diff --git a/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.yml b/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.yml
index f1815540479c..43df4274791d 100644
--- a/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.yml
+++ b/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2.yml
@@ -397,7 +397,7 @@ script:
- contextPath: ReversingLabs.a1000_ip_urls
description: A1000 URL-s hosted on an IP address.
type: Unknown
- dockerimage: demisto/reversinglabs-sdk-py3:2.0.0.85058
+ dockerimage: demisto/reversinglabs-sdk-py3:2.0.0.86428
runonce: false
script: '-'
subtype: python3
diff --git a/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2_image.png b/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2_image.png
index 7a15203055a7..9260b7079709 100644
Binary files a/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2_image.png and b/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2_image.png differ
diff --git a/Packs/ReversingLabs_A1000/ReleaseNotes/2_3_2.md b/Packs/ReversingLabs_A1000/ReleaseNotes/2_3_2.md
index a4445c1495bd..a25945d47fcb 100644
--- a/Packs/ReversingLabs_A1000/ReleaseNotes/2_3_2.md
+++ b/Packs/ReversingLabs_A1000/ReleaseNotes/2_3_2.md
@@ -1,4 +1,4 @@
#### Integrations
##### ReversingLabs A1000 v2
-- Updated the Docker image to: *demisto/reversinglabs-sdk-py3:2.0.0.85058*.
+- Updated the Docker image to: *demisto/reversinglabs-sdk-py3:2.0.0.86428*.
- Updated the ***reversinglabs-a1000-list-extracted-files*** command to utilize the *max_results* argument.
diff --git a/Packs/ReversingLabs_Titanium_Cloud/.secrets-ignore b/Packs/ReversingLabs_Titanium_Cloud/.secrets-ignore
index e8404a9446f1..6aaa6ec076d8 100644
--- a/Packs/ReversingLabs_Titanium_Cloud/.secrets-ignore
+++ b/Packs/ReversingLabs_Titanium_Cloud/.secrets-ignore
@@ -77,4 +77,10 @@ https://ajestudios.com
https://openairmt.org
https://synnexfpt.com
http://winwam.com
-https://eclipse.org
\ No newline at end of file
+https://eclipse.org
+142.250.186.36
+142.250.27.84
+142.250.186.110
+142.250.186.131
+34.104.35.123
+142.250.181.227
\ No newline at end of file
diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/README.md b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/README.md
index fed97a511013..6c6eb77892a1 100644
--- a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/README.md
+++ b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/README.md
@@ -10037,6 +10037,45345 @@ Notice: Submitting indicators using this command might make the indicator data p
> **Analysis ID**: 1686150309665089
> **Requested URL**: http://34.150.1.150/hBQ
+### reversinglabs-titaniumcloud-submit-for-dynamic-analysis
+
+***
+Submit an existing sample for dynamic analysis.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-submit-for-dynamic-analysis`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| sha1 | Sample SHA-1 hash. | Required |
+| platform | Desired platform; See the API documentation for possible values. | Required |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.detonate_sample_dynamic | Unknown | |
+
+#### Command example
+```!reversinglabs-titaniumcloud-submit-for-dynamic-analysis sha1=21841b32c6165b27dddbd4d6eb3a672defe54271 platform=windows10```
+#### Context Example
+```json
+{
+ "ReversingLabs": {
+ "detonate_sample_dynamic": {
+ "rl": {
+ "analysis_id": "bd4819f0-0327-4579-b72e-08ebfeeae49a",
+ "requested_hash": "21841b32c6165b27dddbd4d6eb3a672defe54271",
+ "status": "started"
+ }
+ }
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs submit sample 21841b32c6165b27dddbd4d6eb3a672defe54271 for Dynamic Analysis
+> **Status**: started
+> **Requested hash**: 21841b32c6165b27dddbd4d6eb3a672defe54271
+> **Analysis ID**: bd4819f0-0327-4579-b72e-08ebfeeae49a
+
+### reversinglabs-titaniumcloud-get-dynamic-analysis-results
+
+***
+Retrieve dynamic analysis results.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-get-dynamic-analysis-results`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| sha1 | Sample SHA-1 hash. | Required |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| File.MD5 | String | MD5 hash. |
+| File.SHA1 | String | SHA1 hash. |
+| File.SHA256 | String | SHA256 hash. |
+| DBotScore.Score | Number | The actual score. |
+| DBotScore.Type | String | The indicator type. |
+| DBotScore.Indicator | String | The indicator that was tested. |
+| DBotScore.Vendor | String | The vendor used to calculate the score. |
+| ReversingLabs.dynamic_analysis_results | Unknown | The dynamic analysis results. |
+
+#### Command example
+```!reversinglabs-titaniumcloud-get-dynamic-analysis-results sha1=21841b32c6165b27dddbd4d6eb3a672defe54271```
+#### Context Example
+```json
+{
+ "DBotScore": {
+ "Indicator": "21841b32c6165b27dddbd4d6eb3a672defe54271",
+ "Score": 0,
+ "Type": "file",
+ "Vendor": "ReversingLabs TitaniumCloud v2"
+ },
+ "File": {
+ "Hashes": [
+ {
+ "type": "SHA1",
+ "value": "21841b32c6165b27dddbd4d6eb3a672defe54271"
+ }
+ ],
+ "SHA1": "21841b32c6165b27dddbd4d6eb3a672defe54271"
+ },
+ "InfoFile": {
+ "EntryID": "7660@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
+ "Info": "text/plain",
+ "Name": "Dynamic analysis report file for sample 21841b32c6165b27dddbd4d6eb3a672defe54271",
+ "Size": 1001542,
+ "Type": "ASCII text, with very long lines"
+ },
+ "ReversingLabs": {
+ "dynamic_analysis_results": {
+ "rl": {
+ "report": {
+ "analysis_duration": 213,
+ "analysis_id": "9665584d-57d9-4f8a-b63b-5c762b37fc33",
+ "analysis_time": "2023-05-18T11:55:15",
+ "behavioral": [
+ {
+ "file_actions": [
+ {
+ "action_type": "file_created",
+ "file_name": "Start Menu",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",
+ "status": "object name collision"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "WS2_32.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "WININET.DLL",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Startup",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sortdefault.nls",
+ "file_path": "C:\\WINDOWS\\Globalization\\Sorting",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "WINDOWS",
+ "file_path": "C:",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Roaming",
+ "file_path": "C:\\Users\\user\\AppData",
+ "status": "object name collision"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "IMM32.DLL",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "tox.done.log",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "win32u.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CRYPTBASE.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "cfgmgr32.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "shcore.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "USER32.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CMApi",
+ "file_path": "\\Device\\DeviceApi",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ADVAPI32.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "GDI32.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "bcryptPrimitives.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ntdll.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "msvcp_win.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "SspiCli.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Programs",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
+ "status": "object name collision"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "combase.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "windows.storage.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "apphelp.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Startup",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
+ "status": "object name collision"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "RPCRT4.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ucrtbase.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "KERNEL32.DLL",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sysmain.sdb",
+ "file_path": "C:\\WINDOWS\\AppPatch",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "user",
+ "file_path": "C:\\Users",
+ "status": "object name collision"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "SHELL32.DLL",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sechost.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "shlwapi.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "gdi32full.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "kernel.appcore.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "powrprof.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "FLTLIB.DLL",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "profapi.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "KERNELBASE.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Tox.exe",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CNG",
+ "file_path": "\\Device",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "msvcrt.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ }
+ ],
+ "modules_loaded": [
+ {
+ "module_name": "\\KnownDlls32\\msvcp_win.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\RPCRT4.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\WS2_32.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\USER32.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\combase.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\profapi.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\windows.storage.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\FLTLIB.DLL"
+ },
+ {
+ "module_name": "\\KnownDlls32\\KERNEL32.DLL"
+ },
+ {
+ "module_name": "\\KnownDlls32\\kernel.appcore.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\KERNELBASE.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\win32u.dll"
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\apphelp.dll"
+ },
+ {
+ "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters"
+ },
+ {
+ "module_name": "\\KnownDlls32\\IMM32.DLL"
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\imm32.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\kernel32.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\bcryptPrimitives.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\powrprof.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\msvcrt.dll"
+ },
+ {
+ "module_name": "\\KnownDlls\\wow64.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\sechost.dll"
+ },
+ {
+ "module_name": "unknown"
+ },
+ {
+ "module_name": "\\KnownDlls\\wow64log.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\apphelp.dll"
+ },
+ {
+ "module_name": "\\KnownDlls\\wow64cpu.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\cfgmgr32.dll"
+ },
+ {
+ "module_name": "\\KnownDlls\\wow64win.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\ucrtbase.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\GDI32.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\WININET.DLL"
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\wininet.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\SspiCli.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\shlwapi.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\shcore.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\SHELL32.DLL"
+ },
+ {
+ "module_name": "C:\\Windows\\apppatch\\sysmain.sdb"
+ },
+ {
+ "module_name": "\\Sessions\\1\\Windows\\SharedSection"
+ },
+ {
+ "module_name": "\\KnownDlls32\\CRYPTBASE.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\gdi32full.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\ADVAPI32.dll"
+ }
+ ],
+ "mutex_actions": [
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
+ "status": "object name exists"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:64:WilError_01",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:1568:168:WilStaging_02",
+ "status": "success or wait"
+ }
+ ],
+ "process": {
+ "name": "Tox.exe",
+ "parameters": "\"C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe\" "
+ },
+ "process_actions": [
+ {
+ "action_type": "process_queried",
+ "path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "process_terminated",
+ "path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe",
+ "status": "success or wait"
+ }
+ ],
+ "registry_actions": [
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Disable8And16BitMitigation",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
+ "status": "buffer overflow"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft\\Ole",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
+ "status": "buffer overflow"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\Local Settings\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Tox.exe",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
+ "status": "buffer overflow"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\NULL",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer",
+ "status": "object name not found",
+ "value": ""
+ }
+ ]
+ },
+ {
+ "file_actions": [
+ {
+ "action_type": "file_opened",
+ "file_name": "CNG",
+ "file_path": "\\Device",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "R000000000013.clb",
+ "file_path": "C:\\WINDOWS\\Registration",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CMApi",
+ "file_path": "\\Device\\DeviceApi",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Startup",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
+ "status": "object name collision"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Start Menu",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",
+ "status": "object name collision"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "uxtheme.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "WININET.DLL",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ole32.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "IMM32.DLL",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "tox.done.log",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sortdefault.nls",
+ "file_path": "C:\\WINDOWS\\Globalization\\Sorting",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "user",
+ "file_path": "C:\\Users",
+ "status": "object name collision"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Desktop",
+ "file_path": "C:\\Users\\user",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "WINDOWS",
+ "file_path": "C:",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Roaming",
+ "file_path": "C:\\Users\\user\\AppData",
+ "status": "object name collision"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Programs",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
+ "status": "object name collision"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "dwmapi.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "TextInputFramework.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ntmarta.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CoreUIComponents.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CoreMessaging.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "wintypes.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "StaticCache.dat",
+ "file_path": "C:\\Windows\\Fonts",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "staticcache.dat",
+ "file_path": "C:\\Windows\\Fonts",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "USER32.dll.mui",
+ "file_path": "C:\\WINDOWS\\SysWOW64\\en-US",
+ "status": "success or wait"
+ }
+ ],
+ "modules_loaded": [
+ {
+ "module_name": "\\KnownDlls32\\windows.storage.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\OLEAUT32.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\powrprof.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\msvcrt.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\combase.dll"
+ },
+ {
+ "module_name": "unknown"
+ },
+ {
+ "module_name": "\\KnownDlls\\wow64cpu.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\clbcatq.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\ucrtbase.dll"
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\wininet.dll"
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\WinTypes.dll"
+ },
+ {
+ "module_name": "C:\\Windows\\Registration\\R000000000013.clb"
+ },
+ {
+ "module_name": "\\KnownDlls32\\RPCRT4.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\FLTLIB.DLL"
+ },
+ {
+ "module_name": "\\KnownDlls32\\KERNEL32.DLL"
+ },
+ {
+ "module_name": "\\KnownDlls32\\cfgmgr32.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\uxtheme.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\SHELL32.DLL"
+ },
+ {
+ "module_name": "\\Sessions\\1\\Windows\\SharedSection"
+ },
+ {
+ "module_name": "\\KnownDlls32\\shcore.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\WS2_32.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\kernel.appcore.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\win32u.dll"
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\uxtheme.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\IMM32.DLL"
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\imm32.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\bcryptPrimitives.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\sechost.dll"
+ },
+ {
+ "module_name": "\\KnownDlls\\wow64win.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\GDI32.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\SspiCli.dll"
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters"
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__"
+ },
+ {
+ "module_name": "\\KnownDlls32\\msvcp_win.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\USER32.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\KERNELBASE.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\profapi.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\kernel32.dll"
+ },
+ {
+ "module_name": "\\KnownDlls\\wow64.dll"
+ },
+ {
+ "module_name": "\\KnownDlls\\wow64log.dll"
+ },
+ {
+ "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls"
+ },
+ {
+ "module_name": "\\KnownDlls32\\shlwapi.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\WININET.DLL"
+ },
+ {
+ "module_name": "\\KnownDlls32\\CRYPTBASE.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\gdi32full.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\ADVAPI32.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\ole32.dll"
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\CTF.AsmListCache.FMPDefault1"
+ },
+ {
+ "module_name": "C:\\Windows\\Fonts\\StaticCache.dat"
+ },
+ {
+ "module_name": "\\KnownDlls32\\ntmarta.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\CoreMessaging.dll"
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\ole32.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\dwmapi.dll"
+ },
+ {
+ "module_name": "\\Sessions\\1\\Windows\\ThemeSection"
+ },
+ {
+ "module_name": "\\KnownDlls32\\MSCTF.dll"
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\CoreUIComponents.dll"
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\TextInputFramework.dll"
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\en-US\\user32.dll.mui"
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\ntmarta.dll"
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\CoreMessaging.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\TextInputFramework.dll"
+ },
+ {
+ "module_name": "\\KnownDlls32\\wintypes.dll"
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\AsyncKeyStateTrackerSharedMemory"
+ },
+ {
+ "module_name": "\\KnownDlls32\\CoreUIComponents.dll"
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\dwmapi.dll"
+ },
+ {
+ "module_name": "\\Windows\\Theme2337474972",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\Sessions\\1\\Windows\\Theme3085020103",
+ "module_tag": ""
+ }
+ ],
+ "mutex_actions": [
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
+ "status": "object name exists"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:168:WilStaging_02",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3668:64:WilError_01",
+ "status": "success or wait"
+ }
+ ],
+ "process": {
+ "name": "rl_file.exe",
+ "parameters": "\"C:\\Users\\user\\Desktop\\rl_file.exe\" "
+ },
+ "process_actions": [
+ {
+ "action_type": "process_queried",
+ "path": "C:\\Users\\user\\Desktop\\rl_file.exe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "process_terminated",
+ "path": "C:\\Users\\user\\Desktop\\rl_file.exe",
+ "status": "success or wait"
+ }
+ ],
+ "registry_actions": [
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
+ "status": "buffer overflow"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Policies\\Microsoft\\WindowsStore",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLEAUT",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows NT\\Rpc",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
+ "status": "buffer overflow"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
+ "status": "buffer overflow"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rl_file.exe",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\Setup",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\NULL",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\App Management",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\Compatibility\\rl_file.exe",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\CTF\\",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FA445657-9379-11D6-B41A-00065B83EE53}",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\OOBE",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Segoe UI",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Input",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\App Management",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{FA445657-9379-11D6-B41A-00065B83EE53}",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\OEM",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",
+ "status": "success or wait",
+ "value": ""
+ }
+ ]
+ },
+ {
+ "file_actions": [
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveMedTile.contrast-white_scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveMedTile.contrast-black_scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "mk-MK",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Cache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "cs-CZ",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "248aaea9.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sr-Cyrl-BA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-GT",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "IMM32.DLL",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "tox.done.log",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "History",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "294af3d2.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "USER32.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ms-MY",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ARM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "it-IT",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CMApi",
+ "file_path": "\\Device\\DeviceApi",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-ZA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "edputil.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "de-AT",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "294af3d2.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-TN",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ro-RO",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-RE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "da083887.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "uxtheme.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-CD",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveSmallTile.scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "chrome_shutdown_ms.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ARM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "af-ZA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "UsageLogs",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "DeviceDiagnostic.debugreport.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-BH",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "2ab80eb2.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveMedTile.contrast-black_scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "S",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ucrtbase.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Temp",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "DefaultLayouts.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Acrobat",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "DefaultLayouts.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Adobe",
+ "file_path": "C:\\Users\\user\\AppData\\Local",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-CI",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "versionlist.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Feeds",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveMedTile.contrast-black_scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveMedTile.contrast-black_scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Feeds Cache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Chrome",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Cache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-CI",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "it-IT",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Credentials",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "tox.log",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "S",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-YE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveSmallTile.scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "Converged_v21033[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ARM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Converged_v21033[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "active-update.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "hi-IN",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Profiles",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-ML",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-419",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-PE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "BrowserMetrics",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CRYPTBASE.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "DeviceDiagnostic.debugreport.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ActiveSync",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "settings-tipset[2].xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "favicon[3].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "dd_vcredistMSI1AE4.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "dd_vcredistUI7855.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-IE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-GT",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "c43bb7d1.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "au-descriptor-1.8.0_301-b09.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "2ab80eb2.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "LogoImages",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "3534848bb9f4cb71",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\D3DSCache",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "0",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "favicon[1].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "results.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveSmallTile.scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-BZ",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Windows",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-FR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveMedTile.contrast-white_scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-SN",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-MA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Application Data",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sl-SI",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "lv-LV",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-PY",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "BDN4269.tmp.dir",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "favicon[2].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "shlwapi.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveMedTile.contrast-white_scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveMedTile.contrast-white_scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OLEAUT32.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "InputPersonalization",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveMedTile.scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "favicon[3].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "end of file"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "id-ID",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-RE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-CA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "eu-ES",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveMedTile.contrast-white_scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-ID",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-PR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "favicon[2].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "bcrypt.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "WININET.DLL",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Windows",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "705bcfd6.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "294af3d2.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-MY",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "GDI32.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ha-Latn-NG",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveMedTile.contrast-black_scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "rsaenh.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveSmallTile.scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDrive.VisualElementsManifest.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sl-SI",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "au-descriptor-1.8.0_301-b09.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "hu-HU",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveMedTile.contrast-black_scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "msvcp_win.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "TokenBroker",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sv-FI",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ru-RU",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "imagestore",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Cache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "2ab80eb2.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveMedTile.contrast-black_scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "dd_vcredistUI7869.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CRYPTSP.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Media Player",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Color",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Startup",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs",
+ "status": "object name collision"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-HN",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CLR_v2.0_32",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-ES",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CLDAPI.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Application Data",
+ "file_path": "C:\\Users\\user\\AppData\\Local",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "MicrosoftEdge",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-SA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "dd_vcredistMSI7869.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "DefaultLayouts.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sq-AL",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "System",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\Groove",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveMedTile.scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ResultReport.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Event Viewer",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "tox.decrypt.log",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "dd_vcredistMSI7855.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "hu-HU",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-PA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ARM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ARM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-OM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "S",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "User",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\Groove",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "dd_vcredistMSI7855.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-CA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "tox.log",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming",
+ "status": "object name not found"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "brndlog.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "WS2_32.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sortdefault.nls",
+ "file_path": "C:\\WINDOWS\\Globalization\\Sorting",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "favicon[3].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fa-IR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "win32u.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "dd_vcredistMSI7869.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "510dd5a4.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sk-SK",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "5fc0968a.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Application Data",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Microsoft",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "dd_vcredistMSI7869.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Firefox",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-SN",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "MountPointManager",
+ "file_path": "",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Profiles",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveMedTile.contrast-white_scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Converged_v21033[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-HK",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "kernel.appcore.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "S",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-PE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-BE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-GB",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveMedTile.contrast-white_scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "gl-ES",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "12.0",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "c:",
+ "file_path": "",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DeviceDiagnostic.debugreport.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveMedTile.contrast-white_scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "favicon[1].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "status": "end of file"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveMedTile.scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveMedTile.contrast-white_scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Acrobat",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Converged_v21033[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "GameDVR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-029",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "dd_vcredistUI7869.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-MX",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "4254396c.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "WidevineCdm",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sk-SK",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "bg-BG",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "UserProfileRoaming",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Vault",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "KERNELBASE.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-DZ",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "tr-TR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Application Data",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Cache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "Converged_v21033[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-FR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "KERNEL32.DLL",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveMedTile.contrast-white_scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "input",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "favicon[2].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "desktop.ini",
+ "file_path": "C:\\Users",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "au-descriptor-1.8.0_301-b09.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "af-ZA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-QA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-EG",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "0",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveSmallTile.scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "c43bb7d1.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sysmain.sdb",
+ "file_path": "C:\\WINDOWS\\AppPatch",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDrive.VisualElementsManifest.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "294af3d2.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-NZ",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ARM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Color",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Color",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveMedTile.contrast-black_scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDrive",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-IQ",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "248aaea9.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "aeb763fb.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "apphelp.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-KW",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-CO",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-EC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-ZW",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-LY",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Acrobat",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CrashReports",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "hy-AM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Cache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Adobe",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "favicon[3].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "status": "end of file"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Low",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "tr-TR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-CR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "eu-ES",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Acrobat",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Recovery",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "msapplication.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "favicon[1].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "brndlog.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-SG",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fi-FI",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveMedTile.scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "hr-BA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "dd_vcredistMSI19D2.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-VE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveMedTile.scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ARM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "pt-PT",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "versionlist.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\VersionManager",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "nb-NO",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "setup",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveMedTile.scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Acrobat",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveMedTile.contrast-black_scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-MX",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Groove",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-MA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Profiles",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "user",
+ "file_path": "C:\\Users",
+ "status": "object name collision"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveMedTile.scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "nl-BE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ka-GE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "clbcatq.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Profiles",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "S",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "AppData",
+ "file_path": "C:\\Users\\user",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "favicon[1].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-UY",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDrive.VisualElementsManifest.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "8fce0f3.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "au-descriptor-1.8.0_301-b09.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Cache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "History.IE5",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-SG",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveMedTile.scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveMedTile.contrast-black_scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-LB",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "dd_vcredistUI19D2.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "favicon[1].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-DO",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "dd_vcredistMSI19D2.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sechost.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DBG",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveMedTile.contrast-black_scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "de-CH",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "acrocef_low",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-ZA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "8fce0f3.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveMedTile.contrast-black_scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "a5ea21[1].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveMedTile.scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-EC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Cache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveMedTile.contrast-white_scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "da083887.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "desktop.ini",
+ "file_path": "C:\\Users\\user\\Desktop",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "dd_vcredistUI19D2.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "uk-UA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sw-KE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Color",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-PY",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-AR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-IN",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveMedTile.contrast-black_scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "dd_vcredistMSI19D2.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DBG",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "pnacl",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-UY",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "shcore.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sr-Cyrl-RS",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-AE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "msdtadmin",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveSmallTile.scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveMedTile.contrast-black_scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveMedTile.contrast-white_scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CLR_v4.0",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Adobe",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sr-Cyrl-ME",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Vault",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveMedTile.contrast-white_scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-CM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "iecompatdata.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "1833c4e9.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "510dd5a4.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveSmallTile.scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "bg-BG",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Low",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OriginTrials",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Unistore",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "it-CH",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "data",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Unistore",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "ResultReport.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "dd_vcredistMSI1AE4.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "favicon[2].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-CA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "ResultReport.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-JM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "dd_vcredistUI1AE4.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "favicon[3].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Microsoft",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Mozilla",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "History",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveMedTile.contrast-white_scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-KW",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "dd_vcredistMSI1AE4.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Application Data",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-NZ",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "msapplication.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Acrobat",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Cache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat\\DC",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "510dd5a4.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveMedTile.contrast-white_scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveMedTile.contrast-black_scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Cache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "b11b460a.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ARM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "PROPSYS.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Internet Explorer",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Adobe",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "5fc0968a.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "cfgmgr32.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "de-CH",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-MA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "AudioDiagnostic.debugreport.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "et-EE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Acrobat",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "1833c4e9.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "update100[1].xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fi-FI",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Color",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "msapplication.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "ResultReport.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "Converged_v21033[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "favicon[2].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "end of file"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "combase.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "Tox.exe",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "PeerDistRepub",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-DO",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "pl-PL",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "b11b460a.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "dd_vcredistUI1AE4.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "RPCRT4.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "705bcfd6.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-NI",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DefaultLayouts.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "kk-KZ",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "results.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "rl_file.exe:Zone.Identifier",
+ "file_path": "C:\\Users\\user\\Desktop",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "he-IL",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "da-DK",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveMedTile.contrast-white_scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveSmallTile.scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "248aaea9.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveMedTile.contrast-black_scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "a5ea21[1].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveMedTile.scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ARM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "PenWorkspace",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "rl_file.exe",
+ "file_path": "C:\\Users\\user\\Desktop",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-CR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Crashpad",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "acrord32_sbx",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ro-MD",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-GB",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Google",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-LB",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "et-EE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "settings-tipset[2].xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-IN",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "5fc0968a.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveSmallTile.scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Windows.StateRepositoryPS.dll",
+ "file_path": "C:\\Windows\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "S",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-OM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveMedTile.scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Acrobat",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Packages",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "chrome_shutdown_ms.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Cache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveMedTile.contrast-black_scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "gl-ES",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-JO",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "248aaea9.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "1033",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "aeb763fb.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "hy-AM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "bcryptPrimitives.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "favicon[1].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "KsecDD",
+ "file_path": "\\Device",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "WER",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "DefaultLayouts.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveMedTile.scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "nl-NL",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Default",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Application Data",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "8fce0f3.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveMedTile.scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveSmallTile.scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ARM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-JO",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "dd_vcredistUI1AE4.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "unknown",
+ "file_path": "",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-JM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Profiles",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Acrobat",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Adobe",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "dd_vcredistMSI7855.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Tiles",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-TT",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "dd_vcredistMSI7855.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "iecompatdata.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\IECompatData",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "294af3d2.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "update100[1].xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "Converged_v21033[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "el-GR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-HT",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "AudioDiagnostic.debugreport.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDrive.VisualElementsManifest.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "dd_vcredistMSI1AE4.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "msvcrt.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Office",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Application Data",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "S",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Sync Playlists",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-BO",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-HT",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "au-descriptor-1.8.0_301-b09.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ntdll.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sv-SE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-IQ",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "DeviceDiagnostic.debugreport.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-LU",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "5fc0968a.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "lv-LV",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "msapplication.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "brndlog.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "user",
+ "file_path": "C:\\Users",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveSmallTile.scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "c43bb7d1.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "active-update.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\updates\\308046B0AF4A39CB",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "dd_vcredistMSI7869.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "it-CH",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Feeds",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "510dd5a4.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Adobe",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "mk-MK",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveSmallTile.scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-CD",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "de-LI",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "windows.storage.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-CL",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "gdi32full.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "S",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "settings-tipset[2].xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Profiles",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Color",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Adobe_ADMLogs",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-YE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "nl-BE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Profiles",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "UsageLogs",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Profiles",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Color",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Acrobat",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "1833c4e9.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "705bcfd6.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "AudioDiagnostic.debugreport.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-US",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-PR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "kk-KZ",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "DeviceDiagnostic.debugreport.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Desktop",
+ "file_path": "C:\\Users\\user",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "aeb763fb.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CLR_v4.0_32",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sr-Latn-ME",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "he-IL",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveMedTile.contrast-white_scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "rl_file.exe:Zone.Identifier",
+ "file_path": "C:\\Users\\user\\Desktop",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-AE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "tox.log",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "4254396c.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-AU",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "dd_vcredistUI7855.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CLR_v4.0",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-AU",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "AudioDiagnostic.debugreport.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "b11b460a.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Application Data",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Profiles",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Color",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Credentials",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "active-update.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CLR_v2.0_32",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Local",
+ "file_path": "C:\\Users\\user\\AppData",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Chrome",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveMedTile.contrast-black_scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Caches",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows",
+ "status": "object name collision"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ca-ES",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "SHELL32.DLL",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "b11b460a.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "bn-BD",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "PROPSYS.dll.mui",
