(f"status code: {e.response_object.status_code}, message: {e.response_object.text}") + return_error(str(e)) response_json = response.json() - results = detonate_sample_output(response_json=response_json, sha1=sha1) + return_results(results) @@ -942,37 +952,45 @@ def detonate_sample_output(response_json, sha1): return results -def dynamic_analysis_results_command(): - sandbox = DynamicAnalysis( - host=TICLOUD_URL, - username=USERNAME, - password=PASSWORD, - user_agent=USER_AGENT, - proxies=PROXIES, - verify=VERIFY_CERTS - ) +def sample_dynamic_analysis_results_command(): + da = create_da_object() sha1 = demisto.getArg("sha1") + analysis_id = demisto.getArg("analysis_id") + latest_analysis = argToBoolean(demisto.getArg("latest_analysis")) try: - response = sandbox.get_dynamic_analysis_results(sample_hash=sha1, latest=True) + response = da.get_dynamic_analysis_results( + sample_hash=sha1, + analysis_id=analysis_id if analysis_id else None, + latest=latest_analysis if latest_analysis else None + ) except Exception as e: + if hasattr(e, "response_object"): + return_error(f"status code: {e.response_object.status_code}, message: {e.response_object.text}") + return_error(str(e)) response_json = response.json() - - results, file_results = dynamic_analysis_results_output(response_json, sha1) + results, file_results = sample_dynamic_analysis_results_output(response_json, sha1) return_results([results, file_results]) -def dynamic_analysis_results_output(response_json, sha1): +def sample_dynamic_analysis_results_output(response_json, sha1): classification = response_json.get("rl", {}).get("report", {}).get("classification") - classification = classification.upper() md5 = response_json.get("rl", {}).get("report", {}).get("md5") sha256 = response_json.get("rl", {}).get("report", {}).get("sha256") + last_analysis = response_json.get("rl", {}).get("report", {}).get("last_analysis") - d_bot_score = classification_to_score(classification) + markdown = f"""## ReversingLabs Sample Dynamic Analysis output for sample {sha1}\n **Classification**: {classification} + **Sample SHA1**: {sha1} + **Sample MD5**: {md5} + **Sample SHA256**: {sha256} + **Last analysis**: {last_analysis}\n ### Full report is returned as JSON in a downloadable file + """ + + d_bot_score = classification_to_score(classification.upper()) dbot_score = Common.DBotScore( indicator=sha1, @@ -992,8 +1010,8 @@ def dynamic_analysis_results_output(response_json, sha1): results = CommandResults( outputs_prefix='ReversingLabs', - outputs={'dynamic_analysis_results': response_json}, - readable_output="Full report is returned in a downloadable file", + outputs={'sample_dynamic_analysis_results': response_json}, + readable_output=markdown, indicator=indicator ) @@ -1006,6 +1024,122 @@ def dynamic_analysis_results_output(response_json, sha1): return results, file_results +def detonate_url_command(): + da = create_da_object() + + url = demisto.getArg("url") + platform = demisto.getArg("platform") + + try: + response = da.detonate_url(url_string=url, platform=platform) + except Exception as e: + if hasattr(e, "response_object"): + return_error(f"status code: {e.response_object.status_code}, message: {e.response_object.text}") + + return_error(str(e)) + + response_json = response.json() + results = detonate_url_output(response_json=response_json, url=url) + + return_results(results) + + +def detonate_url_output(response_json, url): + report_base = response_json.get("rl", {}) + + markdown = f"""## ReversingLabs submit URL {url} for Dynamic Analysis\n **Status**: {report_base.get("status")} + **Requested UR**: {report_base.get("url")} + **URL SHA1**: {report_base.get("sha1")} + **URL BASE64**: {report_base.get("url_base64")} + **Analysis ID**: {report_base.get("analysis_id")} + """ + + results = CommandResults( + outputs_prefix="ReversingLabs", + outputs={"detonate_url_dynamic": response_json}, + readable_output=markdown + ) + + return results + + +def url_dynamic_analysis_results_command(): + da = create_da_object() + + sha1 = demisto.getArg("sha1") + url = demisto.getArg("url") + analysis_id = demisto.getArg("analysis_id") + latest_analysis = argToBoolean(demisto.getArg("latest_analysis")) + + try: + response = da.get_dynamic_analysis_results( + url_sha1=sha1 if sha1 else None, + url=url if url else None, + analysis_id=analysis_id if analysis_id else None, + latest=latest_analysis if latest_analysis else None + ) + + except Exception as e: + if hasattr(e, "response_object"): + return_error(f"status code: {e.response_object.status_code}, message: {e.response_object.text}") + + return_error(str(e)) + + response_json = response.json() + results, file_results = url_dynamic_analysis_results_output(response_json=response_json, passed_url=url) + + #todo + whole_txt = json.dumps(results.to_context()) + + + return_results([results, file_results]) + + +def url_dynamic_analysis_results_output(response_json, passed_url=None): + url = response_json.get("rl", {}).get("report", {}).get("url", passed_url) + classification = response_json.get("rl", {}).get("report", {}).get("classification") + url_base64 = response_json.get("rl", {}).get("report", {}).get("url_base54") + sha1 = response_json.get("rl", {}).get("report", {}).get("sha1") + last_analysis = response_json.get("rl", {}).get("report", {}).get("last_analysis") + + markdown = f"""## ReversingLabs URL Dynamic Analysis output for URL {url}\n **Classification**: {classification} + **URL SHA1**: {sha1} + **URL BASE64**: {url_base64} + **Last analysis**: {last_analysis}\n ### Full report is returned as JSON in a downloadable file + """ + + d_bot_score = classification_to_score(classification.upper()) + + dbot_score = Common.DBotScore( + indicator=url, + indicator_type=DBotScoreType.URL, + integration_name="ReversingLabs TitaniumCloud v2", + malicious_description=classification, + score=d_bot_score, + reliability=RELIABILITY + ) + + indicator = Common.URL( + url=url, + dbot_score=dbot_score + ) + + results = CommandResults( + outputs_prefix="ReversingLabs", + outputs={"url_dynamic_analysis_results": response_json}, + readable_output=markdown, + indicator=indicator + ) + + file_results = fileResult( + f"Dynamic analysis report file for URL {url}", + json.dumps(response_json, indent=4), + file_type=EntryType.ENTRY_INFO_FILE + ) + + return results, file_results + + def certificate_analytics_command(): cert_analytics = CertificateAnalytics( host=TICLOUD_URL, @@ -2304,11 +2438,17 @@ def main(): elif command == "reversinglabs-titaniumcloud-analyze-url": analyze_url_command() - elif command == "reversinglabs-titaniumcloud-submit-for-dynamic-analysis": + elif command == "reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis": detonate_sample_command() - elif command == "reversinglabs-titaniumcloud-get-dynamic-analysis-results": - dynamic_analysis_results_command() + elif command == "reversinglabs-titaniumcloud-get-sample-dynamic-analysis-results": + sample_dynamic_analysis_results_command() + + elif command == "reversinglabs-titaniumcloud-submit-url-for-dynamic-analysis": + detonate_url_command() + + elif command == "reversinglabs-titaniumcloud-get-url-dynamic-analysis-results": + url_dynamic_analysis_results_command() elif command == "reversinglabs-titaniumcloud-certificate-analytics": certificate_analytics_command() diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.yml b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.yml index 326e99343c40..03abf1a18885 100644 --- a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.yml +++ b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.yml @@ -289,7 +289,7 @@ script: - contextPath: ReversingLabs.analyze_url description: The URL analysis. type: Unknown - - name: reversinglabs-titaniumcloud-submit-for-dynamic-analysis + - name: reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis description: Submit an existing sample for dynamic analysis. arguments: - name: sha1 @@ -303,13 +303,24 @@ script: - contextPath: ReversingLabs.detonate_sample_dynamic description: The dynamic analysis. type: Unknown - - name: reversinglabs-titaniumcloud-get-dynamic-analysis-results - description: Retrieve dynamic analysis results. + - name: reversinglabs-titaniumcloud-get-sample-dynamic-analysis-results + description: Retrieve dynamic analysis results for a sample. arguments: - name: sha1 description: Sample SHA-1 hash. default: true required: true + - name: analysis_id + description: ID of a specific analysis to fetch. + required: false + - name: latest_analysis + description: Fetch the latest analysis. + required: false + defaultValue: 'false' + auto: PREDEFINED + predefined: + - 'true' + - 'false' outputs: - contextPath: File.MD5 description: MD5 hash. @@ -332,9 +343,64 @@ script: - contextPath: DBotScore.Vendor description: The vendor used to calculate the score. type: String - - contextPath: ReversingLabs.dynamic_analysis_results - description: The dynamic analysis results. - type: Unknown + - contextPath: ReversingLabs.sample_dynamic_analysis_results + description: The sample dynamic analysis results. + type: Unknown + - name: reversinglabs-titaniumcloud-submit-url-for-dynamic-analysis + description: Submit a URL for dynamic analysis. + arguments: + - name: url + description: URL string. + default: true + required: true + - name: platform + description: Desired platform; See the API documentation for possible values. + required: true + outputs: + - contextPath: ReversingLabs.detonate_url_dynamic + description: The dynamic analysis. + type: Unknown + - name: reversinglabs-titaniumcloud-get-url-dynamic-analysis-results + description: Retrieve dynamic analysis results for a URL. + arguments: + - name: sha1 + description: URL SHA-1 hash. It can be found in the response while submitting the URL for analysis. Mutually exclusive with url. + default: false + required: false + - name: url + description: The requested URL- Mutually exclusive with sha1. + default: false + required: false + - name: analysis_id + description: ID of a specific analysis to fetch. + required: false + - name: latest_analysis + description: Fetch the latest analysis. + required: false + auto: PREDEFINED + defaultValue: 'false' + predefined: + - 'true' + - 'false' + outputs: + - contextPath: URL.Data + description: The URL. + type: String + - contextPath: DBotScore.Score + description: The actual score. + type: Number + - contextPath: DBotScore.Type + description: The indicator type. + type: String + - contextPath: DBotScore.Indicator + description: The indicator that was tested. + type: String + - contextPath: DBotScore.Vendor + description: The vendor used to calculate the score. + type: String + - contextPath: ReversingLabs.url_dynamic_analysis_results + description: The URL dynamic analysis results. + type: Unknown - name: reversinglabs-titaniumcloud-certificate-analytics description: Retrieve certificate analytics. arguments: @@ -728,7 +794,7 @@ script: - contextPath: ReversingLabs.network_reputation_overrides_list description: Network reputation overrides list. type: Unknown - dockerimage: demisto/reversinglabs-sdk-py3:2.0.0.80178 + dockerimage: demisto/reversinglabs-sdk-py3:2.0.0.85058 runonce: false script: '-' subtype: python3 diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2_image.png b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2_image.png index 4b72e9f259cff0bee0893159b1af2db0f08cd430..7a15203055a7cbf1a0659de8a84b6e79de968689 100644 GIT binary patch literal 4241 zcmchb_dgpB6US+*RY6462(_YO@6{No*wofq(N<&cn6;|4Y3)?4n5|O5mndqswjgR# zvlJC0Uo}ds$MgIV&kuK>d*AC`uY28Zcb8ydq{Bc5rlX>wV$jpoG^3)TcD#&rX|G>; ziLbxbFXg6>uC*T(72wu?jhZSakNq-9?PsQgpsFHrZCt`NXLUn$Dyo_kz^OeA6%~`9 zo~F9RbLwrZ;hWi>+r1YM*RwSCdK+ae$x2tbUe=lY>1)=MOjep&>ML>|ZN9LmUi-(- z#iWq>(RE*apmj-Woe&dcQiG~mQp?-vW&ITH6*nN-OHvC3@m-ou7I%di3y8ZN>83G% zz#1+9m-LlS!DhcAxEEU#Et)oic&^yd-b)5{&_?poy1(~pPqO>4PeaQ^_dldjXS(){ zLlbkUTnJ6;OW^zeLUELQkx~9jSU@E9BY7d}{FM8eI#b&YP7^aL=}~-8Vpv9ozn%o< z$54n3qSYr$9B|9P(=jQ_!&Tsu-Xr)$w`J;(!=LnvVVgZ~>kHsuUG8zj>;pTwfycE4 zFrR~I145XXjzg)`@s9LKG5Mp+#iADSLcLbP@T4rRU@PuL%Ftlj*mmhbF;<`^$P8i)y=H1F&-8Htl`ECN%b*D(@ojJgmFIA2!DpPWb!wTMIK@I#gv+eXH1i- zQ}=cP&I~8l$}&C$!7L{V!+O=R^= zRMKNWh|^+I$?sDMaYCg6Mf=-h;hc!N5|0&u8xzLmu4iwavOaZ~IenPntv#5ezW~R7 zhCd<^5{x?weZ(O>K-dcQ#`kwNGuxZbZTo{Hg>%Bd0f)95FPhH3tVBt<4St*pK6B)1 z-GzdFg}h%5xVk&ESQj(PQaz4ba3&ze8|p0+;;g=^sf+1z2~;VXNIcklHWNG8qal_V z-WWP>Xxg+7w)h@UJ<{X>9-u^>d~8sYUf!6Ig+|Uz^5o_qJJRL&3BU5EkLIiS#s#~^ zKlx@i1^mivrwif(OtxjKh&jEgrUP~-_40o=AMjJU7KZ*&5PHU8Fm^FW3we};9{!z7 zRHaFep`UoLG9Q2PY-O9b#Yu=i;#Ojx79EkUW=16WA)1T z*Q3CzE17+FbPRGAQ?9Z9aDFsS#n@RxND}P)5wUI*yY1M6#?VjAYc0xQNRF zimzKc2F9^v9j}jY@i~QmvDSSM(r5e4!YI=Pe!S>B$)I1~%(w-UXiDNX=e9rp9K_2$ z6+Pca7L8H8^S40dn?EkCUFkkUk7vNy2CmU2wSvFqjWc+U_}rHfx~VFIP1X3I8fqtR zF`SXYE^qxKe8efN&jIwB_g#8YRiD{sS?39)GvO0ut6tQLT&SxYEg`#Cs|cTxB}W2c zqg}Fl{VCxprE_oHy{|L3wAkLC4^bL~TXUo>;5Iu7%i?Q~1wLVmLZYm9`!jmVG8SVa z>DWLH&w>kNZiT8S?9dgl>>zY`66|=N5)#48oWy{d8-JHVNQ&z?{2O)&!prhbnKrMg z5&9+KXT{Evz=cmx(d>>zi#E^(_vYXkgS($YQL0*!mi1$dvCK`rpt~RkMsD*%j=5LS zybgqhb=*3iqz4F0n_xqo_e4RoDX)G1$|TTwJ({6>uBKqyngMQVK-}P;1GDmw{j+i(hr~eZK zj%T))h-$v6(x}yknK9*1m}B_)>Gqnmqv={G)k4k=U$Unl`mlyOFuUoftUY3kUc)6Yt>P^K7DM|`r?>g7hdnlSp4LU^74Tov zP+Y@~w1%z1uE3>VAtbrGlhu@Og7tUChQ$D**uT6ShNe=2?HT7v&L11()Qua8?)hBUU;=^^t3t9=14|JS`_E;Zx^-7O6w6me ztUA`;qOE_Y3o!pEIG&ZA^po={A3**HgrErmE!zdH^at}ZnyGrFi_PAMr$xC_4Fp{( zHC;hpG`-J1DenZ@>V+~I{c4(KX*PMTsX2|MZ?uGD2?qISE_GL?G^Tx8HrTm)tJ05S z$dBXL-@P_7*Q?7j5pk1W7TZauG+H$YS1&^ADC3R&G4ncAky;v~`s{VKqzOpS(e~)M zZdL&2*%mvenE6ysvJ8Jgr90$KxPy4amvG^CHBbz5@oCRp(LNoqz}CS!qtRGCzwEZS*cp8407cqY|X2A1Zy)jA%GRJKag*HE?_E=BuA|Y!vx`t;Jg$?JDDCEX)*kf22h^(-ld#GQ|LJ zB4>NmCd|IYr8&IY`rW&J=S&gBex_Uw4($1!L&d zX=kW7_Jy!kIo`n$+fYiodG{$nWiXM6t(|LmsgP0oqy=5Y&phM^?x5X0z8Ck*a$JPF z^t@?c%OV$#S7ewyxt)nnDOYLtd<2Fsb{*;W|b!6YThFm$`h zQU(^KPWPVhv5e}Rm&W@@rR-^ibzweC);vK6vn`1Ya_5AKEusiU_VWARpqM-?{&5$^ zvjap|dsJ9Qrw{G%QA)*ZCgv^0ETKv(G1I1`^_I;5F-NjXx_8C+kQ1G#Qh zt6IUt**fefOX7nDR`~(8d9O8*EO*c4)SSBb%UJhppz`fwjZeoLwQ;L)i(v_SJY>{O z!4)}KV;7d7`S=fW$E)u5M6+RkwY4#pG+NK=M3S|2G!kG+c`m>f$zgfXdojgQjhf7t zEALMQt&OpPwu#Og1;-8gmPV$O01m$8*fBgI>iw1ocnetA;AU}W&t5a?$j6)V9J!q{ ziVCboCLO{_y zCg@AeKIcaZ1e}iAoFR*CKlLNPo!8hGsz6we`-5P3_UQYf{pV~u5P3 z1)2~V^YXKKn9p_D)!$pa!Q9>SRdAzp)a3v>XJK-aG5$MmJLWY(bEG-Ep7;1xch}9d zigO1}iJMVkB5oEPzan6hj!5PTHwXOt%m}RZyB82*Lw>E7;)9#FYnPb?U5U>1h*@zH zh5MiY5u(*qie9iacA=J&?!&$?c0M!5OX|$6E4Vh;Yc>O|s*SE4FjI2`7iR!oh3@YK z@v93+qeMXSU0%#q@jHLtmQEA|EzrP1ML_8p@!>w3~)8G)i2M@E9R7 z6HM%puRhQ2u0v%6Pfa^q^Sr;1j;~ZBxat=1Pk|24uJ_^jl}%>RBn7@2m~Zn!MV8A_ zsHZ&6HIRo@y}Ykc3xV={5mVz)8Z~d*8dy88x!XBjMP(TEWvmr@$9cr{GX8EyC<$!stZ*Rp99Pn zpN~j0N`<#tQqD}$0%2w!pEY+XHkR;R_w)H_@e evT0H9IdGRnu!7sZU-t5YK&7W;q*;Y{8u=ekI_i1= literal 3684 zcmV-q4x90bP)Px@9!W$&RCodHTnlhi)fv8LH!p-B4-=9|LU>4`C@P8;s)7$he06-ZR_YX;PSv*9 zsju;^Xsfo?TG2Y%(JHkvsI3+Y3OXvHrJ^G~aY(`|CM63546nR*@9Fp5-G6g(xqEjb ziD@$X&3t?Q^Pm5md++(r`OklEP|HdqJp<_(NY6le2GTQ-o`LiXq-UVpXFw$xk?j+~ zLU1T}Fc<+_!IoHAi}DljLNFB^0wa#IF=o6RWn)ZERGf>3Y%l{X0&BojPyr*}-+ACb zZ~(|Lf*|j|0sI>L4E!&c2mv(A0FMPnfO#P2VJ{d0H-le-9Oq;(A0)PbAA`KUKtosz z+M;lk=b)Yw)4hjsyQ_T)>c@j4LHdPg0_#COLlw9N+yf@W7_>YJvIB3(k1wM=Gl`8~ z|BKPr55;Ko>+jcgANn4ZLVr&72jDdzooRv-UJd$PN7}d{-ZE@of;`Nqi`^B_B?1?W z*l|$_z60TNP}=;;`O?Y#Fw{>5xg+O-hk`wUea4{NoqjOe!+wSb&_>6c06qf#6J(uW z^m+jt#Y#8g9*o6kk}9Uba0ST4+9fbtnc#yh1P2?+4UidTHh~Ol?ck5VBfvy>7Y*!_ z2#2F#W~^}*N-nfSA&IdlSZUPV;wrZS^*?~SKt4Nj-amNbA$AlrGK*@!6pa^4t zt+7G4)9y@Rz_SdSjgW5zIZjG&JD3+0FdX-Ub2)w+xST=^Ok})Z>KTeRc^P$+&U7F{ z9l?xLa4CdD3sG#6m7MPf45OX)@xX$Ro^Qp+Fcel9281NX# zBaOOXhllh&R{N-&wR+69u6|p$hEkdP0;Dm#&R0SKBkVzhTnB~@2Q-@C&8}S z7<&O^!QUX5*A$u0co#TS3}fY6D8=R_$is{}^^6Wbb?K&}E^wd0ra$J0(Sek&ptIZ{ z%iSPv^fB;$@b@6k0{2D}XVq|Qdfo4Lr+Gtw{nQ%LJFLZv_@p7Z^s0L~ z_&UGAjkYq^HRR0AhdyGoF~K3+4o>8ZsCD$$y@S1;fjWlhF=odEau)QwpEaO+tW%*& z)xj{e%tg$Ejys#7U&fsQxy`6w0oe_17QW)~{-s~s!R{nWI%h&ST`DNof|I~0AkT}} z!R|mM2H}GVBuhOT3c0s1>Ew?Qrjxv=(wOrpDiJFwJH&V~F5$QAcKxC87iEHMT;D<(_H zD$mGWF@1Lw9PbVA9q`v6pG$BT1V)Kez}<2`XfDvwR5}_qDilH+XfT8Xdk;&CBKst*U3f|*LssAwF5JW`i zLdm)2eGp^7@s8B-^InH&eGfA8ij?8yV6IB0^2A>7Mn~$opH&!|S+d{~2wY@>r6TlD z$%wST82c*7sqU1MVaqdKzzEk>e2xy>M2YYZqahD6KbaO8I$x28x(S{u<~hQU6*3J{ zly8UKFMVuz(>KK0x$1ew@(&oq&!dI&%kXE0K%>bKAI0zQ+)AVV7-aK{nbFiqp?E|mKbwTa<_dKR3O3ED<+&%Sm`3}fc+1^Y>$52!EbK+z)OCGy9SoUJIEM_)Wl2M<&7{t_Fr_aqwuPZHXa!iCocs@Vf`I zA02ob$OS>10iF*I2f64|!LMNSaVmx$HgweEAjj~+Y$#WP5?Ka8o(?93>0qvm!$3YP zF&A`abWQ_)+Q8;mg)4}VdbH;M%hhgzyKFCL-VfW&^O<#?l?QSij*$pYpy7vLdCcG@ zl+S^@9(PD0tU$v(;5#vcT_|M^cSCmHGwWWs7s?Aj^Ni&@6Fb4l;LYHbU;&s2Eog{G zUD>UPjQfk8VOJ1Og!H_5fre+7CkT* zBXGeIuo&e1aS`qS>DVoxByI6<4BdetR8sbLEX_=g642Ju1+|s#-IwqJdiwN?t(!uN zq`w%dfcj%$b;U}l*O!&$hMSxu1FKvQfPJ>I6rE>lrFY{=xnuC4!4(5@BCidus^UY( zv2)ysgIim7%~pzeh8}~xbqK}~=Ql%Nr?uLE4vULwE1!sW?8AaPB!1&Z(Uv|B6Xqld zSU&G|WuR@FL#Jr1FW#?D#L2GX4$f98tKG6^nRd8tw2C4op&q%svDvcgO2$7`n3p?O zty$B)d%}caO?w+YMB`Z9VQ3CD0Q#{QWvr#(YRl>u4i1=4*juu#orK1@Jm$78ejiGo z!!R1Jy9LDzQZ*qCwZJ2t+=fa3nk%=~@8j8KHSKACGU~wCAWF5tjbEbQYV^m)4poI~ zhY%4GT7}&o_m0x{Dy`;YXJ)`5`P-j){zQ!ZzUTPC;F(36*Ttj7 zp7QeHO-2(K(N{*PIby%DMA7rhtRQu-;CUIUP(cSIsVAsSCuBc$PximEDaNE+6SJ@1QcWk{7N+xR)0|e2gDt!EW4vU z#d}ggU2B@QMxeo%-)Tg#js6tJD$M^`Gu8pJBInhrAam^7 zNOty#UR!M)i$Ihp17UkeXxy=RWPNd2(e_bC99vgB{#tE2|Mod*snp`3)t~OtO5H78 z5rcyW*|#+A3D<^-%bpI6o^XP+^|!KD9jqg*=Q!CeW)(ZPJu5SJIVU*!(Luir^1J@Xq-=!81tinIr?gjQ&dy=oKk_flcQtngOJQ!p~LMT z)RmO2+E!XVGpg@DzrF0>j@Khh^vYqI*6>3`6e`g1p+sA!G?X3_Pm;vMuS7`Jhyu^% zR#r0ca!^=PF)yfsGtkEO;m*){Y9wMWuPZKFs7t5wj|u$(y_Q9D61PS|GnleE&}!e- zQDr}gSGDG6K?i(gYPDKs;qz5|S33<#J&dH+Ia`sKWn!#Cgx*tOKN+&p+I}QdT7EEW ze-j-E|7l>&x;G)e3H>x3v9ChtxClEwOWLt6W``nmSOeDV4qe}s_#oW^BrPqN-0aw3 z*B8}RJ>)kqUS-bKcJx)o&(3IDG-zPpnthFS$LGh4;573+SZqVZ;~#{BuaDMMQ+D={ z!r>b}*dy&`$@AN4ZM+G(YthGvXwL4>3QjE8xNfa!+ZW|t3(-p3o{3Y!NmSM>)!r`O zjT4%&A()kEd}h=KMOybBov1_MhEM7XYpZV1D)2M0;qJG>c0BnLeP1klB}DUU5&k%F zZhXR&T7!gWQM@jKwkP5>34a&>@S&nHk}-usGT4^g=?v9D8`0e#0|GfOHbP{MG0gsY|(S^pPX%aNA`PI`R5*mbCen?e^)N+LaD< zs(V!0RC9@`M#jC~toK#9M;wfAy+>n*em~))Xq&G`4shN@2Ii=ajM?ZkV)NQJ=kzw_t4lfJ_1DRpV&JNr5SY;#0(jEW#Dk4K&{+vtK)<5&YBs*Y- z17T}NFmq7jP&>EPx_o-ut_6z+x9a9ek%)dUJ}?A3pjMgnzAE=rl9g;em?$|}G92)B zVNGS{9cT0ojViklU#1=~R9zC43eG94S@$dwuhm!^DV?jBlt1BIzNSkT`ad=9tt2b{ z3WS%Lm;L4jyK}K$d!jZ(kxjvXx{S_EWaFjBf_t$bKleJXw!WzAwh)bv3iGXiN;+OZ z>pX@>8G#yfKX-j(sSOXXlpzCKl>zCI(6`FMWym!GEm|M2m< z@pM~y2GTQ-o`LiXq-P*K1L+w^&p>(x(lgLUXW)MU((_iai)b1E0000 Date: Fri, 19 Jan 2024 16:36:44 +0100 Subject: [PATCH 3/4] Add changes for v2.3.2 --- .../ReversingLabsA1000v2/README.md | 2114 +---------------- .../ReversingLabsA1000v2.py | 5 +- .../ReversingLabsA1000v2.yml | 6 +- .../ReversingLabsA1000v2_image.png | Bin 3684 -> 4241 bytes .../ReversingLabsA1000v2/command_examples.txt | 2 +- .../ReversingLabs_A1000/ReleaseNotes/2_3_2.md | 4 + Packs/ReversingLabs_A1000/pack_metadata.json | 2 +- 7 files changed, 37 insertions(+), 2096 deletions(-) create mode 100644 Packs/ReversingLabs_A1000/ReleaseNotes/2_3_2.md diff --git a/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/README.md b/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/README.md index 24c53028bbef..d6150c069ea3 100644 --- a/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/README.md +++ b/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/README.md @@ -5442,10 +5442,11 @@ Delete an uploaded sample from A1000 > **SHA1:** 0000a0a381d31e0dafcaa22343d2d7e40ff76e06 > **SHA256:** b25e707a78a472d92a99b08be5d0e55072f695275a7408d1e841a5344ca85dc3 + ### reversinglabs-a1000-list-extracted-files *** -List files extracted from a sample +List files extracted from a sample. #### Base Command @@ -5455,24 +5456,25 @@ List files extracted from a sample | **Argument Name** | **Description** | **Required** | | --- | --- | --- | -| hash | The sample hash. | Required | +| hash | The sample hash. | Required | +| max_results | Maximum number of results to return. Default is 5000. | Optional | #### Context Output | **Path** | **Type** | **Description** | | --- | --- | --- | -| ReversingLabs.a1000_list_extracted_report | Unknown | A1000 list extracted files report | +| ReversingLabs.a1000_list_extracted_report | Unknown | A1000 list extracted files report. | #### Command example -```!reversinglabs-a1000-list-extracted-files hash="a94775deb818a4d68635eeed3d16abc7f7b8bdd6"``` +```!reversinglabs-a1000-list-extracted-files hash="a94775deb818a4d68635eeed3d16abc7f7b8bdd6" max_results="2"``` #### Context Example ```json { "InfoFile": { - "EntryID": "7525@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59", + "EntryID": "8968@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59", "Info": "text/plain", "Name": "List extracted files report file", - "Size": 71254, + "Size": 2034, "Type": "ASCII text" }, "ReversingLabs": { @@ -5480,7 +5482,7 @@ List files extracted from a sample { "container_sha1": null, "filename": "aeb8cb59f158ca853a41c55ca3cfa14c0bf1baad.rl", - "id": 19925, + "id": 20010, "parent_relationship": null, "path": "aeb8cb59f158ca853a41c55ca3cfa14c0bf1baad.rl", "sample": { @@ -5495,166 +5497,24 @@ List files extracted from a sample "identification_name": "", "identification_version": "", "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", + "local_last_seen": "2023-08-10T00:15:32.849362Z", + "md5": "8521e64c683e47c1db64d80577513016", "riskscore": 10, "sha1": "aeb8cb59f158ca853a41c55ca3cfa14c0bf1baad", + "sha256": "43d51f009bf94707556031b9688e84bb85df2c59854fba8fcb90be6c0d19e1d1", "type_display": "PE/Exe" } }, - { - "container_sha1": null, - "filename": "5", - "id": 19926, - "parent_relationship": 19925, - "path": "binary_layer/resource/5", - "sample": { - "category": "other", - "classification": "goodware", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 2, - "file_subtype": "None", - "file_type": "Text", - "id": 1329, - "identification_name": "", - "identification_version": "", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 0, - "sha1": "1489f923c4dca729178b3e3233458550d8dddf29", - "type_display": "Text/None" - } - }, { "container_sha1": null, "filename": "1", - "id": 19927, - "parent_relationship": 19925, + "id": 20011, + "parent_relationship": 20010, "path": "binary_layer/resource/1", "sample": { "category": "other", - "classification": "goodware", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 2, - "file_subtype": "None", - "file_type": "Text", - "id": 1329, - "identification_name": "", - "identification_version": "", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 0, - "sha1": "1489f923c4dca729178b3e3233458550d8dddf29", - "type_display": "Text/None" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19928, - "parent_relationship": 19925, - "path": "binary_layer/resource/0", - "sample": { - "category": "other", - "classification": "goodware", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 2, - "file_subtype": "None", - "file_type": "Text", - "id": 1329, - "identification_name": "", - "identification_version": "", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 0, - "sha1": "1489f923c4dca729178b3e3233458550d8dddf29", - "type_display": "Text/None" - } - }, - { - "container_sha1": null, - "filename": "6", - "id": 19929, - "parent_relationship": 19925, - "path": "binary_layer/resource/6", - "sample": { - "category": "other", - "classification": "goodware", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 2, - "file_subtype": "None", - "file_type": "Text", - "id": 1329, - "identification_name": "", - "identification_version": "", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 0, - "sha1": "1489f923c4dca729178b3e3233458550d8dddf29", - "type_display": "Text/None" - } - }, - { - "container_sha1": null, - "filename": "2", - "id": 19930, - "parent_relationship": 19925, - "path": "binary_layer/resource/2", - "sample": { - "category": "other", - "classification": "goodware", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 2, - "file_subtype": "None", - "file_type": "Text", - "id": 1329, - "identification_name": "", - "identification_version": "", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 0, - "sha1": "1489f923c4dca729178b3e3233458550d8dddf29", - "type_display": "Text/None" - } - }, - { - "container_sha1": null, - "filename": "4", - "id": 19931, - "parent_relationship": 19925, - "path": "binary_layer/resource/4", - "sample": { - "category": "other", - "classification": "goodware", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 2, - "file_subtype": "None", - "file_type": "Text", - "id": 1329, - "identification_name": "", - "identification_version": "", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 0, - "sha1": "1489f923c4dca729178b3e3233458550d8dddf29", - "type_display": "Text/None" - } - }, - { - "container_sha1": null, - "filename": "3", - "id": 19932, - "parent_relationship": 19925, - "path": "binary_layer/resource/3", - "sample": { - "category": "other", - "classification": "goodware", - "classification_result": null, + "classification": "malicious", + "classification_result": "Win32.Malware.Generic", "extracted_file_count": 0, "file_size": 2, "file_subtype": "None", @@ -5663,1859 +5523,13 @@ List files extracted from a sample "identification_name": "", "identification_version": "", "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 0, + "local_last_seen": "2023-08-10T00:15:32.849362Z", + "md5": "c4103f122d27677c9db144cae1394a66", + "riskscore": 10, "sha1": "1489f923c4dca729178b3e3233458550d8dddf29", + "sha256": "96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7", "type_display": "Text/None" } - }, - { - "container_sha1": null, - "filename": "2d", - "id": 19933, - "parent_relationship": 19925, - "path": "binary_layer/resource/2d", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 2159, - "file_subtype": "XML", - "file_type": "Text", - "id": 1348, - "identification_name": "", - "identification_version": "", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "e9667fde189a3f71e9df30825aca97e1a3daf1d6", - "type_display": "Text/XML" - } - }, - { - "container_sha1": null, - "filename": "10", - "id": 19934, - "parent_relationship": 19925, - "path": "binary_layer/resource/10", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 176, - "file_subtype": "None", - "file_type": "Binary", - "id": 1332, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "fc2264052c16c695bd374fa92b33735f28215171", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "13", - "id": 19935, - "parent_relationship": 19925, - "path": "binary_layer/resource/13", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 1128, - "file_subtype": "None", - "file_type": "Binary", - "id": 1334, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "c052d32521ab0628184f38ab9db63c050d3646fe", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "c", - "id": 19936, - "parent_relationship": 19925, - "path": "binary_layer/resource/c", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 176, - "file_subtype": "None", - "file_type": "Binary", - "id": 1339, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "cdabfb3feffbbdb51ab2f94cc49e82f8af0d9885", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "29", - "id": 19937, - "parent_relationship": 19925, - "path": "binary_layer/resource/29", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 16936, - "file_subtype": "None", - "file_type": "Binary", - "id": 1358, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "6dcb5bf40d754c73ac32ef7bf6d0d1715914323e", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "9", - "id": 19938, - "parent_relationship": 19925, - "path": "binary_layer/resource/9", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 2440, - "file_subtype": "None", - "file_type": "Binary", - "id": 1338, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "0a671ee7cd4d2622a0bdbd463c715b8a49536305", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "f", - "id": 19939, - "parent_relationship": 19925, - "path": "binary_layer/resource/f", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 1128, - "file_subtype": "None", - "file_type": "Binary", - "id": 1342, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "c5e382d5afff3f7a085ac55926131c48ad0159f5", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "1e", - "id": 19940, - "parent_relationship": 19925, - "path": "binary_layer/resource/1e", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 1384, - "file_subtype": "None", - "file_type": "Binary", - "id": 