+ "file_path": "C:\\WINDOWS\\SysWOW64\\en-US",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Application Data",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "GameDVR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Cache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-DZ",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Color",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "da083887.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "favicon[1].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveMedTile.scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveMedTile.scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveMedTile.contrast-white_scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "dd_vcredistUI7855.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "pt-BR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-MC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ConnectedDevicesPlatform",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Microsoft Help",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Publishers",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "active-update.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Color",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-QA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-AR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "User Data",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "favicon[2].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sw-KE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Adobe",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Color",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "da083887.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "iertutil.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveSmallTile.scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "cversions.1.db",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CNG",
+ "file_path": "\\Device",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-NI",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ms-MY",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "iecompatdata.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-LU",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-TN",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Adobe",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "pt-BR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "desktop.ini",
+ "file_path": "C:\\Users",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "dd_vcredistUI7869.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "TokenBroker",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ro-MD",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveMedTile.scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-SA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ARM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "versionlist.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "a5ea21[1].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveSmallTile.scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-CO",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-MC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "hr-BA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "oleaut32.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "dd_vcredistUI7855.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "2550435360",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Caches",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "pl-PL",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "a5ea21[1].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
+ "status": "end of file"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "favicon[1].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CrashReports",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fa-IR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "favicon[2].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "status": "end of file"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "favicon[1].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Safe Browsing",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveMedTile.contrast-black_scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "nb-NO",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveMedTile.contrast-white_scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "lt-LT",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "id-ID",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "dd_vcredistUI1AE4.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "c43bb7d1.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "update100[1].xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "el-GR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Acrobat",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "510dd5a4.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-EG",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "History.IE5",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "hr-HR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "dd_vcredistUI1AE4.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveMedTile.contrast-black_scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Application Data",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveSmallTile.scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "versionlist.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\VersionManager",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-SY",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveMedTile.scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "favicon[2].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "Converged_v21033[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Temp",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "input",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-HK",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "dd_vcredistMSI1AE4.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveMedTile.contrast-white_scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ms-BN",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "1833c4e9.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Adobe",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sv-FI",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}",
+ "file_path": "",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Adobe",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveSmallTile.scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Start Menu",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows",
+ "status": "object name collision"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ca-ES-valencia",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Comms",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "WINDOWS",
+ "file_path": "C:",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "dd_vcredistUI7855.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-IE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "favicon[3].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "8fce0f3.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveMedTile.contrast-black_scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveMedTile.contrast-black_scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "nl-NL",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "de-DE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "ResultReport.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ole32.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "dd_vcredistMSI7869.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Cache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\TokenBroker",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Comms",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Acrobat",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-CM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-ES",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "cs-CZ",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-TT",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-MY",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveSmallTile.scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "8fce0f3.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveSmallTile.scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-US",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Acrobat",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ro-RO",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "favicon[3].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-ID",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "results.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "rl_file.exe",
+ "file_path": "C:\\Users\\user\\Desktop",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveMedTile.scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "favicon[2].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "hi-IN",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "bn-BD",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "1833c4e9.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "iecompatdata.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-SV",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "PepperFlash",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "results.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Color",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveSmallTile.scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "versionlist.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "de-LU",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "FLTLIB.DLL",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CLR_v4.0_32",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "dd_vcredistUI19D2.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDrive",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-BH",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "aeb763fb.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "248aaea9.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ARM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "powrprof.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Feeds Cache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ShaderCache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Roaming",
+ "file_path": "C:\\Users\\user\\AppData",
+ "status": "object name collision"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Users",
+ "file_path": "C:",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "R000000000013.clb",
+ "file_path": "C:\\WINDOWS\\Registration",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "profapi.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "4254396c.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "chrome_shutdown_ms.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "chrome_shutdown_ms.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "dd_vcredistUI19D2.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "settings-tipset[2].xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveMedTile.contrast-white_scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "AudioDiagnostic.debugreport.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "dd_vcredistUI19D2.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ADVAPI32.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "da-DK",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-MA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Tox.exe",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "dd_vcredistMSI19D2.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "favicon[3].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Unistore",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Programs",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
+ "status": "object name collision"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "de-DE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-HN",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "results.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-SY",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "D3DSCache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "da083887.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "uz-Latn-UZ",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "de-LU",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Application Data",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Office",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "UsageLogs",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v2.0_32",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Cache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-ML",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Vault",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-BO",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Application Data",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "dd_vcredistMSI7855.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveSmallTile.scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "L.user",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\ConnectedDevicesPlatform",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sr-Latn-BA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000022600000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}",
+ "file_path": "",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveMedTile.contrast-white_scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "favicon[3].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "pt-PT",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "chrome_shutdown_ms.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-VE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "dd_vcredistUI7869.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveMedTile.scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "b11b460a.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "active-update.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\updates\\308046B0AF4A39CB",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-ZW",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveMedTile.scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveMedTile.contrast-white_scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Color",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveMedTile.contrast-white_scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "{291AA914-A987-4CE9-BD63-AC0A92D435E5}",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "dd_vcredistUI7869.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "brndlog.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "c43bb7d1.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "favicon[3].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "WinTypes.dll",
+ "file_path": "C:\\Windows\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Google",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "D3DSCache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "S",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "desktop.ini",
+ "file_path": "C:\\Users\\user\\Desktop",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "favicon[1].png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "end of file"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-CH",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "S",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-PA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Profiles",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "update100[1].xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "uk-UA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveMedTile.contrast-black_scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-BZ",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveMedTile.scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-BE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "3D Objects",
+ "file_path": "C:\\Users\\user",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "msapplication.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "History.IE5",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "S",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ms-BN",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Adobe",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "705bcfd6.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ka-GE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveSmallTile.scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveSmallTile.scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "MEIPreload",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Converged_v21033[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "aeb763fb.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "12.0",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "PlayReady",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fr-CH",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "UnistoreDB",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Color",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDrive.VisualElementsManifest.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Adobe",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sv-SE",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "nn-NO",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "TaskSchedulerConfig",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "TabRoaming",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ElevatedDiagnostics",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-SV",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "User",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DC",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Adobe\\Acrobat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "C:",
+ "file_path": "",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "favicon[2].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "brndlog.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveSmallTile.scale-200.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Internet Explorer",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\PlayReady",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Low",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "update100[1].xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ru-RU",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "settings-tipset[2].xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "2ab80eb2.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Profiles",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "S",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveMedTile.scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-029",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sq-AL",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "Converged_v21033[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "en-CA",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "2ab80eb2.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "es-CL",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ar-LY",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "hr-HR",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ARM",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "4254396c.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveMedTile.contrast-white_scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "az-Latn-AZ",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Color",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "updates",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "data",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Unistore",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Profiles",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "PlayReady",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Profiles",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Color",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ActionCenterCache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "SspiCli.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Color",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "urlmon.dll",
+ "file_path": "C:\\WINDOWS\\SysWOW64",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "sr-Latn-RS",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "705bcfd6.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Adobe",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveSmallTile.scale-100.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "dd_vcredistMSI19D2.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveMedTile.scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "de-AT",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "nn-NO",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "VirtualStore",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveMedTile.scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Application Data",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "UnistoreDB",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ca-ES",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OneDriveMedTile.contrast-black_scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "S",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\ARM",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "iecompatdata.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\IECompatData",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "logs",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "5fc0968a.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Cache",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "4254396c.jpg",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "de-LI",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-125.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "WindowsApps",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OneDriveMedTile.scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveMedTile.contrast-black_scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "lt-LT",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\input",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "DBG",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "a5ea21[1].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ElevatedDiagnostics",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OneDriveSmallTile.scale-150.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "CR_28192.tmp",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "b8aa184e[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "main.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "8cafcc5f[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "7d19123f[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "10379681[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "27a24753[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "windows-systemtoast-securityandmaintenance_249_0.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "69958a21[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "a0d3923c[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "8cafcc5f[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "icon_128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "icon_16.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "icon_16.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "43db4db3[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "icon_128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "69958a21[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "11ee0799[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "page_embed_script.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "e3f307cb[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "5e0abf48[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "359d2aee[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "a2f17337[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "1bf12095[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "dbef2181[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "1bf12095[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "5e0abf48[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "69958a21[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "a2f17337[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "craw_window.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OldConvergedLogin_PCore[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "a2f17337[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "a2f17337[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "b8275b23[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "2743db28[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "3417f6c5[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "icon_16.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "424a9e57[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "1bf12095[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "page_embed_script.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "a2f17337[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "431acc73d0187c752f5885ebf2df90c0.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "eventpage_bin_prod.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "53c747e0[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "fd45bf1d[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "3a8048a4[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "b8275b23[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "craw_window.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "48a99eae[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "7d19123f[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OldConvergedLogin_PCore[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "icon_128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "b8aa184e[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "IECompatData.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "045d3532[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "SettingsCache.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "dbef2181[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "5e0abf48[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "known_providers_download_v1[1].xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "181f4d7eabe2d441119af774407152dd.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "69958a21[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OldConvergedLogin_PCore[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "8636b4dd[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "craw_background.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "a2f17337[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "045d3532[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "03cedd2d[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "7d19123f[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "2743db28[2].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "page_embed_script.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "0c3a2f0b[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "icon_16.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OldConvergedLogin_PCore[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "craw_window.css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "IECompatData.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OldConvergedLogin_PCore[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "OldConvergedLogin_PCore[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "icon_128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "craw_window.css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "0c3a2f0b[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "page_embed_script.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "page_embed_script.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "8636b4dd[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "a9486108724e44ae4e34492b400fcd5c.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "69958a21[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "main.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "96c26e78[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "craw_window.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "359d2aee[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "ConvergedLoginPaginatedStrings.EN[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "8cafcc5f[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "2743db28[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "424a9e57[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "8cafcc5f[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "IECompatData.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "main.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "SettingsCache.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "03cedd2d[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "craw_window.css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "a2f17337[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "icon_16.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "a0d3923c[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "181f4d7eabe2d441119af774407152dd.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "424a9e57[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "page_embed_script.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "5e0abf48[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "eventpage_bin_prod.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "1bf12095[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "page_embed_script.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "craw_background.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "dbef2181[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "2743db28[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "main.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "0c3a2f0b[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "045d3532[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "icon_16.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "69958a21[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "dbef2181[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "a2f17337[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "2743db28[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "96c26e78[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "a0d3923c[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "eventpage_bin_prod.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "eventpage_bin_prod.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "3417f6c5[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "main.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "b8275b23[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "69958a21[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "a9486108724e44ae4e34492b400fcd5c.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "b8aa184e[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "eventpage_bin_prod.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "eventpage_bin_prod.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "b8aa184e[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "windows-systemtoast-securityandmaintenance_249_0.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "OldConvergedLogin_PCore[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Content.IE5\\D4PT37GU",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "27a24753[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "craw_background.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "main.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "e3f307cb[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "FlightingLogging.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "icon_16.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "icon_16.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "43db4db3[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "icon_16.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "windows-systemtoast-securityandmaintenance_244_0.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "10379681[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "0c3a2f0b[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "f60c0b47[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "windows-systemtoast-securityandmaintenance_244_0.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ConvergedLoginPaginatedStrings.EN[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "known_providers_download_v1[1].xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "5e0abf48[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "e3f307cb[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "icon_16.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "03cedd2d[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "known_providers_download_v1[1].xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "ConvergedLoginPaginatedStrings.EN[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "windows-systemtoast-securityandmaintenance_249_0.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "a9486108724e44ae4e34492b400fcd5c.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "icon_128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "ConvergedLoginPaginatedStrings.EN[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "424a9e57[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "9db0f1a3[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "2743db28[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "main.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "SettingsCache.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "eventpage_bin_prod.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "icon_16.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "b8275b23[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "b8aa184e[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "icon_128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "craw_window.css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-400.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "3417f6c5[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "359d2aee[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "icon_128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "FlightingLogging.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "windows-systemtoast-securityandmaintenance_244_0.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "icon_16.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "43db4db3[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "craw_background.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "craw_window.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "OldConvergedLogin_PCore[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "2743db28[2].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "9db0f1a3[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "48a99eae[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "icon_128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "icon_16.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "b8275b23[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "b8aa184e[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "431acc73d0187c752f5885ebf2df90c0.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "eventpage_bin_prod.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "69958a21[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "ConvergedLoginPaginatedStrings.EN[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "craw_window.css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "craw_background.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "page_embed_script.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "43db4db3[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "69958a21[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "2743db28[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "craw_background.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "a0d3923c[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "3a8048a4[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "IECompatData.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "53c747e0[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "craw_window.css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "9db0f1a3[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "431acc73d0187c752f5885ebf2df90c0.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "96c26e78[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "fd45bf1d[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "ConvergedLoginPaginatedStrings.EN[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "icon_128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "main.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "2743db28[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "craw_window.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "045d3532[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "a9486108724e44ae4e34492b400fcd5c.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "page_embed_script.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "424a9e57[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "3a8048a4[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "fd45bf1d[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "7d19123f[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "icon_16.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "11ee0799[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "icon_128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "icon_16.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "10379681[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "69958a21[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "48a99eae[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "48a99eae[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "f60c0b47[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "OldConvergedLogin_PCore[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "craw_window.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "main.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "eventpage_bin_prod.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "craw_background.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "9db0f1a3[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "3a8048a4[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "03cedd2d[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "8cafcc5f[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "3a8048a4[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "43db4db3[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "FlightingLogging.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "windows-systemtoast-securityandmaintenance_244_0.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "b8aa184e[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "known_providers_download_v1[1].xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "windows-systemtoast-securityandmaintenance_249_0.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "3a8048a4[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "8636b4dd[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "SettingsCache.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "27a24753[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "69958a21[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "IECompatData.xml",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "8636b4dd[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "96c26e78[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "a0d3923c[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "b8275b23[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "craw_window.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "69958a21[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "03cedd2d[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "3417f6c5[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "a9486108724e44ae4e34492b400fcd5c.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "icon_16.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "10379681[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "main.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "b8275b23[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "b8aa184e[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "craw_background.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "a2f17337[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "181f4d7eabe2d441119af774407152dd.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "431acc73d0187c752f5885ebf2df90c0.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "OldConvergedLogin_PCore[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "10379681[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "69958a21[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "f60c0b47[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "96c26e78[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "f60c0b47[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "2743db28[2].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "48a99eae[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "9db0f1a3[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "icon_128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "2743db28[2].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "windows-systemtoast-securityandmaintenance_249_0.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "main.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "11ee0799[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "2743db28[2].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "craw_window.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "fd45bf1d[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "ConvergedLoginPaginatedStrings.EN[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "181f4d7eabe2d441119af774407152dd.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "3a8048a4[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "8636b4dd[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "53c747e0[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "FlightingLogging.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "icon_128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "ConvergedLoginPaginatedStrings.EN[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "27a24753[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "3a8048a4[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "7d19123f[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "fd45bf1d[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "3a8048a4[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "11ee0799[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "3a8048a4[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "b8275b23[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "045d3532[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "craw_window.css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "icon_128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "359d2aee[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "359d2aee[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "b8aa184e[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "ConvergedLoginPaginatedStrings.EN[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "dbef2181[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "2743db28[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "icon_128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "e3f307cb[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "icon_16.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "main.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "FlightingLogging.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "craw_window.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "craw_window.css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "icon_16.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "3417f6c5[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "b8275b23[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "eventpage_bin_prod.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "craw_background.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "f60c0b47[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "craw_window.css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "181f4d7eabe2d441119af774407152dd.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "2743db28[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "69958a21[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "431acc73d0187c752f5885ebf2df90c0.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "53c747e0[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "windows-systemtoast-securityandmaintenance_244_0.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "craw_background.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "2743db28[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "known_providers_download_v1[1].xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "icon_16.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "SettingsCache.txt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "69958a21[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "1bf12095[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "icon_128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "b8275b23[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "0c3a2f0b[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "b8aa184e[2].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "53c747e0[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "craw_window.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "main.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "icon_128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "main.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "11ee0799[1].css",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "icon_128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "icon_128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "icon_128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "icon_16.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "a2f17337[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_opened",
+ "file_name": "icon_128.png",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_written",
+ "file_name": "ConvergedLoginPaginatedStrings.EN[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_created",
+ "file_name": "page_embed_script.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "main.js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_deleted",
+ "file_name": "e3f307cb[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "file_read",
+ "file_name": "27a24753[1].js",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "status": "success or wait"
+ }
+ ],
+ "modules_loaded": [
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\oleaut32.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\msvcp_win.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\SspiCli.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\RPCRT4.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\WS2_32.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\USER32.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\combase.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\win32u.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\windows.storage.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\propsys.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\OLEAUT32.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\PROPSYS.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\iertutil.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\rsaenh.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\KERNELBASE.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\FLTLIB.DLL",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\Windows.StateRepositoryPS.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\apphelp.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\uxtheme.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\windows_shell_global_counters",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\IMM32.DLL",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\CRYPTSP.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\imm32.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\kernel32.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\kernel.appcore.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\bcryptPrimitives.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\powrprof.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\bcrypt.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\msvcrt.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\CLDAPI.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\rsaenh.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls\\wow64.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\bcrypt.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\iertutil.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\sechost.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "unknown",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls\\wow64log.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\apphelp.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\WinTypes.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls\\wow64cpu.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\edputil.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls\\wow64win.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\clbcatq.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\UrlZonesSM_user",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\shlwapi.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\ucrtbase.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\profapi.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\KERNEL32.DLL",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\Windows.StateRepositoryPS.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\cldapi.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\GDI32.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\cryptsp.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\WININET.DLL",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\wininet.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\WinTypes.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\urlmon.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\en-US\\propsys.dll.mui",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\cfgmgr32.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\edputil.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\uxtheme.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\shcore.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\SHELL32.DLL",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\SysWOW64\\urlmon.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\apppatch\\sysmain.sdb",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\Sessions\\1\\Windows\\SharedSection",
+ "module_tag": ""
+ },
+ {
+ "module_name": "C:\\Windows\\Registration\\R000000000013.clb",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\CRYPTBASE.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\gdi32full.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\ADVAPI32.dll",
+ "module_tag": ""
+ },
+ {
+ "module_name": "\\KnownDlls32\\ole32.dll",
+ "module_tag": ""
+ }
+ ],
+ "mutex_actions": [
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-use_fc_key",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_static_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\Global\\SyncRootManager",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\toxcrypt",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListNextId_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_once_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idList_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-fc_key",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__terminate_handler_sh",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_tls_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesCacheCounterMutex",
+ "status": "object name exists"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-global_lock_spinlock",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_global_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-__unexpected_handler_sh",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-sjlj_once",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ZonesLockedCacheCounterMutex",
+ "status": "object name exists"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mtx_pthr_locked_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_dest_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_sch_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-cond_locked_shmem_rwlock",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-pthr_root_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListMax_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_lock_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-once_obj_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mxattr_recursive_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-rwl_global_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-idListCnt_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-init",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-_pthread_key_max_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\gcc-shmem-tdm2-mutex_global_shmem",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3080:168:WilStaging_02",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "mutex_created",
+ "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:3080:64:WilError_01",
+ "status": "success or wait"
+ }
+ ],
+ "process": {
+ "name": "rl_file.exe",
+ "parameters": "C:\\Users\\user\\Desktop\\rl_file.exe"
+ },
+ "process_actions": [
+ {
+ "action_type": "process_created",
+ "path": "C:\\Users\\user\\Desktop\\rl_file.exe",
+ "status": "success or wait"
+ },
+ {
+ "action_type": "process_queried",
+ "path": "C:\\Users\\user\\Desktop\\rl_file.exe",
+ "status": "success or wait"
+ }
+ ],
+ "registry_actions": [
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\LocalServer32",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\CustomLocale",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\DocObject",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachineLanguageConfiguration",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
+ "status": "buffer overflow",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\TreatAs",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Internet Explorer\\Main",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\SystemFileAssociations\\.exe",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{00000323-0000-0000-C000-000000000046}",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Versions",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{0000032A-0000-0000-C000-000000000046}",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\rl_file.exe",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\NULL",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\BrowseInPlace",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\.exe",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\Folder\\Clsid",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Disable8And16BitMitigation",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocHandler",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Terminal Server",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocHandler32",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler32",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wow64\\x86",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\Directory\\ShellEx\\IconHandler",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\MUI\\Settings",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Policies\\Microsoft\\WindowsStore",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\ShellEx\\IconHandler",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\Drive\\shellex\\FolderExtensions",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\AllFilesystemObjects",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLEAUT",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\exefile",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}",
+ "status": "buffer overflow",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\LocalServer",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Drive\\shellex\\FolderExtensions",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Explorer",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AppModel\\Lookaside\\Packages",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\LocalServer",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InProcServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\Folder",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}\\PropertyBag",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Ids",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\NULL",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89BC3F49-F8D9-5103-BA13-DE497E609167}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\TreatAs",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}",
+ "status": "buffer overflow",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\LocalServer32",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-602200000000}\\",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{75847177-f077-4171-bd2c-a6bb2164fbd0}\\InProcServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer32",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{89bc3f49-f8d9-5103-ba13-de497e609167}\\ProxyStubClsid32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE\\Diagnosis",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\Instance",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InprocHandler",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows NT\\Rpc",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\.exe",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
+ "status": "buffer overflow",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\BrowseInPlace",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\Elevation",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\Elevation",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\Clsid",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{1649D1CF-DEAF-4A68-ABE8-5C9F68572FD1}\\InProcServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\InProcServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\Directory",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InProcServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\InProcServer32",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER_Classes\\Directory",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\FileSystem\\",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\Clsid",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\AppCompat",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Explorer",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Display",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Segment Heap",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocHandler",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocHandler32",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-987036132-2528391375-4088684000-1001",
+ "status": "buffer overflow",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe\\Clsid",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\LanguageOverlay\\OverlayPackages\\en-US",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\Setup",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\Directory\\Clsid",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\TreatAs",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1649d1cf-deaf-4a68-abe8-5c9f68572fd1}\\InProcServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot\\Option",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InprocHandler",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\LocalServer",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE\\Tracing",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\ZoneMap\\Ranges\\",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocServer32",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\NLS\\Language",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}",
+ "status": "buffer overflow",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NULL",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}",
+ "status": "buffer overflow",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Application",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\ZoneMap\\Ranges\\",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation\\CustomAttributes",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InProcServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\DocObject",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InProcServer32",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\TreatAs",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\Elevation",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocHandler",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\SystemFileAssociations\\.exe",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Folder",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\feature_localmachine_lockdown",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Main",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\Elevation",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\BrowseInPlace",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Security",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\LocalServer32",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\LocalServer32",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\LanguageConfiguration",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\ShellEx\\IconHandler",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\ShellEx\\IconHandler",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\InProcServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Control Panel\\Desktop",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\Directory\\DocObject",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-100000000000}",
+ "status": "buffer overflow",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Policies\\Microsoft\\Cryptography\\Configuration",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InProcServer32",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\internet explorer\\main",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\Folder\\DocObject",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\shell\\open",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\TreatAs",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\ShellEx\\IconHandler",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\WindowsRuntime",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\DebugInformation",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository\\CustomAttributes",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00000323-0000-0000-C000-000000000046}",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\Application",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocHandler",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\InprocHandler32",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{00000339-0000-0000-C000-000000000046}",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\LocalServer32",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\Elevation",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}\\OverrideFileSystemProperties",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\OLE",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\rl_file.exe",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\DocObject",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wow64\\x86",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\InprocHandler32",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\Sorting\\Ids",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\\InProcServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{75847177-F077-4171-BD2C-A6BB2164FBD0}\\InProcServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\Folder\\ShellEx\\IconHandler",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.exe",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\UILanguages\\PendingDelete",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\DLL",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765b11-3f95-4af2-ac9d-ea55d8994f1a}\\TreatAs",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open\\NULL",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Internet Explorer\\Security",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\CurVer",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}",
+ "status": "buffer overflow",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Appx",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\ActivatableClassId\\Windows.Internal.StateRepository.FileTypeAssociation",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Nls\\ExtendedLocale",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\InprocHandler32",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\\ProxyStubClsid32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\internet explorer\\main",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\Clsid",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CustomLocale",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AppID\\rl_file.exe",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ole\\FeatureDevelopmentProperties",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Sorting\\Versions",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\Safer\\CodeIdentifiers",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppModelUnlock",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0000032A-0000-0000-C000-000000000046}",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\Instance",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-100000000000}\\",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\shell\\open",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\SystemPropertyHandlers",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\\LocalServer",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00000339-0000-0000-C000-000000000046}",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NULL",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Rpc\\Extensions",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Session Manager",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\\PropertyBag",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Directory\\Clsid",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\DocObject",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\Directory\\BrowseInPlace",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\\InprocServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\MUI\\Settings\\LanguageConfiguration",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ShellFolder",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\ExplorerCLSIDFlags\\{66742402-F9B9-11D1-A202-0000F81FEDEE}",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\Setup",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40B2-A1FF-9617C1C9AFFE}\\InProcServer32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{ee2f30af-0000-0000-0000-602200000000}",
+ "status": "buffer overflow",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Instance\\InitPropertyBag",
+ "status": "buffer overflow",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\exefile\\CurVer",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{754AC886-DF64-4CBA-86B5-F7FBF4FBCEF5}",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\AllFilesystemObjects\\Clsid",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\\Elevation",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\OLE",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsRuntime\\Server\\StateRepository",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\Interface\\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\\ProxyStubClsid32",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_URI_DISABLECACHE",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Terminal Server",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\\LocalServer",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{0E5AAE11-A475-4c5b-AB00-C66DE400274E}\\LocalServer",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
+ "status": "buffer overflow",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WOW6432Node\\CLSID\\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}",
+ "status": "buffer overflow",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\NULL",
+ "status": "success or wait",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\Folder\\BrowseInPlace",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_value_queried",
+ "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole\\AppCompat",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\WOW6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
+ "status": "object name not found",
+ "value": ""
+ },
+ {
+ "action_type": "key_opened",
+ "key_name": "HKEY_CURRENT_USER_Classes\\exefile",
+ "status": "object name not found",
+ "value": ""
+ }
+ ]
+ }
+ ],
+ "classification": "MALICIOUS",
+ "configuration": "MS Office 2007;Java 8;Adobe Reader 2020;Firefox 62;Google Chrome 69;Microsoft Edge 42;Internet Explorer 11",
+ "dropped_files": [
+ {
+ "classification": "MALICIOUS",
+ "file_name": "Tox.exe",
+ "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
+ "md5": "3133c2231fcee5d6b0b4c988a5201da1",
+ "sample_size": 636416,
+ "sample_type": "PE/Exe",
+ "sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
+ "sha256": "2f6edf41016e97c58f9de01aa4cc66c9c7fe7dae23fe72e50a69cbd221f55346"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0",
+ "md5": "949ba0554f8e29dc24f5ce71d9f40d3f",
+ "sample_size": 3448,
+ "sample_type": "Binary/None",
+ "sha1": "1c2e7072945f9d41022daac5cdd3e5c33389e071",
+ "sha256": "65523544b3e2f9f46be3b68953b5102d9ad460197df40a90c8b0786c0a31cae5"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "8cafcc5f[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "db4573f2f3a6e88768f63363c607f1e8",
+ "sample_size": 125376,
+ "sample_type": "Binary/None",
+ "sha1": "fec7efbaf193949fde393c5c67afcc1258a2acd0",
+ "sha256": "c97ebcb9fbb1622f66accf54f49dca2280a5e5333768e06d4e519c7af7ae5ec1"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "page_embed_script.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "md5": "78a8376cbfee1ce15bc796f1735cb7bf",
+ "sample_size": 288,
+ "sample_type": "Binary/None",
+ "sha1": "f08ec4eab6d493a6a6d16463453687398dcc5985",
+ "sha256": "f7eb7d4ef9e7c55af90438324800982a3a2a9f41f560392422506b27b5cae173"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "a5ea21[1].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
+ "md5": "07c6dbf463f0f2e51ca5f4e45ef48664",
+ "sample_size": 40,
+ "sample_type": "Binary/None",
+ "sha1": "50a848872bd0f812d8c6a5987a6a8866c2177ff0",
+ "sha256": "5ce56c888038a0426005eb80abe4155bbde043756b7cbbed11503039c2581217"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "icon_128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "md5": "eeaff059138cd55441bc34fdfc919ec0",
+ "sample_size": 3440,
+ "sample_type": "Binary/None",
+ "sha1": "e6d48862f83c7213a9cc13ba7ecc4781a7d82eed",
+ "sha256": "5dcae96033ba95485ad2c885d17fe6102c837397618c3182dbd73abeadc969f2"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveMedTile.contrast-black_scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "76f184bb00db4b20a96e9d563e2ff705",
+ "sample_size": 1432,
+ "sample_type": "Binary/None",
+ "sha1": "ebeea1be590a282f398e1392161c8de981c49dfe",
+ "sha256": "52ca52b2a99febe5da76237787d5b2b392c6d6de5a85a2200c68e9d7be276021"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "craw_window.css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\css",
+ "md5": "e62cde757b51b2e48c65bc9362839d03",
+ "sample_size": 1784,
+ "sample_type": "Binary/None",
+ "sha1": "ff5c6e346fe9b830f102f7e50074a150a7bf2f0d",
+ "sha256": "e9c67e89801811bf137e71a712399bd8cfa6ebe8f7597f472e923a2857a3f762"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "1833c4e9.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "md5": "69243748084c8a26e494271ba83bf5a3",
+ "sample_size": 47424,
+ "sample_type": "Binary/None",
+ "sha1": "37684ede0d616ad8687de86213efdd4c6be81f66",
+ "sha256": "9e1b0b7121277ebc42f31661a477f709b64dd1d591398e6c2785db83ae7bedd6"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "2ab80eb2.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "md5": "bbba22e6526ba13f686aafdb97a25bb6",
+ "sample_size": 30080,
+ "sample_type": "Binary/None",
+ "sha1": "9232a097b1754d9f2823c5cb75557497230e7c6d",
+ "sha256": "6d22a69fe61549203fc699a797effcea301d269239c666fb378468d6bdcb2cd5"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "OldConvergedLogin_PCore[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
+ "md5": "96727038666752f23f42dcb7b5f076f2",
+ "sample_size": 440736,
+ "sample_type": "Binary/None",
+ "sha1": "b10bc9db352525cc3e6532004b626a11550d1ef9",
+ "sha256": "b552a244537ad35398cb9b70c240ab777040e55f03d5c7a11914ed33955d65a1"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveSmallTile.scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "96e93a1dfa1661f0a545102014e45bae",
+ "sample_size": 632,
+ "sample_type": "Binary/None",
+ "sha1": "77c3c7e12d723d0923b6e575c74da53db228541a",
+ "sha256": "39e47018eb2b323a5d6591812645072eb016aa8c94604ca6c578baa40e98d62b"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "active-update.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\updates\\308046B0AF4A39CB",
+ "md5": "cef18d6fd2b9ea9da4de885ea1f501ea",
+ "sample_size": 1088,
+ "sample_type": "Binary/None",
+ "sha1": "d91fc1d1bfddf1eeed4a8c00e7d16733b5f49ffa",
+ "sha256": "403f3c0b05d07145b70657d819277672063a3740123463e714492232a874f94a"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "c43bb7d1.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "md5": "22694bf7c107f414a88eef68a7287f04",
+ "sample_size": 3328,
+ "sample_type": "Binary/None",
+ "sha1": "7d019d40e477a9abe75cceee30eab76ee3c0d539",
+ "sha256": "4c748d62d99d39a92c08b94f53dc2394c6199736326b7ec0ef4d3667cad85fa3"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "a2f17337[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "md5": "63265af0a660bb52c6a93ad52cdd5b15",
+ "sample_size": 368,
+ "sample_type": "Binary/None",
+ "sha1": "eff7a570dda957caca3a5bb5a12e04fd13d85262",
+ "sha256": "3ebb9cfae53cdbf4f1c4b2b69cd94159bae8facc8b0d67b5f78238a6441af3e3"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "DeviceDiagnostic.debugreport.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "md5": "c61ae23f6d2810fe1aee411eac4769c8",
+ "sample_size": 1304,
+ "sample_type": "Binary/None",
+ "sha1": "d570ac147327fc99774190a1f61e22cd212f7f89",
+ "sha256": "c96e0eac6c7802b43071e217200b2f804db9638949eb6458dc2a7ec0dc5574d2"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "md5": "1a7aef1670a219808431da5e55e187e9",
+ "sample_size": 5024,
+ "sample_type": "Binary/None",
+ "sha1": "dbf8a14e21312e11c2c151c75d8c72ca55bad836",
+ "sha256": "af145c976b575c5349639b57d64d2fbe1245db1c46f29417aafb4cc1e9e9c96a"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "msapplication.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940",
+ "md5": "c91f7e0d191fe1b31cd9e068caf34558",
+ "sample_size": 416,
+ "sample_type": "Binary/None",
+ "sha1": "600ebcf7d39a17de1e173d2d696e74043584f6a9",
+ "sha256": "b061e21a60c2b1f40d3685d5cc44c24caddb5b43fab12606c8131b0181b36df3"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "dd_vcredistMSI7869.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "md5": "262f3902763b06ad02e57cd11166b352",
+ "sample_size": 424352,
+ "sample_type": "Binary/None",
+ "sha1": "d000b3c1925cb78f19a0e4f1cfd7f8ed13917a16",
+ "sha256": "9c4e62f086214923e23fcca47f67498f68df7c8f61ee541c45034259c4a123b3"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "ConvergedLoginPaginatedStrings.EN[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "md5": "239e00d6977d179678075874598f377d",
+ "sample_size": 23112,
+ "sample_type": "Binary/None",
+ "sha1": "56ddee0650eb3250c090b5c1e377e59a19752db5",
+ "sha256": "89ce04019debb827fed2c4e800300304c3a078046689f2d915dc58aa5a032c6b"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "1bf12095[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\HZO7MSFT",
+ "md5": "e91c28dc017f3297d168f49c5ad86749",
+ "sample_size": 217832,
+ "sample_type": "Binary/None",
+ "sha1": "be13adcea83feec2bda41e82c31afb9e5dbdaa78",
+ "sha256": "71d6d2beecda8079d82e0985a6458dc300138254a0e039972df1e6f482df07aa"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0",
+ "md5": "8e2f9ff3a6eb780f163d876a4493c2ee",
+ "sample_size": 6744,
+ "sample_type": "Binary/None",
+ "sha1": "45e7cbdbd57deda347f88b87ae02865b1b709199",
+ "sha256": "345f5f4d8fdb2c489874eb467df654ddc240ee13f55d1251c08d0b1814dab57b"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "3a8048a4[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "md5": "3a68dfa10af07adeca23a58a30312d2f",
+ "sample_size": 6688,
+ "sample_type": "Binary/None",
+ "sha1": "f2bf3cff675dbe2c618f03bf6561b52ba8e1968d",
+ "sha256": "0374e29d2202e50454746618bb3ca5678b9742d34b97722962c367d508d2375d"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "7d19123f[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "59851c448a4a073ff6fa9cd9d4d606a4",
+ "sample_size": 95448,
+ "sample_type": "Binary/None",
+ "sha1": "4a60246b7c24f52e14e9d98e4c43904fefc67b30",
+ "sha256": "47b636339d67d315a4d7f647204a630f44bbc4a5466f555b1d7f849d89d25796"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "favicon[1].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "md5": "f3b1a72895a05384dd2bc527813651a7",
+ "sample_size": 40,
+ "sample_type": "MZ/DOS",
+ "sha1": "1cf20dc1ec4fbea198822ca79c32082f9b6e9986",
+ "sha256": "1438ab63e3516dbf7fb87eecda3b4cca0da0a7e18950304581cdb5e938bf2686"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "705bcfd6.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "md5": "ba1a0ed090c1fcf508cf2b3872aa6989",
+ "sample_size": 6864,
+ "sample_type": "Binary/None",
+ "sha1": "230194fa9e048d4720287e6a2535259975dbfd08",
+ "sha256": "17740617b346d3e67312f2ba01a70a89b60cd8b8bb27ac8cd4d242d75198911d"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "craw_window.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
+ "md5": "981113ec7eb738152c4549dd770c7d06",
+ "sample_size": 265832,
+ "sample_type": "Binary/None",
+ "sha1": "c6223cb14c21eb7eaccbeca19e03b5007dbbe9f5",
+ "sha256": "e653477fdeec302de7254f9715a87105a4950d8ab62bec073db68bc91e7b9383"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "96a3d0ea1b838c7eae3a4795e2d3bb18",
+ "sample_size": 576,
+ "sample_type": "MZ/DOS",
+ "sha1": "ad1e61af95bad249c657df359d32c21b01100b7b",
+ "sha256": "5277db5d7835bb725801563ebbd675fbcc1d70729dd103437fde388dee8d8aa4"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveSmallTile.scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "15ab653bc7720bb7ed0f19c8a26534c3",
+ "sample_size": 840,
+ "sample_type": "Binary/None",
+ "sha1": "c24d1ff9feb5398b0c1c9f793cd42bfdfc38e598",
+ "sha256": "14a6a1f10d9121e38507238e82f94c266c29789afddf71f0413d2979f52fb1b6"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "favicon[3].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "md5": "0ee824fd13122ebd201d2ee9c3dbcfeb",
+ "sample_size": 40,
+ "sample_type": "Binary/None",
+ "sha1": "97ad6030b4773a8b7bfdcabaa71f6b73497df199",
+ "sha256": "626b1d6edfe07a7691432ed27aa144d27f9e4bef242ae75ed52239d0974cd390"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "FlightingLogging.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\Flighting",
+ "md5": "41b3fa8d1ec44a5ef24c0ae580e475c5",
+ "sample_size": 592,
+ "sample_type": "Binary/None",
+ "sha1": "d5d22bb03085fe85f393782feec0450dcd2e764d",
+ "sha256": "16113f571340e94639ef90cf4aeb47321102345fdee45fd585826a7a9c4c7f40"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "Converged_v21033[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "md5": "9780019e8eeece8eeef305a830d1ce27",
+ "sample_size": 95952,
+ "sample_type": "Binary/None",
+ "sha1": "f01a8d40a5bceed9f57bea23718256087a40186f",
+ "sha256": "fc46a655c45c7d81f52e3bc1a183bef99b188b90720629500fd3b6d3a7272fbc"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "craw_window.css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css",
+ "md5": "55792199a2d034671f1c53d07259d903",
+ "sample_size": 1784,
+ "sample_type": "Binary/None",
+ "sha1": "bdd88f2ccc46c7cf28103bc890b5606f8ac3d213",
+ "sha256": "39d4f9c8dbe9e6937be3d89f4cef63812267e4637c11674f9080d7fba01d5600"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "9db0f1a3[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "0238ef826a07fba232a1c2d2a85c925a",
+ "sample_size": 602776,
+ "sample_type": "Binary/None",
+ "sha1": "6483ff3e2772cdf76f2cd42ca6fbeceefef2cd11",
+ "sha256": "7d4e80b40e9d60cbf5eef552c67de1bfa7c92c9a79a3f90f363662fb6be4cb64"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "34f9effcf15b5d9024eac98c1949fc16",
+ "sample_size": 568,
+ "sample_type": "Binary/None",
+ "sha1": "7b02c7f4556225f372287618e3ff106c823b7a2e",
+ "sha256": "c5a5bb7fef76d5d08e3268e0b4878c2505ed0199b605534861a6515bf78a0f10"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveMedTile.contrast-white_scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "d75944f683f11b95b7bf4af112e27cb5",
+ "sample_size": 3576,
+ "sample_type": "Binary/None",
+ "sha1": "6dffe111ed011b6113032c777ffdf0c03716211f",
+ "sha256": "5bf86a0650586d243f02bd8e311b66b28c957a20f62cab327e30a7d7d4c26bec"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "icon_128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
+ "md5": "c1219038364d783af4d36168b44564d4",
+ "sample_size": 4400,
+ "sample_type": "Binary/None",
+ "sha1": "80ec255a6f61d2e3537b7fbb14e17a7933f4a86d",
+ "sha256": "574484a87104a7e4cac31593eed5ede17b15ff6ab50577ee1ca4142a095d1f31"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "aeb763fb.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "md5": "6eb6947ee33408d5304d723261fd84b5",
+ "sample_size": 11008,
+ "sample_type": "Binary/None",
+ "sha1": "b2b441f97062dffd2de4bebe6b916676e9dc887f",
+ "sha256": "b87ebaa2bd92d2eaf88fae26fc7afb602bf0d941b929c756e4bb8010ab376b55"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveMedTile.scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "5fcdbc5ff3d4a169869a0e05fbfff1db",
+ "sample_size": 3264,
+ "sample_type": "Binary/None",
+ "sha1": "72aef388bda0e55752c0bd12173c9ed7e53153e8",
+ "sha256": "870332619c3d0843cf701643f627c77c2da756b70eaee2aab791ce221c15eb16"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "icon_16.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "md5": "935bf747c27c9076f53c9122bd89c396",
+ "sample_size": 200,
+ "sample_type": "Binary/None",
+ "sha1": "1ec0fc4890af3a14b5a82085e765f2065565a683",
+ "sha256": "247f6d66c9010bd9d40a35914fcf8280e4f5f8d2b022e42bd2bb80a19a32b447"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "0c3a2f0b[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "e7aee7adafeb069be0f0eca63557d06b",
+ "sample_size": 17488,
+ "sample_type": "Binary/None",
+ "sha1": "5ac62172528b725e4f125e1ce9f6e5bb6cc14637",
+ "sha256": "0a66b70be34e9c9a91b6687586fbec04fba6502ba63b63eebfbf991713de15bc"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "favicon[2].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "md5": "9fd12d1f546213fa9fb56d811fc6733b",
+ "sample_size": 40,
+ "sample_type": "Binary/None",
+ "sha1": "c8527ee841ae3ac9c87ab9ceb41595e85fc387c7",
+ "sha256": "d3de682693639cb4973d2c051f56f8e166eebf88650bd608046e400f2adce744"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "Microsoft Visual C++ 2010 x86 Redistributable Setup_20190219_161639532-MSI_vc_red.msi.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "md5": "f1b84725c606be70377ccdaafd8f9987",
+ "sample_size": 282672,
+ "sample_type": "MZ/DOS",
+ "sha1": "0d6a91a9336839e641e426cac352a163af2699d1",
+ "sha256": "1496a0d2ad712cc91ffe7a7676f77cbf1d7e563690b622b21e547050b24e8099"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "craw_background.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
+ "md5": "572611e65e675c06df25b8b9e9bc9972",
+ "sample_size": 544680,
+ "sample_type": "Binary/None",
+ "sha1": "8f41732d61c789d38efbf3625fe521e5a0698578",
+ "sha256": "bfaafb3d3a52260fdf08722d1200a664f317b6416ac9f3e27fc7e036b49eaa0d"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "27a24753[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "ec9976585cd7a7004ab0c694c555645b",
+ "sample_size": 51128,
+ "sample_type": "MZ/DOS",
+ "sha1": "d573108be58563176f95737e773b43ffacfd608d",
+ "sha256": "85d9a94ab35fb1781a0e3ab7d7fa555dccf0cbcec83c2ba63cd38dbced51dafc"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveMedTile.contrast-black_scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "247d8435213797e046e04542a847086e",
+ "sample_size": 3264,
+ "sample_type": "Binary/None",
+ "sha1": "c469b0ac04db1e34bf8ee389ef116a32b35b424a",
+ "sha256": "b1b95a75abe1c41ec890e5e49e6bbb56eb3eec7f3515b1a623bff5a8cc7fc85c"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "43db4db3[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "389f3114d26e841ff94c382d1ebd90d6",
+ "sample_size": 50056,
+ "sample_type": "Binary/None",
+ "sha1": "51c35183d8b8df135aaf0e7644ca295aec397e22",
+ "sha256": "2e943d6c7ca2822981c24f7fba74f9163ab946f78286643c41935d81ac69e88e"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "icon_16.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "md5": "451196cd8196be321b42de5235a3ba4a",
+ "sample_size": 184,
+ "sample_type": "Binary/None",
+ "sha1": "0f1bf87249c279f1c0ebbbaf530c4418cb04e034",
+ "sha256": "d19297c9dc4ef556dc0154f45449bf2df31bf328728361992f92e6aba1119900"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "8fce0f3.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "md5": "4e84a4dfbd89b3c7d95c7db50eaecf94",
+ "sample_size": 4304,
+ "sample_type": "Binary/None",
+ "sha1": "5009e1f3e850f11c6ed67ad5eef2b28ca2991035",
+ "sha256": "d353b9c16661e02a4ebcbff2b2ce0d2cad7a61b886c7120a3abba23315045c70"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "dd_vcredistUI7855.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "md5": "afd55a4bb073b78b938caec26331328c",
+ "sample_size": 48776,
+ "sample_type": "Binary/None",
+ "sha1": "ce13f4a96e4ff0c8adf200d3daecbf89423f890c",
+ "sha256": "53eab4144250f1b4a5bdcdad2fa24a50ffcba91f7771fa5864103175cfb39357"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.3_0",
+ "md5": "93d73ad36b24abc404ee16e856c98e0c",
+ "sample_size": 2048,
+ "sample_type": "Binary/None",
+ "sha1": "381ec2722edb4a96517b34fa027231c545b76600",
+ "sha256": "95856cc9e8f9e76dcf619432261836ee55070c3c85de2d91270e99da1466c06e"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "dd_vcredistUI19D2.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "md5": "a8c35e68f70762fa6b68d862872fcbc9",
+ "sample_size": 16488,
+ "sample_type": "Binary/None",
+ "sha1": "d773ea536cbc14a839b897d0fd1ea2b6a05df2da",
+ "sha256": "7dfdda2fdb85b1d9c9ab41fe90ec288a322d4ab315e4bd6c1f9c0cd5eb54c769"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "main.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.2_0",
+ "md5": "8ad83bdb282a752774ce2c649f58c6b6",
+ "sample_size": 136,
+ "sample_type": "Binary/None",
+ "sha1": "29246027450a8321d6b58bf6dcf806908a6a248b",
+ "sha256": "b85080fb4d9e5b8e80ad84beb70575c86e561dffb7e3a1f5b8dd75aeffa5140c"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveMedTile.contrast-white_scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "4c9cf795c25f7d3ef2a0e16f14df0c4b",
+ "sample_size": 1536,
+ "sample_type": "Binary/None",
+ "sha1": "3b36a6166bb0229a2d724197f666709cfb388c3b",
+ "sha256": "9654f6e16e208fd22ee8cc7d3a79e95d00aa1d5715b424f1ddaf4e1101ea1d1d"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "e4c56fb2caf54ab588f86012f7a4ebcb.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "md5": "cd3bf48fe89eaab163521494811e8e3a",
+ "sample_size": 2152,
+ "sample_type": "Binary/None",
+ "sha1": "052dfddb6942c075ab580d9a4b4400fee705ec26",
+ "sha256": "32b00e3d2df12c68de72f21b0f12e1396123b185fa7650ac4ba3686377e4ec8f"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "eventpage_bin_prod.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "md5": "5f05faaa8ca8b9f63d66686fa8f6a2d2",
+ "sample_size": 67840,
+ "sample_type": "Binary/None",
+ "sha1": "24cda9620a69dd3f2c8ddc8eda8cb6c25ba35527",
+ "sha256": "a22ab5067e71e8515ef53f213c18c8ea6fffdc40907f6ebaf3173f7eae62f0f0"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "5fc0968a.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "md5": "5e518df1358f3c40a7b57580eb7257dd",
+ "sample_size": 4992,
+ "sample_type": "Binary/None",
+ "sha1": "ae37f94443a1e6712b253a2d703c988bb483fd0d",
+ "sha256": "9fb39f5b62b17fcde2062ba2376ef2da2ba374cdd45e2c00462255aec60d61af"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "96c26e78[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "37114fef115cb2ed08cd0f9b345f1e32",
+ "sample_size": 43168,
+ "sample_type": "Binary/None",
+ "sha1": "bb819a6224ca85de5812f6ff927b7f130bc68d57",
+ "sha256": "a6a5d21058a3c3d597b79b9a73766613392fc89a7d4cf1b3bc00d0a20f9aa970"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "f60c0b47[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "5a9c32cd6aa4a8059fe10b7eb2db952a",
+ "sample_size": 145336,
+ "sample_type": "Binary/None",
+ "sha1": "0d4b62a96c330b95c9f500aaec284fb16b058755",
+ "sha256": "532f10c33703d669cbbf121fa3df1ac171598462d5b2355587dc4fa4bb387b55"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "dd_vcredistMSI19D2.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "md5": "046f80b68972d227bc9761cbb3b328af",
+ "sample_size": 594368,
+ "sample_type": "Binary/None",
+ "sha1": "5b4bb44e4fa62b70fb0a9ce1c7b3506c8a003dbf",
+ "sha256": "f2179daae61a0156c9b8660219fb79e937bacbb7f5b1804a439b9b0c3a63c24a"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "dd_vcredistMSI7855.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "md5": "b79bfca58696d6c4e617f9f24188379e",
+ "sample_size": 437288,
+ "sample_type": "Binary/None",
+ "sha1": "845e71c1a5062801cc5251bdd4495c4cb2d41a87",
+ "sha256": "b997a76aa655b6522ff1552903852ba0f2a841bc437a1ac435040942692ad335"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "results.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "md5": "2be26715fff522c284757591383563f5",
+ "sample_size": 408,
+ "sample_type": "Binary/None",
+ "sha1": "a5782d3406871597a93ca5db6e553f494a6ceb9f",
+ "sha256": "40f23832591bccdf371281ca477d0c8565f6936a3dba60f5a1480843cf0ae46c"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "versionlist.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\VersionManager",
+ "md5": "d092fa8ca010bb11e39acbd03e662757",
+ "sample_size": 15888,
+ "sample_type": "Binary/None",
+ "sha1": "063790bb844fea1d7df7fe3371dd48368a659201",
+ "sha256": "2944acc8a14a38b3b296b8c8b60aacf345791cd45ae53b113680cc14e0d0109c"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "431acc73d0187c752f5885ebf2df90c0.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "md5": "1e6bdf606f79b90d31db13b27ccb90a4",
+ "sample_size": 23280,
+ "sample_type": "Binary/None",
+ "sha1": "28a7c5940a6a9e4847bbc1e15044aad6939c3ca8",
+ "sha256": "cfc933e6a9a22b13be626c1b89817ae3902010056297fc98b426f620d6186d8d"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "dd_vcredistUI1AE4.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "md5": "0fdf5855b9f6b532d2fbcf7d484661fb",
+ "sample_size": 17704,
+ "sample_type": "Binary/None",
+ "sha1": "9038a5bcd8cbb6e55608d8a3778aaf6c6b19bf53",
+ "sha256": "8c1a4f3fe574ad92a8403dd2377e5ad14f7e92e5b02193515a55186ad44d8d1d"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "4254396c.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "md5": "16369b79366cb7d430fcc726c3453e68",
+ "sample_size": 7168,
+ "sample_type": "Binary/None",
+ "sha1": "d6f775178d4b9bbec785239b736812507aa5756c",
+ "sha256": "11cdcbad487130180708f1d7eec185abf32c7cf11c6f7682fb8303867ab04ad5"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "craw_background.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0",
+ "md5": "59615a45baf4b6f17eb8becbb83180b7",
+ "sample_size": 1125672,
+ "sample_type": "Binary/None",
+ "sha1": "ea5320776b1d876fe06fbd613444b265269e9100",
+ "sha256": "34e01a6383ba30d207db4acd8460cc639c92d8d706db34bfc51d41a268d9366d"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "icon_16.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.5_0\\images",
+ "md5": "7df0aefb5e3a9891d4d0324bb55160bf",
+ "sample_size": 600,
+ "sample_type": "Binary/None",
+ "sha1": "f192a94ad0f034a845cc70d0a0f9e9e6247d8cbb",
+ "sha256": "759ec4130d4e540008e6251e045f74045a9740f165550ea030f8dcb91f7c583d"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "iecompatdata.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\IECompatData",
+ "md5": "e4f592dcc034071595e3f158a5eebb26",
+ "sample_size": 3088,
+ "sample_type": "Binary/None",
+ "sha1": "4a633bbbbcee2cfa86529b1579216edf84e4b90b",
+ "sha256": "849e396249ee666d9c6494c3a6d30eecb1bb5f6ffec21e9f247b7ced6d8ed8c6"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "359d2aee[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "31110da299b757c6ec7830fa2c9b0bbb",
+ "sample_size": 45552,
+ "sample_type": "Binary/None",
+ "sha1": "e8044ce1811f2bd09ae762f7d430b07e6763bccb",
+ "sha256": "92d8aee5cb4ed2c4d656555b950f99da3e0dad58f8ec9b59ec8c8e45c3bb3268"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "windows-systemtoast-securityandmaintenance_249_0.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",
+ "md5": "f2acf779e0e88b1af4e4e0e260352215",
+ "sample_size": 6912,
+ "sample_type": "Binary/None",
+ "sha1": "6325305921a90fbbd03a4c5ec36dd2690b71c066",
+ "sha256": "a6a87c90f3c3d71fc92ae42aa8e0a698e5844e8dc8a7664f71c725de6149f75e"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "37fc5a635536e0154fd470188398495d",
+ "sample_size": 1816,
+ "sample_type": "Binary/None",
+ "sha1": "4e9032f05c6aa1f644505d52221fb03b5e170cbc",
+ "sha256": "bd0a110924f0dfafeddf9928cb597341c705de9d16241a009df812794c470cb9"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "294af3d2.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "md5": "b302731aed58e4c0010e8eeaa9bb0526",
+ "sample_size": 28424,
+ "sample_type": "Binary/None",
+ "sha1": "91a96684fb2e6a595a65ff0c3dacd98e29b745fe",
+ "sha256": "dcc24bf4ca2d5b5b9b3759231d40acc398ae21b9e57a962d34adf27eac13273e"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveSmallTile.scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "0b7dd69e946bf68b5973a2bae2bbb1ba",
+ "sample_size": 456,
+ "sample_type": "Binary/None",
+ "sha1": "54eb411141ee6e92d3b58356a0529d78b1037871",
+ "sha256": "2fce72876814d37c34f79ffac69af154a341805c6a9b2bcb7e27762fe17a17bd"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "OldConvergedLogin_PCore[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\D4PT37GU",
+ "md5": "f1c950df414b39a4234487ec4a049117",
+ "sample_size": 495688,
+ "sample_type": "Binary/None",
+ "sha1": "15e55a75ede32d5bcde9134ca91fe328d252afec",
+ "sha256": "3aceb6bd2c8923d9de905245b911809fbcffffec1057001d999d651f50150de1"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "69958a21[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "md5": "4e7f63d8ea0e2874dc8ad0a92200bea6",
+ "sample_size": 19744,
+ "sample_type": "Binary/None",
+ "sha1": "c0c04507730528eb3f24f854cba1158190907515",
+ "sha256": "e1f9dd09dbb932d1fdf48b7127f0d41617478884b4b2c1535fd56d11b2564d94"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "DefaultLayouts.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Shell",
+ "md5": "4fdcf5ab2ab77b52ef1d78429f0b9680",
+ "sample_size": 117984,
+ "sample_type": "Binary/None",
+ "sha1": "21e58b701c576c50dc23b1ac32cc397b17a071e3",
+ "sha256": "74740695bfe7f01229b9cf0974c8befc0d57d4fb7b48c0dcadd895a95c4b670e"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "b8aa184e[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "md5": "4812e4a1a8fb84956fd58127ed8656eb",
+ "sample_size": 8088,
+ "sample_type": "Binary/None",
+ "sha1": "b248228ff726952e4ed1dcb878a6b9ff9db2df87",
+ "sha256": "81a33ec80de85d61b11fe8bfdc6bfe8d0a8a4ac5e2397b77aca89f23b02be63c"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "AudioDiagnostic.debugreport.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "md5": "a3118a7583c761552f8a572c9beb4020",
+ "sample_size": 1928,
+ "sample_type": "Binary/None",
+ "sha1": "e6bc3034f7ccc9d7945aa54cc2db8a8921b5b5fc",
+ "sha256": "8ae64eff7b15b210bf84e00dca58ae97d7ee89b989112d944fcfff9aa09a0c1d"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "2743db28[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "md5": "677adc6c52f023021e74ca4668fa07dd",
+ "sample_size": 60608,
+ "sample_type": "Binary/None",
+ "sha1": "4f9fb27b3c52b87e94365f5080d951890784fa0d",
+ "sha256": "594047be386159fb08e3f5e14694b1fc43aaffddb87da7009f7bf459bf0a6327"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "77bd7d79a8085eb77940a02509ee42c2",
+ "sample_size": 640,
+ "sample_type": "Binary/None",
+ "sha1": "621608c0b7837ef66088cf257dabe63b5c7eb1dc",
+ "sha256": "a810391f3eda00f4c046dbc7935583c81058488a83b8b7f7d0a0141f2ef5dded"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "69958a21[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "md5": "d650c03d787d50179ce996c40fbe51b6",
+ "sample_size": 19744,
+ "sample_type": "Binary/None",
+ "sha1": "3eaf0b29378ec1a3955524a179c5716189a5b684",
+ "sha256": "530b9bad325f95bd9fef6bbdd84f1d57ac7c3630c1d99c4a32cc7ca1c3f51d75"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "dbef2181[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "4def1df093b64417f134feb8ed537632",
+ "sample_size": 202280,
+ "sample_type": "MZ/DOS",
+ "sha1": "22578a8f9dcbe963f9e917be803600157e63316d",
+ "sha256": "48d80ed7eab7ce55cc26b6656e85d2bf42df26c57436c37d451dfbb58edd91f5"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "settings-tipset[2].xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "md5": "5c7b93e262e1148a1610a460248282ac",
+ "sample_size": 13088,
+ "sample_type": "Binary/None",
+ "sha1": "6aa768dd4287cdc2acd709c84ac2358670867531",
+ "sha256": "ae7474ec4d1d223883075d9ba1ae5b61410a636607a20ac1a67e8a4835a68594"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveSmallTile.scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "9c3769d42552d74cd9563e4397df953f",
+ "sample_size": 568,
+ "sample_type": "Binary/None",
+ "sha1": "79144194348d946c474a2a41bf0443d2271bd1b0",
+ "sha256": "c04607bf7a99b076554c90dbbd31211d917f917b07aa502602dc11dc304be426"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "windows-systemtoast-securityandmaintenance_244_0.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\ActionCenterCache",
+ "md5": "042f3f7051400be6225403c38d5ca761",
+ "sample_size": 6912,
+ "sample_type": "Binary/None",
+ "sha1": "9eace6a447c9ccb26e04b6d891fe38b6ab65baa2",
+ "sha256": "44c145e6e295db5de7e8f32075efdf855cb6efb0eca6d846647ce81abea62dd0"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveSmallTile.scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "a10124346cd37ab580fff5885cef7f64",
+ "sample_size": 1760,
+ "sample_type": "Binary/None",
+ "sha1": "19ccb040e728e8088d2a9f151efe2debc4266fc8",
+ "sha256": "c7e9e31f02efe55cc86a1ee337451fbac66ea9523083cecad9f86159fcaf4ae8"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveMedTile.scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "498426e565663659c128d8c54e567ad0",
+ "sample_size": 1032,
+ "sample_type": "Binary/None",
+ "sha1": "a0d8945bc01b472c2a30f99d6895b99c6b53bd56",
+ "sha256": "e7c1806d95847e9a7a6431919174a6d0e459b8254897eaece0f4ed806ceca2d7"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "craw_window.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0",
+ "md5": "7ea1fe84f8e7e1031eb4c5a0226ec129",
+ "sample_size": 261360,
+ "sample_type": "MZ/DOS",
+ "sha1": "15ee2e40ece2a798b1546d7ab1d8d663d7433cde",
+ "sha256": "ae808cfd2b4b72211081d61c51f7357ae48100c736245b4c6997f415c679576c"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "au-descriptor-1.8.0_301-b09.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "md5": "7ef45d1855f09d9384592a98d9497d36",
+ "sample_size": 6872,
+ "sample_type": "Binary/None",
+ "sha1": "9cf7f8283d53fea7d6194bd7d419cc45cfe882ef",
+ "sha256": "7691ddc4b20872cc4fe578a3d2bd2bde762e25d28e31a113f8fdab300f7865ad"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "favicon[2].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\UN1OD6EF",
+ "md5": "929e48893dc76ab164266341a0869742",
+ "sample_size": 40,
+ "sample_type": "Binary/None",
+ "sha1": "e4a741ad48ac4f02af884afcebd3337775adc003",
+ "sha256": "fc4628e372e5a9fcbcc6cde7ea5a93490defaacbed27b920fb3cfc1d3f15b413"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "510dd5a4.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "md5": "f4c019ff11de2e2ecb6d2d7b61791295",
+ "sample_size": 4824,
+ "sample_type": "Binary/None",
+ "sha1": "e05386026212cb23df3048c5ca0f84b215f15eeb",
+ "sha256": "2b8d29e1b059318cae19e4673dc96740766aed3e527054d8f745c5a8a7b1345b"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveMedTile.contrast-black_scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "ba40cf8c5ea609d6922bdb1a2acaf162",
+ "sample_size": 888,
+ "sample_type": "Binary/None",
+ "sha1": "a8927145e363b241c40ea6a56923edf4d5afc0be",
+ "sha256": "7680aa3c3d5fc4844a42360608c1bfc1c3f308ce2b05056df863ab1d43ce4d34"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "fc1bc750e18d84dc0a7768e8c5e460f8",
+ "sample_size": 456,
+ "sample_type": "Binary/None",
+ "sha1": "c142ee490d65e9e5cbb3528011ebdeda4ddb6a99",
+ "sha256": "39f3d2243aa846422aba64d09d2cd892cd71640a683b416275138db9d249506f"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "a9486108724e44ae4e34492b400fcd5c.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "md5": "252bb7de542545dfb4cce9c798f26708",
+ "sample_size": 216,
+ "sample_type": "Binary/None",
+ "sha1": "18a852ac71eb44fae7f0cbc5df0c921f83c88eb7",
+ "sha256": "5143c004a913bc2ee5a5a47c7a9c2602c1591e61d6d2ad79149c1b96418d96c6"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveMedTile.contrast-white_scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "fdbe2f8e6bb0bc6f13e9ba7de127b938",
+ "sample_size": 840,
+ "sample_type": "Binary/None",
+ "sha1": "7f640b86ecb8b90ad8ccba86279709b10fadbd02",
+ "sha256": "fa1a99b5adadf817366970a495796083f891c8c75b68a91d2ade31471420473c"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "11ee0799[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "11d24636f4f8690e8a4b21b8dc8b9263",
+ "sample_size": 6736,
+ "sample_type": "Binary/None",
+ "sha1": "2165c2bce110c048cd023d3ee5dbf7f2e2472015",
+ "sha256": "977165d2068a5e16ce2786a0df02926c2066afa78d82d020757c029a9942e408"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "0283bc6ed838ac25a3c5f51b1bc5fb04.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "md5": "31aac22eff6e46771d211a5d49223d86",
+ "sample_size": 480,
+ "sample_type": "Binary/None",
+ "sha1": "b0c50ab7d36cd113fd6778e31a6caf66a341914f",
+ "sha256": "a44c985a385a38870430bb3a1acefa4c88fc0a0e347af70d2c44c0ebf793a9b7"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "045d3532[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "80b95150365d9945113ae84132ca4656",
+ "sample_size": 6624,
+ "sample_type": "Binary/None",
+ "sha1": "cbbe8513449c0e6c99c83b5c48f7aa094cd4533b",
+ "sha256": "234180167dd909b27f14590c5b886395fbd94043123968350d2ecd18965e7e56"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "ResultReport.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\ElevatedDiagnostics\\2550435360\\2018101000.000",
+ "md5": "8ca04f866369ff8e654adba9a883bfaa",
+ "sample_size": 13240,
+ "sample_type": "Binary/None",
+ "sha1": "8ea767bdcbde3f642507d5b095b738f2000ec6f2",
+ "sha256": "320411c627b6769592dd16c3c5f50743a3e1d83de7b6d749678200ff8431f206"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "8636b4dd[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "93146a2a52df6698a2a2affb6a68cce1",
+ "sample_size": 94864,
+ "sample_type": "Binary/None",
+ "sha1": "25a945fc24b40bdeecfb7b3637c604b755bf46f2",
+ "sha256": "c27953331b91537c59b3ac27df83b7725fe7cf0a80d427a34b9aec4e977bc840"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "2743db28[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "06502812d1f19fbd8e89cb26df9cd202",
+ "sample_size": 60608,
+ "sample_type": "Binary/None",
+ "sha1": "60eb7b5e82a6ea51e7a093f6d688c70a1222bce1",
+ "sha256": "8d2e250d12981c3fdcec9588b811bbdd5975b75a9129f97eb7c0ba951c38929a"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "e8706bfdcb263e00a8e0e39a5c30138a",
+ "sample_size": 856,
+ "sample_type": "Binary/None",
+ "sha1": "e91983447c0b061c85155918a8bbbbc4b8987ee0",
+ "sha256": "acb3935d288b844ee7c369c33cdca40aa1f4fcdc5ea6e3515bb3bb7806d1b8b6"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "57dd04e6549c40d01e720bdabc1043f0",
+ "sample_size": 840,
+ "sample_type": "Binary/None",
+ "sha1": "3772e998860eaddd2d7deef800fabeb9e7c2fd05",
+ "sha256": "ddb99874f5f70307fcc29de98d91d7fd5007ae0ed236175ecf80a052c00dcc6a"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "10379681[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "e07cf30bc6dcf8b3ca40b118ca1dfb13",
+ "sample_size": 186360,
+ "sample_type": "Binary/None",
+ "sha1": "452f6fd4b74073d44a21137f4bb8bef9647af4eb",
+ "sha256": "cda8f3e1341c03ed4b722b07352f338d5f1413a28880377e3f20d6d44e0a338f"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "page_embed_script.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "md5": "a7436bf8f31a3eee05f1e31a7f91de97",
+ "sample_size": 272,
+ "sample_type": "Binary/None",
+ "sha1": "ed603dd763a7a54781635ac09c3442c64720df6d",
+ "sha256": "33f4d0b61f9e3e9db9a9b66af44bd6294bc9fcd09d2ba1cbaa38d0f9b2768f4d"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "update100[1].xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "md5": "055979ca19e35a07ff5368ed745a4b34",
+ "sample_size": 440,
+ "sample_type": "Binary/None",
+ "sha1": "90dcbf789fce28217831968fd6e660d33aa0a3b8",
+ "sha256": "bf0c22c59b3cde7b98b981a156d409ecde6a1ee16f2fb1b5c6072816155198b5"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "b11b460a.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "md5": "4edb7f04e98a708a840903a468578e72",
+ "sample_size": 6696,
+ "sample_type": "Binary/None",
+ "sha1": "616ef5737391057802f647d711be1032e50dda86",
+ "sha256": "962078dc3a9344f67d20094030d41097e6fa6769fc16308c5a3d21e07fafb612"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "icon_128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images",
+ "md5": "3a65714dbdc3bf377717b92670488c04",
+ "sample_size": 4400,
+ "sample_type": "Binary/None",
+ "sha1": "557bcd5e61b743fe6364c37d0ec1e984baaa0005",
+ "sha256": "62da8741a0412f792d166c932818d8819c567c8655ac4cd6a4ee1bf757862719"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveMedTile.contrast-black_scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "7465b00a991482c48ab94a7d9b1a7f12",
+ "sample_size": 1032,
+ "sample_type": "Binary/None",
+ "sha1": "866d84683251060f63132a8b6f17c1b8963342b6",
+ "sha256": "d79e4ee7b51d36f426da2812764def96374d2a100e9e854001e4a5cb6e0621f9"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "dd_vcredistUI7869.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "md5": "1b8e0116f32bfdb2677d3a4a706c42e1",
+ "sample_size": 48760,
+ "sample_type": "Binary/None",
+ "sha1": "1c12f99eb64bbaa35a7a7077d1e6f3416af1a6c7",
+ "sha256": "e4eea66b1a39ae947bcdbdf2ee70511f0c4c928939f6bea368b8b5bae6fb4857"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "main.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "md5": "a17307f63fa8051f2410c364483a005c",
+ "sample_size": 136,
+ "sample_type": "Binary/None",
+ "sha1": "3ae5d8d7ebbd15d106e922cc24e24ceffb633bdc",
+ "sha256": "633d899390a88d215a707f9ac8d2f420bbbee9b42509085a67d2df2ca639521b"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "favicon[1].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "md5": "151b9771e5c54de479ef601172d1cb8a",
+ "sample_size": 40,
+ "sample_type": "Binary/None",
+ "sha1": "f5ef9b6332f22e06cc92a66a3fe0556d852ecde3",
+ "sha256": "95ea22b51823ba7a0782b2d1621e52bc61ec59cd77c8520e7048f90021805fec"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "ConvergedLoginPaginatedStrings.EN[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "md5": "47ee05edcd2985f2f9b37b46995e91f8",
+ "sample_size": 16832,
+ "sample_type": "Binary/None",
+ "sha1": "9c950970bbe53af6a2e4105509bf63f929004967",
+ "sha256": "54f1d70272f65be6f30475d09d0296118ac7535304b64be0fb8e56a8379d2262"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveMedTile.scale-200.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "a4cdfded9999609b13f567b9abdca09e",
+ "sample_size": 1432,
+ "sample_type": "Binary/None",
+ "sha1": "d39f80120e4b89d1ec8473b5c7c3691621f4c052",
+ "sha256": "5f88cd5e9a2da00c86dac5fe1e521f4d414b57141d512eaf158210d2b35a52d7"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "Microsoft Visual C++ 2010 x64 Redistributable Setup_20190219_161802569-MSI_vc_red.msi.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "md5": "12bc084aa65cea691856687bd24be209",
+ "sample_size": 267704,
+ "sample_type": "Binary/None",
+ "sha1": "82fdd277a9c934b54fb7ecd15d0690de230f1f21",
+ "sha256": "671e294fee1958b2e4a3488b7b23b48444b1a412d5b658612c107cd5d45ce44a"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "brndlog.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer",
+ "md5": "2dce03d6f12b9aa2ceced062fe2a4f4c",
+ "sample_size": 6616,
+ "sample_type": "Binary/None",
+ "sha1": "7e4878709b7399709794b5c1599be4b0b6b2aa58",
+ "sha256": "4ee13fc40d486d58ba4c1a822d7ca7ab7d9c8e71acce2545df3bba027f9d1e77"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "dd_vcredistMSI1AE4.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Temp",
+ "md5": "420cdaa2ff2acab7627fdc0301f16539",
+ "sample_size": 575880,
+ "sample_type": "Binary/None",
+ "sha1": "5ab1fe1328bf46a87082f9cf53376d203dc7cf82",
+ "sha256": "33294bd0818565341fafd9597df9798ce4ffbaab53ba8c8fa8c9a2037ab3a3da"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "e3f307cb[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "4a8d7af27b5ba442db67c064f43038fb",
+ "sample_size": 18792,
+ "sample_type": "Binary/None",
+ "sha1": "ae857cd9c3fc36d3e5e33f39c8704e083cddc61b",
+ "sha256": "9d7a91015126bffc9539927c9d6db88cb10c1f39f95b2fa32b56ed3079c175b6"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "a0d3923c[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "e0718a483e7d768283b0e0ac3640ceca",
+ "sample_size": 50056,
+ "sample_type": "Binary/None",
+ "sha1": "315dffff6bcbcf45afdd69db8fbfc7d9cb5699d7",
+ "sha256": "c9b3c9a43d035e4df20434b961be4e7145d707b4e74ab50ecad7dee2f51e5570"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "48a99eae[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "12f9a9e22d69c62af264f3334cf3388d",
+ "sample_size": 15936,
+ "sample_type": "Binary/None",
+ "sha1": "3a706bd69071705a75b8cfe181338c0631754753",
+ "sha256": "e4ee33d6bf0e3c9f11e3c7f6c3d9e583a4c8a97197e22333360329d179ae9c5c"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "53c747e0[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "80b14bb0b0f538dbd63f16d7d7a1e84a",
+ "sample_size": 121792,
+ "sample_type": "Binary/None",
+ "sha1": "b8c134781f78505e3cd9b6fe28102931454ff373",
+ "sha256": "919a3c467dace737d06216bfa6bd204ab3a579bf718b2715465957a041bddb63"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveMedTile.scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "042765ea2c848946cd6cf46805cf1910",
+ "sample_size": 888,
+ "sample_type": "Binary/None",
+ "sha1": "ccd2737dbd16a4b3b8169e603494573fff504615",
+ "sha256": "b8f6c6edc87ed84caaf7650de7ef8e48ce64be8b967821399f1c0df7151cdce0"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "3a8048a4[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "md5": "7f580de257940186f6f546e58130b4da",
+ "sample_size": 6688,
+ "sample_type": "Binary/None",
+ "sha1": "079c8d881d119c48663fc40ec070318bdc4e91cb",
+ "sha256": "72bd6c36682e755ae05b71e1c0b728b0d402bdf177c0ba51fa797569106c7c60"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "b8aa184e[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "md5": "fc99216ba55779d2f15cdd70889ecdb7",
+ "sample_size": 8088,
+ "sample_type": "Binary/None",
+ "sha1": "dab18bca7b7a0165ae3365257df5b04e65262236",
+ "sha256": "fe82e9550513e5b56f5d14df5b006e562fb93e82741864935c026d5ac7975b59"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "5e0abf48[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "383cfd704983453395837c3260c47519",
+ "sample_size": 217520,
+ "sample_type": "Binary/None",
+ "sha1": "da1aa3240abebbee4867cb0847dd2effea029915",
+ "sha256": "0c88e173940e9d5fa0f6f4415b1e923bc3b64b6d2d99278546f4f200f54fe5aa"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.14.0_0",
+ "md5": "91003e8dd47506884950c059dfe83305",
+ "sample_size": 5024,
+ "sample_type": "Binary/None",
+ "sha1": "10c5656ac1811c9f9799c3e048f9a5062436cca6",
+ "sha256": "7fde761cac5e8b747c2199fdc841b815a32de5721f642e113b5dd86b0fe4723f"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "3417f6c5[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "23be67f65b755c61fbe4c4e42f608452",
+ "sample_size": 32048,
+ "sample_type": "Binary/None",
+ "sha1": "aa1f4f0156c2b7d19697c2c6f16bfab6dbd99948",
+ "sha256": "182c2f4432ecfb03b4e8e7c1f9e5fc3ddc4705771bfe38679187f93fb6720fe7"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "da083887.jpg.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "md5": "0b72c7eb4b0328a4a14eb51f7f85aa11",
+ "sample_size": 3976,
+ "sample_type": "Binary/None",
+ "sha1": "96ad8b669212b2a7bef3b49ac1892f0490266642",
+ "sha256": "a723221ae2d3eace81b4f532dfcc7ae5a52c413cf6a82c570b64154459867f1a"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveMedTile.contrast-black_scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "b040472bfcdb96c5973f17c9023cdaa7",
+ "sample_size": 696,
+ "sample_type": "Binary/None",
+ "sha1": "4a3b9942545ba7c435b94714b68a3ed9d83891d6",
+ "sha256": "09cf28d3fe3c4d3205f57cb2734f2ae3a43428f61875214c0ae671e6110208fb"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "b8275b23[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "md5": "493f912aca198b3228cb876eaef0b87a",
+ "sample_size": 1712,
+ "sample_type": "Binary/None",
+ "sha1": "d1d46bb41c8f30b9be2d0c0c634f374388c6a65b",
+ "sha256": "95e8834f479dff5f649296ee7e0e11ceef277fc9c94f2cc182ef0dbc14d4acde"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-400.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "c89b784ffd40a5407045b81e54d8b6de",
+ "sample_size": 1760,
+ "sample_type": "Binary/None",
+ "sha1": "fa48f21feb7586a360d049032e17b7b050203524",
+ "sha256": "3b0c4f178608e04b332a30bd401f2af380bb3bf681b8a47628fd16b8b73207e4"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "IECompatData.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat",
+ "md5": "22268c9882f7870ebad2d81bcb969c24",
+ "sample_size": 65232,
+ "sample_type": "Binary/None",
+ "sha1": "9b4c7c64d3bddf13ffd9be53d146e06797848680",
+ "sha256": "a955326dfd0a10aacd446e0ac565536adcba79f81063f1b2eeffa6b112c7a8e1"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "424a9e57[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "44bdb068c76b48be9b626fc8d53da937",
+ "sample_size": 1352,
+ "sample_type": "Binary/None",
+ "sha1": "950f55eff463bfdb2da622bdaa960fe507485056",
+ "sha256": "3a66f1f7f0c1385eaa499ca5b52287ba3ea87dda6ed61a4c39d131c694eabe26"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "Converged_v21033[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\4D014F2L",
+ "md5": "c2fd0baa69cd8930cf3d0b508b73aeee",
+ "sample_size": 102048,
+ "sample_type": "Binary/None",
+ "sha1": "a037ea2f2863810aa232554518e7d223fe18adf8",
+ "sha256": "975be5b63f6876ca7d9489f58829d1e57c176e2b667d82ac20181e5f96e4d8a3"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "SettingsCache.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\LocalState\\DeviceSearchCache",
+ "md5": "74abce8048d0c92fb14b89ce0e236fd2",
+ "sample_size": 413096,
+ "sample_type": "Binary/None",
+ "sha1": "5ce40e038bfc7d963f00dce2401c3cb61999e64d",
+ "sha256": "2b84282fb5545fbdad7f6d875941dc2ef34fd9bc0d1d4992c8b0fc99c0e318a6"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "eventpage_bin_prod.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.31.0_0",
+ "md5": "313c37344f68927144dbce6909c9d666",
+ "sample_size": 63696,
+ "sample_type": "Binary/None",
+ "sha1": "630f25a0a9322df5fc5e472ee6deca68a923317a",
+ "sha256": "7d69397aca155491f922be30b0e4b45beecc6e702fc2166f53ab167d99f7114f"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "chrome_shutdown_ms.txt.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data",
+ "md5": "df6fe268cad8f4939c32b06a0abe7f19",
+ "sample_size": 48,
+ "sample_type": "Binary/None",
+ "sha1": "9c36e34d37d519632dda3471cc95672155d88bc4",
+ "sha256": "db52e07dd8418f4416368c29dbf702d96787187dcc73936720b79f6c5a614918"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "icon_16.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "md5": "1aec73c6d3ab5d31021b71fa49175742",
+ "sample_size": 200,
+ "sample_type": "Binary/None",
+ "sha1": "9c4dfd46c967b4d078096006ea7e3fcd1c6656a9",
+ "sha256": "06b7b84792faf07102d9301dac706b819229019cf4a404aab342ec6554ca7ab3"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "main.js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "md5": "15a12b338ab8e37a70179ac0196005d6",
+ "sample_size": 128,
+ "sample_type": "Binary/None",
+ "sha1": "dd1ccc68a494c4efcfad248f602e595f0a62fd17",
+ "sha256": "e6ee456a7ecf12f8aad5371b510a52a6b00461f38f85bb99b25c92ae460d6152"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "icon_128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.10_0",
+ "md5": "72b565d8e27c7f6e8f824edf4c2741b7",
+ "sample_size": 3256,
+ "sample_type": "Binary/None",
+ "sha1": "e8e5ad08fb7ff37f002f7f8da31dec14fd01c2f1",
+ "sha256": "41658e881219b8c18169a9519140dafaca62356a4c6aca5f5855abbadefb48ef"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "known_providers_download_v1[1].xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "md5": "3ad3468603637756e1ac2c6d534e52ed",
+ "sample_size": 90560,
+ "sample_type": "Binary/None",
+ "sha1": "e20cc6b3d65b5162274b74511b394d80bef4293c",
+ "sha256": "250e9ff13f1ffb7881393e1a9f2cd154e8b5291e6b1840f25e0f5f8c77a45461"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.2_0",
+ "md5": "88cc0dec6b76bb2789778c36adc80fdf",
+ "sample_size": 6200,
+ "sample_type": "Binary/None",
+ "sha1": "83c83400a498e4eba5b2da21ec3b3508f3314410",
+ "sha256": "71569d1bdefecf24258f2ee116087530bb25222ded656de089bb517d7905c8b1"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveMedTile.contrast-white_scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "6e09d57e9030879e4aaa34910b36e340",
+ "sample_size": 704,
+ "sample_type": "Binary/None",
+ "sha1": "acbfaa3f2edca3de19b3dffd8e17ffc9c362193d",
+ "sha256": "23a76eaeb542e6e67693dbda0755d6d922b3f3ca7980b99c8f872de4f1997a8f"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "favicon[3].png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\INetCache\\IE\\OKRRD7HH",
+ "md5": "d7bd02610fcc71c45f5e2ee00df76abb",
+ "sample_size": 40,
+ "sample_type": "Binary/None",
+ "sha1": "a12eb2e41914203b301fdf6d52b9b39ac30cbc74",
+ "sha256": "40ed7f02069b3d3870fe1278a38bc7a906885e8723add3edecec0e48f754cdac"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveSmallTile.contrast-white_scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "6aae4a11bed8b5e51294257edbbd5a60",
+ "sample_size": 456,
+ "sample_type": "Binary/None",
+ "sha1": "64d5df6ff114e7341b5249b732ce50b75b5edf68",
+ "sha256": "8c68ef438206dfdddfd1b46bfc240bd7db14dc3ce9e35f26fa1976ef8408dce7"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "69958a21[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "md5": "58a393fcb834452becebb25bf8f590e4",
+ "sample_size": 19744,
+ "sample_type": "Binary/None",
+ "sha1": "f505c74651244ee53c924bd0ee3679c85f30ec08",
+ "sha256": "8fdc3d08d1439d1e5f645a55f02fb04cf8316b4a2896fc660699e89f4584c4fe"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "fd45bf1d[1].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "73f05774175a20c682c97aca14781fa5",
+ "sample_size": 20440,
+ "sample_type": "Binary/None",
+ "sha1": "3fbc2a901967b5b318cb2cf89fa8c0542972a4a5",
+ "sha256": "e32e6d608013aa31de3e787364ab62f572ca521d9568f4ecec913b5070f35983"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "icon_128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.10_0",
+ "md5": "93ac1853398516b8d864f29923f86db5",
+ "sample_size": 3416,
+ "sample_type": "Binary/None",
+ "sha1": "69e335e3d341d0f493dacf24523e58259543ee0d",
+ "sha256": "820609c73845d598617cbdb51c90d25a10b700c38eabdedf658b33680991d5f2"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "a2f17337[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "md5": "852e6a5320cc53474a9c258f5a88f741",
+ "sample_size": 368,
+ "sample_type": "Binary/None",
+ "sha1": "0568c07b33ac6e7afccaf2574baf6963cc64e016",
+ "sha256": "d4572e3b98cec4a63eee74404f747dddcffd11a1742b73435b1d98d9156764a7"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveMedTile.contrast-white_scale-125.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "78264d49a16bd764070085d3c8ed7c55",
+ "sample_size": 912,
+ "sample_type": "Binary/None",
+ "sha1": "6120b002921d7bee8a3c6e4fb9f2f1afe6f2bd75",