1367, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "4c4f01b015c9336f32b8cda77ee78e2cd52e2638", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "21", - "id": 19941, - "parent_relationship": 19925, - "path": "binary_layer/resource/21", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 296, - "file_subtype": "None", - "file_type": "Binary", - "id": 1355, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "99262578f157538a519883d8a6d5ede05409a01b", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "2c", - "id": 19942, - "parent_relationship": 19925, - "path": "binary_layer/resource/2c", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 5672, - "file_subtype": "None", - "file_type": "Binary", - "id": 1356, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "d39abb9afb2e411455ba655356b77c5b85ec7e3a", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "2a", - "id": 19943, - "parent_relationship": 19925, - "path": "binary_layer/resource/2a", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 5672, - "file_subtype": "None", - "file_type": "Binary", - "id": 1335, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "d170ddeef07cea3e564c9fb4cfbbd6470d1dc12c", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "e", - "id": 19944, - "parent_relationship": 19925, - "path": "binary_layer/resource/e", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 1384, - "file_subtype": "None", - "file_type": "Binary", - "id": 1357, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "7d4388f901fdb64ee211de7e1bb8cba8cbe2a2ab", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "2b", - "id": 19945, - "parent_relationship": 19925, - "path": "binary_layer/resource/2b", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 16936, - "file_subtype": "None", - "file_type": "Binary", - "id": 1359, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "a143a50e3299a99ae2108ca3cd3e0b36bd92222d", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "7", - "id": 19946, - "parent_relationship": 19925, - "path": "binary_layer/resource/7", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 9640, - "file_subtype": "None", - "file_type": "Binary", - "id": 1360, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "f715ec7bbe280cd9dd6633165838d2ec73b7bea3", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "1a", - "id": 19947, - "parent_relationship": 19925, - "path": "binary_layer/resource/1a", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 1384, - "file_subtype": "None", - "file_type": "Binary", - "id": 1361, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "df17eee01598eb575e434351bb40416a1e1a5056", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "24", - "id": 19948, - "parent_relationship": 19925, - "path": "binary_layer/resource/24", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 296, - "file_subtype": "None", - "file_type": "Binary", - "id": 1362, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "8b9a547a838565dbd05d5721a3ae954d5167de09", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "27", - "id": 19949, - "parent_relationship": 19925, - "path": "binary_layer/resource/27", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 872, - "file_subtype": "None", - "file_type": "Binary", - "id": 1363, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "60aed2416795136a12f9361f76e2271d6d1e506e", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "14", - "id": 19950, - "parent_relationship": 19925, - "path": "binary_layer/resource/14", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 176, - "file_subtype": "None", - "file_type": "Binary", - "id": 1336, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "2d7a4f4c1da4fde1165a97416017df7276e7a48e", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "d", - "id": 19951, - "parent_relationship": 19925, - "path": "binary_layer/resource/d", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 296, - "file_subtype": "None", - "file_type": "Binary", - "id": 1366, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "f1a68f73d60d439245b781aece01845c6a5532aa", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "15", - "id": 19952, - "parent_relationship": 19925, - "path": "binary_layer/resource/15", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 296, - "file_subtype": "None", - "file_type": "Binary", - "id": 1364, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "38a6bda9ff8ec010b6fad779a4bfd7987d8107c1", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "8", - "id": 19953, - "parent_relationship": 19925, - "path": "binary_layer/resource/8", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 4264, - "file_subtype": "None", - "file_type": "Binary", - "id": 1368, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "cff0173b6ae16c406b5dd83030fdd771683c1db0", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "11", - "id": 19954, - "parent_relationship": 19925, - "path": "binary_layer/resource/11", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 296, - "file_subtype": "None", - "file_type": "Binary", - "id": 1365, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "f4d38677e1908f1ab2f02b4ff37afb66edf8623f", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "16", - "id": 19955, - "parent_relationship": 19925, - "path": "binary_layer/resource/16", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 1384, - "file_subtype": "None", - "file_type": "Binary", - "id": 1333, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "9169528b1429e0b9fd0c05b316d53d550a879856", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "18", - "id": 19956, - "parent_relationship": 19925, - "path": "binary_layer/resource/18", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 176, - "file_subtype": "None", - "file_type": "Binary", - "id": 1354, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "8e6dea88d5f2cecfb7394660fddb722a267d3363", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "26", - "id": 19957, - "parent_relationship": 19925, - "path": "binary_layer/resource/26", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 1128, - "file_subtype": "None", - "file_type": "Binary", - "id": 1344, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "1db12816d9768f373609d02a1c7d678575e2e62f", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "1d", - "id": 19958, - "parent_relationship": 19925, - "path": "binary_layer/resource/1d", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 296, - "file_subtype": "None", - "file_type": "Binary", - "id": 1346, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "077f32f892875bc89e052eb0c7573c97b8f73346", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "17", - "id": 19959, - "parent_relationship": 19925, - "path": "binary_layer/resource/17", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 1128, - "file_subtype": "None", - "file_type": "Binary", - "id": 1343, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "60bd89bb789125ac03e44b0e4ec32415843397d5", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "a", - "id": 19960, - "parent_relationship": 19925, - "path": "binary_layer/resource/a", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 1128, - "file_subtype": "None", - "file_type": "Binary", - "id": 1347, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "84b704f1ea2d9716587fcb6c2dfb86229939e305", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "19", - "id": 19961, - "parent_relationship": 19925, - "path": "binary_layer/resource/19", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 296, - "file_subtype": "None", - "file_type": "Binary", - "id": 1349, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "ea61e68ebb9e398b034f7fda99ed88b342ace20a", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "1c", - "id": 19962, - "parent_relationship": 19925, - "path": "binary_layer/resource/1c", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 176, - "file_subtype": "None", - "file_type": "Binary", - "id": 1351, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "8a33a39e521b9ffd2415a189d309b58a192f8066", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "1f", - "id": 19963, - "parent_relationship": 19925, - "path": "binary_layer/resource/1f", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 1128, - "file_subtype": "None", - "file_type": "Binary", - "id": 1350, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "8755e0026935565828e59785cab69ab3f397c0df", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "20", - "id": 19964, - "parent_relationship": 19925, - "path": "binary_layer/resource/20", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 176, - "file_subtype": "None", - "file_type": "Binary", - "id": 1352, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "6bfc1aa0d8a8c4d9c808df984579b818b909c1fd", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "22", - "id": 19965, - "parent_relationship": 19925, - "path": "binary_layer/resource/22", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 1384, - "file_subtype": "None", - "file_type": "Binary", - "id": 1330, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "d2609e009b442fdc4e5afaa3b210b7ddc9cb5f69", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "23", - "id": 19966, - "parent_relationship": 19925, - "path": "binary_layer/resource/23", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 1128, - "file_subtype": "None", - "file_type": "Binary", - "id": 