+ "sha256": "097af61fcba9ea3a2faca29787af80f2cfd428f11d0449774635b2d0641429e2"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "2743db28[2].css.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UX2RPJX1",
+ "md5": "8444dc6cc0ed42c4f1c36c4258b50096",
+ "sample_size": 60608,
+ "sample_type": "Binary/None",
+ "sha1": "9cdfd384657bdbdc6558e11435175d6c224cbadf",
+ "sha256": "daca8e23a066ab3acfbffaf9843e5ce9ab84e81578b0c77c6869cbf1c34efba3"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "03cedd2d[1].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\BQSGXLXT\\16",
+ "md5": "7ea0bd08d8c028cc6cbb3df59d49dc86",
+ "sample_size": 41792,
+ "sample_type": "Binary/None",
+ "sha1": "796b3157b699d144715b3cf2f9b98c329720e1c6",
+ "sha256": "5b82f902396ae6c2466178f0308a4d0d3c0e895aa2e8637f2bb197f1b34f7904"
+ },
+ {
+ "classification": "MALICIOUS",
+ "file_name": "181f4d7eabe2d441119af774407152dd.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\o7z2wmgq.default\\thumbnails",
+ "md5": "3df1fafd008f58bd7cbce8c5ab84eb81",
+ "sample_size": 50328,
+ "sample_type": "Binary/None",
+ "sha1": "0163ac925a57abd5f687816498c6ca7fd319f1f7",
+ "sha256": "a1ec1ab23fa76fc0e047c066aae7747b2f9236e0efc18488a1baa18fde5c89a5"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDrive.VisualElementsManifest.xml.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive",
+ "md5": "06986325a06d0b2a0c6c6786b0c3caf5",
+ "sample_size": 384,
+ "sample_type": "Binary/None",
+ "sha1": "80a78acb248504ceec7b7b91019b6dd75215e195",
+ "sha256": "356b96b572afbe40e91842210cf61717309208a9e168fac82a35e5849b7717ad"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "b8275b23[2].js.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCache\\UHJKI8DD",
+ "md5": "e32144c93f15d3cf960bbb70e53f2505",
+ "sample_size": 1712,
+ "sample_type": "Binary/None",
+ "sha1": "fb52d3516f5f27e6284e2669c88ba6a67070cc66",
+ "sha256": "0195455b13996e7b4e3fef659c6568f96157cd84a4b5cbfd4bab72d2f69e5b46"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveSmallTile.contrast-black_scale-150.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "0111627d1aab907332da307cb4ac5ceb",
+ "sample_size": 632,
+ "sample_type": "Binary/None",
+ "sha1": "b57814bee6620538c64a6d80c74397883c1863a6",
+ "sha256": "16a4112aa612f8d72eb52c0795625404e3ebbefb6bd9dcf8248d0e296aba909c"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "248aaea9.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Notifications\\wpnidm",
+ "md5": "76a333bdafc772b8da3cb292ff4103a1",
+ "sample_size": 9656,
+ "sample_type": "Binary/None",
+ "sha1": "bf1900d599c530742f0156ab21b7cc9d0fb492c0",
+ "sha256": "7fac5b99b80d77f55f936474fdb8e8ed63f1d3cc2ba04695893a6ead430f993e"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "OneDriveMedTile.scale-100.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\OneDrive\\LogoImages",
+ "md5": "1b90920f77e45538be049469419c1e1f",
+ "sample_size": 696,
+ "sample_type": "Binary/None",
+ "sha1": "74aad3ae8f55db81a493111561f308afa18e60b0",
+ "sha256": "c5bbde7ef7748193d6bdd93f9cb6e86a55a10b9ca2c48c4c61376e6d5ca9df03"
+ },
+ {
+ "classification": "UNKNOWN",
+ "file_name": "128.png.toxcrypt",
+ "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.5_0",
+ "md5": "913510d99a80b9d2103dc5ed77de9572",
+ "sample_size": 3952,
+ "sample_type": "Binary/None",
+ "sha1": "9cad1d7e6bccb750654e3cf1f380107069819cfd",
+ "sha256": "0d5832acad5a8b492e13167bf128826173624184a95053b8bdfd8735a3f743c4"
+ }
+ ],
+ "md5": "d5720ea13de22edcbe76d20c7908c0bf",
+ "memory_strings": "https://bucket.reversinglabs.com/rl-cloud-sandbox-memstrings-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_9665584d-57d9-4f8a-b63b-5c762b37fc33_memstrings_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20230607%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230607T150641Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=ee5ea869e113ae10e0527e84622c7a2ec1c218ea425cdfa502b73231191550df",
+ "mitre_attack": {
+ "matrix_list": [
+ {
+ "name": "Enterprise",
+ "tactics": {
+ "tactic_list": [
+ {
+ "id": "TA0005",
+ "name": "Defense Evasion",
+ "techniques": {
+ "technique_list": [
+ {
+ "id": "T1055",
+ "name": "Process Injection"
+ },
+ {
+ "id": "T1027",
+ "name": "Obfuscated Files or Information"
+ },
+ {
+ "id": "T1036",
+ "name": "Masquerading"
+ },
+ {
+ "id": "T1027.002",
+ "name": "Software Packing"
+ }
+ ]
+ }
+ },
+ {
+ "id": "TA0007",
+ "name": "Discovery",
+ "techniques": {
+ "technique_list": [
+ {
+ "id": "T1083",
+ "name": "File and Directory Discovery"
+ },
+ {
+ "id": "T1082",
+ "name": "System Information Discovery"
+ },
+ {
+ "id": "T1124",
+ "name": "System Time Discovery"
+ },
+ {
+ "id": "T1518.001",
+ "name": "Security Software Discovery"
+ }
+ ]
+ }
+ },
+ {
+ "id": "TA0002",
+ "name": "Execution",
+ "techniques": {
+ "technique_list": []
+ }
+ },
+ {
+ "id": "TA0011",
+ "name": "Command and Control",
+ "techniques": {
+ "technique_list": [
+ {
+ "id": "T1573",
+ "name": "Encrypted Channel"
+ }
+ ]
+ }
+ },
+ {
+ "id": "TA0010",
+ "name": "Exfiltration",
+ "techniques": {
+ "technique_list": []
+ }
+ },
+ {
+ "id": "TA0004",
+ "name": "Privilege Escalation",
+ "techniques": {
+ "technique_list": [
+ {
+ "id": "T1547.001",
+ "name": "Registry Run Keys / Startup Folder"
+ }
+ ]
+ }
+ },
+ {
+ "id": "TA0003",
+ "name": "Persistence",
+ "techniques": {
+ "technique_list": [
+ {
+ "id": "T1176",
+ "name": "Browser Extensions"
+ }
+ ]
+ }
+ },
+ {
+ "id": "TA0009",
+ "name": "Collection",
+ "techniques": {
+ "technique_list": [
+ {
+ "id": "T1185",
+ "name": "Man in the Browser"
+ },
+ {
+ "id": "T1560",
+ "name": "Archive Collected Data"
+ },
+ {
+ "id": "T1056",
+ "name": "Input Capture"
+ },
+ {
+ "id": "T1005",
+ "name": "Data from Local System"
+ }
+ ]
+ }
+ },
+ {
+ "id": "TA0040",
+ "name": "Impact",
+ "techniques": {
+ "technique_list": []
+ }
+ },
+ {
+ "id": "TA0006",
+ "name": "Credential Access",
+ "techniques": {
+ "technique_list": [
+ {
+ "id": "T1003",
+ "name": "OS Credential Dumping"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "network": {
+ "url": [
+ {
+ "source": "memory",
+ "url": "http://127.0.0.1:90500123456789ABCDEF"
+ },
+ {
+ "source": "memory",
+ "url": "http://dist.torproject.org/torbrowser/4.5.1/tor-win32-0.2.6.7.zip"
+ },
+ {
+ "source": "memory",
+ "url": "http://search.live.com/results.aspx?q="
+ },
+ {
+ "source": "memory",
+ "url": "http://gcc.gnu.org/bugs.html):"
+ },
+ {
+ "source": "memory",
+ "url": "http://curl.haxx.se/docs/http-cookies.html"
+ }
+ ]
+ },
+ "optional_parameters": "internet_simulation=false",
+ "pcap": "https://bucket.reversinglabs.com/rl-cloud-sandbox-pcap-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_9665584d-57d9-4f8a-b63b-5c762b37fc33_pcap_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20230607%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230607T150640Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=2d949896392b6a7e6100b7e4528496dde102a782cae48e33434188ea087bf217",
+ "platform": "windows10",
+ "process_tree": [
+ {
+ "name": "rl_file.exe",
+ "parameters": "C:\\Users\\user\\Desktop\\rl_file.exe",
+ "parent_process_id": 3812,
+ "process_id": 3080
+ },
+ {
+ "name": "rl_file.exe",
+ "parameters": "\"C:\\Users\\user\\Desktop\\rl_file.exe\" ",
+ "parent_process_id": 3080,
+ "process_id": 3668
+ },
+ {
+ "name": "Tox.exe",
+ "parameters": "\"C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Tox.exe\" ",
+ "parent_process_id": 3812,
+ "process_id": 1568
+ }
+ ],
+ "risk_score": 96,
+ "screenshots": "https://bucket.reversinglabs.com/rl-cloud-sandbox-screenshots-prod/21841b32c6165b27dddbd4d6eb3a672defe54271_9665584d-57d9-4f8a-b63b-5c762b37fc33_screenshots_windows10.7z?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=8WrLFV1jWsk6RFDt%2F20230607%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230607T150641Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=d815f79993cb3bd0939551ce8b200ef8b1ddd636564b999c9ded4c481f9c3b79",
+ "sha1": "21841b32c6165b27dddbd4d6eb3a672defe54271",
+ "sha256": "0b5225517dcd1faf1de7b9c770baedbe000f8f2eacc22e8759970e26d446ec19",
+ "signatures": [
+ {
+ "description": "Reads ini files",
+ "risk_factor": 5,
+ "sig_id": 1257
+ },
+ {
+ "description": "Creates a start menu entry (Start Menu\\\\Programs\\\\Startup)",
+ "risk_factor": 7,
+ "sig_id": 1376
+ },
+ {
+ "description": "Disables application error messages (SetErrorMode)",
+ "risk_factor": 5,
+ "sig_id": 1397
+ },
+ {
+ "description": "Contains functionality to enumerate / list files inside a directory",
+ "risk_factor": 5,
+ "sig_id": 1088
+ },
+ {
+ "description": "Found inlined nop instructions (likely shell or obfuscated code)",
+ "risk_factor": 7,
+ "sig_id": 1537
+ },
+ {
+ "description": "Creates temporary files",
+ "risk_factor": 5,
+ "sig_id": 1276
+ },
+ {
+ "description": "Tries to harvest and steal browser information (history, passwords, etc)",
+ "risk_factor": 8,
+ "sig_id": 1272
+ },
+ {
+ "description": "Sample reads its own file content",
+ "risk_factor": 5,
+ "sig_id": 1571
+ },
+ {
+ "description": "URLs found in memory or binary data",
+ "risk_factor": 5,
+ "sig_id": 357
+ },
+ {
+ "description": "Uses an in-process (OLE) Automation server",
+ "risk_factor": 5,
+ "sig_id": 1458
+ },
+ {
+ "description": "Sample is packed with UPX",
+ "risk_factor": 5,
+ "sig_id": 1366
+ },
+ {
+ "description": "Creates a DirectInput object (often for capturing keystrokes)",
+ "risk_factor": 7,
+ "sig_id": 1339
+ },
+ {
+ "description": "Stores files to the Windows startup directory",
+ "risk_factor": 7,
+ "sig_id": 1352
+ },
+ {
+ "description": "Creates a process in suspended mode (likely to inject code)",
+ "risk_factor": 7,
+ "sig_id": 1790
+ },
+ {
+ "description": "Spawns processes",
+ "risk_factor": 5,
+ "sig_id": 1271
+ },
+ {
+ "description": "Creates mutexes",
+ "risk_factor": 5,
+ "sig_id": 1150
+ },
+ {
+ "description": "Detected crypto function",
+ "risk_factor": 7,
+ "sig_id": 1826
+ },
+ {
+ "description": "Sample is known by Antivirus (Virustotal or Metascan)",
+ "risk_factor": 5,
+ "sig_id": 1532
+ },
+ {
+ "description": "Contains functionality to register its own exception handler",
+ "risk_factor": 5,
+ "sig_id": 1094
+ },
+ {
+ "description": "Classification label",
+ "risk_factor": 5,
+ "sig_id": 420
+ },
+ {
+ "description": "Uses 32bit PE files",
+ "risk_factor": 7,
+ "sig_id": 621
+ },
+ {
+ "description": "Contains functionality to query local / system time",
+ "risk_factor": 5,
+ "sig_id": 1103
+ },
+ {
+ "description": "Multi AV Scanner detection for dropped file",
+ "risk_factor": 10,
+ "sig_id": 1524
+ },
+ {
+ "description": "Drops PE files",
+ "risk_factor": 7,
+ "sig_id": 1167
+ },
+ {
+ "description": "Multi AV Scanner detection for submitted file",
+ "risk_factor": 10,
+ "sig_id": 362
+ },
+ {
+ "description": "Contains functionality to query CPU information (cpuid)",
+ "risk_factor": 7,
+ "sig_id": 1326
+ },
+ {
+ "description": "Drops PE files to the startup folder (C:\\\\Documents and Settings\\\\All Users\\\\Start Menu\\\\Programs\\\\Startup)",
+ "risk_factor": 8,
+ "sig_id": 1378
+ },
+ {
+ "description": "Creates files inside the user directory",
+ "risk_factor": 5,
+ "sig_id": 1145
+ },
+ {
+ "description": "Reads software policies",
+ "risk_factor": 5,
+ "sig_id": 1460
+ },
+ {
+ "description": "Overwrites Mozilla Firefox settings",
+ "risk_factor": 8,
+ "sig_id": 1382
+ },
+ {
+ "description": "Installs a chrome extension",
+ "risk_factor": 7,
+ "sig_id": 1393
+ },
+ {
+ "description": "Writes many files with high entropy",
+ "risk_factor": 8,
+ "sig_id": 2072
+ }
+ ],
+ "threat_names": [
+ {
+ "threat_name": "Unknown"
+ }
+ ]
+ },
+ "requested_hash": "21841b32c6165b27dddbd4d6eb3a672defe54271"
+ }
+ }
+ }
+}
+```
+
+#### Human Readable Output
+
+>Full report is returned in a downloadable file
+
+### reversinglabs-titaniumcloud-certificate-analytics
+
+***
+Retrieve certificate analytics.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-certificate-analytics`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| certificate_thumbprint | Hash string. | Required |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.certificate_analytics | Unknown | |
+
+#### Command example
+```!reversinglabs-titaniumcloud-certificate-analytics certificate_thumbprint="86900D438047F6D00ACE379C6E68A9461BA36ACD152C9E82EDDBE87B331F3E4A"```
+#### Context Example
+```json
+{
+ "InfoFile": {
+ "EntryID": "7632@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
+ "Info": "text/plain",
+ "Name": "Certificate Analytics report file for thumbprint 86900D438047F6D00ACE379C6E68A9461BA36ACD152C9E82EDDBE87B331F3E4A",
+ "Size": 11882,
+ "Type": "ASCII text, with very long lines"
+ },
+ "ReversingLabs": {
+ "certificate_analytics": {
+ "rl": {
+ "certificate_analytics": {
+ "certificate": {
+ "certificate_thumbprints": [
+ {
+ "name": "MD5",
+ "value": "76cc8c2a0859c683eb494eb4f161ed79"
+ },
+ {
+ "name": "SHA1",
+ "value": "03addd4d8bb9c4eb53a49d734a3fa622f35ac4f4"
+ },
+ {
+ "name": "SHA256",
+ "value": "86900D438047F6D00ACE379C6E68A9461BA36ACD152C9E82EDDBE87B331F3E4A"
+ }
+ ],
+ "common_name": "OOO \"Industry\"",
+ "extensions": [
+ {
+ "is_critical": "False",
+ "name": "X509v3 Authority Key Identifier",
+ "value": "keyid:1E:C5:B1:2C:7D:87:DA:02:68:7C:25:BC:0C:07:84:3F:B6:CF:DE:F1\n"
+ },
+ {
+ "is_critical": "False",
+ "name": "X509v3 Subject Key Identifier",
+ "value": "3A:32:1F:B5:2F:91:3A:5A:5F:2C:09:7B:74:6C:0C:95:0C:8B:A3:7E"
+ },
+ {
+ "is_critical": "True",
+ "name": "X509v3 Key Usage",
+ "value": "Digital Signature"
+ },
+ {
+ "is_critical": "True",
+ "name": "X509v3 Basic Constraints",
+ "value": "CA:FALSE"
+ },
+ {
+ "is_critical": "False",
+ "name": "X509v3 Extended Key Usage",
+ "value": "Code Signing"
+ },
+ {
+ "is_critical": "False",
+ "name": "Netscape Cert Type",
+ "value": "Object Signing"
+ },
+ {
+ "is_critical": "False",
+ "name": "X509v3 Certificate Policies",
+ "value": "Policy: 1.3.6.1.4.1.6449.1.2.1.3.2\n CPS: https://secure.comodo.net/CPS\n"
+ },
+ {
+ "is_critical": "False",
+ "name": "X509v3 CRL Distribution Points",
+ "value": "\nFull Name:\n URI:http://crl.comodoca.com/COMODOCodeSigningCA2.crl\n"
+ },
+ {
+ "is_critical": "False",
+ "name": "Authority Information Access",
+ "value": "CA Issuers - URI:http://crt.comodoca.com/COMODOCodeSigningCA2.crt\nOCSP - URI:http://ocsp.comodoca.com\n"
+ },
+ {
+ "is_critical": "False",
+ "name": "X509v3 Subject Alternative Name",
+ "value": "email:igorv@ooo-industry.ru"
+ }
+ ],
+ "issuer": {
+ "certificate_thumbprints": [
+ {
+ "name": "MD5",
+ "value": "db84b1a0715cfd1e33d1935ddc9beb4e"
+ },
+ {
+ "name": "SHA1",
+ "value": "b64771392538d1eb7a9281998791c14afd0c5035"
+ },
+ {
+ "name": "SHA256",
+ "value": "8EF8F2565BE30E7CE7BA6302BB18B42A3ACD148A0DDB4779E4C03E862F39589B"
+ }
+ ],
+ "common_name": "COMODO Code Signing CA 2",
+ "extensions": [
+ {
+ "is_critical": "False",
+ "name": "X509v3 Authority Key Identifier",
+ "value": "keyid:DA:ED:64:74:14:9C:14:3C:AB:DD:99:A9:BD:5B:28:4D:8B:3C:C9:D8\n"
+ },
+ {
+ "is_critical": "False",
+ "name": "X509v3 Subject Key Identifier",
+ "value": "1E:C5:B1:2C:7D:87:DA:02:68:7C:25:BC:0C:07:84:3F:B6:CF:DE:F1"
+ },
+ {
+ "is_critical": "True",
+ "name": "X509v3 Key Usage",
+ "value": "Certificate Sign, CRL Sign"
+ },
+ {
+ "is_critical": "True",
+ "name": "X509v3 Basic Constraints",
+ "value": "CA:TRUE, pathlen:0"
+ },
+ {
+ "is_critical": "False",
+ "name": "X509v3 Extended Key Usage",
+ "value": "Code Signing"
+ },
+ {
+ "is_critical": "False",
+ "name": "X509v3 Certificate Policies",
+ "value": "Policy: X509v3 Any Policy\n"
+ },
+ {
+ "is_critical": "False",
+ "name": "X509v3 CRL Distribution Points",
+ "value": "\nFull Name:\n URI:http://crl.usertrust.com/UTN-USERFirst-Object.crl\n"
+ },
+ {
+ "is_critical": "False",
+ "name": "Authority Information Access",
+ "value": "CA Issuers - URI:http://crt.usertrust.com/UTNAddTrustObject_CA.crt\nOCSP - URI:http://ocsp.usertrust.com\n"
+ }
+ ],
+ "issuer": {
+ "certificate_thumbprints": [
+ {
+ "name": "MD5",
+ "value": "ff5fbc4290fa389e798467ebd7ae940b"
+ },
+ {
+ "name": "SHA1",
+ "value": "8ad5c9987e6f190bd6f5416e2de44ccd641d8cda"
+ },
+ {
+ "name": "SHA256",
+ "value": "2CF1EC6AB594113BD538DF6D5C940E3319B424F8756D975888072C6AB558B771"
+ }
+ ],
+ "common_name": "UTN-USERFirst-Object",
+ "extensions": [
+ {
+ "is_critical": "False",
+ "name": "X509v3 Authority Key Identifier",
+ "value": "keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A\n"
+ },
+ {
+ "is_critical": "False",
+ "name": "X509v3 Subject Key Identifier",
+ "value": "DA:ED:64:74:14:9C:14:3C:AB:DD:99:A9:BD:5B:28:4D:8B:3C:C9:D8"
+ },
+ {
+ "is_critical": "True",
+ "name": "X509v3 Key Usage",
+ "value": "Certificate Sign, CRL Sign"
+ },
+ {
+ "is_critical": "True",
+ "name": "X509v3 Basic Constraints",
+ "value": "CA:TRUE"
+ },
+ {
+ "is_critical": "False",
+ "name": "X509v3 Certificate Policies",
+ "value": "Policy: X509v3 Any Policy\n"
+ },
+ {
+ "is_critical": "False",
+ "name": "X509v3 CRL Distribution Points",
+ "value": "\nFull Name:\n URI:http://crl.usertrust.com/AddTrustExternalCARoot.crl\n"
+ },
+ {
+ "is_critical": "False",
+ "name": "Authority Information Access",
+ "value": "OCSP - URI:http://ocsp.usertrust.com\n"
+ }
+ ],
+ "issuer": "AddTrust External CA Root",
+ "serial_number": "421AF2940984191F520A4BC62426A74B",
+ "signature": "4D422FA6C18AEB07809058468CF81939662A3C5A2C6DCFD4D987558D790B12887B408FD5C7F84B8D551663ADB757DC3B2BBDD3C14F1E03874B449BE3E2404526F326492B6A84F1547AD442DAFCD36ABB667ECA9EEAE9BBDC07C7C3924E833C81499F92D53209EA492EA111719A36D2C54E68B6CB0E1B2516AF6CDE5D76D81F72B193268617DB18DEAF45E9DFFB98AF1418EDA45EF6899445F055044ADDFF27DD064A40F6B4BCF1E40F9902BBFD5D0E2E28C1BE3B5F1A3F971084BC163ED8A39C631D66CB5C5FDA3EF30F0A093522DBDBC03F00F9E60D5D67D1FDA01E032BD940F7BECC87665480A6A3B8F51962D5D226B19826EE9ACB44A7455A8195151AF551",
+ "signature_algorithm": "sha1WithRSAEncryption",
+ "valid_from": "Jun 7 08:09:10 2005 GMT",
+ "valid_to": "May 30 10:48:38 2020 GMT",
+ "version": "2"
+ },
+ "serial_number": "10709D4FF55408D7306001D8EA9175BB",
+ "signature": "9589779368015E7CD92D3707905D5A425E0C64B436B50FF6ABD53927DE2246A4491C664B4619592E794903F69C92DF6D50355C0C912E600359D0F164F76909F67EFEEB34B36DB1BF669CA3BA3178B98735613D92311BEFF4E89ED6AC45FA0C363C8067BBBDEF2EC290E13D712F3BC1B0587E45C352710307F6F3394D8B36211B01DFD9DA5E2BEB0E97801E441C5088F5C612334AA84DA58D2F940C7BC6BF9A2CC332CDBD8C2726F0E13003500682BCF43BB3837506C6EFBAEED380F852C6ACCB79F2389E7BB09258429105C89621ADB94B16811469F137B0FE34F7DCB0DF97F543109B768FB465F5E89F13B71EAC6FC4698A5FBA3C617E5E498623132EAF1548",
+ "signature_algorithm": "sha1WithRSAEncryption",
+ "valid_from": "Aug 24 00:00:00 2011 GMT",
+ "valid_to": "May 30 10:48:38 2020 GMT",
+ "version": "2"
+ },
+ "serial_number": "D139BDA20096871840DCE08E6A80B6F0",
+ "signature": "2F5083FC3924FBE3509C294E8DE25499D771A7A554DED358DC05629AFE99803F4BC8DCC436BF0C7CA97015BA2FFD80EFC4D0BDB6E39F375296ECDDCDE3CA0B5033C649B38ECF57761DA6DEA2868D0286EA481177EE6D0D0C1B7B041BB890ECD6CE1FF93EC608F06A4D53C17DCBA4EA5E8894ABADDCFD670B9C3E4E4F0870AC7BB619E3ECE42971FE8FF0AFDE6578892802FC6C9C96DFF767FE2F52EA197C58B5B86C76110CFA05EC019C6FC589B32284D54F4734A21313EDB3970B2820FB6D05EAA5228E7D5035B27AF3B14285225B71F6C3441E7E53631B8C9508F4006E1A464D6DB91E2E8CC7D3B336926812E5356BD8B8B839BFBC990C9A21B1AC17780C39",
+ "signature_algorithm": "sha1WithRSAEncryption",
+ "valid_from": "Aug 2 00:00:00 2012 GMT",
+ "valid_to": "Aug 2 23:59:59 2015 GMT",
+ "version": "2"
+ },
+ "certificate_first_seen": "2012-09-13T08:57:00",
+ "classification": {
+ "status": "undefined"
+ },
+ "statistics": {
+ "known": 2,
+ "malicious": 6082,
+ "suspicious": 142,
+ "total": 6226,
+ "unknown": 0
+ }
+ },
+ "request": {
+ "response_format": "json",
+ "thumbprint": "86900D438047F6D00ACE379C6E68A9461BA36ACD152C9E82EDDBE87B331F3E4A"
+ }
+ }
+ }
+ }
+}
+```
+
+#### Human Readable Output
+
+>Full report is returned in a downloadable file
+
+### reversinglabs-titaniumcloud-yara-ruleset-actions
+
+***
+Perform various YARA ruleset actions.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-yara-ruleset-actions`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| yara_action | YARA ruleset action. Possible values are: CREATE RULESET, DELETE RULESET, GET RULESET INFO, GET RULESET TEXT. | Required |
+| ruleset_name | Name of the YARA ruleset. | Required |
+| ruleset_text | Text of the YARA ruleset. | Optional |
+| sample_available | Return only samples that are available for download to the user. Must be boolean. | Optional |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.create_yara_ruleset | Unknown | |
+| ReversingLabs.delete_yara_ruleset | Unknown | |
+| ReversingLabs.get_yara_ruleset_info | Unknown | |
+| ReversingLabs.get_yara_ruleset_text | Unknown | |
+
+#### Command example
+```!reversinglabs-titaniumcloud-yara-ruleset-actions ruleset_name=SuperHunt yara_action="GET RULESET INFO"```
+#### Context Example
+```json
+{
+ "ReversingLabs": {
+ "get_yara_ruleset_info": {
+ "approved": true,
+ "ruleset_name": "SuperHunt",
+ "valid": true
+ }
+ }
+}
+```
+
+#### Human Readable Output
+
+>{
+> "approved": true,
+> "ruleset_name": "SuperHunt",
+> "valid": true
+>}
+
+### reversinglabs-titaniumcloud-yara-matches-feed
+
+***
+Returns a recordset of YARA ruleset matches in the specified time range.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-yara-matches-feed`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| time_format | Define the time format that is used. Possible values are: utc, timestamp. | Required |
+| time_value | Time value in the defined format. | Required |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.yara_matches_feed | Unknown | |
+
+#### Command example
+```!reversinglabs-titaniumcloud-yara-matches-feed time_format=timestamp time_value=1686149726```
+#### Context Example
+```json
+{
+ "ReversingLabs": {
+ "yara_matches_feed": {
+ "rl": {
+ "feed": {
+ "entries": [
+ {
+ "file_size": 3276768,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2070668,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2103585,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6c9a7e771632738a4d86e8211be63306b3c31739",
+ "timestamp": 1686149729
+ },
+ {
+ "file_size": 3276768,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2070668,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2103585,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6c9a7e771632738a4d86e8211be63306b3c31739",
+ "timestamp": 1686149729
+ },
+ {
+ "file_size": 700972,
+ "file_type": "Text/TypeScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6427,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 327393,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "22cbdcd8130f2dabaf16cb6a4cdfe8141c8d54d9",
+ "timestamp": 1686149748
+ },
+ {
+ "file_size": 700972,
+ "file_type": "Text/TypeScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6427,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 327393,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "22cbdcd8130f2dabaf16cb6a4cdfe8141c8d54d9",
+ "timestamp": 1686149748
+ },
+ {
+ "file_size": 701035,
+ "file_type": "Text/TypeScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6427,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 327456,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "327da64e3c8bd70b5868a11b90345ffb83faf169",
+ "timestamp": 1686149771
+ },
+ {
+ "file_size": 701035,
+ "file_type": "Text/TypeScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6427,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 327456,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "327da64e3c8bd70b5868a11b90345ffb83faf169",
+ "timestamp": 1686149771
+ },
+ {
+ "file_size": 2495206,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 1508164,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": true,
+ "sha1": "8b16533fe15079a2797c5edb655e7faa0136a2c3",
+ "timestamp": 1686149775
+ },
+ {
+ "file_size": 136068,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 90723,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 126493,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "4b69b90535fffc35b944af09c4fecd1ea45bdf03",
+ "timestamp": 1686149791
+ },
+ {
+ "file_size": 136068,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 90723,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 126493,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "4b69b90535fffc35b944af09c4fecd1ea45bdf03",
+ "timestamp": 1686149791
+ },
+ {
+ "file_size": 89327,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7042,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "9833e067786155c711abd4748f0134dce2a50f70",
+ "timestamp": 1686149812
+ },
+ {
+ "file_size": 89327,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7042,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "9833e067786155c711abd4748f0134dce2a50f70",
+ "timestamp": 1686149812
+ },
+ {
+ "file_size": 60165,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 53034,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 44244,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7",
+ "timestamp": 1686149812
+ },
+ {
+ "file_size": 60165,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 53034,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 44244,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7",
+ "timestamp": 1686149812
+ },
+ {
+ "file_size": 348160,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 37848,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": true,
+ "sha1": "8a5f73ba3d164d764f3247e1a4d8910f1c82118e",
+ "timestamp": 1686149813
+ },
+ {
+ "file_size": 2032952,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1691838,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1680161,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3ef76796bc39440ff9e380ee0870e082a7d4d827",
+ "timestamp": 1686149813
+ },
+ {
+ "file_size": 2032952,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1691838,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1680161,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3ef76796bc39440ff9e380ee0870e082a7d4d827",
+ "timestamp": 1686149813
+ },
+ {
+ "file_size": 152263,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 108863,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 66000,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "672718e4181413228e56e9aca75af311e5113b34",
+ "timestamp": 1686149815
+ },
+ {
+ "file_size": 152263,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 108863,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 66000,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "672718e4181413228e56e9aca75af311e5113b34",
+ "timestamp": 1686149815
+ },
+ {
+ "file_size": 3594552,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2695368,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2746903,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3c1e2700b7b75d6f064f1a4cd92348cbbd12445e",
+ "timestamp": 1686149821
+ },
+ {
+ "file_size": 3594552,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2695368,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2746903,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3c1e2700b7b75d6f064f1a4cd92348cbbd12445e",
+ "timestamp": 1686149821
+ },
+ {
+ "file_size": 629694,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 195141,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 142128,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "689fa08d967cd23c51d86f5f31245b2c4b4cb8f4",
+ "timestamp": 1686149825
+ },
+ {
+ "file_size": 629694,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 195141,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 142128,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "689fa08d967cd23c51d86f5f31245b2c4b4cb8f4",
+ "timestamp": 1686149825
+ },
+ {
+ "file_size": 60165,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 53034,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 44244,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7",
+ "timestamp": 1686149825
+ },
+ {
+ "file_size": 60165,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 53034,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 44244,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7",
+ "timestamp": 1686149825
+ },
+ {
+ "file_size": 7876608,
+ "file_type": "ELF64 Little/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4574372,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4638450,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "be246b1372fc383087a49f7b217d57f60a91282e",
+ "timestamp": 1686149830
+ },
+ {
+ "file_size": 7876608,
+ "file_type": "ELF64 Little/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4574372,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4638450,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "be246b1372fc383087a49f7b217d57f60a91282e",
+ "timestamp": 1686149830
+ },
+ {
+ "file_size": 163095,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 92470,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 152391,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "38351d1f1fd246eed1a5319c70e6db239cf08961",
+ "timestamp": 1686149832
+ },
+ {
+ "file_size": 163095,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 92470,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 152391,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "38351d1f1fd246eed1a5319c70e6db239cf08961",
+ "timestamp": 1686149832
+ },
+ {
+ "file_size": 4435792,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 35519,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 251777,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8c2ac756b84dad335730361f0ae794d427f59ac8",
+ "timestamp": 1686149840
+ },
+ {
+ "file_size": 4435792,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 35519,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 251777,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8c2ac756b84dad335730361f0ae794d427f59ac8",
+ "timestamp": 1686149840
+ },
+ {
+ "file_size": 118346,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 16163,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 93519,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "33b343dbf5e945badbde855fccd9d41cc6721b57",
+ "timestamp": 1686149841
+ },
+ {
+ "file_size": 118346,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 16163,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 93519,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "33b343dbf5e945badbde855fccd9d41cc6721b57",
+ "timestamp": 1686149841
+ },
+ {
+ "file_size": 421625,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 254252,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 61027,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "97de77df7de1563a15054f68142f815b4df26ef8",
+ "timestamp": 1686149841
+ },
+ {
+ "file_size": 421625,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 254252,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 61027,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "97de77df7de1563a15054f68142f815b4df26ef8",
+ "timestamp": 1686149841
+ },
+ {
+ "file_size": 89327,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7042,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6c4a87910eafb345ad3b07f13dced51376ccc93f",
+ "timestamp": 1686149842
+ },
+ {
+ "file_size": 89327,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7042,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6c4a87910eafb345ad3b07f13dced51376ccc93f",
+ "timestamp": 1686149842
+ },
+ {
+ "file_size": 4091720,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1530891,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1420528,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "f0a94f8d3ba71b06bc7a463241233c2db1cf4a36",
+ "timestamp": 1686149842
+ },
+ {
+ "file_size": 4091720,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1530891,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1420528,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "f0a94f8d3ba71b06bc7a463241233c2db1cf4a36",
+ "timestamp": 1686149842
+ },
+ {
+ "file_size": 89327,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7042,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "5c880504fedd3ee67d06ecb36ef7247a6b26cd48",
+ "timestamp": 1686149844
+ },
+ {
+ "file_size": 89327,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7042,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "5c880504fedd3ee67d06ecb36ef7247a6b26cd48",
+ "timestamp": 1686149844
+ },
+ {
+ "file_size": 151754,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 108353,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 65464,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "1a9bc0dd119fa6b5b15042468d54a26cccccbeaa",
+ "timestamp": 1686149844
+ },
+ {
+ "file_size": 151754,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 108353,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 65464,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "1a9bc0dd119fa6b5b15042468d54a26cccccbeaa",
+ "timestamp": 1686149844
+ },
+ {
+ "file_size": 151042,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 107641,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 65289,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d7c4f4ab8fc6682e2ba020664b06cb40ac1436f8",
+ "timestamp": 1686149844
+ },
+ {
+ "file_size": 151042,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 107641,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 65289,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d7c4f4ab8fc6682e2ba020664b06cb40ac1436f8",
+ "timestamp": 1686149844
+ },
+ {
+ "file_size": 6321416,
+ "file_type": "ELF64 Little/SO",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 361578,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 283948,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8cb1f6b4f18c6c55888c7275f54b0f9ca61d4cc7",
+ "timestamp": 1686149845
+ },
+ {
+ "file_size": 6321416,
+ "file_type": "ELF64 Little/SO",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 361578,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 283948,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8cb1f6b4f18c6c55888c7275f54b0f9ca61d4cc7",
+ "timestamp": 1686149845
+ },
+ {
+ "file_size": 7876608,
+ "file_type": "ELF64 Little/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4574372,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4638450,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "be246b1372fc383087a49f7b217d57f60a91282e",
+ "timestamp": 1686149847
+ },
+ {
+ "file_size": 7876608,
+ "file_type": "ELF64 Little/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4574372,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4638450,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "be246b1372fc383087a49f7b217d57f60a91282e",
+ "timestamp": 1686149847
+ },
+ {
+ "file_size": 154712,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 111318,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 68396,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "846e91cbdccfbacf3790aaaa5aad6357394ec328",
+ "timestamp": 1686149848
+ },
+ {
+ "file_size": 154712,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 111318,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 68396,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "846e91cbdccfbacf3790aaaa5aad6357394ec328",
+ "timestamp": 1686149848
+ },
+ {
+ "file_size": 2037575,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 700877,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1730255,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "66ea67dd377be2868f91cada78056d679c37ad14",
+ "timestamp": 1686149849
+ },
+ {
+ "file_size": 2037575,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 700877,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1730255,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "66ea67dd377be2868f91cada78056d679c37ad14",
+ "timestamp": 1686149849
+ },
+ {
+ "file_size": 4435792,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 35519,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 251777,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8c2ac756b84dad335730361f0ae794d427f59ac8",
+ "timestamp": 1686149849
+ },
+ {
+ "file_size": 4435792,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 35519,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 251777,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8c2ac756b84dad335730361f0ae794d427f59ac8",
+ "timestamp": 1686149849
+ },
+ {
+ "file_size": 25735,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 369,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 19182,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "2983e913f00f2919c3ef8af5984fc1d4165ef459",
+ "timestamp": 1686149851
+ },
+ {
+ "file_size": 25735,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 369,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 19182,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "2983e913f00f2919c3ef8af5984fc1d4165ef459",
+ "timestamp": 1686149851
+ },
+ {
+ "file_size": 89327,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7042,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "94d4edb7622aa1bc73976a43641f0f7aa673e515",
+ "timestamp": 1686149851
+ },
+ {
+ "file_size": 89327,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7042,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "94d4edb7622aa1bc73976a43641f0f7aa673e515",
+ "timestamp": 1686149851
+ },
+ {
+ "file_size": 5899328,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3609590,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3648212,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "1e005a0d0a4e445a22845e20f507c9986ab8c981",
+ "timestamp": 1686149855
+ },
+ {
+ "file_size": 5899328,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3609590,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3648212,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "1e005a0d0a4e445a22845e20f507c9986ab8c981",
+ "timestamp": 1686149855
+ },
+ {
+ "file_size": 477009,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 117834,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 179800,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "c4362fdfb7e929c0befe19e1fdbb503e340713ef",
+ "timestamp": 1686149858
+ },
+ {
+ "file_size": 477009,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 117834,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 179800,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "c4362fdfb7e929c0befe19e1fdbb503e340713ef",
+ "timestamp": 1686149858
+ },
+ {
+ "file_size": 146948,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 103548,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 60815,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6aca08c08a657c545ca575cc33e124e0e38f8730",
+ "timestamp": 1686149865
+ },
+ {
+ "file_size": 146948,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 103548,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 60815,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6aca08c08a657c545ca575cc33e124e0e38f8730",
+ "timestamp": 1686149865
+ },
+ {
+ "file_size": 89327,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7042,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "042e4cb27fc3d6fd7c73e3a217a872495a05c90a",
+ "timestamp": 1686149866
+ },
+ {
+ "file_size": 89327,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7042,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "042e4cb27fc3d6fd7c73e3a217a872495a05c90a",
+ "timestamp": 1686149866
+ },
+ {
+ "file_size": 739873,
+ "file_type": "Text/Go",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8970,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 195156,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "2a8b44ff48c01cb281e6fc55079211d061ead5c5",
+ "timestamp": 1686149873
+ },
+ {
+ "file_size": 739873,
+ "file_type": "Text/Go",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8970,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 195156,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "2a8b44ff48c01cb281e6fc55079211d061ead5c5",
+ "timestamp": 1686149873
+ },
+ {
+ "file_size": 1001023,
+ "file_type": "Text/Go",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 12927,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 112532,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "f5d3401062623204bff214eef2887ca59171fc8d",
+ "timestamp": 1686149874
+ },
+ {
+ "file_size": 1001023,
+ "file_type": "Text/Go",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 12927,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 112532,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "f5d3401062623204bff214eef2887ca59171fc8d",
+ "timestamp": 1686149874
+ },
+ {
+ "file_size": 344860,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 12762,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 227575,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "1d8d3cffaf275d88d4fc68ec7eb20b30c03225b0",
+ "timestamp": 1686149875
+ },
+ {
+ "file_size": 344860,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 12762,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 227575,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "1d8d3cffaf275d88d4fc68ec7eb20b30c03225b0",
+ "timestamp": 1686149875
+ },
+ {
+ "file_size": 6738008,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2615445,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2651672,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3ac8e4d7748a9ca0affb66f81978d33e683c4814",
+ "timestamp": 1686149879
+ },
+ {
+ "file_size": 6738008,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2615445,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2651672,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3ac8e4d7748a9ca0affb66f81978d33e683c4814",
+ "timestamp": 1686149879
+ },
+ {
+ "file_size": 89327,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7042,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "dc5645d2051ac4aac468e02b4ebf62628a73605f",
+ "timestamp": 1686149880
+ },
+ {
+ "file_size": 89327,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7042,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "dc5645d2051ac4aac468e02b4ebf62628a73605f",
+ "timestamp": 1686149880
+ },
+ {
+ "file_size": 6343328,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4122595,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4778117,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "2db6a690c35f5f29fc0986760df02acf70d67abf",
+ "timestamp": 1686149881
+ },
+ {
+ "file_size": 6343328,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4122595,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4778117,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "2db6a690c35f5f29fc0986760df02acf70d67abf",
+ "timestamp": 1686149881
+ },
+ {
+ "file_size": 154231,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 110832,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 68406,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3af52ef8aff5735d794cb2611de951f786961c03",
+ "timestamp": 1686149900
+ },
+ {
+ "file_size": 154231,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 110832,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 68406,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3af52ef8aff5735d794cb2611de951f786961c03",
+ "timestamp": 1686149900
+ },
+ {
+ "file_size": 739903,
+ "file_type": "Text/Go",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8970,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 195156,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e4965ce5cd511a3efd00a2caba635bfab3f4e805",
+ "timestamp": 1686149921
+ },
+ {
+ "file_size": 739903,
+ "file_type": "Text/Go",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8970,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 195156,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e4965ce5cd511a3efd00a2caba635bfab3f4e805",
+ "timestamp": 1686149921
+ },
+ {
+ "file_size": 5685433,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 150959,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2075729,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6974c8390c179c1a4a9dca8947a1f2378852faad",
+ "timestamp": 1686149931
+ },
+ {
+ "file_size": 5685433,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 150959,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2075729,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6974c8390c179c1a4a9dca8947a1f2378852faad",
+ "timestamp": 1686149931
+ },
+ {
+ "file_size": 11163136,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 9002020,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8469401,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "07a157e4e612f74d0b01b2844eca8afdc2a43955",
+ "timestamp": 1686149931
+ },
+ {
+ "file_size": 11163136,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 9002020,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8469401,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "07a157e4e612f74d0b01b2844eca8afdc2a43955",
+ "timestamp": 1686149931
+ },
+ {
+ "file_size": 1408268,
+ "file_type": "Text/Go",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8975,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 109800,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "440bb2c50ba55eebe34ef8a4e201a17144bd5bc2",
+ "timestamp": 1686149934
+ },
+ {
+ "file_size": 1408268,
+ "file_type": "Text/Go",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8975,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 109800,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "440bb2c50ba55eebe34ef8a4e201a17144bd5bc2",
+ "timestamp": 1686149934
+ },
+ {
+ "file_size": 2397377,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 91153,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1061201,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6cea94c3692b8930e8a4991d94810f01dffafd47",
+ "timestamp": 1686149935
+ },
+ {
+ "file_size": 2397377,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 91153,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1061201,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6cea94c3692b8930e8a4991d94810f01dffafd47",
+ "timestamp": 1686149935
+ },
+ {
+ "file_size": 22505546,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4456790,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3991479,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8d8af50cf52f96e217de076f925b6bc41f8d0ec5",
+ "timestamp": 1686149935
+ },
+ {
+ "file_size": 22505546,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4456790,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3991479,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8d8af50cf52f96e217de076f925b6bc41f8d0ec5",
+ "timestamp": 1686149935
+ },
+ {
+ "file_size": 42817592,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 30365472,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 40659304,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "ec0c5aca4f523a18a8da158ceaf430bbb0d2d1bb",
+ "timestamp": 1686149945
+ },
+ {
+ "file_size": 42817592,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 30365472,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 40659304,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "ec0c5aca4f523a18a8da158ceaf430bbb0d2d1bb",
+ "timestamp": 1686149945
+ },
+ {
+ "file_size": 31211008,
+ "file_type": "PE+/Exe/QTinstaller",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 16799441,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16899630,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8cd67cceebf916ebc1dfa0f3caac9941d2da7318",
+ "timestamp": 1686149953
+ },
+ {
+ "file_size": 31211008,
+ "file_type": "PE+/Exe/QTinstaller",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 16799441,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16899630,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8cd67cceebf916ebc1dfa0f3caac9941d2da7318",
+ "timestamp": 1686149953
+ },
+ {
+ "file_size": 173951,
+ "file_type": "Text/TypeScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 28226,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3981,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "821e2b1a498b28bc2d01e0dc6ef5c9b533e6cddc",
+ "timestamp": 1686149961
+ },
+ {
+ "file_size": 173951,
+ "file_type": "Text/TypeScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 28226,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3981,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "821e2b1a498b28bc2d01e0dc6ef5c9b533e6cddc",
+ "timestamp": 1686149961
+ },
+ {
+ "file_size": 1001232,
+ "file_type": "Text/Go",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 12927,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 112532,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "81722e46258f2181c4488ed7e4e016465a054df5",
+ "timestamp": 1686149962
+ },
+ {
+ "file_size": 1001232,
+ "file_type": "Text/Go",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 12927,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 112532,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "81722e46258f2181c4488ed7e4e016465a054df5",
+ "timestamp": 1686149962
+ },
+ {
+ "file_size": 1408625,
+ "file_type": "Text/Go",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8975,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 109800,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e497ae5b73b87142c68aa32ca6c8ddc0384a3279",
+ "timestamp": 1686149962
+ },
+ {
+ "file_size": 1408625,
+ "file_type": "Text/Go",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8975,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 109800,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e497ae5b73b87142c68aa32ca6c8ddc0384a3279",
+ "timestamp": 1686149962
+ },
+ {
+ "file_size": 3276768,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2070676,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2103601,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d6a75b67f5d2e46acd4429b58e972867e9cd5d3a",
+ "timestamp": 1686149979
+ },
+ {
+ "file_size": 3276768,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2070676,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2103601,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d6a75b67f5d2e46acd4429b58e972867e9cd5d3a",
+ "timestamp": 1686149979
+ },
+ {
+ "file_size": 91161,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 28849,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 50403,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "9dcc23c9b21440ad706a182c116309563cd3ffdd",
+ "timestamp": 1686149982
+ },
+ {
+ "file_size": 91161,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 28849,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 50403,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "9dcc23c9b21440ad706a182c116309563cd3ffdd",
+ "timestamp": 1686149982
+ },
+ {
+ "file_size": 10193920,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8189124,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8246307,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3d30c8a0198738772f116ae497f63a98e3860397",
+ "timestamp": 1686149986
+ },
+ {
+ "file_size": 10193920,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8189124,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8246307,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3d30c8a0198738772f116ae497f63a98e3860397",
+ "timestamp": 1686149986
+ },
+ {
+ "file_size": 10953728,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8832644,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8334233,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "688225294de1ce81a0b86856e9473a44d79cb2c7",
+ "timestamp": 1686149992
+ },
+ {
+ "file_size": 10953728,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8832644,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8334233,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "688225294de1ce81a0b86856e9473a44d79cb2c7",
+ "timestamp": 1686149992
+ },
+ {
+ "file_size": 13879776,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 9063260,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8955389,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6b2579402e748c7ca1efe1f9bb1829b935e2e7a3",
+ "timestamp": 1686149994
+ },
+ {
+ "file_size": 13879776,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 9063260,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8955389,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6b2579402e748c7ca1efe1f9bb1829b935e2e7a3",
+ "timestamp": 1686149994
+ },
+ {
+ "file_size": 24079793,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18057198,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8412693,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "1f43bab8c6957fa362fb90c9729c1916eab2bcd0",
+ "timestamp": 1686150002
+ },
+ {
+ "file_size": 24079793,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18057198,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8412693,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "1f43bab8c6957fa362fb90c9729c1916eab2bcd0",
+ "timestamp": 1686150002
+ },
+ {
+ "file_size": 6474752,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2533793,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2591846,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "4cde41ec566dfd3b8bc329e318c4f17e2b4f4829",
+ "timestamp": 1686150005
+ },
+ {
+ "file_size": 6474752,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2533793,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2591846,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "4cde41ec566dfd3b8bc329e318c4f17e2b4f4829",
+ "timestamp": 1686150005
+ },
+ {
+ "file_size": 932698,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 326870,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 54869,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "2cbeabd2324a2a2d98c144c6d884e587223e2ec6",
+ "timestamp": 1686150015
+ },
+ {
+ "file_size": 932698,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 326870,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 54869,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "2cbeabd2324a2a2d98c144c6d884e587223e2ec6",
+ "timestamp": 1686150015
+ },
+ {
+ "file_size": 72837,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 19785,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 43263,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "c7d16b5e7cf3bfff42d2247043551c4175d61d20",
+ "timestamp": 1686150016
+ },
+ {
+ "file_size": 72837,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 19785,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 43263,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "c7d16b5e7cf3bfff42d2247043551c4175d61d20",
+ "timestamp": 1686150016
+ },
+ {
+ "file_size": 36540577,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3889929,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16366923,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "a805ed283e310974d552b3b322b4f18891255757",
+ "timestamp": 1686150017
+ },
+ {
+ "file_size": 36540577,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3889929,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16366923,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "a805ed283e310974d552b3b322b4f18891255757",
+ "timestamp": 1686150017
+ },
+ {
+ "file_size": 5047332,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 13808,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3313365,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "546ddfb350387e7df8ca8266f8b2b038c7eef2d3",
+ "timestamp": 1686150017
+ },
+ {
+ "file_size": 5047332,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 13808,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3313365,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "546ddfb350387e7df8ca8266f8b2b038c7eef2d3",
+ "timestamp": 1686150017
+ },
+ {
+ "file_size": 24901120,
+ "file_type": "PE+/Exe/QTinstaller",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 14371897,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 14466070,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "fd39aae727a929c51b958ee707c238bfb473ad15",
+ "timestamp": 1686150022
+ },
+ {
+ "file_size": 24901120,
+ "file_type": "PE+/Exe/QTinstaller",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 14371897,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 14466070,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "fd39aae727a929c51b958ee707c238bfb473ad15",
+ "timestamp": 1686150022
+ },
+ {
+ "file_size": 34397761,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6212556,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12877011,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "1b67acf2821d6fef6927fc280bc43d62c10f3453",
+ "timestamp": 1686150023
+ },
+ {
+ "file_size": 34397761,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6212556,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12877011,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "1b67acf2821d6fef6927fc280bc43d62c10f3453",
+ "timestamp": 1686150023
+ },
+ {
+ "file_size": 15989124,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 12610545,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": true,
+ "sha1": "fbeba4bc92ad9ef8a63969244cefd0a89a82faca",
+ "timestamp": 1686150024
+ },
+ {
+ "file_size": 30287982,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 26848016,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 26812902,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6b0fbcfd179386a5843a327f505fc9792d0ceb73",
+ "timestamp": 1686150026
+ },
+ {
+ "file_size": 30287982,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 26848016,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 26812902,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6b0fbcfd179386a5843a327f505fc9792d0ceb73",
+ "timestamp": 1686150026
+ },
+ {
+ "file_size": 9734975,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3297128,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3361389,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8710a30f251eb354a10b9b3ded8f39dcb2511270",
+ "timestamp": 1686150030
+ },
+ {
+ "file_size": 9734975,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3297128,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3361389,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8710a30f251eb354a10b9b3ded8f39dcb2511270",
+ "timestamp": 1686150030
+ },
+ {
+ "file_size": 36550757,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3894018,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16377103,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "2d01a780e7061977aa595ed1ab064a64ca72673f",
+ "timestamp": 1686150034
+ },
+ {
+ "file_size": 36550757,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3894018,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16377103,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "2d01a780e7061977aa595ed1ab064a64ca72673f",
+ "timestamp": 1686150034
+ },
+ {
+ "file_size": 30241965,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1270683,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 19094887,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e73e925688406110576d482b6349f6b4abf6e791",
+ "timestamp": 1686150034
+ },
+ {
+ "file_size": 30241965,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1270683,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 19094887,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e73e925688406110576d482b6349f6b4abf6e791",
+ "timestamp": 1686150034
+ },
+ {
+ "file_size": 1159176,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 917880,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1076516,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "75de010f85713ee4d027ad3b425d8810b83e26c5",
+ "timestamp": 1686150036
+ },
+ {
+ "file_size": 1159176,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 917880,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1076516,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "75de010f85713ee4d027ad3b425d8810b83e26c5",
+ "timestamp": 1686150036
+ },
+ {
+ "file_size": 932902,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 216644,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 656004,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "69d5e05c0d3120adbf821c2c81745278e84af7bb",
+ "timestamp": 1686150036
+ },
+ {
+ "file_size": 932902,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 216644,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 656004,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "69d5e05c0d3120adbf821c2c81745278e84af7bb",
+ "timestamp": 1686150036
+ },
+ {
+ "file_size": 9079296,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6536009,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6512841,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d8abe35af92e46e46ba9279fe6026b44680e4c24",
+ "timestamp": 1686150040
+ },
+ {
+ "file_size": 9079296,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6536009,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6512841,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d8abe35af92e46e46ba9279fe6026b44680e4c24",
+ "timestamp": 1686150040
+ },
+ {
+ "file_size": 36641188,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3930181,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16467533,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "013bd97c6dedc7caabd9b4a867374ae3b0ac264c",
+ "timestamp": 1686150043
+ },
+ {
+ "file_size": 36641188,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3930181,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16467533,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "013bd97c6dedc7caabd9b4a867374ae3b0ac264c",
+ "timestamp": 1686150043
+ },
+ {
+ "file_size": 34865877,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 13375873,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 34219704,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3aa2b177f8a825c6b13e4599eb6958557835926a",
+ "timestamp": 1686150046
+ },
+ {
+ "file_size": 34865877,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 13375873,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 34219704,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3aa2b177f8a825c6b13e4599eb6958557835926a",
+ "timestamp": 1686150046
+ },
+ {
+ "file_size": 57024799,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 11320886,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48226201,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "af0677e0ad5168e7ea50bfbfa9d4cc6fb617882b",
+ "timestamp": 1686150048
+ },
+ {
+ "file_size": 57024799,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 11320886,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48226201,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "af0677e0ad5168e7ea50bfbfa9d4cc6fb617882b",
+ "timestamp": 1686150048
+ },
+ {
+ "file_size": 348160,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 37848,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": true,
+ "sha1": "68000a66e0df17b4742280453a78dbd56240d1ee",
+ "timestamp": 1686150052
+ },
+ {
+ "file_size": 2395811,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 90869,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1060182,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "5db008d6516d29b3c8dfdf79ef9cf9a9c84afdd7",
+ "timestamp": 1686150054
+ },
+ {
+ "file_size": 2395811,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 90869,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1060182,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "5db008d6516d29b3c8dfdf79ef9cf9a9c84afdd7",
+ "timestamp": 1686150054
+ },
+ {
+ "file_size": 36590144,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3909772,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16416489,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "4cdaa1a635a89f003730568320dd1843b0b4eb9b",
+ "timestamp": 1686150060
+ },
+ {
+ "file_size": 36590144,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3909772,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16416489,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "4cdaa1a635a89f003730568320dd1843b0b4eb9b",
+ "timestamp": 1686150060
+ },
+ {
+ "file_size": 36515211,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3879798,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16341556,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3354aa087f5e69e2514eb45f86481e3b48dd8c71",
+ "timestamp": 1686150061
+ },
+ {
+ "file_size": 36515211,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3879798,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16341556,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3354aa087f5e69e2514eb45f86481e3b48dd8c71",
+ "timestamp": 1686150061
+ },
+ {
+ "file_size": 33694294,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 23513731,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 24426219,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "b530c39a703be42f39ea9b0871269121fde6889f",
+ "timestamp": 1686150062
+ },
+ {
+ "file_size": 33694294,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 23513731,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 24426219,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "b530c39a703be42f39ea9b0871269121fde6889f",
+ "timestamp": 1686150062
+ },
+ {
+ "file_size": 36537740,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3888816,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16364086,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "33fb0fe07bf41fecddca87af88764a6133dadd47",
+ "timestamp": 1686150065
+ },
+ {
+ "file_size": 36537740,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3888816,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16364086,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "33fb0fe07bf41fecddca87af88764a6133dadd47",
+ "timestamp": 1686150065
+ },
+ {
+ "file_size": 36770403,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3981874,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16596748,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "fff92cc57a76f6fd2fb1a9f83323935488263d20",
+ "timestamp": 1686150067
+ },
+ {
+ "file_size": 36770403,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3981874,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16596748,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "fff92cc57a76f6fd2fb1a9f83323935488263d20",
+ "timestamp": 1686150067
+ },
+ {
+ "file_size": 58043690,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 11416838,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11383531,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "b34ec7ccb44bd40e2283f90f51fc7cf5b7c116dc",
+ "timestamp": 1686150088
+ },
+ {
+ "file_size": 58043690,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 11416838,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11383531,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "b34ec7ccb44bd40e2283f90f51fc7cf5b7c116dc",
+ "timestamp": 1686150088
+ },
+ {
+ "file_size": 43296371,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2845294,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 36059397,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "82b57851ed6f20a92ee947f7475ba2f1483fbe40",
+ "timestamp": 1686150095
+ },
+ {
+ "file_size": 43296371,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2845294,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 36059397,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "82b57851ed6f20a92ee947f7475ba2f1483fbe40",
+ "timestamp": 1686150095
+ },
+ {
+ "file_size": 928842,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 50772,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 106169,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "a7e388dc1018be1fe314c4f8cbf03b1afef1f2ce",
+ "timestamp": 1686150097
+ },
+ {
+ "file_size": 928842,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 50772,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 106169,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "a7e388dc1018be1fe314c4f8cbf03b1afef1f2ce",
+ "timestamp": 1686150097
+ },
+ {
+ "file_size": 932389,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 331131,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 50692,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3857f93365c892ca7633a9c53730d6bc1d831a0f",
+ "timestamp": 1686150102
+ },
+ {
+ "file_size": 932389,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 331131,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 50692,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3857f93365c892ca7633a9c53730d6bc1d831a0f",
+ "timestamp": 1686150102
+ },
+ {
+ "file_size": 928275,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 323826,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 51157,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "5c92ee4a922e8257741a8147f427470ec1fb2cc7",
+ "timestamp": 1686150102
+ },
+ {
+ "file_size": 928275,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 323826,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 51157,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "5c92ee4a922e8257741a8147f427470ec1fb2cc7",
+ "timestamp": 1686150102
+ },
+ {
+ "file_size": 932276,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 124645,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 684889,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "65dd53f03df7c7fc23c681906bc82faef89b6229",
+ "timestamp": 1686150102
+ },
+ {
+ "file_size": 932276,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 124645,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 684889,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "65dd53f03df7c7fc23c681906bc82faef89b6229",
+ "timestamp": 1686150102
+ },
+ {
+ "file_size": 36531162,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3886168,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16357507,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "4a50c617873f2fe6d95c80c122ed16c47a1418e1",
+ "timestamp": 1686150102
+ },
+ {
+ "file_size": 36531162,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3886168,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16357507,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "4a50c617873f2fe6d95c80c122ed16c47a1418e1",
+ "timestamp": 1686150102
+ },
+ {
+ "file_size": 931071,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 52176,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 610004,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "5f98263a56a793c9a5b1eb4137b241b3f2b3a92f",
+ "timestamp": 1686150103
+ },
+ {
+ "file_size": 931071,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 52176,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 610004,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "5f98263a56a793c9a5b1eb4137b241b3f2b3a92f",
+ "timestamp": 1686150103
+ },
+ {
+ "file_size": 7549400,
+ "file_type": "ELF32 Little/SO",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 313894,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 370505,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "33c1abb22a7c450ec7a56d86ed55f2309033a1ad",
+ "timestamp": 1686150103
+ },
+ {
+ "file_size": 7549400,
+ "file_type": "ELF32 Little/SO",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 313894,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 370505,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "33c1abb22a7c450ec7a56d86ed55f2309033a1ad",
+ "timestamp": 1686150103
+ },
+ {
+ "file_size": 1331824,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 913341,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 824258,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "0a67ebac16528d81e4d4a57c24f5ec98bffe78ba",
+ "timestamp": 1686150104
+ },
+ {
+ "file_size": 1331824,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 913341,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 824258,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "0a67ebac16528d81e4d4a57c24f5ec98bffe78ba",
+ "timestamp": 1686150104
+ },
+ {
+ "file_size": 968667,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 134578,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 495188,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "388a688ff5360dc566ae1e02c5744423b1474a8c",
+ "timestamp": 1686150104
+ },
+ {
+ "file_size": 968667,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 134578,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 495188,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "388a688ff5360dc566ae1e02c5744423b1474a8c",
+ "timestamp": 1686150104
+ },
+ {
+ "file_size": 931717,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 423260,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 51749,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3ea76a30076f6773a77a0d38cb4329bb87ccdca6",
+ "timestamp": 1686150105
+ },
+ {
+ "file_size": 931717,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 423260,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 51749,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3ea76a30076f6773a77a0d38cb4329bb87ccdca6",
+ "timestamp": 1686150105
+ },
+ {
+ "file_size": 8185728,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6588985,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7149558,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "f9042e40b9e538738ff824c1ab905857b9cdc83d",
+ "timestamp": 1686150106
+ },
+ {
+ "file_size": 8185728,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6588985,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7149558,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "f9042e40b9e538738ff824c1ab905857b9cdc83d",
+ "timestamp": 1686150106
+ },
+ {
+ "file_size": 930985,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 322357,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 50952,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6beac76e3513c3e844b4a273ee08a7489a850526",
+ "timestamp": 1686150106
+ },
+ {
+ "file_size": 930985,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 322357,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 50952,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6beac76e3513c3e844b4a273ee08a7489a850526",
+ "timestamp": 1686150106
+ },
+ {
+ "file_size": 926603,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 47177,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 694431,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "c8cef867ea206871eb64383f00f2fabaadb7c276",
+ "timestamp": 1686150109
+ },
+ {
+ "file_size": 926603,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 47177,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 694431,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "c8cef867ea206871eb64383f00f2fabaadb7c276",
+ "timestamp": 1686150109
+ },
+ {
+ "file_size": 935797,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 138034,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 342929,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "73dafc4fdeb216048d15665f036646f99af73913",
+ "timestamp": 1686150109
+ },
+ {
+ "file_size": 935797,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 138034,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 342929,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "73dafc4fdeb216048d15665f036646f99af73913",
+ "timestamp": 1686150109
+ },
+ {
+ "file_size": 931560,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 51372,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 609695,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "0123930e0a777ee12c0a73cf035b5bd7f779ec85",
+ "timestamp": 1686150109
+ },
+ {
+ "file_size": 931560,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 51372,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 609695,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "0123930e0a777ee12c0a73cf035b5bd7f779ec85",
+ "timestamp": 1686150109
+ },
+ {
+ "file_size": 935998,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 338376,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 59214,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "5cd8dce7e4c4387ac7b5705dbdae6bb065a26bb4",
+ "timestamp": 1686150110
+ },
+ {
+ "file_size": 935998,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 338376,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 59214,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "5cd8dce7e4c4387ac7b5705dbdae6bb065a26bb4",
+ "timestamp": 1686150110
+ },
+ {
+ "file_size": 933412,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 43451,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 185008,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "101516f0f938f540ac87d4f88875c39c267ea29e",
+ "timestamp": 1686150112
+ },
+ {
+ "file_size": 933412,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 43451,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 185008,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "101516f0f938f540ac87d4f88875c39c267ea29e",
+ "timestamp": 1686150112
+ },
+ {
+ "file_size": 6701832,
+ "file_type": "PE+/.Net Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1775780,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2815992,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d194592f1c5946d2d49bc657e9924290ce2e2d2e",
+ "timestamp": 1686150114
+ },
+ {
+ "file_size": 6701832,
+ "file_type": "PE+/.Net Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1775780,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2815992,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d194592f1c5946d2d49bc657e9924290ce2e2d2e",
+ "timestamp": 1686150114
+ },
+ {
+ "file_size": 3276768,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2070676,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2103601,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "afa59c4de068f13d617a8090c55f7d0b645d9782",
+ "timestamp": 1686150114
+ },
+ {
+ "file_size": 3276768,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2070676,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2103601,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "afa59c4de068f13d617a8090c55f7d0b645d9782",
+ "timestamp": 1686150114
+ },
+ {
+ "file_size": 173795,
+ "file_type": "Text/TypeScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 28070,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3981,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "bd0f7e58c1600c5a717fcf060c6c260d9d865d22",
+ "timestamp": 1686150115
+ },
+ {
+ "file_size": 173795,
+ "file_type": "Text/TypeScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 28070,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3981,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "bd0f7e58c1600c5a717fcf060c6c260d9d865d22",
+ "timestamp": 1686150115
+ },
+ {
+ "file_size": 931770,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 118609,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 175602,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d85fbe69e08f57750f22ef20ad20e3bb08fb53df",
+ "timestamp": 1686150115
+ },
+ {
+ "file_size": 931770,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 118609,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 175602,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d85fbe69e08f57750f22ef20ad20e3bb08fb53df",
+ "timestamp": 1686150115
+ },
+ {
+ "file_size": 929834,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 55696,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 651831,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "b4c897b4aaa258b27ee0ff7edf553735481f565d",
+ "timestamp": 1686150116
+ },
+ {
+ "file_size": 929834,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 55696,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 651831,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "b4c897b4aaa258b27ee0ff7edf553735481f565d",
+ "timestamp": 1686150116
+ },
+ {
+ "file_size": 23668351,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 774742,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 23214826,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "4af3d5aee88996ec6952ea9e598b434ee4dc0c28",
+ "timestamp": 1686150119
+ },
+ {
+ "file_size": 23668351,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 774742,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 23214826,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "4af3d5aee88996ec6952ea9e598b434ee4dc0c28",
+ "timestamp": 1686150119
+ },
+ {
+ "file_size": 9095348,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2065896,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1838594,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "c8e8441cdad2974770adb2fd9091f4f590188968",
+ "timestamp": 1686150123
+ },
+ {
+ "file_size": 9095348,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2065896,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1838594,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "c8e8441cdad2974770adb2fd9091f4f590188968",
+ "timestamp": 1686150123
+ },
+ {
+ "file_size": 930687,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 118136,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 180327,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "961e3cd96bfa7943f71109d0c235fd8b38376f60",
+ "timestamp": 1686150124
+ },
+ {
+ "file_size": 930687,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 118136,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 180327,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "961e3cd96bfa7943f71109d0c235fd8b38376f60",
+ "timestamp": 1686150124
+ },
+ {
+ "file_size": 931377,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 401046,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 129705,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "0bb2964f5efb578d0ecc0cf06417d686dde59f77",
+ "timestamp": 1686150125
+ },
+ {
+ "file_size": 931377,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 401046,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 129705,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "0bb2964f5efb578d0ecc0cf06417d686dde59f77",
+ "timestamp": 1686150125
+ },
+ {
+ "file_size": 927231,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 57153,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 688672,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "96625e5eb83bfd90167a64c8e3cc7e7be5b63fe0",
+ "timestamp": 1686150125
+ },
+ {
+ "file_size": 927231,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 57153,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 688672,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "96625e5eb83bfd90167a64c8e3cc7e7be5b63fe0",
+ "timestamp": 1686150125
+ },
+ {
+ "file_size": 3331072,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2187152,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2194102,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "089a0358b27ea0c5d92c823b63add32457501a5e",
+ "timestamp": 1686150126
+ },
+ {
+ "file_size": 3331072,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2187152,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2194102,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "089a0358b27ea0c5d92c823b63add32457501a5e",
+ "timestamp": 1686150126
+ },
+ {
+ "file_size": 8126464,
+ "file_type": "ELF64 Little/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3474544,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3515704,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "20a165c1eb816ff4ad7d55d49e70a41c1198ead8",
+ "timestamp": 1686150128
+ },
+ {
+ "file_size": 8126464,
+ "file_type": "ELF64 Little/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3474544,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3515704,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "20a165c1eb816ff4ad7d55d49e70a41c1198ead8",
+ "timestamp": 1686150128
+ },
+ {
+ "file_size": 36633572,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3927134,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16459918,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "583d27662efc73f5f42eb81609770e692e9a65ed",
+ "timestamp": 1686150129
+ },
+ {
+ "file_size": 36633572,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3927134,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16459918,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "583d27662efc73f5f42eb81609770e692e9a65ed",
+ "timestamp": 1686150129
+ },
+ {
+ "file_size": 34389577,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6210700,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12869171,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "ff4a7e7fd300f7b38d41ecfb0ac74a33a1beebce",
+ "timestamp": 1686150135
+ },
+ {
+ "file_size": 34389577,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6210700,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12869171,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "ff4a7e7fd300f7b38d41ecfb0ac74a33a1beebce",
+ "timestamp": 1686150135
+ },
+ {
+ "file_size": 935988,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 331334,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 52342,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "2129c563cfbfbab0111c73f31184e0bf4b1bc3a6",
+ "timestamp": 1686150139
+ },
+ {
+ "file_size": 935988,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 331334,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 52342,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "2129c563cfbfbab0111c73f31184e0bf4b1bc3a6",
+ "timestamp": 1686150139
+ },
+ {
+ "file_size": 930473,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 338428,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 59098,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "787d91817a5dd4cf63d0454eb240052aa9687619",
+ "timestamp": 1686150140
+ },
+ {
+ "file_size": 930473,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 338428,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 59098,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "787d91817a5dd4cf63d0454eb240052aa9687619",
+ "timestamp": 1686150140
+ },
+ {
+ "file_size": 12013103,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 9115816,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": true,
+ "sha1": "6a335f4e638e564f836057fe6e0e2af05ec33da8",
+ "timestamp": 1686150140
+ },
+ {
+ "file_size": 6699288,
+ "file_type": "PE+/.Net Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1775780,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2815385,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "4cf4ab87e37b01ecdbb8ed0c8796a4fae7edb3ed",
+ "timestamp": 1686150143
+ },
+ {
+ "file_size": 6699288,
+ "file_type": "PE+/.Net Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1775780,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2815385,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "4cf4ab87e37b01ecdbb8ed0c8796a4fae7edb3ed",
+ "timestamp": 1686150143
+ },
+ {
+ "file_size": 929276,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 47016,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 403386,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "9454c50693d7b390806ced4ef36b9b857b8629fa",
+ "timestamp": 1686150149
+ },
+ {
+ "file_size": 929276,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 47016,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 403386,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "9454c50693d7b390806ced4ef36b9b857b8629fa",
+ "timestamp": 1686150149
+ },
+ {
+ "file_size": 930806,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 46563,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 184147,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "274b00db13eebcd6082de509d400fe5251a98f03",
+ "timestamp": 1686150149
+ },
+ {
+ "file_size": 930806,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 46563,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 184147,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "274b00db13eebcd6082de509d400fe5251a98f03",
+ "timestamp": 1686150149
+ },
+ {
+ "file_size": 61184217,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 45211537,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 58260786,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d9db0d9b40773587e3f3504ee62dd13f356e2042",
+ "timestamp": 1686150152
+ },
+ {
+ "file_size": 61184217,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 45211537,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 58260786,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d9db0d9b40773587e3f3504ee62dd13f356e2042",
+ "timestamp": 1686150152
+ },
+ {
+ "file_size": 73081759,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 12895085,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 30003463,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "824ad09d431328843657589c773b0b69b87fe04e",
+ "timestamp": 1686150157
+ },
+ {
+ "file_size": 73081759,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 12895085,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 30003463,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "824ad09d431328843657589c773b0b69b87fe04e",
+ "timestamp": 1686150157
+ },
+ {
+ "file_size": 10032511,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1605113,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7068039,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "5ba002fd1aa0d945d508de71864be5fbee45f4fb",
+ "timestamp": 1686150162
+ },
+ {
+ "file_size": 10032511,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1605113,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7068039,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "5ba002fd1aa0d945d508de71864be5fbee45f4fb",
+ "timestamp": 1686150162
+ },
+ {
+ "file_size": 931686,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 48187,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 409598,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e5842bab24fad9c4287acfed037aab491c47df01",
+ "timestamp": 1686150163
+ },
+ {
+ "file_size": 931686,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 48187,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 409598,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e5842bab24fad9c4287acfed037aab491c47df01",
+ "timestamp": 1686150163
+ },
+ {
+ "file_size": 26278447,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 23857885,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 23869615,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "290617954cdec1062ac608739fe91ff59390d697",
+ "timestamp": 1686150167
+ },
+ {
+ "file_size": 26278447,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 23857885,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 23869615,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "290617954cdec1062ac608739fe91ff59390d697",
+ "timestamp": 1686150167
+ },
+ {
+ "file_size": 34389577,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6210892,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12869363,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6da793ceb98fba2eca7bf612512c1f19acd4169a",
+ "timestamp": 1686150172
+ },
+ {
+ "file_size": 34389577,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6210892,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12869363,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "6da793ceb98fba2eca7bf612512c1f19acd4169a",
+ "timestamp": 1686150172
+ },
+ {
+ "file_size": 8946132,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3674270,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3441202,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "90edd03ca6404f5463883a9636f3c0f9898e07bd",
+ "timestamp": 1686150179
+ },
+ {
+ "file_size": 8946132,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3674270,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3441202,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "90edd03ca6404f5463883a9636f3c0f9898e07bd",
+ "timestamp": 1686150179
+ },
+ {
+ "file_size": 9193604,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1891954,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3260593,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "7e0f6d644b62d3b5796e50c1d385d4a0c9c6e990",
+ "timestamp": 1686150180
+ },
+ {
+ "file_size": 9193604,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1891954,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3260593,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "7e0f6d644b62d3b5796e50c1d385d4a0c9c6e990",
+ "timestamp": 1686150180
+ },
+ {
+ "file_size": 12764160,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8980721,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12260413,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "7b6aa3b5779ec0d82fee559fc4d63ad480d51081",
+ "timestamp": 1686150184
+ },
+ {
+ "file_size": 12764160,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8980721,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12260413,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "7b6aa3b5779ec0d82fee559fc4d63ad480d51081",
+ "timestamp": 1686150184
+ },
+ {
+ "file_size": 3310440,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1999564,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 785846,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "1f432e629ddc3a46933533ecbb34fea9957e75fb",
+ "timestamp": 1686150210
+ },
+ {
+ "file_size": 3310440,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1999564,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 785846,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "1f432e629ddc3a46933533ecbb34fea9957e75fb",
+ "timestamp": 1686150210
+ },
+ {
+ "file_size": 9573220,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6332741,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7759019,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e65b15c85ad58e8c03d631bc18c60cb8158f284e",
+ "timestamp": 1686150242
+ },
+ {
+ "file_size": 9573220,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6332741,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7759019,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e65b15c85ad58e8c03d631bc18c60cb8158f284e",
+ "timestamp": 1686150242
+ },
+ {
+ "file_size": 930740,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 47540,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 610524,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "b873436ccab36552c99f8fe7061bdbe272d3ce8f",
+ "timestamp": 1686150266
+ },
+ {
+ "file_size": 930740,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 47540,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 610524,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "b873436ccab36552c99f8fe7061bdbe272d3ce8f",
+ "timestamp": 1686150266
+ },
+ {
+ "file_size": 348160,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 37848,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": true,
+ "sha1": "d69278c938ecff91cb1de3e41eb4ad2ada3d7fd7",
+ "timestamp": 1686150275
+ },
+ {
+ "file_size": 348160,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 37848,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": true,
+ "sha1": "9e0b73ab7dd3c5393d59f189f72d86969fe810e6",
+ "timestamp": 1686150278
+ },
+ {
+ "file_size": 96404,
+ "file_type": "Text/TypeScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 34942,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 23974,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "40ae8ce4fd7be204b022a24d145bc76724f29a25",
+ "timestamp": 1686150284
+ },
+ {
+ "file_size": 96404,
+ "file_type": "Text/TypeScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 34942,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 23974,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "40ae8ce4fd7be204b022a24d145bc76724f29a25",
+ "timestamp": 1686150284
+ },
+ {
+ "file_size": 491771,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 31265,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 449442,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "311b155865c0b0031906cc3cb642c1451c728b49",
+ "timestamp": 1686150285
+ },
+ {
+ "file_size": 491771,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 31265,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 449442,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "311b155865c0b0031906cc3cb642c1451c728b49",
+ "timestamp": 1686150285
+ },
+ {
+ "file_size": 15222705,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3256698,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 10462094,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8077d9e9178106ee04bb064f0c4836609b2651a3",
+ "timestamp": 1686150286
+ },
+ {
+ "file_size": 15222705,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3256698,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 10462094,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8077d9e9178106ee04bb064f0c4836609b2651a3",
+ "timestamp": 1686150286
+ },
+ {
+ "file_size": 30296948,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 26842835,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 26807721,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "083b1295e2caf60b6a41f01b6f87667b98430091",
+ "timestamp": 1686150290
+ },
+ {
+ "file_size": 30296948,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 26842835,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 26807721,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "083b1295e2caf60b6a41f01b6f87667b98430091",
+ "timestamp": 1686150290
+ },
+ {
+ "file_size": 6537308,
+ "file_type": "PE/Exe/Py2ExeInstaller",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5693089,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2822995,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "49e0274cb0a8a40a09bcad3a1713a800e5fb6fd1",
+ "timestamp": 1686150294
+ },
+ {
+ "file_size": 6537308,
+ "file_type": "PE/Exe/Py2ExeInstaller",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5693089,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2822995,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "49e0274cb0a8a40a09bcad3a1713a800e5fb6fd1",
+ "timestamp": 1686150294
+ },
+ {
+ "file_size": 7247380,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4008699,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4004292,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "dc5923d8b5caae31db125694e113c3838d645180",
+ "timestamp": 1686150295
+ },
+ {
+ "file_size": 7247380,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4008699,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4004292,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "dc5923d8b5caae31db125694e113c3838d645180",
+ "timestamp": 1686150295
+ },
+ {
+ "file_size": 4502016,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3630751,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3591330,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "0577c58640804c401b437230cced87df2345e29c",
+ "timestamp": 1686150298
+ },
+ {
+ "file_size": 4502016,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3630751,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3591330,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "0577c58640804c401b437230cced87df2345e29c",
+ "timestamp": 1686150298
+ },
+ {
+ "file_size": 12545978,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 10606314,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2930691,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "a74dd66fb887d1af674a86bf6a29b7689e13bcfe",
+ "timestamp": 1686150302
+ },
+ {
+ "file_size": 12545978,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 10606314,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2930691,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "a74dd66fb887d1af674a86bf6a29b7689e13bcfe",
+ "timestamp": 1686150302
+ },
+ {
+ "file_size": 21330944,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 15508458,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 14984430,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d7d92eeac776fff79b8bb27ae022acb7b2a72d46",
+ "timestamp": 1686150317
+ },
+ {
+ "file_size": 21330944,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 15508458,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 14984430,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d7d92eeac776fff79b8bb27ae022acb7b2a72d46",
+ "timestamp": 1686150317
+ },
+ {
+ "file_size": 931771,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 414713,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 57019,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8cb8155899b4297fa0a00e46789aadf71b9ebae0",
+ "timestamp": 1686150327
+ },
+ {
+ "file_size": 931771,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 414713,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 57019,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8cb8155899b4297fa0a00e46789aadf71b9ebae0",
+ "timestamp": 1686150327
+ },
+ {
+ "file_size": 468938,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 20060,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 207216,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "7f8905edbfd2e186ed2a4752c8be165a486871c0",
+ "timestamp": 1686150330
+ },
+ {
+ "file_size": 468938,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 20060,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 207216,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "7f8905edbfd2e186ed2a4752c8be165a486871c0",
+ "timestamp": 1686150330
+ },
+ {
+ "file_size": 3557888,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 509291,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 495464,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e07c7eeeec72a3a3d03de92f0c14ad55ad44ba28",
+ "timestamp": 1686150332
+ },
+ {
+ "file_size": 3557888,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 509291,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 495464,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e07c7eeeec72a3a3d03de92f0c14ad55ad44ba28",
+ "timestamp": 1686150332
+ },
+ {
+ "file_size": 7852544,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6486978,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6455842,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "4a080485c96493bd3debfad49a284a34760e9b70",
+ "timestamp": 1686150343
+ },
+ {
+ "file_size": 7852544,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6486978,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6455842,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "4a080485c96493bd3debfad49a284a34760e9b70",
+ "timestamp": 1686150343
+ },
+ {
+ "file_size": 15735,
+ "file_type": "Text/TypeScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 11559,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9762,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "aa7abe3707df21fd8e0aab4609e413c9e9395efe",
+ "timestamp": 1686150351
+ },
+ {
+ "file_size": 15735,
+ "file_type": "Text/TypeScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 11559,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9762,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "aa7abe3707df21fd8e0aab4609e413c9e9395efe",
+ "timestamp": 1686150351
+ },
+ {
+ "file_size": 931613,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 123803,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 294152,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "4243abf48ba4ec77ba7314dc5617ad5d3b3fd1f4",
+ "timestamp": 1686150352
+ },
+ {
+ "file_size": 931613,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 123803,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 294152,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "4243abf48ba4ec77ba7314dc5617ad5d3b3fd1f4",
+ "timestamp": 1686150352
+ },
+ {
+ "file_size": 948192,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 612819,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 588226,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "a6d3081cbeb195d1edfc1099435bf0f9afaf711a",
+ "timestamp": 1686150354
+ },
+ {
+ "file_size": 948192,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 612819,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 588226,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "a6d3081cbeb195d1edfc1099435bf0f9afaf711a",
+ "timestamp": 1686150354
+ },
+ {
+ "file_size": 5127484,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 13808,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3313365,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "ab46a7097d5e33fcc3eefcb097cf651d4b79327e",
+ "timestamp": 1686150356
+ },
+ {
+ "file_size": 5127484,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 13808,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3313365,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "ab46a7097d5e33fcc3eefcb097cf651d4b79327e",
+ "timestamp": 1686150356
+ },
+ {
+ "file_size": 25453056,
+ "file_type": "PE+/Exe/QTinstaller",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 15179465,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 15285982,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "ade4a102d363465fc686f2205ccc541641212b76",
+ "timestamp": 1686150357
+ },
+ {
+ "file_size": 25453056,
+ "file_type": "PE+/Exe/QTinstaller",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 15179465,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 15285982,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "ade4a102d363465fc686f2205ccc541641212b76",
+ "timestamp": 1686150357
+ },
+ {
+ "file_size": 43717981,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 22952660,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 21572538,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "730b962ad50fa2261e7cc4cda3cd478e29433cb6",
+ "timestamp": 1686150363
+ },
+ {
+ "file_size": 43717981,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 22952660,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 21572538,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "730b962ad50fa2261e7cc4cda3cd478e29433cb6",
+ "timestamp": 1686150363
+ },
+ {
+ "file_size": 10340152,
+ "file_type": "PE/.Net Exe",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 615180,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": true,
+ "sha1": "2715497b02f441d8f7fd55bcbc73e2dc912c284f",
+ "timestamp": 1686150364
+ },
+ {
+ "file_size": 25406657,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5367098,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5417667,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "cec13f5281df131634a68b0f404360f783f557ec",
+ "timestamp": 1686150371
+ },
+ {
+ "file_size": 25406657,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5367098,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5417667,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "cec13f5281df131634a68b0f404360f783f557ec",
+ "timestamp": 1686150371
+ },
+ {
+ "file_size": 931361,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 46225,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 192292,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "5c4e9cc203c98e89a989478efaca334e8779af81",
+ "timestamp": 1686150371
+ },
+ {
+ "file_size": 931361,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 46225,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 192292,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "5c4e9cc203c98e89a989478efaca334e8779af81",
+ "timestamp": 1686150371
+ },
+ {
+ "file_size": 23095627,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 369170,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 21391369,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "06f8373056da04c985cd04b94e51ec666612d2cd",
+ "timestamp": 1686150371
+ },
+ {
+ "file_size": 23095627,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 369170,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 21391369,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "06f8373056da04c985cd04b94e51ec666612d2cd",
+ "timestamp": 1686150371
+ },
+ {
+ "file_size": 348160,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 37848,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": true,
+ "sha1": "147ae394a900a5d3d735e77dfd86ce49a0991862",
+ "timestamp": 1686150374
+ },
+ {
+ "file_size": 20372117,
+ "file_type": "PE/Exe/NSIS",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 7242654,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": true,
+ "sha1": "4f66b0d78adce76fe167fea619b1130503438559",
+ "timestamp": 1686150375
+ },
+ {
+ "file_size": 20280576,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8292185,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8209778,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8db22983306a388d96017ffdb3ab1e00d7ebb43c",
+ "timestamp": 1686150377
+ },
+ {
+ "file_size": 20280576,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8292185,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8209778,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8db22983306a388d96017ffdb3ab1e00d7ebb43c",
+ "timestamp": 1686150377
+ },
+ {
+ "file_size": 10182656,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3152562,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3805148,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "59f6e8d7adc5364174e1ae0f192ad10d2f9d0117",
+ "timestamp": 1686150379
+ },
+ {
+ "file_size": 10182656,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3152562,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3805148,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "59f6e8d7adc5364174e1ae0f192ad10d2f9d0117",
+ "timestamp": 1686150379
+ },
+ {
+ "file_size": 930152,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 412452,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 62429,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "112c3ef4d7d4fee90f4367199ad90568e963cf66",
+ "timestamp": 1686150382
+ },
+ {
+ "file_size": 930152,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 412452,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 62429,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "112c3ef4d7d4fee90f4367199ad90568e963cf66",
+ "timestamp": 1686150382
+ },
+ {
+ "file_size": 8814592,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4011313,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4713025,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "775b98352e38f238b29f95040424f6c1ac503e8f",
+ "timestamp": 1686150386
+ },
+ {
+ "file_size": 8814592,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4011313,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4713025,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "775b98352e38f238b29f95040424f6c1ac503e8f",
+ "timestamp": 1686150386
+ },
+ {
+ "file_size": 3282432,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 1698382,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": true,
+ "sha1": "89c5c42946f23ab8da17d62395ec0801fc1ff93f",
+ "timestamp": 1686150394
+ },
+ {
+ "file_size": 6444832,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4974746,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5726860,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "dd3646cd6dab41f30705c102b56e633b952bb475",
+ "timestamp": 1686150397
+ },
+ {
+ "file_size": 6444832,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4974746,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5726860,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "dd3646cd6dab41f30705c102b56e633b952bb475",
+ "timestamp": 1686150397
+ },
+ {
+ "file_size": 6474752,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2533783,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2591836,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "696ff8fef64c56e79ea3da6812c7a2edafdc029d",
+ "timestamp": 1686150401
+ },
+ {
+ "file_size": 6474752,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2533783,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2591836,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "696ff8fef64c56e79ea3da6812c7a2edafdc029d",
+ "timestamp": 1686150401
+ },
+ {
+ "file_size": 86433,
+ "file_type": "Binary/None",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 28868,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 50260,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "7195310aa4920e2cb39ddc26b248143499d3b126",
+ "timestamp": 1686150413
+ },
+ {
+ "file_size": 86433,
+ "file_type": "Binary/None",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 28868,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 50260,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "7195310aa4920e2cb39ddc26b248143499d3b126",
+ "timestamp": 1686150413
+ },
+ {
+ "file_size": 3267040,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2062484,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2095349,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8f0fc38ce9fde7cde4506f45eaf55a7bd54e1d16",
+ "timestamp": 1686150421
+ },
+ {
+ "file_size": 3267040,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2062484,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2095349,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8f0fc38ce9fde7cde4506f45eaf55a7bd54e1d16",
+ "timestamp": 1686150421
+ },
+ {
+ "file_size": 47601,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 25695,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 33096,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3175ad779cc055b571f0fd1acbd8cc9bfe520280",
+ "timestamp": 1686150431
+ },
+ {
+ "file_size": 47601,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 25695,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 33096,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "3175ad779cc055b571f0fd1acbd8cc9bfe520280",
+ "timestamp": 1686150431
+ },
+ {
+ "file_size": 154756,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 111362,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 68396,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "220680831449b8f6588a9cce44741fab554a7ba7",
+ "timestamp": 1686150441
+ },
+ {
+ "file_size": 154756,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 111362,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 68396,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "220680831449b8f6588a9cce44741fab554a7ba7",
+ "timestamp": 1686150441
+ },
+ {
+ "file_size": 151462,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 108062,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 65135,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "1878b427f101a316442c57209fa17cbe6a1ca0fe",
+ "timestamp": 1686150448
+ },
+ {
+ "file_size": 151462,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 108062,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 65135,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "1878b427f101a316442c57209fa17cbe6a1ca0fe",
+ "timestamp": 1686150448
+ },
+ {
+ "file_size": 89327,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7042,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "a9627215cb7c1b43c9f5f594a82a2c1559857d7b",
+ "timestamp": 1686150449
+ },
+ {
+ "file_size": 89327,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7042,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "a9627215cb7c1b43c9f5f594a82a2c1559857d7b",
+ "timestamp": 1686150449
+ },
+ {
+ "file_size": 89327,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7042,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "2d0ed62c390430662fc33d8f57b4eb121139ca54",
+ "timestamp": 1686150449
+ },
+ {
+ "file_size": 89327,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 18110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7042,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "2d0ed62c390430662fc33d8f57b4eb121139ca54",
+ "timestamp": 1686150449
+ },
+ {
+ "file_size": 159341,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 115940,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 73406,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "a554594c774d4b5d41f7a5234e2905e14b034987",
+ "timestamp": 1686150450
+ },
+ {
+ "file_size": 159341,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 115940,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 73406,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "a554594c774d4b5d41f7a5234e2905e14b034987",
+ "timestamp": 1686150450
+ },
+ {
+ "file_size": 126381,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 70625,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 53368,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "505c406d7ea1a2f47312b0966be841028ae919e7",
+ "timestamp": 1686150450
+ },
+ {
+ "file_size": 126381,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 70625,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 53368,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "505c406d7ea1a2f47312b0966be841028ae919e7",
+ "timestamp": 1686150450
+ },
+ {
+ "file_size": 14417,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 11214,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12222,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "60281e56f446d4a3656a25658ffcbd74f12c5bf4",
+ "timestamp": 1686150454
+ },
+ {
+ "file_size": 14417,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 11214,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12222,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "60281e56f446d4a3656a25658ffcbd74f12c5bf4",
+ "timestamp": 1686150454
+ },
+ {
+ "file_size": 154369,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 110973,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 68402,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "c099dd547b58e74ed8d9c2c6d579ab8e41269500",
+ "timestamp": 1686150455
+ },
+ {
+ "file_size": 154369,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 110973,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 68402,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "c099dd547b58e74ed8d9c2c6d579ab8e41269500",
+ "timestamp": 1686150455
+ },
+ {
+ "file_size": 155384,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 111984,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 68667,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e24497a1dd5d1e5e41bafc6c5aeb7a7c680f98a4",
+ "timestamp": 1686150457
+ },
+ {
+ "file_size": 155384,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 111984,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 68667,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e24497a1dd5d1e5e41bafc6c5aeb7a7c680f98a4",
+ "timestamp": 1686150457
+ },
+ {
+ "file_size": 154219,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 110825,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 68400,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "995fd53ad16804fccf466264417695e6b0ab6e20",
+ "timestamp": 1686150463
+ },
+ {
+ "file_size": 154219,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 110825,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 68400,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "995fd53ad16804fccf466264417695e6b0ab6e20",
+ "timestamp": 1686150463
+ },
+ {
+ "file_size": 381079,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 176266,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 345615,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "593b0f2c47aa6bd73428f10ea0360725faf06c42",
+ "timestamp": 1686150465
+ },
+ {
+ "file_size": 381079,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 176266,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 345615,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "593b0f2c47aa6bd73428f10ea0360725faf06c42",
+ "timestamp": 1686150465
+ },
+ {
+ "file_size": 163098,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 92473,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 152394,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "942e2fb470bd4008055a8bce6749e9bbccb75ea1",
+ "timestamp": 1686150468
+ },
+ {
+ "file_size": 163098,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 92473,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 152394,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "942e2fb470bd4008055a8bce6749e9bbccb75ea1",
+ "timestamp": 1686150468
+ },
+ {
+ "file_size": 13861856,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 9049728,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8942045,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "59dafd4d926ab9a9c34899540af51135fe4bd8da",
+ "timestamp": 1686150470
+ },
+ {
+ "file_size": 13861856,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 9049728,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8942045,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "59dafd4d926ab9a9c34899540af51135fe4bd8da",
+ "timestamp": 1686150470
+ },
+ {
+ "file_size": 164398,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3527,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 58716,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d968e98107f741326dca87d26537cc180932e35f",
+ "timestamp": 1686150471
+ },
+ {
+ "file_size": 164398,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3527,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 58716,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d968e98107f741326dca87d26537cc180932e35f",
+ "timestamp": 1686150471
+ },
+ {
+ "file_size": 1747296,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1673385,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1497969,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "99917368bb78857bf2f837dce851312a70b9ada7",
+ "timestamp": 1686150471
+ },
+ {
+ "file_size": 1747296,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1673385,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1497969,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "99917368bb78857bf2f837dce851312a70b9ada7",
+ "timestamp": 1686150471
+ },
+ {
+ "file_size": 11576577,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 10342763,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 10354427,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "dff8243d0b4a32e46a8ac8021d97b0aad21830a4",
+ "timestamp": 1686150472
+ },
+ {
+ "file_size": 11576577,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 10342763,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 10354427,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "dff8243d0b4a32e46a8ac8021d97b0aad21830a4",