1353, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "dea77c0696b92f9e154623af6bfa7fb17e33f307", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "12", - "id": 19967, - "parent_relationship": 19925, - "path": "binary_layer/resource/12", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 1384, - "file_subtype": "None", - "file_type": "Binary", - "id": 1345, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "3def4b67ede5f8b341351587cbc075d0f15dd059", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "b", - "id": 19968, - "parent_relationship": 19925, - "path": "binary_layer/resource/b", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 51240, - "file_subtype": "None", - "file_type": "Binary", - "id": 1340, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "e6abf0eb5b3ce43f340e953ccca2383ee0ff32d4", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "1b", - "id": 19969, - "parent_relationship": 19925, - "path": "binary_layer/resource/1b", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 1128, - "file_subtype": "None", - "file_type": "Binary", - "id": 1331, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "239540c1fc5a83d910f13cce84e4b7d3ed53f0d5", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "25", - "id": 19970, - "parent_relationship": 19925, - "path": "binary_layer/resource/25", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 1384, - "file_subtype": "None", - "file_type": "Binary", - "id": 1337, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "42f3f40f7593a529e135f108ce6e34b46008dc7c", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "28", - "id": 19971, - "parent_relationship": 19925, - "path": "binary_layer/resource/28", - "sample": { - "category": "other", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 1, - "file_size": 1128, - "file_subtype": "None", - "file_type": "Binary", - "id": 1341, - "identification_name": "IconResource", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "e703087e3f0dcd1f02c5607eacea9e46e079226b", - "type_display": "IconResource:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19972, - "parent_relationship": 19934, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 198, - "file_subtype": "None", - "file_type": "Image", - "id": 1371, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "4ef1a3f6dda1a26cfdfe025df11df34e07f81ce3", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19973, - "parent_relationship": 19935, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 1150, - "file_subtype": "None", - "file_type": "Image", - "id": 1373, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "72fcc2682762c0a64ecd76caaca00bd208454c8f", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19974, - "parent_relationship": 19936, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 198, - "file_subtype": "None", - "file_type": "Image", - "id": 1378, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "98b3a775f7f2af6b589b2725bdf626989b1a742a", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19975, - "parent_relationship": 19937, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 16958, - "file_subtype": "None", - "file_type": "Image", - "id": 1396, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "cd19ecd89c22abc95c574c67367f353ee00e21df", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19976, - "parent_relationship": 19938, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 2462, - "file_subtype": "None", - "file_type": "Image", - "id": 1377, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "b30b457ea55526306a8da2e2f047f0f9dd42a7b6", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19977, - "parent_relationship": 19939, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 1150, - "file_subtype": "None", - "file_type": "Image", - "id": 1381, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "c1d0c00758f919d02f9e47b0a35a8e22a24a5067", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19978, - "parent_relationship": 19940, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 1406, - "file_subtype": "None", - "file_type": "Image", - "id": 1405, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "31e2528ce9c692a4894f91fd67c09d691ec343d8", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19979, - "parent_relationship": 19941, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 318, - "file_subtype": "None", - "file_type": "Image", - "id": 1393, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "2399d6881d887b1df57beccc08a777446602bdcd", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19980, - "parent_relationship": 19942, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 5694, - "file_subtype": "None", - "file_type": "Image", - "id": 1394, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "fe46bc76b12dd3f5edb4121f6fd53d332bc04579", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19981, - "parent_relationship": 19943, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 5694, - "file_subtype": "None", - "file_type": "Image", - "id": 1374, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "8293460f76f40a878ceaae50489a7b1f088aa218", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19982, - "parent_relationship": 19944, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 1406, - "file_subtype": "None", - "file_type": "Image", - "id": 1395, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "6b564229a3dbad9e8e77825424e1822d5cc148ef", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19983, - "parent_relationship": 19945, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 16958, - "file_subtype": "None", - "file_type": "Image", - "id": 1397, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "a4c31f645098965112f4332b9c36b7650ac1bfb2", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19984, - "parent_relationship": 19946, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 9662, - "file_subtype": "None", - "file_type": "Image", - "id": 1398, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "b09a8d37d067c1aba552962bcab18aff50e862a7", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19985, - "parent_relationship": 19947, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 1406, - "file_subtype": "None", - "file_type": "Image", - "id": 1399, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "bcd1471a1a75d97c64568cdf91a1b08fd597414d", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19986, - "parent_relationship": 19948, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 318, - "file_subtype": "None", - "file_type": "Image", - "id": 1400, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "78660b278435fed197fa170d6d2057d52a4d32fc", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19987, - "parent_relationship": 19949, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "goodware", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 894, - "file_subtype": "None", - "file_type": "Image", - "id": 1401, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 1, - "sha1": "389715de86e1ce98360dfde8f98c80e42cc77317", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19988, - "parent_relationship": 19950, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 198, - "file_subtype": "None", - "file_type": "Image", - "id": 1375, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "8e0fca3babf4c04bf939743f1850fb0e616a0fff", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19989, - "parent_relationship": 19951, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 318, - "file_subtype": "None", - "file_type": "Image", - "id": 1404, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "64fb9e509fb6014fce5093985412cd9239b452fc", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19990, - "parent_relationship": 19952, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "goodware", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 318, - "file_subtype": "None", - "file_type": "Image", - "id": 1402, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "fb897b00f84f7abad1ba95fadeab67e2c0a1e5dc", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19991, - "parent_relationship": 19953, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 4286, - "file_subtype": "None", - "file_type": "Image", - "id": 1406, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "cd88f5bc26e1f6148ce0c21fc4b38f514cb7a8a5", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19992, - "parent_relationship": 19954, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 318, - "file_subtype": "None", - "file_type": "Image", - "id": 1403, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "ac83746b0d74b9dd462124f8de47e6d495731135", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19993, - "parent_relationship": 19955, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 1406, - "file_subtype": "None", - "file_type": "Image", - "id": 1372, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "c368d6c92821a04d8d2826c54598162dad6b1907", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19994, - "parent_relationship": 19956, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 198, - "file_subtype": "None", - "file_type": "Image", - "id": 1392, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "16815d109826dcf94fccb9ae2d2101b083c497d5", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19995, - "parent_relationship": 19957, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 