+ "timestamp": 1686150472
+ },
+ {
+ "file_size": 154378,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 110980,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 68404,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "ea9236fdef65fc30c10218b2140d0942adc1f22b",
+ "timestamp": 1686150472
+ },
+ {
+ "file_size": 154378,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 110980,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 68404,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "ea9236fdef65fc30c10218b2140d0942adc1f22b",
+ "timestamp": 1686150472
+ },
+ {
+ "file_size": 39268559,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 64836,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 605486,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "54edf295efcf05160d27fb6834a3caf9f2209ba7",
+ "timestamp": 1686150475
+ },
+ {
+ "file_size": 39268559,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 64836,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 605486,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "54edf295efcf05160d27fb6834a3caf9f2209ba7",
+ "timestamp": 1686150475
+ },
+ {
+ "file_size": 444715,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 15462,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 193293,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "55fc77d16e940a3be013328da7d777f419def447",
+ "timestamp": 1686150476
+ },
+ {
+ "file_size": 444715,
+ "file_type": "Text/JavaScript",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 15462,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 193293,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "55fc77d16e940a3be013328da7d777f419def447",
+ "timestamp": 1686150476
+ },
+ {
+ "file_size": 146027,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 102626,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 60254,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "969c08328198fbb0749411234c6a00b0ce5a003d",
+ "timestamp": 1686150478
+ },
+ {
+ "file_size": 146027,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 102626,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 60254,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "969c08328198fbb0749411234c6a00b0ce5a003d",
+ "timestamp": 1686150478
+ },
+ {
+ "file_size": 154393,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 110997,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 68402,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "df4b0f26e87a56dd0ee628f3f4e3e4df7ea3adb0",
+ "timestamp": 1686150478
+ },
+ {
+ "file_size": 154393,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 110997,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 68402,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "df4b0f26e87a56dd0ee628f3f4e3e4df7ea3adb0",
+ "timestamp": 1686150478
+ },
+ {
+ "file_size": 407815,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 133036,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 80620,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e35210e1fd190655438816adbb94a276948585d1",
+ "timestamp": 1686150478
+ },
+ {
+ "file_size": 407815,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 133036,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 80620,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e35210e1fd190655438816adbb94a276948585d1",
+ "timestamp": 1686150478
+ },
+ {
+ "file_size": 20620343,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 33910,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 196832,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "a2acda4f1d103c3935fecaceb702793840da5de2",
+ "timestamp": 1686150481
+ },
+ {
+ "file_size": 20620343,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 33910,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 196832,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "a2acda4f1d103c3935fecaceb702793840da5de2",
+ "timestamp": 1686150481
+ },
+ {
+ "file_size": 6009840,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4616975,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4984614,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "58d3d4e8011ca5aa7a827bdb32984b46691cb5a9",
+ "timestamp": 1686150481
+ },
+ {
+ "file_size": 6009840,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4616975,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4984614,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "58d3d4e8011ca5aa7a827bdb32984b46691cb5a9",
+ "timestamp": 1686150481
+ },
+ {
+ "file_size": 20632380,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 16365,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 208986,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d2778f896a3ff2d865af50cbcd529dafcf714393",
+ "timestamp": 1686150482
+ },
+ {
+ "file_size": 20632380,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 16365,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 208986,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "d2778f896a3ff2d865af50cbcd529dafcf714393",
+ "timestamp": 1686150482
+ },
+ {
+ "file_size": 273248,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 251,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4940,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "34578885caf1a2e0b48b46d4e70eb01445acc5f0",
+ "timestamp": 1686150482
+ },
+ {
+ "file_size": 273248,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 251,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4940,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "34578885caf1a2e0b48b46d4e70eb01445acc5f0",
+ "timestamp": 1686150482
+ },
+ {
+ "file_size": 344762,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 12762,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 227460,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "b6caa5f15f08024eda95d3eb61de207ea1db5ca7",
+ "timestamp": 1686150483
+ },
+ {
+ "file_size": 344762,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 12762,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 227460,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "b6caa5f15f08024eda95d3eb61de207ea1db5ca7",
+ "timestamp": 1686150483
+ },
+ {
+ "file_size": 273249,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 251,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4940,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "ddff15d4914ff06b55fbac496362aaae7a2d3c9b",
+ "timestamp": 1686150484
+ },
+ {
+ "file_size": 273249,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 251,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4940,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "ddff15d4914ff06b55fbac496362aaae7a2d3c9b",
+ "timestamp": 1686150484
+ },
+ {
+ "file_size": 456700,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 430650,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 214898,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "a3342c659d56113fcf63287f1f2b51015a32a9fe",
+ "timestamp": 1686150491
+ },
+ {
+ "file_size": 456700,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 430650,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 214898,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "a3342c659d56113fcf63287f1f2b51015a32a9fe",
+ "timestamp": 1686150491
+ },
+ {
+ "file_size": 20655221,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7544,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 19076,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e1a3dcfe7846ac93feb3b6c0d368c619551e2060",
+ "timestamp": 1686150496
+ },
+ {
+ "file_size": 20655221,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7544,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 19076,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "e1a3dcfe7846ac93feb3b6c0d368c619551e2060",
+ "timestamp": 1686150496
+ },
+ {
+ "file_size": 1808816,
+ "file_type": "PE/.Net Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 201237,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 166562,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8cee4323aa88793881d1e9753476ffd85e9909d2",
+ "timestamp": 1686150498
+ },
+ {
+ "file_size": 1808816,
+ "file_type": "PE/.Net Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 201237,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 166562,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": true,
+ "sha1": "8cee4323aa88793881d1e9753476ffd85e9909d2",
+ "timestamp": 1686150498
+ },
+ {
+ "file_size": 17414211,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1697169,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 341432,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "86323712891af72832dd179625c1c9e5f47ef5dc",
+ "timestamp": 1686149728
+ },
+ {
+ "file_size": 17414211,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1697169,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 341432,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "86323712891af72832dd179625c1c9e5f47ef5dc",
+ "timestamp": 1686149728
+ },
+ {
+ "file_size": 97050,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27202,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48756,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4b894706af749cdad62ced56233c32dc85274212",
+ "timestamp": 1686149728
+ },
+ {
+ "file_size": 97050,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27202,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48756,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4b894706af749cdad62ced56233c32dc85274212",
+ "timestamp": 1686149728
+ },
+ {
+ "file_size": 735478,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 555378,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 733133,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "2d4d4a0e0efea6efab5dff40951a996b10fe594c",
+ "timestamp": 1686149732
+ },
+ {
+ "file_size": 735478,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 555378,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 733133,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "2d4d4a0e0efea6efab5dff40951a996b10fe594c",
+ "timestamp": 1686149732
+ },
+ {
+ "file_size": 609570,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 53613,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8513,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "aaed518e40e25ce0e29bd86cefa05cf4c6cdaad8",
+ "timestamp": 1686149732
+ },
+ {
+ "file_size": 609570,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 53613,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8513,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "aaed518e40e25ce0e29bd86cefa05cf4c6cdaad8",
+ "timestamp": 1686149732
+ },
+ {
+ "file_size": 8295796,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3332145,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1798128,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "eb37a450426a73adc228c0b7af6b389fc7bdf56e",
+ "timestamp": 1686149737
+ },
+ {
+ "file_size": 8295796,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3332145,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1798128,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "eb37a450426a73adc228c0b7af6b389fc7bdf56e",
+ "timestamp": 1686149737
+ },
+ {
+ "file_size": 13028229,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 29013,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 650100,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c38171b6039aed6b7b759e296ace24dc7d025b83",
+ "timestamp": 1686149738
+ },
+ {
+ "file_size": 13028229,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 29013,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 650100,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c38171b6039aed6b7b759e296ace24dc7d025b83",
+ "timestamp": 1686149738
+ },
+ {
+ "file_size": 7240420,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4735924,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4985544,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "06b99fba88558d39bdb6dbb429327e38bd1a00a6",
+ "timestamp": 1686149740
+ },
+ {
+ "file_size": 7240420,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4735924,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4985544,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "06b99fba88558d39bdb6dbb429327e38bd1a00a6",
+ "timestamp": 1686149740
+ },
+ {
+ "file_size": 9198608,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6192194,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6196270,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d537cc50888e2276c7faf74e30d23c170738198a",
+ "timestamp": 1686149744
+ },
+ {
+ "file_size": 9198608,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6192194,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6196270,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d537cc50888e2276c7faf74e30d23c170738198a",
+ "timestamp": 1686149744
+ },
+ {
+ "file_size": 26307192,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3868176,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3642636,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0503efcbe5861c3e0d079f9becb3485452b97235",
+ "timestamp": 1686149749
+ },
+ {
+ "file_size": 26307192,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3868176,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3642636,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0503efcbe5861c3e0d079f9becb3485452b97235",
+ "timestamp": 1686149749
+ },
+ {
+ "file_size": 108432,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 45813,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 17730,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6eb5e3bb205a25257bf20d66e9f4f70a7ae67d76",
+ "timestamp": 1686149755
+ },
+ {
+ "file_size": 108432,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 45813,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 17730,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6eb5e3bb205a25257bf20d66e9f4f70a7ae67d76",
+ "timestamp": 1686149755
+ },
+ {
+ "file_size": 22828,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8423,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11498,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "51b0ba00682591290f80e5855f1a4db9998acf09",
+ "timestamp": 1686149756
+ },
+ {
+ "file_size": 22828,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8423,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11498,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "51b0ba00682591290f80e5855f1a4db9998acf09",
+ "timestamp": 1686149756
+ },
+ {
+ "file_size": 22894,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8489,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11564,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0c6f35b25d6e074fab3199944f85df197e063162",
+ "timestamp": 1686149766
+ },
+ {
+ "file_size": 22894,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8489,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11564,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0c6f35b25d6e074fab3199944f85df197e063162",
+ "timestamp": 1686149766
+ },
+ {
+ "file_size": 735481,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 555379,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 733136,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c95b0d982790b576d4b8b0eb0b5eb81c07e8eb87",
+ "timestamp": 1686149767
+ },
+ {
+ "file_size": 735481,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 555379,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 733136,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c95b0d982790b576d4b8b0eb0b5eb81c07e8eb87",
+ "timestamp": 1686149767
+ },
+ {
+ "file_size": 69910542,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 432346,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 401816,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c10dd19fb20e99ac5e03cc854fcb07f3a4689626",
+ "timestamp": 1686149774
+ },
+ {
+ "file_size": 69910542,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 432346,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 401816,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c10dd19fb20e99ac5e03cc854fcb07f3a4689626",
+ "timestamp": 1686149774
+ },
+ {
+ "file_size": 78078,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27427,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48075,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6b23dddf010be66788315ffbd673a8786e216cca",
+ "timestamp": 1686149779
+ },
+ {
+ "file_size": 78078,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27427,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48075,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6b23dddf010be66788315ffbd673a8786e216cca",
+ "timestamp": 1686149779
+ },
+ {
+ "file_size": 55035681,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6445000,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5864743,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a20295d2941d01ad89f148221bfeeb4a7ae91c8a",
+ "timestamp": 1686149785
+ },
+ {
+ "file_size": 55035681,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6445000,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5864743,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a20295d2941d01ad89f148221bfeeb4a7ae91c8a",
+ "timestamp": 1686149785
+ },
+ {
+ "file_size": 72160935,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 25254788,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 62943840,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "3608d31f0528ed78f3b4c7325f48b21eaae7d6e9",
+ "timestamp": 1686149790
+ },
+ {
+ "file_size": 72160935,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 64192330,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "3608d31f0528ed78f3b4c7325f48b21eaae7d6e9",
+ "timestamp": 1686149790
+ },
+ {
+ "file_size": 72160935,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 25254788,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 62943840,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "3608d31f0528ed78f3b4c7325f48b21eaae7d6e9",
+ "timestamp": 1686149790
+ },
+ {
+ "file_size": 5053848,
+ "file_type": "PE/Exe/UPX",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 4631537,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "9d94d6d2c676ea1391707da336b08adb51a7602e",
+ "timestamp": 1686149811
+ },
+ {
+ "file_size": 48064504,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 14832618,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6254126,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "949abf3b22fde0d82aabde30b447202a85a22976",
+ "timestamp": 1686149814
+ },
+ {
+ "file_size": 48064504,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 14832618,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6254126,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "949abf3b22fde0d82aabde30b447202a85a22976",
+ "timestamp": 1686149814
+ },
+ {
+ "file_size": 17363501,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 276134,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4050570,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "ea2a042555d2ed5031699ab262dd36ee11140a47",
+ "timestamp": 1686149826
+ },
+ {
+ "file_size": 17363501,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 276134,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4050570,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "ea2a042555d2ed5031699ab262dd36ee11140a47",
+ "timestamp": 1686149826
+ },
+ {
+ "file_size": 1097787,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1026714,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1022464,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8347104bb4f67e9f6a009dddab7d9ba64c1f1f34",
+ "timestamp": 1686149827
+ },
+ {
+ "file_size": 1097787,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1026714,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1022464,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8347104bb4f67e9f6a009dddab7d9ba64c1f1f34",
+ "timestamp": 1686149827
+ },
+ {
+ "file_size": 9109956,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6903276,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7053407,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "68272eebbf35852ead3ca57e4d4057c1aca9e87f",
+ "timestamp": 1686149828
+ },
+ {
+ "file_size": 9109956,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6903276,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7053407,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "68272eebbf35852ead3ca57e4d4057c1aca9e87f",
+ "timestamp": 1686149828
+ },
+ {
+ "file_size": 129965,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 28324,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 49213,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8862e555dfb36ef346c9ab015e9cdc042742f905",
+ "timestamp": 1686149830
+ },
+ {
+ "file_size": 129965,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 28324,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 49213,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8862e555dfb36ef346c9ab015e9cdc042742f905",
+ "timestamp": 1686149830
+ },
+ {
+ "file_size": 3401029,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 546852,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12694,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4edebb0ccaf461b657eefd6de9daa819718702c5",
+ "timestamp": 1686149831
+ },
+ {
+ "file_size": 3401029,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 546852,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12694,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4edebb0ccaf461b657eefd6de9daa819718702c5",
+ "timestamp": 1686149831
+ },
+ {
+ "file_size": 12211580,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1831826,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1825431,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "bce246203d8df748692e5d67f7b43779ca18fcb8",
+ "timestamp": 1686149833
+ },
+ {
+ "file_size": 12211580,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1831826,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1825431,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "bce246203d8df748692e5d67f7b43779ca18fcb8",
+ "timestamp": 1686149833
+ },
+ {
+ "file_size": 130472,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 31577,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 53131,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "bb95e8d71ced34ca09a220bcd4740c05bb5beaae",
+ "timestamp": 1686149835
+ },
+ {
+ "file_size": 130472,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 31577,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 53131,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "bb95e8d71ced34ca09a220bcd4740c05bb5beaae",
+ "timestamp": 1686149835
+ },
+ {
+ "file_size": 21856,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 10251,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 20432,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "49e3e9c608998a84c76dea1d14979748fa303108",
+ "timestamp": 1686149836
+ },
+ {
+ "file_size": 21856,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 10251,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 20432,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "49e3e9c608998a84c76dea1d14979748fa303108",
+ "timestamp": 1686149836
+ },
+ {
+ "file_size": 8761628,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5623501,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5729635,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "638ee91a8195f803fb856b9cc58ec90b4e302d2d",
+ "timestamp": 1686149838
+ },
+ {
+ "file_size": 8761628,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5623501,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5729635,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "638ee91a8195f803fb856b9cc58ec90b4e302d2d",
+ "timestamp": 1686149838
+ },
+ {
+ "file_size": 80384,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3832,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4633,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d71c31ff1506662b75a69ab2f4c470acd4a608c6",
+ "timestamp": 1686149840
+ },
+ {
+ "file_size": 80384,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3832,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4633,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d71c31ff1506662b75a69ab2f4c470acd4a608c6",
+ "timestamp": 1686149840
+ },
+ {
+ "file_size": 2696810,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 47000,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11164,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "2bb02417e2229ec6c67723720e8c047473bac428",
+ "timestamp": 1686149843
+ },
+ {
+ "file_size": 2696810,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 47000,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11164,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "2bb02417e2229ec6c67723720e8c047473bac428",
+ "timestamp": 1686149843
+ },
+ {
+ "file_size": 291468,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 30654,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 206411,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "861df3d24be5051f03b772a3614ece4f38c9453f",
+ "timestamp": 1686149843
+ },
+ {
+ "file_size": 291468,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 30654,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 206411,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "861df3d24be5051f03b772a3614ece4f38c9453f",
+ "timestamp": 1686149843
+ },
+ {
+ "file_size": 9605652,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6219463,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7291032,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "dbb08be91da3fbb62d3a940f50ee262b8ee64a00",
+ "timestamp": 1686149843
+ },
+ {
+ "file_size": 9605652,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6219463,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7291032,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "dbb08be91da3fbb62d3a940f50ee262b8ee64a00",
+ "timestamp": 1686149843
+ },
+ {
+ "file_size": 7851776,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5738916,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5715983,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "44ecf0599917582d655aebecad3bff20428a95d5",
+ "timestamp": 1686149844
+ },
+ {
+ "file_size": 7851776,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5738916,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5715983,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "44ecf0599917582d655aebecad3bff20428a95d5",
+ "timestamp": 1686149844
+ },
+ {
+ "file_size": 134280,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 31122,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 52676,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7b954a9a584dfea3b50aa0d266ece12edd920de3",
+ "timestamp": 1686149844
+ },
+ {
+ "file_size": 134280,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 31122,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 52676,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7b954a9a584dfea3b50aa0d266ece12edd920de3",
+ "timestamp": 1686149844
+ },
+ {
+ "file_size": 1566720,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 47648,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48358,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9ae122565cefb2d077ffd8015b2080dbcd66210a",
+ "timestamp": 1686149846
+ },
+ {
+ "file_size": 1566720,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 47648,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48358,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9ae122565cefb2d077ffd8015b2080dbcd66210a",
+ "timestamp": 1686149846
+ },
+ {
+ "file_size": 1826525,
+ "file_type": "PE/Exe/PECompact",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 61949,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1772779,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "00d16698e37238fa735a1f1728bcbd5a43247e80",
+ "timestamp": 1686149846
+ },
+ {
+ "file_size": 1826525,
+ "file_type": "PE/Exe/PECompact",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 61949,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1772779,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "00d16698e37238fa735a1f1728bcbd5a43247e80",
+ "timestamp": 1686149846
+ },
+ {
+ "file_size": 31410,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 29004,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 17271,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d11b319f05e4ca0f27820748b503a59f24beb00d",
+ "timestamp": 1686149846
+ },
+ {
+ "file_size": 31410,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 29004,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 17271,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d11b319f05e4ca0f27820748b503a59f24beb00d",
+ "timestamp": 1686149846
+ },
+ {
+ "file_size": 81478,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 31946,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 38816,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "fc16e1d11e96a3c32f5cb55d5dc6f50deeebc1af",
+ "timestamp": 1686149850
+ },
+ {
+ "file_size": 81478,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 31946,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 38816,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "fc16e1d11e96a3c32f5cb55d5dc6f50deeebc1af",
+ "timestamp": 1686149850
+ },
+ {
+ "file_size": 718416,
+ "file_type": "Document/None/PDF",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 20006,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 140853,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "84c987347c558fb79e603b4ce107e727b35d2ce0",
+ "timestamp": 1686149850
+ },
+ {
+ "file_size": 718416,
+ "file_type": "Document/None/PDF",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 20006,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 140853,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "84c987347c558fb79e603b4ce107e727b35d2ce0",
+ "timestamp": 1686149850
+ },
+ {
+ "file_size": 7765124,
+ "file_type": "Binary/None/TNEF",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1806802,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 17011,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1898cb0bd9636e2770bef781e64c14ea930737d9",
+ "timestamp": 1686149851
+ },
+ {
+ "file_size": 7765124,
+ "file_type": "Binary/None/TNEF",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1806802,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 17011,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1898cb0bd9636e2770bef781e64c14ea930737d9",
+ "timestamp": 1686149851
+ },
+ {
+ "file_size": 7445844,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5463059,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5443224,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8397215a4ef8f0278ca94ac55bcfb7d951eb5991",
+ "timestamp": 1686149852
+ },
+ {
+ "file_size": 7445844,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5463059,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5443224,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8397215a4ef8f0278ca94ac55bcfb7d951eb5991",
+ "timestamp": 1686149852
+ },
+ {
+ "file_size": 58880,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3006,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5184,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "5e3ce373290c3ff3a161f20ce507f566ec02ef37",
+ "timestamp": 1686149853
+ },
+ {
+ "file_size": 58880,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3006,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5184,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "5e3ce373290c3ff3a161f20ce507f566ec02ef37",
+ "timestamp": 1686149853
+ },
+ {
+ "file_size": 34304,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 16023,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 18191,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6419bbc857dfc05244305301ce04fd3101dfbc4e",
+ "timestamp": 1686149856
+ },
+ {
+ "file_size": 34304,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 16023,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 18191,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6419bbc857dfc05244305301ce04fd3101dfbc4e",
+ "timestamp": 1686149856
+ },
+ {
+ "file_size": 13647,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5929,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7760,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "f498fa63f00a6c5d563c78597b1e603f00c292ba",
+ "timestamp": 1686149856
+ },
+ {
+ "file_size": 13647,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5929,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7760,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "f498fa63f00a6c5d563c78597b1e603f00c292ba",
+ "timestamp": 1686149856
+ },
+ {
+ "file_size": 10867247,
+ "file_type": "Document/None/PDF",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 615042,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2517009,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "80ac906fe3153d272625e4cfd0e953d01dabc718",
+ "timestamp": 1686149858
+ },
+ {
+ "file_size": 10867247,
+ "file_type": "Document/None/PDF",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 615042,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2517009,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "80ac906fe3153d272625e4cfd0e953d01dabc718",
+ "timestamp": 1686149858
+ },
+ {
+ "file_size": 10866832,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2275907,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2454431,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6d61d48bbadf3a5eaeec617653c64493c03abc48",
+ "timestamp": 1686149861
+ },
+ {
+ "file_size": 10866832,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2275907,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2454431,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6d61d48bbadf3a5eaeec617653c64493c03abc48",
+ "timestamp": 1686149861
+ },
+ {
+ "file_size": 5101876,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 2341502,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "e846d1ab898e95541e6682720022dfb7433b42a1",
+ "timestamp": 1686149862
+ },
+ {
+ "file_size": 1200556,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 908895,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1200168,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a7c06c5ff0f929a52d7d9e88315d9dd6109a7939",
+ "timestamp": 1686149867
+ },
+ {
+ "file_size": 1200556,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 908895,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1200168,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a7c06c5ff0f929a52d7d9e88315d9dd6109a7939",
+ "timestamp": 1686149867
+ },
+ {
+ "file_size": 94208,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 52375,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 54543,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "e445f9ab6f8e1b5ca0c0f06e9afeeeaa81cb5fa7",
+ "timestamp": 1686149871
+ },
+ {
+ "file_size": 94208,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 52375,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 54543,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "e445f9ab6f8e1b5ca0c0f06e9afeeeaa81cb5fa7",
+ "timestamp": 1686149871
+ },
+ {
+ "file_size": 4403680,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1070028,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1569453,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "388bf96870666f99c68015c72e470b96afe330b6",
+ "timestamp": 1686149876
+ },
+ {
+ "file_size": 4403680,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1070028,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1569453,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "388bf96870666f99c68015c72e470b96afe330b6",
+ "timestamp": 1686149876
+ },
+ {
+ "file_size": 124306,
+ "file_type": "Document/None/RTF",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 56115,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 55176,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0c88ebb87d1db36ec61990b11b9046d8bfc84249",
+ "timestamp": 1686149876
+ },
+ {
+ "file_size": 124306,
+ "file_type": "Document/None/RTF",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 56115,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 55176,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0c88ebb87d1db36ec61990b11b9046d8bfc84249",
+ "timestamp": 1686149876
+ },
+ {
+ "file_size": 7532560,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5242377,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6199698,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a7175ec0cf4e1bd0976adf1c64fb4cdea1679a8b",
+ "timestamp": 1686149880
+ },
+ {
+ "file_size": 7532560,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5242377,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6199698,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a7175ec0cf4e1bd0976adf1c64fb4cdea1679a8b",
+ "timestamp": 1686149880
+ },
+ {
+ "file_size": 89227939,
+ "file_type": "PE+/Exe/SetupFactory",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 3721968,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "14f646a4c56d4a6908589ff38cfbc8904fef7ffd",
+ "timestamp": 1686149881
+ },
+ {
+ "file_size": 23765288,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 23568888,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12392190,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "32e0479375a7efd4648e3243d95c8a184b723ff7",
+ "timestamp": 1686149882
+ },
+ {
+ "file_size": 23765288,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 12386158,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "32e0479375a7efd4648e3243d95c8a184b723ff7",
+ "timestamp": 1686149882
+ },
+ {
+ "file_size": 23765288,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 23568888,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12392190,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "32e0479375a7efd4648e3243d95c8a184b723ff7",
+ "timestamp": 1686149882
+ },
+ {
+ "file_size": 83456,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3807,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4722,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "08d52dd79c4506e569f6b44dd040c7666e1c990a",
+ "timestamp": 1686149884
+ },
+ {
+ "file_size": 83456,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3807,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4722,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "08d52dd79c4506e569f6b44dd040c7666e1c990a",
+ "timestamp": 1686149884
+ },
+ {
+ "file_size": 18747429,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1790351,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 434614,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9315db8fd8e974ed3f32fed4af2a87950051db31",
+ "timestamp": 1686149884
+ },
+ {
+ "file_size": 18747429,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1790351,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 434614,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9315db8fd8e974ed3f32fed4af2a87950051db31",
+ "timestamp": 1686149884
+ },
+ {
+ "file_size": 7971248,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6010248,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5922837,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7c0467942d6e3a17cb46f80485735703971be951",
+ "timestamp": 1686149899
+ },
+ {
+ "file_size": 7971248,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6010248,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5922837,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7c0467942d6e3a17cb46f80485735703971be951",
+ "timestamp": 1686149899
+ },
+ {
+ "file_size": 8746736,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6663701,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6518302,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c3905032ee58bd7252bfea670af4fae789ee65bc",
+ "timestamp": 1686149904
+ },
+ {
+ "file_size": 8746736,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6663701,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6518302,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c3905032ee58bd7252bfea670af4fae789ee65bc",
+ "timestamp": 1686149904
+ },
+ {
+ "file_size": 29495534,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7777152,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 14315453,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "5448598e37f1525d59dbde93ed3226c699591660",
+ "timestamp": 1686149907
+ },
+ {
+ "file_size": 29495534,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 23706990,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "5448598e37f1525d59dbde93ed3226c699591660",
+ "timestamp": 1686149907
+ },
+ {
+ "file_size": 29495534,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7777152,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 14315453,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "5448598e37f1525d59dbde93ed3226c699591660",
+ "timestamp": 1686149907
+ },
+ {
+ "file_size": 20208408,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8042295,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9983725,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1274f648fbf7ec60f349f91426520d5fed741a75",
+ "timestamp": 1686149911
+ },
+ {
+ "file_size": 20208408,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8042295,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9983725,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1274f648fbf7ec60f349f91426520d5fed741a75",
+ "timestamp": 1686149911
+ },
+ {
+ "file_size": 9360804,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6623554,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6393329,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a32a21cc68347f914640067d66a8eb9f3d718f97",
+ "timestamp": 1686149912
+ },
+ {
+ "file_size": 9360804,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6623554,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6393329,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a32a21cc68347f914640067d66a8eb9f3d718f97",
+ "timestamp": 1686149912
+ },
+ {
+ "file_size": 22696990,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 273776,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2310626,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "2ee61b0db428bd1943c0a3a23fa9657bdbae4525",
+ "timestamp": 1686149917
+ },
+ {
+ "file_size": 22696990,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 273776,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2310626,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "2ee61b0db428bd1943c0a3a23fa9657bdbae4525",
+ "timestamp": 1686149917
+ },
+ {
+ "file_size": 45056,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 26775,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7215,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4a2a97a3ccc4f69e4369540afa9621517b61a70d",
+ "timestamp": 1686149924
+ },
+ {
+ "file_size": 45056,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 26775,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7215,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4a2a97a3ccc4f69e4369540afa9621517b61a70d",
+ "timestamp": 1686149924
+ },
+ {
+ "file_size": 8178116,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5952245,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6078981,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6187f8a655a0c8d63f7c0d0159ec48faf3926397",
+ "timestamp": 1686149926
+ },
+ {
+ "file_size": 8178116,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5952245,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6078981,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6187f8a655a0c8d63f7c0d0159ec48faf3926397",
+ "timestamp": 1686149926
+ },
+ {
+ "file_size": 118949,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27159,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48713,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "010536c2287998f486647077d5f5f4cb14216f21",
+ "timestamp": 1686149928
+ },
+ {
+ "file_size": 118949,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27159,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48713,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "010536c2287998f486647077d5f5f4cb14216f21",
+ "timestamp": 1686149928
+ },
+ {
+ "file_size": 4397292,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1070008,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1563324,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "28104c2b1121a331071889a8285f18e4e5fa857e",
+ "timestamp": 1686149932
+ },
+ {
+ "file_size": 4397292,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1070008,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1563324,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "28104c2b1121a331071889a8285f18e4e5fa857e",
+ "timestamp": 1686149932
+ },
+ {
+ "file_size": 1126838,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 67755,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 301561,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c068b6be9d12ef34c4bff6438217ec83aedb3920",
+ "timestamp": 1686149932
+ },
+ {
+ "file_size": 1126838,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 67755,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 301561,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c068b6be9d12ef34c4bff6438217ec83aedb3920",
+ "timestamp": 1686149932
+ },
+ {
+ "file_size": 5742,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1420,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1478,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "784251aee0035f509d9a59f46a7854e3156eb1e8",
+ "timestamp": 1686149932
+ },
+ {
+ "file_size": 5742,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1420,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1478,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "784251aee0035f509d9a59f46a7854e3156eb1e8",
+ "timestamp": 1686149932
+ },
+ {
+ "file_size": 8342696,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5758241,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6719849,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1a5599d9ac6637d73e45a008eb13963a43a42de5",
+ "timestamp": 1686149933
+ },
+ {
+ "file_size": 8342696,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5758241,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6719849,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1a5599d9ac6637d73e45a008eb13963a43a42de5",
+ "timestamp": 1686149933
+ },
+ {
+ "file_size": 10935924,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7358335,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7658163,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "ad38d8e905018d8214d3d086a5314bc8baf530f0",
+ "timestamp": 1686149935
+ },
+ {
+ "file_size": 10935924,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7358335,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7658163,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "ad38d8e905018d8214d3d086a5314bc8baf530f0",
+ "timestamp": 1686149935
+ },
+ {
+ "file_size": 9367552,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3032179,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 699012,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "f5e92bd7f79aa5e3dcd577b46ae8adb6ce796fdd",
+ "timestamp": 1686149936
+ },
+ {
+ "file_size": 9367552,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3032179,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 699012,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "f5e92bd7f79aa5e3dcd577b46ae8adb6ce796fdd",
+ "timestamp": 1686149936
+ },
+ {
+ "file_size": 5615616,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 684425,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1855040,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "27177a9974cf5e51e406dfc565abec4323a7f460",
+ "timestamp": 1686149938
+ },
+ {
+ "file_size": 5615616,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 684425,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1855040,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "27177a9974cf5e51e406dfc565abec4323a7f460",
+ "timestamp": 1686149938
+ },
+ {
+ "file_size": 12587776,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1885979,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1879584,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "61f1d317d4b637547328d7bbd8db162332ffca96",
+ "timestamp": 1686149941
+ },
+ {
+ "file_size": 12587776,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1885979,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1879584,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "61f1d317d4b637547328d7bbd8db162332ffca96",
+ "timestamp": 1686149941
+ },
+ {
+ "file_size": 15528080,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7666937,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9603001,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "90006a605fefb15ef0e3ee3a7913e4e3085aa910",
+ "timestamp": 1686149943
+ },
+ {
+ "file_size": 15528080,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7666937,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9603001,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "90006a605fefb15ef0e3ee3a7913e4e3085aa910",
+ "timestamp": 1686149943
+ },
+ {
+ "file_size": 61198027,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3493267,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 59650081,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "81fdd91f2f3ad757beaa4e99d1e696fe216572a7",
+ "timestamp": 1686149946
+ },
+ {
+ "file_size": 61198027,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3493267,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 59650081,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "81fdd91f2f3ad757beaa4e99d1e696fe216572a7",
+ "timestamp": 1686149946
+ },
+ {
+ "file_size": 92550,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 29380,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 50934,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "11e37775d188125698553bb54b92212db30c9868",
+ "timestamp": 1686149952
+ },
+ {
+ "file_size": 92550,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 29380,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 50934,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "11e37775d188125698553bb54b92212db30c9868",
+ "timestamp": 1686149952
+ },
+ {
+ "file_size": 15909007,
+ "file_type": "PE+/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1572203,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4403826,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "3044d17533125b0e81479c13a3938c5f680945dd",
+ "timestamp": 1686149952
+ },
+ {
+ "file_size": 15909007,
+ "file_type": "PE+/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1572203,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4403826,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "3044d17533125b0e81479c13a3938c5f680945dd",
+ "timestamp": 1686149952
+ },
+ {
+ "file_size": 7030588,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4138419,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3925485,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "3e781f619085938c400ef62d124e1c160d8e606d",
+ "timestamp": 1686149953
+ },
+ {
+ "file_size": 7030588,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4138419,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3925485,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "3e781f619085938c400ef62d124e1c160d8e606d",
+ "timestamp": 1686149953
+ },
+ {
+ "file_size": 7891860,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5936181,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6065613,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9672712486f68f6ef3fa5ea1051a488652768782",
+ "timestamp": 1686149956
+ },
+ {
+ "file_size": 7891860,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5936181,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6065613,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9672712486f68f6ef3fa5ea1051a488652768782",
+ "timestamp": 1686149956
+ },
+ {
+ "file_size": 1126838,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 67755,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 301561,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c068b6be9d12ef34c4bff6438217ec83aedb3920",
+ "timestamp": 1686149974
+ },
+ {
+ "file_size": 1126838,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 67755,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 301561,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c068b6be9d12ef34c4bff6438217ec83aedb3920",
+ "timestamp": 1686149974
+ },
+ {
+ "file_size": 58853069,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 453396,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 422866,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7f61bf37ba7a45b4d9686384db4cccec61f67c47",
+ "timestamp": 1686149975
+ },
+ {
+ "file_size": 58853069,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 453396,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 422866,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7f61bf37ba7a45b4d9686384db4cccec61f67c47",
+ "timestamp": 1686149975
+ },
+ {
+ "file_size": 80896,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3807,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4617,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6fc8b4b91789e00438dc40c306b51a4cb607eb8d",
+ "timestamp": 1686149975
+ },
+ {
+ "file_size": 80896,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3807,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4617,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6fc8b4b91789e00438dc40c306b51a4cb607eb8d",
+ "timestamp": 1686149975
+ },
+ {
+ "file_size": 4090442,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2966063,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3005572,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a9102e50f879a876bcde1a65ed9e66061345af38",
+ "timestamp": 1686149977
+ },
+ {
+ "file_size": 4090442,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2966063,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3005572,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a9102e50f879a876bcde1a65ed9e66061345af38",
+ "timestamp": 1686149977
+ },
+ {
+ "file_size": 11287504,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 9611205,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9336911,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "855439438fa49547ac12bdf953b32f72c719b2c9",
+ "timestamp": 1686149980
+ },
+ {
+ "file_size": 11287504,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 9611205,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9336911,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "855439438fa49547ac12bdf953b32f72c719b2c9",
+ "timestamp": 1686149980
+ },
+ {
+ "file_size": 51580195,
+ "file_type": "PE/Exe/NSIS",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 192859,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1055775,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "aa57da659dd7d00cce7d1435bfc8459087f51b6f",
+ "timestamp": 1686149983
+ },
+ {
+ "file_size": 51580195,
+ "file_type": "PE/Exe/NSIS",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 192859,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1055775,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "aa57da659dd7d00cce7d1435bfc8459087f51b6f",
+ "timestamp": 1686149983
+ },
+ {
+ "file_size": 52603562,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5081683,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48790340,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7b645c555f2208a68b7d6aff201736b6e111d3cc",
+ "timestamp": 1686149989
+ },
+ {
+ "file_size": 52603562,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5081683,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48790340,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7b645c555f2208a68b7d6aff201736b6e111d3cc",
+ "timestamp": 1686149989
+ },
+ {
+ "file_size": 12364752,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 10579965,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 10306863,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6c745b37d30bdc06e8ace8b4189538403c4d5c8a",
+ "timestamp": 1686149991
+ },
+ {
+ "file_size": 12364752,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 10579965,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 10306863,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6c745b37d30bdc06e8ace8b4189538403c4d5c8a",
+ "timestamp": 1686149991
+ },
+ {
+ "file_size": 113599,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 28965,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 50276,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c797c0ed6564a46ae0ac9973f2b97411dbac4754",
+ "timestamp": 1686149993
+ },
+ {
+ "file_size": 113599,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 28965,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 50276,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c797c0ed6564a46ae0ac9973f2b97411dbac4754",
+ "timestamp": 1686149993
+ },
+ {
+ "file_size": 8720028,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6232135,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6035292,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a12a22c2b0ecdbeb2f98a592328068591520225e",
+ "timestamp": 1686149993
+ },
+ {
+ "file_size": 8720028,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6232135,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6035292,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a12a22c2b0ecdbeb2f98a592328068591520225e",
+ "timestamp": 1686149993
+ },
+ {
+ "file_size": 11722184,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 10006757,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9731199,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d824b4da35e0527c04c91b45111790421e0df9c3",
+ "timestamp": 1686149993
+ },
+ {
+ "file_size": 11722184,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 10006757,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9731199,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d824b4da35e0527c04c91b45111790421e0df9c3",
+ "timestamp": 1686149993
+ },
+ {
+ "file_size": 1647430,
+ "file_type": "Document/None/RTF",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1504890,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1514081,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d416c83fd8bc78cc77ef30a8e5543b59f8b58f90",
+ "timestamp": 1686150001
+ },
+ {
+ "file_size": 1647430,
+ "file_type": "Document/None/RTF",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1504890,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1514081,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d416c83fd8bc78cc77ef30a8e5543b59f8b58f90",
+ "timestamp": 1686150001
+ },
+ {
+ "file_size": 8185068,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1729023,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1836665,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a470d52b3da243f0a6e4f29990910c15fe877260",
+ "timestamp": 1686150003
+ },
+ {
+ "file_size": 8185068,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1729023,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1836665,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a470d52b3da243f0a6e4f29990910c15fe877260",
+ "timestamp": 1686150003
+ },
+ {
+ "file_size": 9058488,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2024065,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2076599,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "28cb515f6029996c620d90852ac18089b1ded110",
+ "timestamp": 1686150004
+ },
+ {
+ "file_size": 9058488,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2024065,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2076599,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "28cb515f6029996c620d90852ac18089b1ded110",
+ "timestamp": 1686150004
+ },
+ {
+ "file_size": 6957242,
+ "file_type": "PE/Exe/NSIS",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1535249,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2867970,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "936ed9f8b5e106db89d568cdd6cf0d3768e35e8a",
+ "timestamp": 1686150005
+ },
+ {
+ "file_size": 6957242,
+ "file_type": "PE/Exe/NSIS",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1535249,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2867970,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "936ed9f8b5e106db89d568cdd6cf0d3768e35e8a",
+ "timestamp": 1686150005
+ },
+ {
+ "file_size": 11402192,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 9748709,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9479007,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "67bf7558493de43e5248d5c3fb0eff9ebe15e025",
+ "timestamp": 1686150005
+ },
+ {
+ "file_size": 11402192,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 9748709,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9479007,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "67bf7558493de43e5248d5c3fb0eff9ebe15e025",
+ "timestamp": 1686150005
+ },
+ {
+ "file_size": 3560827,
+ "file_type": "ELF64 Little/SO",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 134236,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3282561,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "09a2f81add6a24707bf53b87fc35649648d83d84",
+ "timestamp": 1686150008
+ },
+ {
+ "file_size": 3560827,
+ "file_type": "ELF64 Little/SO",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 134236,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3282561,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "09a2f81add6a24707bf53b87fc35649648d83d84",
+ "timestamp": 1686150008
+ },
+ {
+ "file_size": 24621335,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1120542,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1090012,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "42b2ae12dea46ea047d05762919e9b4bfe5ef788",
+ "timestamp": 1686150010
+ },
+ {
+ "file_size": 24621335,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1120542,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1090012,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "42b2ae12dea46ea047d05762919e9b4bfe5ef788",
+ "timestamp": 1686150010
+ },
+ {
+ "file_size": 27294631,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2867337,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5192795,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "fadcba6ae6a7d80804672d39716caf6d6b236548",
+ "timestamp": 1686150010
+ },
+ {
+ "file_size": 27294631,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2867337,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5192795,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "fadcba6ae6a7d80804672d39716caf6d6b236548",
+ "timestamp": 1686150010
+ },
+ {
+ "file_size": 563708,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 71256,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 13295,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "ec4ae655adbbb3805d80b71db833024062f40a30",
+ "timestamp": 1686150022
+ },
+ {
+ "file_size": 563708,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 71256,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 13295,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "ec4ae655adbbb3805d80b71db833024062f40a30",
+ "timestamp": 1686150022
+ },
+ {
+ "file_size": 23674771,
+ "file_type": "PE/.Net Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1113582,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 898210,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c3b9b20d2b059c554bfedcf02f7e20a78ea0b634",
+ "timestamp": 1686150029
+ },
+ {
+ "file_size": 23674771,
+ "file_type": "PE/.Net Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1113582,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 898210,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c3b9b20d2b059c554bfedcf02f7e20a78ea0b634",
+ "timestamp": 1686150029
+ },
+ {
+ "file_size": 8696352,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6448188,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5556020,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8c6478d4da8936bbd1c41d55d627e5947f350a3c",
+ "timestamp": 1686150030
+ },
+ {
+ "file_size": 8696352,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6448188,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5556020,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8c6478d4da8936bbd1c41d55d627e5947f350a3c",
+ "timestamp": 1686150030
+ },
+ {
+ "file_size": 89737,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27489,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 49043,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "ea0cd712f5841da8a42c88b5531580a67a46606d",
+ "timestamp": 1686150040
+ },
+ {
+ "file_size": 89737,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27489,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 49043,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "ea0cd712f5841da8a42c88b5531580a67a46606d",
+ "timestamp": 1686150040
+ },
+ {
+ "file_size": 7919852,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5071035,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5906334,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "639f26fcdf4cf23f537da436e579d7642bb88a34",
+ "timestamp": 1686150042
+ },
+ {
+ "file_size": 7919852,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5071035,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5906334,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "639f26fcdf4cf23f537da436e579d7642bb88a34",
+ "timestamp": 1686150042
+ },
+ {
+ "file_size": 4740152,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3564800,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3647079,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0e2b28a93eb1a6028a450f2d0fb17b8a4142c838",
+ "timestamp": 1686150044
+ },
+ {
+ "file_size": 4740152,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3564800,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3647079,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0e2b28a93eb1a6028a450f2d0fb17b8a4142c838",
+ "timestamp": 1686150044
+ },
+ {
+ "file_size": 8722544,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6754191,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7446396,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "11da04c21b47ff12ad322a6b23556b240c57e132",
+ "timestamp": 1686150045
+ },
+ {
+ "file_size": 8722544,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6754191,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7446396,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "11da04c21b47ff12ad322a6b23556b240c57e132",
+ "timestamp": 1686150045
+ },
+ {
+ "file_size": 3826214,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 68922,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3251864,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "57e01329fd57cdf43d48e6126dcb04a9a649f486",
+ "timestamp": 1686150045
+ },
+ {
+ "file_size": 3826214,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 68922,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3251864,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "57e01329fd57cdf43d48e6126dcb04a9a649f486",
+ "timestamp": 1686150045
+ },
+ {
+ "file_size": 90401,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 30206,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 51760,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "eb539586df1f83a1ad6a46578ae93af47d28e583",
+ "timestamp": 1686150050
+ },
+ {
+ "file_size": 90401,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 30206,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 51760,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "eb539586df1f83a1ad6a46578ae93af47d28e583",
+ "timestamp": 1686150050
+ },
+ {
+ "file_size": 5196432,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1774761,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1594184,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0dfbab7b39fe2df27cc3c450a33703e862548e7c",
+ "timestamp": 1686150050
+ },
+ {
+ "file_size": 5196432,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1774761,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1594184,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0dfbab7b39fe2df27cc3c450a33703e862548e7c",
+ "timestamp": 1686150050
+ },
+ {
+ "file_size": 88693,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 25563,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 47117,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4f0abfde4499ca4265efaa76240165eeec26ae9c",
+ "timestamp": 1686150055
+ },
+ {
+ "file_size": 88693,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 25563,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 47117,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4f0abfde4499ca4265efaa76240165eeec26ae9c",
+ "timestamp": 1686150055
+ },
+ {
+ "file_size": 3114071,
+ "file_type": "ELF32 Little/SO",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 104418,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2618650,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "e99fb966b75da3eb02a16fcac3b36c3a9194b857",
+ "timestamp": 1686150056
+ },
+ {
+ "file_size": 3114071,
+ "file_type": "ELF32 Little/SO",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 104418,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2618650,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "e99fb966b75da3eb02a16fcac3b36c3a9194b857",
+ "timestamp": 1686150056
+ },
+ {
+ "file_size": 28120902,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 22260169,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 27281148,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0ac06711934890049220bec85d224ca6a69a4abf",
+ "timestamp": 1686150060
+ },
+ {
+ "file_size": 28120902,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 22260169,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 27281148,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0ac06711934890049220bec85d224ca6a69a4abf",
+ "timestamp": 1686150060
+ },
+ {
+ "file_size": 28328686,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6610304,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 13148605,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7929803a26acbb9fbec06ee003d65fb01966f3a9",
+ "timestamp": 1686150077
+ },
+ {
+ "file_size": 28328686,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6610304,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 13148605,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7929803a26acbb9fbec06ee003d65fb01966f3a9",
+ "timestamp": 1686150077
+ },
+ {
+ "file_size": 28328686,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 22540142,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "7929803a26acbb9fbec06ee003d65fb01966f3a9",
+ "timestamp": 1686150077
+ },
+ {
+ "file_size": 18271076,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 273776,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4064513,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8efe34081ab998e156e537df4da387b0a4bd7f08",
+ "timestamp": 1686150078
+ },
+ {
+ "file_size": 18271076,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 273776,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4064513,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8efe34081ab998e156e537df4da387b0a4bd7f08",
+ "timestamp": 1686150078
+ },
+ {
+ "file_size": 28018926,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6300544,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12838845,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "3095cf7fcee94f7ca177dd1cb4aea29b5b451116",
+ "timestamp": 1686150083
+ },
+ {
+ "file_size": 28018926,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 22230382,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "3095cf7fcee94f7ca177dd1cb4aea29b5b451116",
+ "timestamp": 1686150083
+ },
+ {
+ "file_size": 28018926,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6300544,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12838845,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "3095cf7fcee94f7ca177dd1cb4aea29b5b451116",
+ "timestamp": 1686150083
+ },
+ {
+ "file_size": 27306734,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5588352,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12126653,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "32c438b9048acb085fda9bd828fe370804e83b5c",
+ "timestamp": 1686150084
+ },
+ {
+ "file_size": 27306734,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5588352,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12126653,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "32c438b9048acb085fda9bd828fe370804e83b5c",
+ "timestamp": 1686150084
+ },
+ {
+ "file_size": 27306734,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 21518190,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "32c438b9048acb085fda9bd828fe370804e83b5c",
+ "timestamp": 1686150084
+ },
+ {
+ "file_size": 81650,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 16951,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 39263,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "37b6ec97243b59e031215a7c79c76bd535c94a11",
+ "timestamp": 1686150090
+ },
+ {
+ "file_size": 81650,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 16951,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 39263,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "37b6ec97243b59e031215a7c79c76bd535c94a11",
+ "timestamp": 1686150090
+ },
+ {
+ "file_size": 181777,
+ "file_type": "Document/None/PDF",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 9977,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8279,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8e5698b6c99e84ef251da396e57801eea4d4a7e0",
+ "timestamp": 1686150096
+ },
+ {
+ "file_size": 181777,
+ "file_type": "Document/None/PDF",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 9977,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8279,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8e5698b6c99e84ef251da396e57801eea4d4a7e0",
+ "timestamp": 1686150096
+ },
+ {
+ "file_size": 271360,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 119107,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 118595,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "2b1c1ebb77a69accf7ade4a6656a229a8236da23",
+ "timestamp": 1686150101
+ },
+ {
+ "file_size": 271360,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 119107,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 118595,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "2b1c1ebb77a69accf7ade4a6656a229a8236da23",
+ "timestamp": 1686150101
+ },
+ {
+ "file_size": 583414,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 304758,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 30495,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c90a2097bb3ef3b7782b569aad3a7a402c40ece6",
+ "timestamp": 1686150102
+ },
+ {
+ "file_size": 583414,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 304758,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 30495,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c90a2097bb3ef3b7782b569aad3a7a402c40ece6",
+ "timestamp": 1686150102
+ },
+ {
+ "file_size": 5011956,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3830891,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4122073,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "bceeab17f46e635c4d2d8e83ba98fc53d3b94409",
+ "timestamp": 1686150104
+ },
+ {
+ "file_size": 5011956,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3830891,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4122073,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "bceeab17f46e635c4d2d8e83ba98fc53d3b94409",
+ "timestamp": 1686150104
+ },
+ {
+ "file_size": 22521,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 17697,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 22133,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7370d7caf811dc3fb9b8ded4fb3a23d36997253d",
+ "timestamp": 1686150104
+ },
+ {
+ "file_size": 22521,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 17697,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 22133,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7370d7caf811dc3fb9b8ded4fb3a23d36997253d",
+ "timestamp": 1686150104
+ },
+ {
+ "file_size": 7701312,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5240872,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6126943,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "af1458eda29940c81e42bf6a11d689b9363a575b",
+ "timestamp": 1686150107
+ },
+ {
+ "file_size": 7701312,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5240872,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6126943,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "af1458eda29940c81e42bf6a11d689b9363a575b",
+ "timestamp": 1686150107
+ },
+ {
+ "file_size": 8298484,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1572183,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2680377,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "99047e1bf6e16b647f124db80faf90d91947643e",
+ "timestamp": 1686150109
+ },
+ {
+ "file_size": 8298484,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1572183,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2680377,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "99047e1bf6e16b647f124db80faf90d91947643e",
+ "timestamp": 1686150109
+ },
+ {
+ "file_size": 105267,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 849,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 30630,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "891e13aa1d764808d787be69ae3e8188345891ed",
+ "timestamp": 1686150115
+ },
+ {
+ "file_size": 105267,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 849,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 30630,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "891e13aa1d764808d787be69ae3e8188345891ed",
+ "timestamp": 1686150115
+ },
+ {
+ "file_size": 6390588,
+ "file_type": "PE+/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3498419,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3285485,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "732c2810e0cecccdfbcf3a052753060d8158643d",
+ "timestamp": 1686150119
+ },
+ {
+ "file_size": 6390588,
+ "file_type": "PE+/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3498419,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3285485,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "732c2810e0cecccdfbcf3a052753060d8158643d",
+ "timestamp": 1686150119
+ },
+ {
+ "file_size": 102498470,
+ "file_type": "PE/Exe/NSIS",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 26303220,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 15358931,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "89f539a36777589582b45b5ab3f1c4b8c392a519",
+ "timestamp": 1686150124
+ },
+ {
+ "file_size": 102498470,
+ "file_type": "PE/Exe/NSIS",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 26303220,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 15358931,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "89f539a36777589582b45b5ab3f1c4b8c392a519",
+ "timestamp": 1686150124
+ },
+ {
+ "file_size": 223744,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 21284,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 15037,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "025d67d07d1d4c0c6815dd671c5021f2d1dbeb2d",
+ "timestamp": 1686150124
+ },
+ {
+ "file_size": 223744,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 21284,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 15037,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "025d67d07d1d4c0c6815dd671c5021f2d1dbeb2d",
+ "timestamp": 1686150124
+ },
+ {
+ "file_size": 34840,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1586,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 20241,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "247dda310be523a670399ce08ac7576eeffceba9",
+ "timestamp": 1686150127
+ },
+ {
+ "file_size": 34840,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1586,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 20241,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "247dda310be523a670399ce08ac7576eeffceba9",
+ "timestamp": 1686150127
+ },
+ {
+ "file_size": 97689,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 34565,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 56119,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "ce2fbbb268352f30e63708658a895b55d5994a21",
+ "timestamp": 1686150127
+ },
+ {
+ "file_size": 97689,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 34565,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 56119,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "ce2fbbb268352f30e63708658a895b55d5994a21",
+ "timestamp": 1686150127
+ },
+ {
+ "file_size": 608019,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 120997,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 179775,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "81bc384770e1fcf3d32e38b69e7fa6dfd68eceb5",
+ "timestamp": 1686150128
+ },
+ {
+ "file_size": 608019,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 120997,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 179775,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "81bc384770e1fcf3d32e38b69e7fa6dfd68eceb5",
+ "timestamp": 1686150128
+ },
+ {
+ "file_size": 7109996,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5978050,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4853648,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "2a354db1cbe01973b6ea523d0842327ddafc17b8",
+ "timestamp": 1686150129
+ },
+ {
+ "file_size": 7109996,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5978050,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4853648,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "2a354db1cbe01973b6ea523d0842327ddafc17b8",
+ "timestamp": 1686150129
+ },
+ {
+ "file_size": 11060751,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 208731,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4067711,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d328639db252e6882cde55b4d96fb6c6917ce647",
+ "timestamp": 1686150135
+ },
+ {
+ "file_size": 11060751,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 208731,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4067711,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d328639db252e6882cde55b4d96fb6c6917ce647",
+ "timestamp": 1686150135
+ },
+ {
+ "file_size": 102034,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 31083,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 52637,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9d13375b63610249a16e7eec10b2be064c7097f7",
+ "timestamp": 1686150136
+ },
+ {
+ "file_size": 102034,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 31083,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 52637,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9d13375b63610249a16e7eec10b2be064c7097f7",
+ "timestamp": 1686150136
+ },
+ {
+ "file_size": 24915182,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 19126638,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "3c24cca2a6bfa8faaa35756e6814802dbcd751f2",
+ "timestamp": 1686150137
+ },
+ {
+ "file_size": 24915182,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3196800,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9735101,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "3c24cca2a6bfa8faaa35756e6814802dbcd751f2",
+ "timestamp": 1686150137
+ },
+ {
+ "file_size": 24915182,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3196800,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9735101,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "3c24cca2a6bfa8faaa35756e6814802dbcd751f2",
+ "timestamp": 1686150137
+ },
+ {
+ "file_size": 26192622,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 20404078,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "9c9d925179896d29421f881eb5ad77af9e8bc7fb",
+ "timestamp": 1686150137
+ },
+ {
+ "file_size": 26192622,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4474240,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11012541,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9c9d925179896d29421f881eb5ad77af9e8bc7fb",
+ "timestamp": 1686150137
+ },
+ {
+ "file_size": 26192622,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4474240,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11012541,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9c9d925179896d29421f881eb5ad77af9e8bc7fb",
+ "timestamp": 1686150137
+ },
+ {
+ "file_size": 26345710,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 20557166,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "d6d554d74fdfd98418b8fa34338056708291599e",
+ "timestamp": 1686150137
+ },
+ {
+ "file_size": 26345710,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4627328,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11165629,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d6d554d74fdfd98418b8fa34338056708291599e",
+ "timestamp": 1686150137
+ },
+ {
+ "file_size": 26345710,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4627328,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11165629,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d6d554d74fdfd98418b8fa34338056708291599e",
+ "timestamp": 1686150137
+ },
+ {
+ "file_size": 25406702,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3688320,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 10226621,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1799c607028ad0ed4d15e46bb80cc0a70683e90f",
+ "timestamp": 1686150137
+ },
+ {
+ "file_size": 25406702,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3688320,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 10226621,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1799c607028ad0ed4d15e46bb80cc0a70683e90f",
+ "timestamp": 1686150137
+ },
+ {
+ "file_size": 25406702,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 19618158,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "1799c607028ad0ed4d15e46bb80cc0a70683e90f",
+ "timestamp": 1686150137
+ },
+ {
+ "file_size": 25241838,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 19453294,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "f5be7fa83024d787932ead402e6a0a63da6eb443",
+ "timestamp": 1686150138
+ },
+ {
+ "file_size": 25241838,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3523456,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 10061757,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "f5be7fa83024d787932ead402e6a0a63da6eb443",
+ "timestamp": 1686150138
+ },
+ {
+ "file_size": 25241838,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3523456,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 10061757,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "f5be7fa83024d787932ead402e6a0a63da6eb443",
+ "timestamp": 1686150138
+ },
+ {
+ "file_size": 27273966,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 21485422,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "f9461339c56853fd3b535f99bc72bd2b897591d0",
+ "timestamp": 1686150138
+ },
+ {
+ "file_size": 27273966,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5555584,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12093885,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "f9461339c56853fd3b535f99bc72bd2b897591d0",
+ "timestamp": 1686150138
+ },
+ {
+ "file_size": 27273966,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5555584,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12093885,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "f9461339c56853fd3b535f99bc72bd2b897591d0",
+ "timestamp": 1686150138
+ },
+ {
+ "file_size": 26257134,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4538752,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11077053,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "bbda585b97e741d2fb638684255a0c49daafadac",
+ "timestamp": 1686150138
+ },
+ {
+ "file_size": 26257134,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 20468590,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "bbda585b97e741d2fb638684255a0c49daafadac",
+ "timestamp": 1686150138
+ },
+ {
+ "file_size": 26257134,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4538752,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11077053,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "bbda585b97e741d2fb638684255a0c49daafadac",
+ "timestamp": 1686150138
+ },
+ {
+ "file_size": 4620288,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2649834,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2685878,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "102d0b298f078b7d115083307e4ca0ed1bcbd134",
+ "timestamp": 1686150138
+ },
+ {
+ "file_size": 4620288,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2649834,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2685878,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "102d0b298f078b7d115083307e4ca0ed1bcbd134",
+ "timestamp": 1686150138
+ },
+ {
+ "file_size": 489616,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 38581,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 22168,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "32de67e7b17be1d18964e2086362b34f3c7b3575",
+ "timestamp": 1686150138
+ },
+ {
+ "file_size": 489616,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 38581,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 22168,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "32de67e7b17be1d18964e2086362b34f3c7b3575",
+ "timestamp": 1686150138
+ },
+ {
+ "file_size": 33862,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 26439,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 23818,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "40caa9fe8fa64c0f9ba67298941a34d042cff179",
+ "timestamp": 1686150138
+ },
+ {
+ "file_size": 33862,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 26439,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 23818,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "40caa9fe8fa64c0f9ba67298941a34d042cff179",
+ "timestamp": 1686150138
+ },
+ {
+ "file_size": 85008,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27891,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 49445,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "37c285df8d320279049afa0c23fa334a3bbeda77",
+ "timestamp": 1686150139
+ },
+ {
+ "file_size": 85008,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27891,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 49445,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "37c285df8d320279049afa0c23fa334a3bbeda77",
+ "timestamp": 1686150139
+ },
+ {
+ "file_size": 27974382,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 22185838,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "153a8db91757b63b2d6f178bb9d02ea5208c9457",
+ "timestamp": 1686150139
+ },
+ {
+ "file_size": 27974382,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6256000,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12794301,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "153a8db91757b63b2d6f178bb9d02ea5208c9457",
+ "timestamp": 1686150139
+ },
+ {
+ "file_size": 27974382,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6256000,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12794301,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "153a8db91757b63b2d6f178bb9d02ea5208c9457",
+ "timestamp": 1686150139
+ },
+ {
+ "file_size": 28105966,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6387584,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12925885,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d50286aa8bb8c3014247b90adb746b25bfd31003",
+ "timestamp": 1686150139
+ },
+ {
+ "file_size": 28105966,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 22317422,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "d50286aa8bb8c3014247b90adb746b25bfd31003",
+ "timestamp": 1686150139
+ },
+ {
+ "file_size": 28105966,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6387584,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12925885,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d50286aa8bb8c3014247b90adb746b25bfd31003",
+ "timestamp": 1686150139
+ },
+ {
+ "file_size": 29250286,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7531904,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 14070205,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6c074b89819c235bdeb338af24c7c735ad0035ec",
+ "timestamp": 1686150140
+ },
+ {
+ "file_size": 29250286,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7531904,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 14070205,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6c074b89819c235bdeb338af24c7c735ad0035ec",
+ "timestamp": 1686150140
+ },
+ {
+ "file_size": 29250286,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 23461742,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "6c074b89819c235bdeb338af24c7c735ad0035ec",
+ "timestamp": 1686150140
+ },
+ {
+ "file_size": 58288120,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 41036824,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 23548621,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c9812fa79f7c7d3a61f8ed156a3f9047aba84256",
+ "timestamp": 1686150140
+ },
+ {
+ "file_size": 58288120,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 41036824,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 23548621,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c9812fa79f7c7d3a61f8ed156a3f9047aba84256",
+ "timestamp": 1686150140
+ },
+ {
+ "file_size": 27151086,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5432704,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11971005,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6f9101e3313d15831fe21dca4f41cd305a5a42b0",
+ "timestamp": 1686150140
+ },
+ {
+ "file_size": 27151086,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5432704,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11971005,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6f9101e3313d15831fe21dca4f41cd305a5a42b0",
+ "timestamp": 1686150140
+ },
+ {
+ "file_size": 27151086,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 21362542,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "6f9101e3313d15831fe21dca4f41cd305a5a42b0",
+ "timestamp": 1686150140
+ },
+ {
+ "file_size": 25467630,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3749248,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 10287549,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "54553aa667794ecaf466add2eb68115e655bb142",
+ "timestamp": 1686150142
+ },
+ {
+ "file_size": 25467630,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3749248,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 10287549,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "54553aa667794ecaf466add2eb68115e655bb142",
+ "timestamp": 1686150142
+ },
+ {
+ "file_size": 25467630,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 19679086,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "54553aa667794ecaf466add2eb68115e655bb142",
+ "timestamp": 1686150142
+ },
+ {
+ "file_size": 24958190,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3239808,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9778109,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "96485038e952a3ea5b05d3b73cb09e16746f05fe",
+ "timestamp": 1686150142
+ },
+ {
+ "file_size": 24958190,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 19169646,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "96485038e952a3ea5b05d3b73cb09e16746f05fe",
+ "timestamp": 1686150142
+ },
+ {
+ "file_size": 24958190,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3239808,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9778109,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "96485038e952a3ea5b05d3b73cb09e16746f05fe",
+ "timestamp": 1686150142
+ },
+ {
+ "file_size": 22632960,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 12832781,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 17325113,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d9470e93a7f0471df16a93a2df001e35f383b358",
+ "timestamp": 1686150143
+ },
+ {
+ "file_size": 22632960,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 12832781,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 17325113,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d9470e93a7f0471df16a93a2df001e35f383b358",
+ "timestamp": 1686150143
+ },
+ {
+ "file_size": 28521710,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6803328,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 13341629,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a9e434ae7946b87a7a35e1ceea2a3585c63364ff",
+ "timestamp": 1686150146
+ },
+ {
+ "file_size": 28521710,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 22733166,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "a9e434ae7946b87a7a35e1ceea2a3585c63364ff",
+ "timestamp": 1686150146
+ },
+ {
+ "file_size": 28521710,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6803328,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 13341629,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a9e434ae7946b87a7a35e1ceea2a3585c63364ff",
+ "timestamp": 1686150146
+ },
+ {
+ "file_size": 28730094,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7011712,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 13550013,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "722d9445761cedf9cf95b00a27484c98b198a087",
+ "timestamp": 1686150147
+ },
+ {
+ "file_size": 28730094,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 22941550,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "722d9445761cedf9cf95b00a27484c98b198a087",
+ "timestamp": 1686150147
+ },
+ {
+ "file_size": 28730094,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7011712,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 13550013,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "722d9445761cedf9cf95b00a27484c98b198a087",
+ "timestamp": 1686150147
+ },
+ {
+ "file_size": 19508784,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 14359504,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16198715,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a074e8cd0d7f96a1660eb8034c9d4bb659911d8c",
+ "timestamp": 1686150151
+ },
+ {
+ "file_size": 19508784,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 14359504,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16198715,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a074e8cd0d7f96a1660eb8034c9d4bb659911d8c",
+ "timestamp": 1686150151
+ },
+ {
+ "file_size": 134656,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4983,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3404,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "5c5149ddc70c1570f08aeaadf3ae7f9c0b62aa44",
+ "timestamp": 1686150153
+ },
+ {
+ "file_size": 134656,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4983,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3404,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "5c5149ddc70c1570f08aeaadf3ae7f9c0b62aa44",
+ "timestamp": 1686150153
+ },
+ {
+ "file_size": 123956,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 35591,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 57145,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4151684c657f55df0fbcf6f23e4ff59a3d434933",
+ "timestamp": 1686150154
+ },
+ {
+ "file_size": 123956,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 35591,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 57145,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4151684c657f55df0fbcf6f23e4ff59a3d434933",
+ "timestamp": 1686150154
+ },
+ {
+ "file_size": 89099,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27245,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48799,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c1c8b28dccfe8d0b1019ccd86c4a64b6deff30f6",
+ "timestamp": 1686150158
+ },
+ {
+ "file_size": 89099,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27245,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48799,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c1c8b28dccfe8d0b1019ccd86c4a64b6deff30f6",
+ "timestamp": 1686150158
+ },
+ {
+ "file_size": 526968,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 46,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 656,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9a1f873e7ca75688bb3ecf3538c673994ea8f06e",
+ "timestamp": 1686150159
+ },
+ {
+ "file_size": 526968,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 46,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 656,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9a1f873e7ca75688bb3ecf3538c673994ea8f06e",
+ "timestamp": 1686150159
+ },
+ {
+ "file_size": 3652720,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1101203,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1128397,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "946bccb4633670592563b838e8905d87d32006c9",
+ "timestamp": 1686150162
+ },
+ {
+ "file_size": 3652720,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1101203,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1128397,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "946bccb4633670592563b838e8905d87d32006c9",
+ "timestamp": 1686150162
+ },
+ {
+ "file_size": 9176564,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6268070,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7592405,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "30a5cb71610bf97bb780db06d1c3a685558cef60",
+ "timestamp": 1686150163
+ },
+ {
+ "file_size": 9176564,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6268070,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7592405,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "30a5cb71610bf97bb780db06d1c3a685558cef60",
+ "timestamp": 1686150163
+ },
+ {
+ "file_size": 6925744,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4923140,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4887861,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c552441469a45b5342205401366537d43dfbf1c3",
+ "timestamp": 1686150164
+ },
+ {
+ "file_size": 6925744,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4923140,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4887861,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c552441469a45b5342205401366537d43dfbf1c3",
+ "timestamp": 1686150164
+ },
+ {
+ "file_size": 7991496,
+ "file_type": "PE/Exe/NSIS",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2569503,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3902224,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9f236dccf15907ee09d04f6c8a451bd42b1d4e2d",
+ "timestamp": 1686150165
+ },
+ {
+ "file_size": 7991496,
+ "file_type": "PE/Exe/NSIS",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2569503,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3902224,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9f236dccf15907ee09d04f6c8a451bd42b1d4e2d",
+ "timestamp": 1686150165
+ },
+ {
+ "file_size": 5979364,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4057685,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4165750,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "967fcbf4e10d26548398eec462c166d1df722266",
+ "timestamp": 1686150165
+ },
+ {
+ "file_size": 5979364,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4057685,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4165750,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "967fcbf4e10d26548398eec462c166d1df722266",
+ "timestamp": 1686150165
+ },
+ {
+ "file_size": 9728028,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6334598,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6463104,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "5d2ee739905d5f78b6e31684f3bb92423647692b",
+ "timestamp": 1686150166
+ },
+ {
+ "file_size": 9728028,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6334598,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6463104,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "5d2ee739905d5f78b6e31684f3bb92423647692b",
+ "timestamp": 1686150166
+ },
+ {
+ "file_size": 8267816,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5914695,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5870746,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "bb7e753018fc4b3c1fdc780a364df59d2e566e67",
+ "timestamp": 1686150167
+ },
+ {
+ "file_size": 8267816,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5914695,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5870746,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "bb7e753018fc4b3c1fdc780a364df59d2e566e67",
+ "timestamp": 1686150167
+ },
+ {
+ "file_size": 6904424,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4921711,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5569145,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "750679ecdaac688baa60e32674e510f60cac2ba1",
+ "timestamp": 1686150167
+ },
+ {
+ "file_size": 6904424,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4921711,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5569145,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "750679ecdaac688baa60e32674e510f60cac2ba1",
+ "timestamp": 1686150167
+ },
+ {
+ "file_size": 8668000,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5790672,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5929530,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8d17ecf99008a1800aa77b798c53f75f34db635f",
+ "timestamp": 1686150167
+ },
+ {
+ "file_size": 8668000,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5790672,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5929530,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8d17ecf99008a1800aa77b798c53f75f34db635f",
+ "timestamp": 1686150167
+ },
+ {
+ "file_size": 8020420,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1730444,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1955210,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "098c13f1d5cc4b6038d67874cd2340c470047bde",
+ "timestamp": 1686150168
+ },
+ {
+ "file_size": 8020420,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1730444,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1955210,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "098c13f1d5cc4b6038d67874cd2340c470047bde",
+ "timestamp": 1686150168
+ },
+ {
+ "file_size": 9653972,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1796540,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1636817,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "683b6403118d4a672e2f31efef768346320c5d5d",
+ "timestamp": 1686150169
+ },
+ {
+ "file_size": 9653972,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1796540,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1636817,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "683b6403118d4a672e2f31efef768346320c5d5d",
+ "timestamp": 1686150169
+ },
+ {
+ "file_size": 5534364,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4320126,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4305821,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "2627f11c33033737de957cf52cc29297d0810371",
+ "timestamp": 1686150169
+ },
+ {
+ "file_size": 5534364,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4320126,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4305821,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "2627f11c33033737de957cf52cc29297d0810371",
+ "timestamp": 1686150169
+ },
+ {
+ "file_size": 10148688,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1961186,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2836228,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9834a9b1ff7edf23552ac4e15464a50ced1f90fa",
+ "timestamp": 1686150170
+ },
+ {
+ "file_size": 10148688,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1961186,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2836228,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9834a9b1ff7edf23552ac4e15464a50ced1f90fa",
+ "timestamp": 1686150170
+ },
+ {
+ "file_size": 8828660,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6406510,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6382932,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "48bd69a510ba602c73863ad2afb6b1455e858335",
+ "timestamp": 1686150170
+ },
+ {
+ "file_size": 8828660,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6406510,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6382932,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "48bd69a510ba602c73863ad2afb6b1455e858335",
+ "timestamp": 1686150170
+ },
+ {
+ "file_size": 6136097,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 3709386,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "5bc8ccc3bfd1b1c9bb5c14f442c70a32efa61a71",
+ "timestamp": 1686150172
+ },
+ {
+ "file_size": 19905987,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2216386,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1636129,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9f547ef8cba3b6f25f8c7fe2cacf62496c78cf09",
+ "timestamp": 1686150174
+ },
+ {
+ "file_size": 19905987,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2216386,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1636129,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9f547ef8cba3b6f25f8c7fe2cacf62496c78cf09",
+ "timestamp": 1686150174
+ },
+ {
+ "file_size": 1215488,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 576416,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "059403186f3a5d4832bd7bf3e137ab532076c37c",
+ "timestamp": 1686150175
+ },
+ {
+ "file_size": 62215476,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 25262900,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 53345796,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "af6b75fe56e8568402c36c11a851c31519729d09",
+ "timestamp": 1686150176
+ },
+ {
+ "file_size": 62215476,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 25262900,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 53345796,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "af6b75fe56e8568402c36c11a851c31519729d09",
+ "timestamp": 1686150176
+ },
+ {
+ "file_size": 62215476,
+ "file_type": "Binary/Archive/ZIP",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 53626293,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "af6b75fe56e8568402c36c11a851c31519729d09",
+ "timestamp": 1686150176
+ },
+ {
+ "file_size": 8790228,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5984952,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7594298,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "791352f0f97961d04505e72dbbc4c90521823212",
+ "timestamp": 1686150176
+ },
+ {
+ "file_size": 8790228,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5984952,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7594298,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "791352f0f97961d04505e72dbbc4c90521823212",
+ "timestamp": 1686150176
+ },
+ {
+ "file_size": 3970896,
+ "file_type": "PE/.Net Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1384326,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3217764,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "739c8e7a85bf46ced7d5926d46f5327b03c13e39",
+ "timestamp": 1686150177
+ },
+ {
+ "file_size": 3970896,
+ "file_type": "PE/.Net Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1384326,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3217764,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "739c8e7a85bf46ced7d5926d46f5327b03c13e39",
+ "timestamp": 1686150177
+ },
+ {
+ "file_size": 370759,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 120638,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "d15409e85cbcd767078d35da6402415a8786b261",
+ "timestamp": 1686150178
+ },
+ {
+ "file_size": 19508784,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 14359504,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16198715,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a074e8cd0d7f96a1660eb8034c9d4bb659911d8c",
+ "timestamp": 1686150178
+ },
+ {
+ "file_size": 19508784,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 14359504,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16198715,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a074e8cd0d7f96a1660eb8034c9d4bb659911d8c",
+ "timestamp": 1686150178
+ },
+ {
+ "file_size": 9376260,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6790310,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7997401,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "69b79a4acbecc8d616965ccde616fbed0bce6bb6",
+ "timestamp": 1686150180
+ },
+ {
+ "file_size": 9376260,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6790310,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7997401,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "69b79a4acbecc8d616965ccde616fbed0bce6bb6",
+ "timestamp": 1686150180
+ },
+ {
+ "file_size": 25092884,
+ "file_type": "PE/Exe/NSIS",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3544155,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3318615,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0061d1045777f0d4ffa785a37224981e663cadef",
+ "timestamp": 1686150187
+ },
+ {
+ "file_size": 25092884,
+ "file_type": "PE/Exe/NSIS",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3544155,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3318615,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0061d1045777f0d4ffa785a37224981e663cadef",
+ "timestamp": 1686150187
+ },
+ {
+ "file_size": 29217518,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 23428974,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0",
+ "timestamp": 1686150197
+ },
+ {
+ "file_size": 29217518,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7499136,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 14037437,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0",
+ "timestamp": 1686150197
+ },
+ {
+ "file_size": 29217518,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7499136,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 14037437,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0",
+ "timestamp": 1686150197
+ },
+ {
+ "file_size": 29422318,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7703936,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 14242237,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a90063b91d8f19cd55120a84a2264dbb56e46594",
+ "timestamp": 1686150197
+ },
+ {
+ "file_size": 29422318,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 23633774,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "a90063b91d8f19cd55120a84a2264dbb56e46594",
+ "timestamp": 1686150197
+ },
+ {
+ "file_size": 29422318,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7703936,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 14242237,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a90063b91d8f19cd55120a84a2264dbb56e46594",
+ "timestamp": 1686150197
+ },
+ {
+ "file_size": 25040110,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3321728,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9860029,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229",
+ "timestamp": 1686150199
+ },
+ {
+ "file_size": 25040110,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 19251566,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229",
+ "timestamp": 1686150199
+ },
+ {
+ "file_size": 25040110,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3321728,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 9860029,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229",
+ "timestamp": 1686150199
+ },
+ {
+ "file_size": 28910318,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7191936,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 13730237,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "765176df2ecd44d2f33c9a3e09cfffd38b86dc64",
+ "timestamp": 1686150200
+ },
+ {
+ "file_size": 28910318,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7191936,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 13730237,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "765176df2ecd44d2f33c9a3e09cfffd38b86dc64",
+ "timestamp": 1686150200
+ },
+ {
+ "file_size": 28910318,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 23121774,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "765176df2ecd44d2f33c9a3e09cfffd38b86dc64",
+ "timestamp": 1686150200
+ },
+ {
+ "file_size": 32130008,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 977110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 761738,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "ae7ff1a8ecc631ba5589735ad0fafbe18d1c41e5",
+ "timestamp": 1686150201
+ },
+ {
+ "file_size": 32130008,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 977110,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 761738,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "ae7ff1a8ecc631ba5589735ad0fafbe18d1c41e5",
+ "timestamp": 1686150201
+ },
+ {
+ "file_size": 66892302,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3139247,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2558990,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "5e440414494a26e2ee213b9b681d867ad39b9f80",
+ "timestamp": 1686150214
+ },
+ {
+ "file_size": 66892302,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3139247,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2558990,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "5e440414494a26e2ee213b9b681d867ad39b9f80",
+ "timestamp": 1686150214
+ },
+ {
+ "file_size": 166833664,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 143364306,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 146750644,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6adeec98314a2649c39350736d889cd272a391b8",
+ "timestamp": 1686150221
+ },
+ {
+ "file_size": 166833664,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 143364306,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 146750644,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6adeec98314a2649c39350736d889cd272a391b8",
+ "timestamp": 1686150221
+ },
+ {
+ "file_size": 138356736,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 113475200,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 116917070,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "eb3c36c843befc50091898fb978f83d45d32e422",
+ "timestamp": 1686150228
+ },
+ {
+ "file_size": 138356736,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 113475200,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 116917070,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "eb3c36c843befc50091898fb978f83d45d32e422",
+ "timestamp": 1686150228
+ },
+ {
+ "file_size": 93670,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 28715,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 50269,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c3a0a929800a0ebe66ac85e6667c6644e872b09d",
+ "timestamp": 1686150231
+ },
+ {
+ "file_size": 93670,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 28715,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 50269,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c3a0a929800a0ebe66ac85e6667c6644e872b09d",
+ "timestamp": 1686150231
+ },
+ {
+ "file_size": 8553924,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5876359,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6986177,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a3b265af2589cf44aecb2049803a5a4ff84bb202",
+ "timestamp": 1686150232
+ },
+ {
+ "file_size": 8553924,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5876359,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6986177,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a3b265af2589cf44aecb2049803a5a4ff84bb202",
+ "timestamp": 1686150232
+ },
+ {
+ "file_size": 88241,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27207,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48761,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c2643a9a4997e6e3e51685cab2f9c6fd4abc7611",
+ "timestamp": 1686150237
+ },
+ {
+ "file_size": 88241,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27207,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48761,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c2643a9a4997e6e3e51685cab2f9c6fd4abc7611",
+ "timestamp": 1686150237
+ },
+ {
+ "file_size": 9414708,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6335661,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6370528,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7d304cf9efb664f2ccd968904d504ed8c576e654",
+ "timestamp": 1686150239
+ },
+ {
+ "file_size": 9414708,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6335661,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6370528,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7d304cf9efb664f2ccd968904d504ed8c576e654",
+ "timestamp": 1686150239
+ },
+ {
+ "file_size": 10379992,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6814165,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8323239,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "fb499f3e7de44f21eb9cb1a956f3f767d4ed47f0",
+ "timestamp": 1686150241
+ },
+ {
+ "file_size": 10379992,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6814165,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8323239,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "fb499f3e7de44f21eb9cb1a956f3f767d4ed47f0",
+ "timestamp": 1686150241
+ },
+ {
+ "file_size": 5250,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2325,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4097,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "630991c60909126d75f94b113fd177180f6712ea",
+ "timestamp": 1686150245
+ },
+ {
+ "file_size": 5250,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2325,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4097,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "630991c60909126d75f94b113fd177180f6712ea",
+ "timestamp": 1686150245
+ },
+ {
+ "file_size": 82432,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3828,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4798,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "797c389bd066a4a04c2bce344cb60123443ec81e",