1150, - "file_subtype": "None", - "file_type": "Image", - "id": 1383, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "2c690b5029d9b4d2be3d0c8d4164cab183cdf3f4", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19996, - "parent_relationship": 19958, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 318, - "file_subtype": "None", - "file_type": "Image", - "id": 1385, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "ce758cd324b76124bb1f5e48eaa71ded017dd047", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19997, - "parent_relationship": 19959, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "goodware", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 1150, - "file_subtype": "None", - "file_type": "Image", - "id": 1382, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "aa5af319653eb404ddd591f75f961f129f9d06d9", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19998, - "parent_relationship": 19960, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 1150, - "file_subtype": "None", - "file_type": "Image", - "id": 1386, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "339d968eb02a6fb9580fe41e221bc50d4208eeac", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 19999, - "parent_relationship": 19961, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 318, - "file_subtype": "None", - "file_type": "Image", - "id": 1387, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "d8b5210ff37c5e6cec1c69fb63a4a08edc36f412", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 20000, - "parent_relationship": 19962, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 198, - "file_subtype": "None", - "file_type": "Image", - "id": 1389, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "f1bc322f92007c31427076b95dc5b8d9731009fa", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 20001, - "parent_relationship": 19963, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 1150, - "file_subtype": "None", - "file_type": "Image", - "id": 1388, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "03f55fb011bfabc67196e1f1ef35799ca98af61a", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 20002, - "parent_relationship": 19964, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 198, - "file_subtype": "None", - "file_type": "Image", - "id": 1390, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "806c7adbecfd3f7ce7b4bd1a6577690a28b6d43b", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 20003, - "parent_relationship": 19965, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 1406, - "file_subtype": "None", - "file_type": "Image", - "id": 1369, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "5cc3fd269506acfec0377f6e8ada80d4116e270b", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 20004, - "parent_relationship": 19966, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 1150, - "file_subtype": "None", - "file_type": "Image", - "id": 1391, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "704e3e3da01bfefb40d8608565080937b3952797", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 20005, - "parent_relationship": 19967, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 1406, - "file_subtype": "None", - "file_type": "Image", - "id": 1384, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "844bb2a1ad57c086276476802b2a506c359eb21e", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 20006, - "parent_relationship": 19968, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 51262, - "file_subtype": "None", - "file_type": "Image", - "id": 1379, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "a0a81aea2c0c2323c03b0ae89cd6a8a6122b1a3f", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 20007, - "parent_relationship": 19969, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 1150, - "file_subtype": "None", - "file_type": "Image", - "id": 1370, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "d4b79d68d90a7f0c4f4e8aeff761d1041303c977", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 20008, - "parent_relationship": 19970, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 1406, - "file_subtype": "None", - "file_type": "Image", - "id": 1376, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "d01fc8f188fbd5d4e432bcd06a5a9602021fb2b7", - "type_display": "ICO:Generic" - } - }, - { - "container_sha1": null, - "filename": "0", - "id": 20009, - "parent_relationship": 19971, - "path": "unpacked_files/0", - "sample": { - "category": "media", - "classification": "unknown", - "classification_result": null, - "extracted_file_count": 0, - "file_size": 1150, - "file_subtype": "None", - "file_type": "Image", - "id": 1380, - "identification_name": "ICO", - "identification_version": "Generic", - "local_first_seen": "2022-10-27T11:03:31.473395Z", - "local_last_seen": "2023-06-06T16:02:03.674591Z", - "riskscore": 5, - "sha1": "686d77a9c1d246ebde36739193b361fc5069a5ac", - "type_display": "ICO:Generic" - } } ] } @@ -7527,91 +5541,9 @@ List files extracted from a sample >### Extracted files >|SHA1|Name|Path|Info|Size|Local First Seen|Local Last Seen|Malware Status|Risk Score|Identification Name|Identification Version|Type Display| >|---|---|---|---|---|---|---|---|---|---|---|---| ->| aeb8cb59f158ca853a41c55ca3cfa14c0bf1baad | aeb8cb59f158ca853a41c55ca3cfa14c0bf1baad.rl | aeb8cb59f158ca853a41c55ca3cfa14c0bf1baad.rl | PE/Exe | 1432064 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | malicious | 10 | | | PE/Exe | ->| 1489f923c4dca729178b3e3233458550d8dddf29 | 5 | binary_layer/resource/5 | Text/None | 2 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | goodware | 0 | | | Text/None | ->| 1489f923c4dca729178b3e3233458550d8dddf29 | 1 | binary_layer/resource/1 | Text/None | 2 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | goodware | 0 | | | Text/None | ->| 1489f923c4dca729178b3e3233458550d8dddf29 | 0 | binary_layer/resource/0 | Text/None | 2 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | goodware | 0 | | | Text/None | ->| 1489f923c4dca729178b3e3233458550d8dddf29 | 6 | binary_layer/resource/6 | Text/None | 2 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | goodware | 0 | | | Text/None | ->| 1489f923c4dca729178b3e3233458550d8dddf29 | 2 | binary_layer/resource/2 | Text/None | 2 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | goodware | 0 | | | Text/None | ->| 1489f923c4dca729178b3e3233458550d8dddf29 | 4 | binary_layer/resource/4 | Text/None | 2 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | goodware | 0 | | | Text/None | ->| 1489f923c4dca729178b3e3233458550d8dddf29 | 3 | binary_layer/resource/3 | Text/None | 2 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | goodware | 0 | | | Text/None | ->| e9667fde189a3f71e9df30825aca97e1a3daf1d6 | 2d | binary_layer/resource/2d | Text/XML | 2159 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | | | Text/XML | ->| fc2264052c16c695bd374fa92b33735f28215171 | 10 | binary_layer/resource/10 | IconResource:Generic | 176 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| c052d32521ab0628184f38ab9db63c050d3646fe | 13 | binary_layer/resource/13 | IconResource:Generic | 1128 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| cdabfb3feffbbdb51ab2f94cc49e82f8af0d9885 | c | binary_layer/resource/c | IconResource:Generic | 176 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 6dcb5bf40d754c73ac32ef7bf6d0d1715914323e | 29 | binary_layer/resource/29 | IconResource:Generic | 16936 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 0a671ee7cd4d2622a0bdbd463c715b8a49536305 | 9 | binary_layer/resource/9 | IconResource:Generic | 2440 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| c5e382d5afff3f7a085ac55926131c48ad0159f5 | f | binary_layer/resource/f | IconResource:Generic | 1128 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 4c4f01b015c9336f32b8cda77ee78e2cd52e2638 | 1e | binary_layer/resource/1e | IconResource:Generic | 1384 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 99262578f157538a519883d8a6d5ede05409a01b | 21 | binary_layer/resource/21 | IconResource:Generic | 296 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| d39abb9afb2e411455ba655356b77c5b85ec7e3a | 2c | binary_layer/resource/2c | IconResource:Generic | 5672 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| d170ddeef07cea3e564c9fb4cfbbd6470d1dc12c | 2a | binary_layer/resource/2a | IconResource:Generic | 5672 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 7d4388f901fdb64ee211de7e1bb8cba8cbe2a2ab | e | binary_layer/resource/e | IconResource:Generic | 1384 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| a143a50e3299a99ae2108ca3cd3e0b36bd92222d | 2b | binary_layer/resource/2b | IconResource:Generic | 16936 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| f715ec7bbe280cd9dd6633165838d2ec73b7bea3 | 7 | binary_layer/resource/7 | IconResource:Generic | 9640 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| df17eee01598eb575e434351bb40416a1e1a5056 | 1a | binary_layer/resource/1a | IconResource:Generic | 1384 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 8b9a547a838565dbd05d5721a3ae954d5167de09 | 24 | binary_layer/resource/24 | IconResource:Generic | 296 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 60aed2416795136a12f9361f76e2271d6d1e506e | 27 | binary_layer/resource/27 | IconResource:Generic | 872 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 2d7a4f4c1da4fde1165a97416017df7276e7a48e | 14 | binary_layer/resource/14 | IconResource:Generic | 176 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| f1a68f73d60d439245b781aece01845c6a5532aa | d | binary_layer/resource/d | IconResource:Generic | 296 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 38a6bda9ff8ec010b6fad779a4bfd7987d8107c1 | 15 | binary_layer/resource/15 | IconResource:Generic | 296 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| cff0173b6ae16c406b5dd83030fdd771683c1db0 | 8 | binary_layer/resource/8 | IconResource:Generic | 4264 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| f4d38677e1908f1ab2f02b4ff37afb66edf8623f | 11 | binary_layer/resource/11 | IconResource:Generic | 296 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 9169528b1429e0b9fd0c05b316d53d550a879856 | 16 | binary_layer/resource/16 | IconResource:Generic | 1384 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 8e6dea88d5f2cecfb7394660fddb722a267d3363 | 18 | binary_layer/resource/18 | IconResource:Generic | 176 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 1db12816d9768f373609d02a1c7d678575e2e62f | 26 | binary_layer/resource/26 | IconResource:Generic | 1128 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 077f32f892875bc89e052eb0c7573c97b8f73346 | 1d | binary_layer/resource/1d | IconResource:Generic | 296 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 60bd89bb789125ac03e44b0e4ec32415843397d5 | 17 | binary_layer/resource/17 | IconResource:Generic | 1128 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 84b704f1ea2d9716587fcb6c2dfb86229939e305 | a | binary_layer/resource/a | IconResource:Generic | 1128 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| ea61e68ebb9e398b034f7fda99ed88b342ace20a | 19 | binary_layer/resource/19 | IconResource:Generic | 296 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 8a33a39e521b9ffd2415a189d309b58a192f8066 | 1c | binary_layer/resource/1c | IconResource:Generic | 176 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 8755e0026935565828e59785cab69ab3f397c0df | 1f | binary_layer/resource/1f | IconResource:Generic | 1128 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 6bfc1aa0d8a8c4d9c808df984579b818b909c1fd | 20 | binary_layer/resource/20 | IconResource:Generic | 176 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| d2609e009b442fdc4e5afaa3b210b7ddc9cb5f69 | 22 | binary_layer/resource/22 | IconResource:Generic | 1384 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| dea77c0696b92f9e154623af6bfa7fb17e33f307 | 23 | binary_layer/resource/23 | IconResource:Generic | 1128 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 3def4b67ede5f8b341351587cbc075d0f15dd059 | 12 | binary_layer/resource/12 | IconResource:Generic | 1384 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| e6abf0eb5b3ce43f340e953ccca2383ee0ff32d4 | b | binary_layer/resource/b | IconResource:Generic | 51240 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 239540c1fc5a83d910f13cce84e4b7d3ed53f0d5 | 1b | binary_layer/resource/1b | IconResource:Generic | 1128 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 42f3f40f7593a529e135f108ce6e34b46008dc7c | 25 | binary_layer/resource/25 | IconResource:Generic | 1384 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| e703087e3f0dcd1f02c5607eacea9e46e079226b | 28 | binary_layer/resource/28 | IconResource:Generic | 1128 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | IconResource | Generic | IconResource:Generic | ->| 4ef1a3f6dda1a26cfdfe025df11df34e07f81ce3 | 0 | unpacked_files/0 | ICO:Generic | 198 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 72fcc2682762c0a64ecd76caaca00bd208454c8f | 0 | unpacked_files/0 | ICO:Generic | 1150 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 98b3a775f7f2af6b589b2725bdf626989b1a742a | 0 | unpacked_files/0 | ICO:Generic | 198 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| cd19ecd89c22abc95c574c67367f353ee00e21df | 0 | unpacked_files/0 | ICO:Generic | 16958 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| b30b457ea55526306a8da2e2f047f0f9dd42a7b6 | 0 | unpacked_files/0 | ICO:Generic | 2462 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| c1d0c00758f919d02f9e47b0a35a8e22a24a5067 | 0 | unpacked_files/0 | ICO:Generic | 1150 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 31e2528ce9c692a4894f91fd67c09d691ec343d8 | 0 | unpacked_files/0 | ICO:Generic | 1406 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 2399d6881d887b1df57beccc08a777446602bdcd | 0 | unpacked_files/0 | ICO:Generic | 318 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| fe46bc76b12dd3f5edb4121f6fd53d332bc04579 | 0 | unpacked_files/0 | ICO:Generic | 5694 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 8293460f76f40a878ceaae50489a7b1f088aa218 | 0 | unpacked_files/0 | ICO:Generic | 5694 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 6b564229a3dbad9e8e77825424e1822d5cc148ef | 0 | unpacked_files/0 | ICO:Generic | 1406 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| a4c31f645098965112f4332b9c36b7650ac1bfb2 | 0 | unpacked_files/0 | ICO:Generic | 16958 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| b09a8d37d067c1aba552962bcab18aff50e862a7 | 0 | unpacked_files/0 | ICO:Generic | 9662 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| bcd1471a1a75d97c64568cdf91a1b08fd597414d | 0 | unpacked_files/0 | ICO:Generic | 1406 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 78660b278435fed197fa170d6d2057d52a4d32fc | 0 | unpacked_files/0 | ICO:Generic | 318 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 389715de86e1ce98360dfde8f98c80e42cc77317 | 0 | unpacked_files/0 | ICO:Generic | 894 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | goodware | 1 | ICO | Generic | ICO:Generic | ->| 8e0fca3babf4c04bf939743f1850fb0e616a0fff | 0 | unpacked_files/0 | ICO:Generic | 198 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 64fb9e509fb6014fce5093985412cd9239b452fc | 0 | unpacked_files/0 | ICO:Generic | 318 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| fb897b00f84f7abad1ba95fadeab67e2c0a1e5dc | 0 | unpacked_files/0 | ICO:Generic | 318 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | goodware | 5 | ICO | Generic | ICO:Generic | ->| cd88f5bc26e1f6148ce0c21fc4b38f514cb7a8a5 | 0 | unpacked_files/0 | ICO:Generic | 4286 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| ac83746b0d74b9dd462124f8de47e6d495731135 | 0 | unpacked_files/0 | ICO:Generic | 318 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| c368d6c92821a04d8d2826c54598162dad6b1907 | 0 | unpacked_files/0 | ICO:Generic | 1406 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 16815d109826dcf94fccb9ae2d2101b083c497d5 | 0 | unpacked_files/0 | ICO:Generic | 198 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 2c690b5029d9b4d2be3d0c8d4164cab183cdf3f4 | 0 | unpacked_files/0 | ICO:Generic | 1150 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| ce758cd324b76124bb1f5e48eaa71ded017dd047 | 0 | unpacked_files/0 | ICO:Generic | 318 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| aa5af319653eb404ddd591f75f961f129f9d06d9 | 0 | unpacked_files/0 | ICO:Generic | 1150 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | goodware | 5 | ICO | Generic | ICO:Generic | ->| 339d968eb02a6fb9580fe41e221bc50d4208eeac | 0 | unpacked_files/0 | ICO:Generic | 1150 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| d8b5210ff37c5e6cec1c69fb63a4a08edc36f412 | 0 | unpacked_files/0 | ICO:Generic | 318 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| f1bc322f92007c31427076b95dc5b8d9731009fa | 0 | unpacked_files/0 | ICO:Generic | 198 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 03f55fb011bfabc67196e1f1ef35799ca98af61a | 0 | unpacked_files/0 | ICO:Generic | 1150 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 806c7adbecfd3f7ce7b4bd1a6577690a28b6d43b | 0 | unpacked_files/0 | ICO:Generic | 198 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 5cc3fd269506acfec0377f6e8ada80d4116e270b | 0 | unpacked_files/0 | ICO:Generic | 1406 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 704e3e3da01bfefb40d8608565080937b3952797 | 0 | unpacked_files/0 | ICO:Generic | 1150 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 844bb2a1ad57c086276476802b2a506c359eb21e | 0 | unpacked_files/0 | ICO:Generic | 1406 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| a0a81aea2c0c2323c03b0ae89cd6a8a6122b1a3f | 0 | unpacked_files/0 | ICO:Generic | 51262 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| d4b79d68d90a7f0c4f4e8aeff761d1041303c977 | 0 | unpacked_files/0 | ICO:Generic | 1150 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| d01fc8f188fbd5d4e432bcd06a5a9602021fb2b7 | 0 | unpacked_files/0 | ICO:Generic | 1406 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | ->| 686d77a9c1d246ebde36739193b361fc5069a5ac | 0 | unpacked_files/0 | ICO:Generic | 1150 | 2022-10-27T11:03:31.473395Z | 2023-06-06T16:02:03.674591Z | unknown | 5 | ICO | Generic | ICO:Generic | +>| aeb8cb59f158ca853a41c55ca3cfa14c0bf1baad | aeb8cb59f158ca853a41c55ca3cfa14c0bf1baad.rl | aeb8cb59f158ca853a41c55ca3cfa14c0bf1baad.rl | PE/Exe | 1432064 | 2022-10-27T11:03:31.473395Z | 2023-08-10T00:15:32.849362Z | malicious | 10 | | | PE/Exe | +>| 1489f923c4dca729178b3e3233458550d8dddf29 | 1 | binary_layer/resource/1 | Text/None | 2 | 2022-10-27T11:03:31.473395Z | 2023-08-10T00:15:32.849362Z | malicious | 10 | | | Text/None | + ### reversinglabs-a1000-download-sample diff --git a/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.py b/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.py index a18c87f86930..ad1adb3734d4 100644 --- a/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.py +++ b/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.py @@ -2,7 +2,7 @@ from ReversingLabs.SDK.a1000 import A1000 -VERSION = "v2.3.0" +VERSION = "v2.3.2" USER_AGENT = f"ReversingLabs XSOAR A1000 {VERSION}" HOST = demisto.getParam('host') TOKEN = demisto.getParam('token') @@ -310,9 +310,10 @@ def list_extracted_files(a1000): Get the list of extracted files for a given sample """ hash_value = demisto.getArg('hash') + max_results = int(demisto.getArg("max_results")) try: - response = a1000.list_extracted_files_v2_aggregated(hash_value) + response = a1000.list_extracted_files_v2_aggregated(sample_hash=hash_value, max_results=max_results) except Exception as e: return_error(str(e)) diff --git a/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.yml b/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.yml index 9df8e1fde83b..f1815540479c 100644 --- a/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.yml +++ b/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.yml @@ -194,6 +194,10 @@ script: description: The sample hash. name: hash required: true + - name: max_results + description: Maximum number of results to return. + required: false + defaultValue: 5000 description: List files extracted from a sample. name: reversinglabs-a1000-list-extracted-files outputs: @@ -393,7 +397,7 @@ script: - contextPath: ReversingLabs.a1000_ip_urls description: A1000 URL-s hosted on an IP address. type: Unknown - dockerimage: demisto/reversinglabs-sdk-py3:2.0.0.72317 + dockerimage: demisto/reversinglabs-sdk-py3:2.0.0.85058 runonce: false script: '-' subtype: python3 diff --git a/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2_image.png b/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2_image.png index 4b72e9f259cff0bee0893159b1af2db0f08cd430..7a15203055a7cbf1a0659de8a84b6e79de968689 100644 GIT binary patch literal 4241 zcmchb_dgpB6US+*RY6462(_YO@6{No*wofq(N<&cn6;|4Y3)?4n5|O5mndqswjgR# zvlJC0Uo}ds$MgIV&kuK>d*AC`uY28Zcb8ydq{Bc5rlX>wV$jpoG^3)TcD#&rX|G>; ziLbxbFXg6>uC*T(72wu?jhZSakNq-9?PsQgpsFHrZCt`NXLUn$Dyo_kz^OeA6%~`9 zo~F9RbLwrZ;hWi>+r1YM*RwSCdK+ae$x2tbUe=lY>1)=MOjep&>ML>|ZN9LmUi-(- z#iWq>(RE*apmj-Woe&dcQiG~mQp?-vW&ITH6*nN-OHvC3@m-ou7I%di3y8ZN>83G% zz#1+9m-LlS!DhcAxEEU#Et)oic&^yd-b)5{&_?poy1(~pPqO>4PeaQ^_dldjXS(){ zLlbkUTnJ6;OW^zeLUELQkx~9jSU@E9BY7d}{FM8eI#b&YP7^aL=}~-8Vpv9ozn%o< z$54n3qSYr$9B|9P(=jQ_!&Tsu-Xr)$w`J;(!=LnvVVgZ~>kHsuUG8zj>;pTwfycE4 zFrR~I145XXjzg)`@s9LKG5Mp+#iADSLcLbP@T4rRU@PuL%Ftlj*mmhbF;<`^$P8i)y=H1F&-8Htl`ECN%b*D(@ojJgmFIA2!DpPWb!wTMIK@I#gv+eXH1i- zQ}=cP&I~8l$}&C$!7L{V!+O=R^= zRMKNWh|^+I$?sDMaYCg6Mf=-h;hc!N5|0&u8xzLmu4iwavOaZ~IenPntv#5ezW~R7 zhCd<^5{x?weZ(O>K-dcQ#`kwNGuxZbZTo{Hg>%Bd0f)95FPhH3tVBt<4St*pK6B)1 z-GzdFg}h%5xVk&ESQj(PQaz4ba3&ze8|p0+;;g=^sf+1z2~;VXNIcklHWNG8qal_V z-WWP>Xxg+7w)h@UJ<{X>9-u^>d~8sYUf!6Ig+|Uz^5o_qJJRL&3BU5EkLIiS#s#~^ zKlx@i1^mivrwif(OtxjKh&jEgrUP~-_40o=AMjJU7KZ*&5PHU8Fm^FW3we};9{!z7 zRHaFep`UoLG9Q2PY-O9b#Yu=i;#Ojx79EkUW=16WA)1T z*Q3CzE17+FbPRGAQ?9Z9aDFsS#n@RxND}P)5wUI*yY1M6#?VjAYc0xQNRF zimzKc2F9^v9j}jY@i~QmvDSSM(r5e4!YI=Pe!S>B$)I1~%(w-UXiDNX=e9rp9K_2$ z6+Pca7L8H8^S40dn?EkCUFkkUk7vNy2CmU2wSvFqjWc+U_}rHfx~VFIP1X3I8fqtR zF`SXYE^qxKe8efN&jIwB_g#8YRiD{sS?39)GvO0ut6tQLT&SxYEg`#Cs|cTxB}W2c zqg}Fl{VCxprE_oHy{|L3wAkLC4^bL~TXUo>;5Iu7%i?Q~1wLVmLZYm9`!jmVG8SVa z>DWLH&w>kNZiT8S?9dgl>>zY`66|=N5)#48oWy{d8-JHVNQ&z?{2O)&!prhbnKrMg z5&9+KXT{Evz=cmx(d>>zi#E^(_vYXkgS($YQL0*!mi1$dvCK`rpt~RkMsD*%j=5LS zybgqhb=*3iqz4F0n_xqo_e4RoDX)G1$|TTwJ({6>uBKqyngMQVK-}P;1GDmw{j+i(hr~eZK zj%T))h-$v6(x}yknK9*1m}B_)>Gqnmqv={G)k4k=U$Unl`mlyOFuUoftUY3kUc)6Yt>P^K7DM|`r?>g7hdnlSp4LU^74Tov zP+Y@~w1%z1uE3>VAtbrGlhu@Og7tUChQ$D**uT6ShNe=2?HT7v&L11()Qua8?)hBUU;=^^t3t9=14|JS`_E;Zx^-7O6w6me ztUA`;qOE_Y3o!pEIG&ZA^po={A3**HgrErmE!zdH^at}ZnyGrFi_PAMr$xC_4Fp{( zHC;hpG`-J1DenZ@>V+~I{c4(KX*PMTsX2|MZ?uGD2?qISE_GL?G^Tx8HrTm)tJ05S z$dBXL-@P_7*Q?7j5pk1W7TZauG+H$YS1&^ADC3R&G4ncAky;v~`s{VKqzOpS(e~)M zZdL&2*%mvenE6ysvJ8Jgr90$KxPy4amvG^CHBbz5@oCRp(LNoqz}CS!qtRGCzwEZS*cp8407cqY|X2A1Zy)jA%GRJKag*HE?_E=BuA|Y!vx`t;Jg$?JDDCEX)*kf22h^(-ld#GQ|LJ zB4>NmCd|IYr8&IY`rW&J=S&gBex_Uw4($1!L&d zX=kW7_Jy!kIo`n$+fYiodG{$nWiXM6t(|LmsgP0oqy=5Y&phM^?x5X0z8Ck*a$JPF z^t@?c%OV$#S7ewyxt)nnDOYLtd<2Fsb{*;W|b!6YThFm$`h zQU(^KPWPVhv5e}Rm&W@@rR-^ibzweC);vK6vn`1Ya_5AKEusiU_VWARpqM-?{&5$^ zvjap|dsJ9Qrw{G%QA)*ZCgv^0ETKv(G1I1`^_I;5F-NjXx_8C+kQ1G#Qh zt6IUt**fefOX7nDR`~(8d9O8*EO*c4)SSBb%UJhppz`fwjZeoLwQ;L)i(v_SJY>{O z!4)}KV;7d7`S=fW$E)u5M6+RkwY4#pG+NK=M3S|2G!kG+c`m>f$zgfXdojgQjhf7t zEALMQt&OpPwu#Og1;-8gmPV$O01m$8*fBgI>iw1ocnetA;AU}W&t5a?$j6)V9J!q{ ziVCboCLO{_y zCg@AeKIcaZ1e}iAoFR*CKlLNPo!8hGsz6we`-5P3_UQYf{pV~u5P3 z1)2~V^YXKKn9p_D)!$pa!Q9>SRdAzp)a3v>XJK-aG5$MmJLWY(bEG-Ep7;1xch}9d zigO1}iJMVkB5oEPzan6hj!5PTHwXOt%m}RZyB82*Lw>E7;)9#FYnPb?U5U>1h*@zH zh5MiY5u(*qie9iacA=J&?!&$?c0M!5OX|$6E4Vh;Yc>O|s*SE4FjI2`7iR!oh3@YK z@v93+qeMXSU0%#q@jHLtmQEA|EzrP1ML_8p@!>w3~)8G)i2M@E9R7 z6HM%puRhQ2u0v%6Pfa^q^Sr;1j;~ZBxat=1Pk|24uJ_^jl}%>RBn7@2m~Zn!MV8A_ zsHZ&6HIRo@y}Ykc3xV={5mVz)8Z~d*8dy88x!XBjMP(TEWvmr@$9cr{GX8EyC<$!stZ*Rp99Pn zpN~j0N`<#tQqD}$0%2w!pEY+XHkR;R_w)H_@e evT0H9IdGRnu!7sZU-t5YK&7W;q*;Y{8u=ekI_i1= literal 3684 zcmV-q4x90bP)Px@9!W$&RCodHTnlhi)fv8LH!p-B4-=9|LU>4`C@P8;s)7$he06-ZR_YX;PSv*9 zsju;^Xsfo?TG2Y%(JHkvsI3+Y3OXvHrJ^G~aY(`|CM63546nR*@9Fp5-G6g(xqEjb ziD@$X&3t?Q^Pm5md++(r`OklEP|HdqJp<_(NY6le2GTQ-o`LiXq-UVpXFw$xk?j+~ zLU1T}Fc<+_!IoHAi}DljLNFB^0wa#IF=o6RWn)ZERGf>3Y%l{X0&BojPyr*}-+ACb zZ~(|Lf*|j|0sI>L4E!&c2mv(A0FMPnfO#P2VJ{d0H-le-9Oq;(A0)PbAA`KUKtosz z+M;lk=b)Yw)4hjsyQ_T)>c@j4LHdPg0_#COLlw9N+yf@W7_>YJvIB3(k1wM=Gl`8~ z|BKPr55;Ko>+jcgANn4ZLVr&72jDdzooRv-UJd$PN7}d{-ZE@of;`Nqi`^B_B?1?W z*l|$_z60TNP}=;;`O?Y#Fw{>5xg+O-hk`wUea4{NoqjOe!+wSb&_>6c06qf#6J(uW z^m+jt#Y#8g9*o6kk}9Uba0ST4+9fbtnc#yh1P2?+4UidTHh~Ol?ck5VBfvy>7Y*!_ z2#2F#W~^}*N-nfSA&IdlSZUPV;wrZS^*?~SKt4Nj-amNbA$AlrGK*@!6pa^4t zt+7G4)9y@Rz_SdSjgW5zIZjG&JD3+0FdX-Ub2)w+xST=^Ok})Z>KTeRc^P$+&U7F{ z9l?xLa4CdD3sG#6m7MPf45OX)@xX$Ro^Qp+Fcel9281NX# zBaOOXhllh&R{N-&wR+69u6|p$hEkdP0;Dm#&R0SKBkVzhTnB~@2Q-@C&8}S z7<&O^!QUX5*A$u0co#TS3}fY6D8=R_$is{}^^6Wbb?K&}E^wd0ra$J0(Sek&ptIZ{ z%iSPv^fB;$@b@6k0{2D}XVq|Qdfo4Lr+Gtw{nQ%LJFLZv_@p7Z^s0L~ z_&UGAjkYq^HRR0AhdyGoF~K3+4o>8ZsCD$$y@S1;fjWlhF=odEau)QwpEaO+tW%*& z)xj{e%tg$Ejys#7U&fsQxy`6w0oe_17QW)~{-s~s!R{nWI%h&ST`DNof|I~0AkT}} z!R|mM2H}GVBuhOT3c0s1>Ew?Qrjxv=(wOrpDiJFwJH&V~F5$QAcKxC87iEHMT;D<(_H zD$mGWF@1Lw9PbVA9q`v6pG$BT1V)Kez}<2`XfDvwR5}_qDilH+XfT8Xdk;&CBKst*U3f|*LssAwF5JW`i zLdm)2eGp^7@s8B-^InH&eGfA8ij?8yV6IB0^2A>7Mn~$opH&!|S+d{~2wY@>r6TlD z$%wST82c*7sqU1MVaqdKzzEk>e2xy>M2YYZqahD6KbaO8I$x28x(S{u<~hQU6*3J{ zly8UKFMVuz(>KK0x$1ew@(&oq&!dI&%kXE0K%>bKAI0zQ+)AVV7-aK{nbFiqp?E|mKbwTa<_dKR3O3ED<+&%Sm`3}fc+1^Y>$52!EbK+z)OCGy9SoUJIEM_)Wl2M<&7{t_Fr_aqwuPZHXa!iCocs@Vf`I zA02ob$OS>10iF*I2f64|!LMNSaVmx$HgweEAjj~+Y$#WP5?Ka8o(?93>0qvm!$3YP zF&A`abWQ_)+Q8;mg)4}VdbH;M%hhgzyKFCL-VfW&^O<#?l?QSij*$pYpy7vLdCcG@ zl+S^@9(PD0tU$v(;5#vcT_|M^cSCmHGwWWs7s?Aj^Ni&@6Fb4l;LYHbU;&s2Eog{G zUD>UPjQfk8VOJ1Og!H_5fre+7CkT* zBXGeIuo&e1aS`qS>DVoxByI6<4BdetR8sbLEX_=g642Ju1+|s#-IwqJdiwN?t(!uN zq`w%dfcj%$b;U}l*O!&$hMSxu1FKvQfPJ>I6rE>lrFY{=xnuC4!4(5@BCidus^UY( zv2)ysgIim7%~pzeh8}~xbqK}~=Ql%Nr?uLE4vULwE1!sW?8AaPB!1&Z(Uv|B6Xqld zSU&G|WuR@FL#Jr1FW#?D#L2GX4$f98tKG6^nRd8tw2C4op&q%svDvcgO2$7`n3p?O zty$B)d%}caO?w+YMB`Z9VQ3CD0Q#{QWvr#(YRl>u4i1=4*juu#orK1@Jm$78ejiGo z!!R1Jy9LDzQZ*qCwZJ2t+=fa3nk%=~@8j8KHSKACGU~wCAWF5tjbEbQYV^m)4poI~ zhY%4GT7}&o_m0x{Dy`;YXJ)`5`P-j){zQ!ZzUTPC;F(36*Ttj7 zp7QeHO-2(K(N{*PIby%DMA7rhtRQu-;CUIUP(cSIsVAsSCuBc$PximEDaNE+6SJ@1QcWk{7N+xR)0|e2gDt!EW4vU z#d}ggU2B@QMxeo%-)Tg#js6tJD$M^`Gu8pJBInhrAam^7 zNOty#UR!M)i$Ihp17UkeXxy=RWPNd2(e_bC99vgB{#tE2|Mod*snp`3)t~OtO5H78 z5rcyW*|#+A3D<^-%bpI6o^XP+^|!KD9jqg*=Q!CeW)(ZPJu5SJIVU*!(Luir^1J@Xq-=!81tinIr?gjQ&dy=oKk_flcQtngOJQ!p~LMT z)RmO2+E!XVGpg@DzrF0>j@Khh^vYqI*6>3`6e`g1p+sA!G?X3_Pm;vMuS7`Jhyu^% zR#r0ca!^=PF)yfsGtkEO;m*){Y9wMWuPZKFs7t5wj|u$(y_Q9D61PS|GnleE&}!e- zQDr}gSGDG6K?i(gYPDKs;qz5|S33<#J&dH+Ia`sKWn!#Cgx*tOKN+&p+I}QdT7EEW ze-j-E|7l>&x;G)e3H>x3v9ChtxClEwOWLt6W``nmSOeDV4qe}s_#oW^BrPqN-0aw3 z*B8}RJ>)kqUS-bKcJx)o&(3IDG-zPpnthFS$LGh4;573+SZqVZ;~#{BuaDMMQ+D={ z!r>b}*dy&`$@AN4ZM+G(YthGvXwL4>3QjE8xNfa!+ZW|t3(-p3o{3Y!NmSM>)!r`O zjT4%&A()kEd}h=KMOybBov1_MhEM7XYpZV1D)2M0;qJG>c0BnLeP1klB}DUU5&k%F zZhXR&T7!gWQM@jKwkP5>34a&>@S&nHk}-usGT4^g=?v9D8`0e#0|GfOHbP{MG0gsY|(S^pPX%aNA`PI`R5*mbCen?e^)N+LaD< zs(V!0RC9@`M#jC~toK#9M;wfAy+>n*em~))Xq&G`4shN@2Ii=ajM?ZkV)NQJ=kzw_t4lfJ_1DRpV&JNr5SY;#0(jEW#Dk4K&{+vtK)<5&YBs*Y- z17T}NFmq7jP&>EPx_o-ut_6z+x9a9ek%)dUJ}?A3pjMgnzAE=rl9g;em?$|}G92)B zVNGS{9cT0ojViklU#1=~R9zC43eG94S@$dwuhm!^DV?jBlt1BIzNSkT`ad=9tt2b{ z3WS%Lm;L4jyK}K$d!jZ(kxjvXx{S_EWaFjBf_t$bKleJXw!WzAwh)bv3iGXiN;+OZ z>pX@>8G#yfKX-j(sSOXXlpzCKl>zCI(6`FMWym!GEm|M2m< z@pM~y2GTQ-o`LiXq-P*K1L+w^&p>(x(lgLUXW)MU((_iai)b1E0000 Date: Fri, 19 Jan 2024 16:37:23 +0100 Subject: [PATCH 4/4] Remove debug lines --- .../ReversingLabsTitaniumCloudv2.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py index 81335efb37b8..7636b6e2f893 100644 --- a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py +++ b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py @@ -1088,10 +1088,6 @@ def url_dynamic_analysis_results_command(): response_json = response.json() results, file_results = url_dynamic_analysis_results_output(response_json=response_json, passed_url=url) - #todo - whole_txt = json.dumps(results.to_context()) - - return_results([results, file_results])