+ "timestamp": 1686150247
+ },
+ {
+ "file_size": 82432,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3828,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4798,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "797c389bd066a4a04c2bce344cb60123443ec81e",
+ "timestamp": 1686150247
+ },
+ {
+ "file_size": 111806,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 29792,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 51346,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8ad9ad7f0468ebd22e0d9e8384c4a107857333a5",
+ "timestamp": 1686150247
+ },
+ {
+ "file_size": 111806,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 29792,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 51346,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8ad9ad7f0468ebd22e0d9e8384c4a107857333a5",
+ "timestamp": 1686150247
+ },
+ {
+ "file_size": 27570,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 15335,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 19448,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1bfc6472d02cab3b91ce506a17d9cad64804871c",
+ "timestamp": 1686150248
+ },
+ {
+ "file_size": 27570,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 15335,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 19448,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1bfc6472d02cab3b91ce506a17d9cad64804871c",
+ "timestamp": 1686150248
+ },
+ {
+ "file_size": 450048,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 288291,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 221176,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "111bcee00d7c3d6df8c1420ee0de782eb1937133",
+ "timestamp": 1686150248
+ },
+ {
+ "file_size": 450048,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 288291,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 221176,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "111bcee00d7c3d6df8c1420ee0de782eb1937133",
+ "timestamp": 1686150248
+ },
+ {
+ "file_size": 2600888,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2163112,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2014788,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7e32d3bc9afd569852093401de5c4bb5f44b76ff",
+ "timestamp": 1686150249
+ },
+ {
+ "file_size": 2600888,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2163112,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2014788,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7e32d3bc9afd569852093401de5c4bb5f44b76ff",
+ "timestamp": 1686150249
+ },
+ {
+ "file_size": 175221,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 35882,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 57436,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "423a146bc73d434a9f39de260f567dd8d0258d47",
+ "timestamp": 1686150250
+ },
+ {
+ "file_size": 175221,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 35882,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 57436,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "423a146bc73d434a9f39de260f567dd8d0258d47",
+ "timestamp": 1686150250
+ },
+ {
+ "file_size": 8509312,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6222960,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6167524,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "19b22d0a540bac402aa018c7df49bd97bf02f44a",
+ "timestamp": 1686150251
+ },
+ {
+ "file_size": 8509312,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6222960,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6167524,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "19b22d0a540bac402aa018c7df49bd97bf02f44a",
+ "timestamp": 1686150251
+ },
+ {
+ "file_size": 80864416,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2597762,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2017505,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "e8a00ce275d0d66559cadb01b10a0ae2d441c60d",
+ "timestamp": 1686150258
+ },
+ {
+ "file_size": 80864416,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2597762,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2017505,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "e8a00ce275d0d66559cadb01b10a0ae2d441c60d",
+ "timestamp": 1686150258
+ },
+ {
+ "file_size": 20964640,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7215661,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11972784,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "e8aeecd01fdf0e1521090598c2180f5cb575f6e6",
+ "timestamp": 1686150261
+ },
+ {
+ "file_size": 20964640,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7215661,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11972784,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "e8aeecd01fdf0e1521090598c2180f5cb575f6e6",
+ "timestamp": 1686150261
+ },
+ {
+ "file_size": 275456,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5162,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6481,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c11a9ca1d3c3b6eaa69adcf6eb9f4c723e990aec",
+ "timestamp": 1686150261
+ },
+ {
+ "file_size": 275456,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5162,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6481,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c11a9ca1d3c3b6eaa69adcf6eb9f4c723e990aec",
+ "timestamp": 1686150261
+ },
+ {
+ "file_size": 87323,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27477,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 49031,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "19f3b61586f5cb7808ed718fae3b99408fcde7b8",
+ "timestamp": 1686150263
+ },
+ {
+ "file_size": 87323,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27477,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 49031,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "19f3b61586f5cb7808ed718fae3b99408fcde7b8",
+ "timestamp": 1686150263
+ },
+ {
+ "file_size": 12437976,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 10483381,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 10170287,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "bd599890f96bfd2cb617bc1155bd15fc40a084ed",
+ "timestamp": 1686150266
+ },
+ {
+ "file_size": 12437976,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 10483381,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 10170287,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "bd599890f96bfd2cb617bc1155bd15fc40a084ed",
+ "timestamp": 1686150266
+ },
+ {
+ "file_size": 10148938,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 864896,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 14986,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0233a0fec543e6232060515a2e26cc58c2a75623",
+ "timestamp": 1686150268
+ },
+ {
+ "file_size": 10148938,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 864896,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 14986,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0233a0fec543e6232060515a2e26cc58c2a75623",
+ "timestamp": 1686150268
+ },
+ {
+ "file_size": 9892620,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6562492,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7558230,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "75f9a61c03ade1bbb0cb9046a95a50c6c6fbc09a",
+ "timestamp": 1686150270
+ },
+ {
+ "file_size": 9892620,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6562492,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 7558230,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "75f9a61c03ade1bbb0cb9046a95a50c6c6fbc09a",
+ "timestamp": 1686150270
+ },
+ {
+ "file_size": 9560808,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6901970,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6907982,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "fbcc73b821ae5184783a597050d8ebd62835bfc9",
+ "timestamp": 1686150270
+ },
+ {
+ "file_size": 9560808,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6901970,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6907982,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "fbcc73b821ae5184783a597050d8ebd62835bfc9",
+ "timestamp": 1686150270
+ },
+ {
+ "file_size": 18831446,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 265862,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12964500,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "25e03817dafe65daaa426190b00318324d21cf71",
+ "timestamp": 1686150270
+ },
+ {
+ "file_size": 18831446,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 265862,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12964500,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "25e03817dafe65daaa426190b00318324d21cf71",
+ "timestamp": 1686150270
+ },
+ {
+ "file_size": 8165976,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3933805,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4859118,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "f4678063bfee99893461cd18f9ec4556382d102f",
+ "timestamp": 1686150272
+ },
+ {
+ "file_size": 8165976,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3933805,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4859118,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "f4678063bfee99893461cd18f9ec4556382d102f",
+ "timestamp": 1686150272
+ },
+ {
+ "file_size": 101077,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27765,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 49319,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "62ea9191258518515b4be63a7c69a39b918bd28a",
+ "timestamp": 1686150272
+ },
+ {
+ "file_size": 101077,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27765,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 49319,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "62ea9191258518515b4be63a7c69a39b918bd28a",
+ "timestamp": 1686150272
+ },
+ {
+ "file_size": 8092688,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1464386,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2192617,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "e1e78ef90f835f32fb9bd89fc074c22f7748f3e3",
+ "timestamp": 1686150273
+ },
+ {
+ "file_size": 8092688,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1464386,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2192617,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "e1e78ef90f835f32fb9bd89fc074c22f7748f3e3",
+ "timestamp": 1686150273
+ },
+ {
+ "file_size": 9136128,
+ "file_type": "PE/.Net Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3935869,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3109983,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "48672736929745d0f2716882ccdb099501cb6b1e",
+ "timestamp": 1686150274
+ },
+ {
+ "file_size": 9136128,
+ "file_type": "PE/.Net Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3935869,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3109983,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "48672736929745d0f2716882ccdb099501cb6b1e",
+ "timestamp": 1686150274
+ },
+ {
+ "file_size": 6035544,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2875148,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3522427,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9d0c0632f5948623baa3c1ff47e51cb7d7fa2e91",
+ "timestamp": 1686150275
+ },
+ {
+ "file_size": 6035544,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 2875148,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3522427,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9d0c0632f5948623baa3c1ff47e51cb7d7fa2e91",
+ "timestamp": 1686150275
+ },
+ {
+ "file_size": 13500336,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 11443773,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11133887,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1ceec28970dbdc86c09768fdc2bfa305fce4d261",
+ "timestamp": 1686150276
+ },
+ {
+ "file_size": 13500336,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 11443773,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11133887,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1ceec28970dbdc86c09768fdc2bfa305fce4d261",
+ "timestamp": 1686150276
+ },
+ {
+ "file_size": 3376319,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 245960,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 15314,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "efd9d71b0975e5847c4615faf5afc5e9f7210ae3",
+ "timestamp": 1686150277
+ },
+ {
+ "file_size": 3376319,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 245960,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 15314,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "efd9d71b0975e5847c4615faf5afc5e9f7210ae3",
+ "timestamp": 1686150277
+ },
+ {
+ "file_size": 103016,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 33875,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 55429,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "e412e2c41f29f865786ecf493deafd266c779d88",
+ "timestamp": 1686150277
+ },
+ {
+ "file_size": 103016,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 33875,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 55429,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "e412e2c41f29f865786ecf493deafd266c779d88",
+ "timestamp": 1686150277
+ },
+ {
+ "file_size": 7885612,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6087984,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6053339,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "80430d7fd0fc7c60d98a89aed4c7bb4495aa6379",
+ "timestamp": 1686150278
+ },
+ {
+ "file_size": 7885612,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6087984,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6053339,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "80430d7fd0fc7c60d98a89aed4c7bb4495aa6379",
+ "timestamp": 1686150278
+ },
+ {
+ "file_size": 14178816,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4320653,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5427992,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "ebde3e5d4f5dad37d897d676df2240e7e40e08fe",
+ "timestamp": 1686150278
+ },
+ {
+ "file_size": 14178816,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4320653,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5427992,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "ebde3e5d4f5dad37d897d676df2240e7e40e08fe",
+ "timestamp": 1686150278
+ },
+ {
+ "file_size": 272896,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8053,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6460,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "3a1800e643dae8652354dc0e1d09e0fdd010f6a4",
+ "timestamp": 1686150279
+ },
+ {
+ "file_size": 272896,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 8053,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6460,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "3a1800e643dae8652354dc0e1d09e0fdd010f6a4",
+ "timestamp": 1686150279
+ },
+ {
+ "file_size": 689819,
+ "file_type": "Document/None/RTF",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 533244,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 590406,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "5eb3615197888c564cc0190dcb59bc20c7f5cbd9",
+ "timestamp": 1686150283
+ },
+ {
+ "file_size": 689819,
+ "file_type": "Document/None/RTF",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 533244,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 590406,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "5eb3615197888c564cc0190dcb59bc20c7f5cbd9",
+ "timestamp": 1686150283
+ },
+ {
+ "file_size": 7179516,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1496148,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1515461,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8a89d0ad8c999e16a2226fddf4096770486212dd",
+ "timestamp": 1686150284
+ },
+ {
+ "file_size": 7179516,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1496148,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1515461,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8a89d0ad8c999e16a2226fddf4096770486212dd",
+ "timestamp": 1686150284
+ },
+ {
+ "file_size": 8096528,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5711198,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5832392,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0e753811a1a4bda820926842ce75c4e28c955919",
+ "timestamp": 1686150287
+ },
+ {
+ "file_size": 8096528,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5711198,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5832392,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0e753811a1a4bda820926842ce75c4e28c955919",
+ "timestamp": 1686150287
+ },
+ {
+ "file_size": 1766139,
+ "file_type": "Text/None",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 260148,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 825848,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8a6f27250902702f78938252e2671205790648d4",
+ "timestamp": 1686150288
+ },
+ {
+ "file_size": 1766139,
+ "file_type": "Text/None",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 260148,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 825848,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8a6f27250902702f78938252e2671205790648d4",
+ "timestamp": 1686150288
+ },
+ {
+ "file_size": 10031584,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6627232,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6604495,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8913aed7d56e63add8ed8f65622454ab0b0ed007",
+ "timestamp": 1686150290
+ },
+ {
+ "file_size": 10031584,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6627232,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6604495,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8913aed7d56e63add8ed8f65622454ab0b0ed007",
+ "timestamp": 1686150290
+ },
+ {
+ "file_size": 6598488,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1651604,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2536422,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "03de2c6afdf55d2e9fe71e126a4d8c3bd5a6e513",
+ "timestamp": 1686150293
+ },
+ {
+ "file_size": 6598488,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1651604,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2536422,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "03de2c6afdf55d2e9fe71e126a4d8c3bd5a6e513",
+ "timestamp": 1686150293
+ },
+ {
+ "file_size": 8198736,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1724241,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1717079,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "2a770424281587e72a70f2b38c6393ee43fcb8fe",
+ "timestamp": 1686150293
+ },
+ {
+ "file_size": 8198736,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1724241,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1717079,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "2a770424281587e72a70f2b38c6393ee43fcb8fe",
+ "timestamp": 1686150293
+ },
+ {
+ "file_size": 8041928,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6164307,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6028674,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "58a086af9f4be29846114490255f118299ee9988",
+ "timestamp": 1686150298
+ },
+ {
+ "file_size": 8041928,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6164307,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6028674,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "58a086af9f4be29846114490255f118299ee9988",
+ "timestamp": 1686150298
+ },
+ {
+ "file_size": 22636544,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 12836365,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 17328505,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4a066f4da5351af20dcc6848fcca14ac7237022d",
+ "timestamp": 1686150304
+ },
+ {
+ "file_size": 22636544,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 12836365,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 17328505,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4a066f4da5351af20dcc6848fcca14ac7237022d",
+ "timestamp": 1686150304
+ },
+ {
+ "file_size": 31212344,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 25069984,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 24741844,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "de4fab5048313f8ea6d87b1821bfc8707463f688",
+ "timestamp": 1686150308
+ },
+ {
+ "file_size": 31212344,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 25069984,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 24741844,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "de4fab5048313f8ea6d87b1821bfc8707463f688",
+ "timestamp": 1686150308
+ },
+ {
+ "file_size": 46181234,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 28136043,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 340000,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a7dd7dbd677a352cade7696363a2b69827ed9efa",
+ "timestamp": 1686150316
+ },
+ {
+ "file_size": 46181234,
+ "file_type": "PE/.Net Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 28136043,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 340000,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a7dd7dbd677a352cade7696363a2b69827ed9efa",
+ "timestamp": 1686150316
+ },
+ {
+ "file_size": 4268456,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1053136,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1079585,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "55d4bb310cf6f691bf7917630349e60f91e69883",
+ "timestamp": 1686150328
+ },
+ {
+ "file_size": 4268456,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1053136,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1079585,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "55d4bb310cf6f691bf7917630349e60f91e69883",
+ "timestamp": 1686150328
+ },
+ {
+ "file_size": 711168,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 22283,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 140714,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1cc796892a6c83da4f9d64c7ac496f48e9e87462",
+ "timestamp": 1686150331
+ },
+ {
+ "file_size": 711168,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 22283,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 140714,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1cc796892a6c83da4f9d64c7ac496f48e9e87462",
+ "timestamp": 1686150331
+ },
+ {
+ "file_size": 81041,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 26719,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48030,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "fac13be0be3051b4ea5dd0299de7297c50eca677",
+ "timestamp": 1686150331
+ },
+ {
+ "file_size": 81041,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 26719,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 48030,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "fac13be0be3051b4ea5dd0299de7297c50eca677",
+ "timestamp": 1686150331
+ },
+ {
+ "file_size": 2149088,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1486348,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1792360,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "918840817f162ce48336914897b0a2b9e94159c6",
+ "timestamp": 1686150332
+ },
+ {
+ "file_size": 2149088,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1486348,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1792360,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "918840817f162ce48336914897b0a2b9e94159c6",
+ "timestamp": 1686150332
+ },
+ {
+ "file_size": 83456,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3829,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4736,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7d2d0a954430071976be168e02000021fe3f8d47",
+ "timestamp": 1686150334
+ },
+ {
+ "file_size": 83456,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3829,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4736,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7d2d0a954430071976be168e02000021fe3f8d47",
+ "timestamp": 1686150334
+ },
+ {
+ "file_size": 81703,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 29471,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 51025,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0de6b65809ff0a806b84af7878f46ab7b0961e58",
+ "timestamp": 1686150335
+ },
+ {
+ "file_size": 81703,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 29471,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 51025,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "0de6b65809ff0a806b84af7878f46ab7b0961e58",
+ "timestamp": 1686150335
+ },
+ {
+ "file_size": 1986332,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1489941,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1578610,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "cefdbcf177848c3dbc4660ffa92e0971429717e6",
+ "timestamp": 1686150335
+ },
+ {
+ "file_size": 1986332,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1489941,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1578610,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "cefdbcf177848c3dbc4660ffa92e0971429717e6",
+ "timestamp": 1686150335
+ },
+ {
+ "file_size": 454144,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 282176,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 220548,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "e4794fefadbba8fcb81540281ccccb949cccd828",
+ "timestamp": 1686150336
+ },
+ {
+ "file_size": 454144,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 282176,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 220548,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "e4794fefadbba8fcb81540281ccccb949cccd828",
+ "timestamp": 1686150336
+ },
+ {
+ "file_size": 18366038,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7030388,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12499092,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "b8c11b6867eaec662e5217df5c861393fa6220e6",
+ "timestamp": 1686150336
+ },
+ {
+ "file_size": 18366038,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7030388,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12499092,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "b8c11b6867eaec662e5217df5c861393fa6220e6",
+ "timestamp": 1686150336
+ },
+ {
+ "file_size": 8588884,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6284895,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6248087,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d9a5feabf05c02918500526e08a432cee2b65615",
+ "timestamp": 1686150337
+ },
+ {
+ "file_size": 8588884,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6284895,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6248087,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d9a5feabf05c02918500526e08a432cee2b65615",
+ "timestamp": 1686150337
+ },
+ {
+ "file_size": 9326836,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6567307,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6759624,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "dfb89e0653f80361906802592cd76c3dfbbe0881",
+ "timestamp": 1686150337
+ },
+ {
+ "file_size": 9326836,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6567307,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6759624,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "dfb89e0653f80361906802592cd76c3dfbbe0881",
+ "timestamp": 1686150337
+ },
+ {
+ "file_size": 150057,
+ "file_type": "Document/None/PDF",
+ "rule": [
+ {
+ "identifier": "ExampleRule",
+ "matched_data": [
+ {
+ "match_offset": 116422,
+ "matched_string": "dGV4dCBoZXJl\n",
+ "string_identifier": "JG15X3RleHRfc3RyaW5n\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset2",
+ "ruleset_sha1": "24239959bf00c630739896da7b08cb59011fc08c",
+ "sample_available": false,
+ "sha1": "db9a5761f9beda80273964d79aa8bf589ea00f9d",
+ "timestamp": 1686150338
+ },
+ {
+ "file_size": 101408,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27646,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 49200,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "920811cc5d0f3a9218886cc0c35f60793859ccff",
+ "timestamp": 1686150340
+ },
+ {
+ "file_size": 101408,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 27646,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 49200,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "920811cc5d0f3a9218886cc0c35f60793859ccff",
+ "timestamp": 1686150340
+ },
+ {
+ "file_size": 17661014,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6325364,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11794068,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "86e5a6461a4c70641f1d9f05b363a6ee9ad9e967",
+ "timestamp": 1686150341
+ },
+ {
+ "file_size": 17661014,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6325364,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11794068,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "86e5a6461a4c70641f1d9f05b363a6ee9ad9e967",
+ "timestamp": 1686150341
+ },
+ {
+ "file_size": 17709654,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6374004,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11842708,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d0286f449fe9b310149eba7c643ef32980b20c0a",
+ "timestamp": 1686150343
+ },
+ {
+ "file_size": 17709654,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6374004,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 11842708,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d0286f449fe9b310149eba7c643ef32980b20c0a",
+ "timestamp": 1686150343
+ },
+ {
+ "file_size": 18516054,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7180404,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12649108,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a629d0a626ea29b61a59fa12f74ecae92f111d2b",
+ "timestamp": 1686150345
+ },
+ {
+ "file_size": 18516054,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7180404,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12649108,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "a629d0a626ea29b61a59fa12f74ecae92f111d2b",
+ "timestamp": 1686150345
+ },
+ {
+ "file_size": 13872608,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 9059948,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8952253,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9583081e5b7c0f4f74b2222a23fc058d667ab595",
+ "timestamp": 1686150351
+ },
+ {
+ "file_size": 13872608,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 9059948,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8952253,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9583081e5b7c0f4f74b2222a23fc058d667ab595",
+ "timestamp": 1686150351
+ },
+ {
+ "file_size": 82432,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3812,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4691,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "39d12fff02df078867efb755f7353480b5f6c0bc",
+ "timestamp": 1686150357
+ },
+ {
+ "file_size": 82432,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3812,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4691,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "39d12fff02df078867efb755f7353480b5f6c0bc",
+ "timestamp": 1686150357
+ },
+ {
+ "file_size": 2272971,
+ "file_type": "Text/None",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 74664,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 619547,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "67c71d50582dea8fedfe6a3b234936a626ffaeb2",
+ "timestamp": 1686150357
+ },
+ {
+ "file_size": 2272971,
+ "file_type": "Text/None",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 74664,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 619547,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "67c71d50582dea8fedfe6a3b234936a626ffaeb2",
+ "timestamp": 1686150357
+ },
+ {
+ "file_size": 8879376,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5745648,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5751012,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1a773ba334a1fc0f818bbd42f77a4e1d946065a9",
+ "timestamp": 1686150360
+ },
+ {
+ "file_size": 8879376,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5745648,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5751012,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1a773ba334a1fc0f818bbd42f77a4e1d946065a9",
+ "timestamp": 1686150360
+ },
+ {
+ "file_size": 7755441,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 406771,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 21825,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "812184db6861a00260557e33605b51d0042ff585",
+ "timestamp": 1686150360
+ },
+ {
+ "file_size": 7755441,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 406771,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 21825,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "812184db6861a00260557e33605b51d0042ff585",
+ "timestamp": 1686150360
+ },
+ {
+ "file_size": 5618928,
+ "file_type": "MachO32 Little/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3904124,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4378424,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d1b2e67d1e6066e353d169cfcdcb67b76360ad94",
+ "timestamp": 1686150361
+ },
+ {
+ "file_size": 5618928,
+ "file_type": "MachO32 Little/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3904124,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4378424,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "d1b2e67d1e6066e353d169cfcdcb67b76360ad94",
+ "timestamp": 1686150361
+ },
+ {
+ "file_size": 7870848,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5851887,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5929958,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "350122e4dba72eec4fcf1b5b91d172335c85d7a9",
+ "timestamp": 1686150369
+ },
+ {
+ "file_size": 7870848,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5851887,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5929958,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "350122e4dba72eec4fcf1b5b91d172335c85d7a9",
+ "timestamp": 1686150369
+ },
+ {
+ "file_size": 8173600,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5940668,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5601532,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "ecc1080cc4303734260b958a79cefb40ae6d0153",
+ "timestamp": 1686150372
+ },
+ {
+ "file_size": 8173600,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 5940668,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5601532,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "ecc1080cc4303734260b958a79cefb40ae6d0153",
+ "timestamp": 1686150372
+ },
+ {
+ "file_size": 366711,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 83827,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 363899,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "cf2f0e2acfc86560055a39013db63285b1d78a03",
+ "timestamp": 1686150388
+ },
+ {
+ "file_size": 366711,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 83827,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 363899,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "cf2f0e2acfc86560055a39013db63285b1d78a03",
+ "timestamp": 1686150388
+ },
+ {
+ "file_size": 9487360,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6897389,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6936885,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4106e8b239bb92d9fa524b3a6d667c7115b0b666",
+ "timestamp": 1686150401
+ },
+ {
+ "file_size": 9487360,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6897389,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6936885,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4106e8b239bb92d9fa524b3a6d667c7115b0b666",
+ "timestamp": 1686150401
+ },
+ {
+ "file_size": 58555814,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1184014,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 10951600,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7c14bdf271b74f35da06091594293c7502c82107",
+ "timestamp": 1686150401
+ },
+ {
+ "file_size": 58555814,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1184014,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 10951600,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "7c14bdf271b74f35da06091594293c7502c82107",
+ "timestamp": 1686150401
+ },
+ {
+ "file_size": 366706,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 83826,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 363894,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "52a6a217b72415fc38bde13c0f077e47671a7845",
+ "timestamp": 1686150410
+ },
+ {
+ "file_size": 366706,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 83826,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 363894,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "52a6a217b72415fc38bde13c0f077e47671a7845",
+ "timestamp": 1686150410
+ },
+ {
+ "file_size": 21275520,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7310445,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12111641,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9dc59205f47be9eac8046b5b259f2ccf65ceddc6",
+ "timestamp": 1686150414
+ },
+ {
+ "file_size": 21275520,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7310445,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12111641,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "9dc59205f47be9eac8046b5b259f2ccf65ceddc6",
+ "timestamp": 1686150414
+ },
+ {
+ "file_size": 86684,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 34414,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 55968,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4120782b6b598f4a7e95b4c480c791cffe37a268",
+ "timestamp": 1686150422
+ },
+ {
+ "file_size": 86684,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 34414,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 55968,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4120782b6b598f4a7e95b4c480c791cffe37a268",
+ "timestamp": 1686150422
+ },
+ {
+ "file_size": 5327272,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3979083,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2767474,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "eb86c40eb9e7de2c827db61b705530e5945c4562",
+ "timestamp": 1686150442
+ },
+ {
+ "file_size": 5327272,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3979083,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2767474,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "eb86c40eb9e7de2c827db61b705530e5945c4562",
+ "timestamp": 1686150442
+ },
+ {
+ "file_size": 1686113,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 192055,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16350,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8d02b28113241f8c6bb4f6313a19950876eca116",
+ "timestamp": 1686150448
+ },
+ {
+ "file_size": 1686113,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 192055,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 16350,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "8d02b28113241f8c6bb4f6313a19950876eca116",
+ "timestamp": 1686150448
+ },
+ {
+ "file_size": 35515,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 34829,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 22757,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4767545f40d35fbfee5bbd359fe6be615e679ff9",
+ "timestamp": 1686150452
+ },
+ {
+ "file_size": 35515,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 34829,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 22757,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4767545f40d35fbfee5bbd359fe6be615e679ff9",
+ "timestamp": 1686150452
+ },
+ {
+ "file_size": 7892976,
+ "file_type": "ELF64 Little/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3577820,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3615204,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "94c89fd87cf33f18c9b1783bb133633aa5b28234",
+ "timestamp": 1686150454
+ },
+ {
+ "file_size": 7892976,
+ "file_type": "ELF64 Little/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3577820,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 3615204,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "94c89fd87cf33f18c9b1783bb133633aa5b28234",
+ "timestamp": 1686150454
+ },
+ {
+ "file_size": 242700,
+ "file_type": "Document/None/RTF",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 31895,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 41619,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "3d526a12778e918e2350d23aa02bfa7cd2c448d0",
+ "timestamp": 1686150455
+ },
+ {
+ "file_size": 242700,
+ "file_type": "Document/None/RTF",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 31895,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 41619,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "3d526a12778e918e2350d23aa02bfa7cd2c448d0",
+ "timestamp": 1686150455
+ },
+ {
+ "file_size": 7525504,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1861301,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1676862,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "b2eed81dd77100042b7e918b4f5cacc2d6444aa6",
+ "timestamp": 1686150455
+ },
+ {
+ "file_size": 7525504,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 1861301,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1676862,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "b2eed81dd77100042b7e918b4f5cacc2d6444aa6",
+ "timestamp": 1686150455
+ },
+ {
+ "file_size": 74127,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 26665,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 47554,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c1ad6cf9c783302cedf77c209ae4d5a11d05b07f",
+ "timestamp": 1686150464
+ },
+ {
+ "file_size": 74127,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 26665,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 47554,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "c1ad6cf9c783302cedf77c209ae4d5a11d05b07f",
+ "timestamp": 1686150464
+ },
+ {
+ "file_size": 6306744,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4682682,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5358994,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1fa90eebb148c20a065f0a78d5794f00c7bb51a4",
+ "timestamp": 1686150481
+ },
+ {
+ "file_size": 6306744,
+ "file_type": "DEX/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 4682682,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 5358994,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "1fa90eebb148c20a065f0a78d5794f00c7bb51a4",
+ "timestamp": 1686150481
+ },
+ {
+ "file_size": 8729572,
+ "file_type": "PE/Exe/NSIS",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3118958,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2893418,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6eebfafb77dac46dd9a0541cbd719f59d18ae74a",
+ "timestamp": 1686150486
+ },
+ {
+ "file_size": 8729572,
+ "file_type": "PE/Exe/NSIS",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3118958,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 2893418,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6eebfafb77dac46dd9a0541cbd719f59d18ae74a",
+ "timestamp": 1686150486
+ },
+ {
+ "file_size": 662567,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 467856,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 24033,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4273c4cdb874a9caeddfb76f5e712480246928a6",
+ "timestamp": 1686150489
+ },
+ {
+ "file_size": 662567,
+ "file_type": "Email/None/MIME",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 467856,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 24033,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4273c4cdb874a9caeddfb76f5e712480246928a6",
+ "timestamp": 1686150489
+ },
+ {
+ "file_size": 366703,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 83825,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 363891,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4791aa7a9d8123b974c9b3e41fc3269bfa287c28",
+ "timestamp": 1686150489
+ },
+ {
+ "file_size": 366703,
+ "file_type": "Text/HTML/HTML",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 83825,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 363891,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "4791aa7a9d8123b974c9b3e41fc3269bfa287c28",
+ "timestamp": 1686150489
+ },
+ {
+ "file_size": 18824790,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 259206,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12957844,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "3d779c8998dfba56449ad09dbd24db692d2b6528",
+ "timestamp": 1686150490
+ },
+ {
+ "file_size": 18824790,
+ "file_type": "PE/Dll",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 259206,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 12957844,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "3d779c8998dfba56449ad09dbd24db692d2b6528",
+ "timestamp": 1686150490
+ },
+ {
+ "file_size": 8471556,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7414380,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6887310,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "f10efe378fb0fa90ca1ee5dcdfee615b1473a74e",
+ "timestamp": 1686150490
+ },
+ {
+ "file_size": 8471556,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 7414380,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 6887310,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "f10efe378fb0fa90ca1ee5dcdfee615b1473a74e",
+ "timestamp": 1686150490
+ },
+ {
+ "file_size": 81408,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3819,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4611,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "76c28f712820786cbe6cbeb7f9789480a7ac3b23",
+ "timestamp": 1686150491
+ },
+ {
+ "file_size": 81408,
+ "file_type": "Binary/Archive/Compound",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 3819,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 4611,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "76c28f712820786cbe6cbeb7f9789480a7ac3b23",
+ "timestamp": 1686150491
+ },
+ {
+ "file_size": 13890720,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 9051048,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8736852,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "121299e36826d127762d70605c78118223be66a3",
+ "timestamp": 1686150497
+ },
+ {
+ "file_size": 13890720,
+ "file_type": "PE+/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 9051048,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 8736852,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "121299e36826d127762d70605c78118223be66a3",
+ "timestamp": 1686150497
+ },
+ {
+ "file_size": 18482183,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6662509,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1459423,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "SuperHunt",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6010aef2725e64cdeab0e91df479bf0e0a7be14c",
+ "timestamp": 1686150499
+ },
+ {
+ "file_size": 18482183,
+ "file_type": "PE/Exe",
+ "rule": [
+ {
+ "identifier": "Example",
+ "matched_data": [
+ {
+ "match_offset": 6662509,
+ "matched_string": "cGF5\n",
+ "string_identifier": "JHN0cmluZzE=\n"
+ },
+ {
+ "match_offset": 1459423,
+ "matched_string": "aW1tZWRpYXRlbHk=\n",
+ "string_identifier": "JHN0cmluZzI=\n"
+ }
+ ],
+ "meta": [],
+ "tag": []
+ }
+ ],
+ "ruleset_name": "ruleset1",
+ "ruleset_sha1": "c739753a2575d69ae31b33122622b6a736660508",
+ "sample_available": false,
+ "sha1": "6010aef2725e64cdeab0e91df479bf0e0a7be14c",
+ "timestamp": 1686150499
+ }
+ ],
+ "last_timestamp": 1686150499,
+ "name": "YARA Match Continuous Feed",
+ "time_range": {
+ "from": "Wed, 07 Jun 2023 14:55:26 +0000",
+ "to": "Wed, 07 Jun 2023 15:08:19 +0000"
+ }
+ }
+ }
+ }
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs YARA Matches Feed for time value 1686149726
+> **Last timestamp**: 1686150499
+> **From**: Wed, 07 Jun 2023 14:55:26 +0000
+> **To**: Wed, 07 Jun 2023 15:08:19 +0000
+>
+> ### Entries
+>|file_size|file_type|rule|ruleset_name|ruleset_sha1|sample_available|sha1|timestamp|
+>|---|---|---|---|---|---|---|---|
+>| 3276768 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070668, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103585, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6c9a7e771632738a4d86e8211be63306b3c31739 | 1686149729 |
+>| 3276768 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070668, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103585, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6c9a7e771632738a4d86e8211be63306b3c31739 | 1686149729 |
+>| 700972 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 327393, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 22cbdcd8130f2dabaf16cb6a4cdfe8141c8d54d9 | 1686149748 |
+>| 700972 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 327393, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 22cbdcd8130f2dabaf16cb6a4cdfe8141c8d54d9 | 1686149748 |
+>| 701035 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 327456, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 327da64e3c8bd70b5868a11b90345ffb83faf169 | 1686149771 |
+>| 701035 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 327456, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 327da64e3c8bd70b5868a11b90345ffb83faf169 | 1686149771 |
+>| 2495206 | PE/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 1508164, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 8b16533fe15079a2797c5edb655e7faa0136a2c3 | 1686149775 |
+>| 136068 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 90723, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 126493, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 4b69b90535fffc35b944af09c4fecd1ea45bdf03 | 1686149791 |
+>| 136068 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 90723, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 126493, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 4b69b90535fffc35b944af09c4fecd1ea45bdf03 | 1686149791 |
+>| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 9833e067786155c711abd4748f0134dce2a50f70 | 1686149812 |
+>| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 9833e067786155c711abd4748f0134dce2a50f70 | 1686149812 |
+>| 60165 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 44244, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7 | 1686149812 |
+>| 60165 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 44244, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7 | 1686149812 |
+>| 348160 | PE/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 8a5f73ba3d164d764f3247e1a4d8910f1c82118e | 1686149813 |
+>| 2032952 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1691838, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1680161, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3ef76796bc39440ff9e380ee0870e082a7d4d827 | 1686149813 |
+>| 2032952 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1691838, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1680161, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3ef76796bc39440ff9e380ee0870e082a7d4d827 | 1686149813 |
+>| 152263 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108863, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 66000, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 672718e4181413228e56e9aca75af311e5113b34 | 1686149815 |
+>| 152263 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108863, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 66000, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 672718e4181413228e56e9aca75af311e5113b34 | 1686149815 |
+>| 3594552 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2695368, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2746903, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3c1e2700b7b75d6f064f1a4cd92348cbbd12445e | 1686149821 |
+>| 3594552 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2695368, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2746903, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3c1e2700b7b75d6f064f1a4cd92348cbbd12445e | 1686149821 |
+>| 629694 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 195141, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 142128, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 689fa08d967cd23c51d86f5f31245b2c4b4cb8f4 | 1686149825 |
+>| 629694 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 195141, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 142128, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 689fa08d967cd23c51d86f5f31245b2c4b4cb8f4 | 1686149825 |
+>| 60165 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 44244, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7 | 1686149825 |
+>| 60165 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 44244, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | eaf54f86f52e86fe6e7f0f5b7456bd4dd97b53a7 | 1686149825 |
+>| 7876608 | ELF64 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4574372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4638450, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | be246b1372fc383087a49f7b217d57f60a91282e | 1686149830 |
+>| 7876608 | ELF64 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4574372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4638450, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | be246b1372fc383087a49f7b217d57f60a91282e | 1686149830 |
+>| 163095 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 92470, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 152391, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 38351d1f1fd246eed1a5319c70e6db239cf08961 | 1686149832 |
+>| 163095 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 92470, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 152391, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 38351d1f1fd246eed1a5319c70e6db239cf08961 | 1686149832 |
+>| 4435792 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35519, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 251777, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8c2ac756b84dad335730361f0ae794d427f59ac8 | 1686149840 |
+>| 4435792 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35519, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 251777, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8c2ac756b84dad335730361f0ae794d427f59ac8 | 1686149840 |
+>| 118346 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16163, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 93519, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 33b343dbf5e945badbde855fccd9d41cc6721b57 | 1686149841 |
+>| 118346 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16163, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 93519, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 33b343dbf5e945badbde855fccd9d41cc6721b57 | 1686149841 |
+>| 421625 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 254252, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 61027, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 97de77df7de1563a15054f68142f815b4df26ef8 | 1686149841 |
+>| 421625 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 254252, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 61027, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 97de77df7de1563a15054f68142f815b4df26ef8 | 1686149841 |
+>| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6c4a87910eafb345ad3b07f13dced51376ccc93f | 1686149842 |
+>| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6c4a87910eafb345ad3b07f13dced51376ccc93f | 1686149842 |
+>| 4091720 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1530891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1420528, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | f0a94f8d3ba71b06bc7a463241233c2db1cf4a36 | 1686149842 |
+>| 4091720 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1530891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1420528, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | f0a94f8d3ba71b06bc7a463241233c2db1cf4a36 | 1686149842 |
+>| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 5c880504fedd3ee67d06ecb36ef7247a6b26cd48 | 1686149844 |
+>| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 5c880504fedd3ee67d06ecb36ef7247a6b26cd48 | 1686149844 |
+>| 151754 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108353, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 1a9bc0dd119fa6b5b15042468d54a26cccccbeaa | 1686149844 |
+>| 151754 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108353, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 1a9bc0dd119fa6b5b15042468d54a26cccccbeaa | 1686149844 |
+>| 151042 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 107641, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65289, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d7c4f4ab8fc6682e2ba020664b06cb40ac1436f8 | 1686149844 |
+>| 151042 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 107641, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65289, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d7c4f4ab8fc6682e2ba020664b06cb40ac1436f8 | 1686149844 |
+>| 6321416 | ELF64 Little/SO | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 361578, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 283948, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8cb1f6b4f18c6c55888c7275f54b0f9ca61d4cc7 | 1686149845 |
+>| 6321416 | ELF64 Little/SO | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 361578, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 283948, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8cb1f6b4f18c6c55888c7275f54b0f9ca61d4cc7 | 1686149845 |
+>| 7876608 | ELF64 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4574372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4638450, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | be246b1372fc383087a49f7b217d57f60a91282e | 1686149847 |
+>| 7876608 | ELF64 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4574372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4638450, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | be246b1372fc383087a49f7b217d57f60a91282e | 1686149847 |
+>| 154712 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111318, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 846e91cbdccfbacf3790aaaa5aad6357394ec328 | 1686149848 |
+>| 154712 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111318, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 846e91cbdccfbacf3790aaaa5aad6357394ec328 | 1686149848 |
+>| 2037575 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 700877, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1730255, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 66ea67dd377be2868f91cada78056d679c37ad14 | 1686149849 |
+>| 2037575 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 700877, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1730255, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 66ea67dd377be2868f91cada78056d679c37ad14 | 1686149849 |
+>| 4435792 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35519, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 251777, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8c2ac756b84dad335730361f0ae794d427f59ac8 | 1686149849 |
+>| 4435792 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35519, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 251777, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8c2ac756b84dad335730361f0ae794d427f59ac8 | 1686149849 |
+>| 25735 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 369, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19182, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 2983e913f00f2919c3ef8af5984fc1d4165ef459 | 1686149851 |
+>| 25735 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 369, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19182, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 2983e913f00f2919c3ef8af5984fc1d4165ef459 | 1686149851 |
+>| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 94d4edb7622aa1bc73976a43641f0f7aa673e515 | 1686149851 |
+>| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 94d4edb7622aa1bc73976a43641f0f7aa673e515 | 1686149851 |
+>| 5899328 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3609590, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3648212, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 1e005a0d0a4e445a22845e20f507c9986ab8c981 | 1686149855 |
+>| 5899328 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3609590, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3648212, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 1e005a0d0a4e445a22845e20f507c9986ab8c981 | 1686149855 |
+>| 477009 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 117834, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 179800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | c4362fdfb7e929c0befe19e1fdbb503e340713ef | 1686149858 |
+>| 477009 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 117834, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 179800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | c4362fdfb7e929c0befe19e1fdbb503e340713ef | 1686149858 |
+>| 146948 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 103548, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 60815, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6aca08c08a657c545ca575cc33e124e0e38f8730 | 1686149865 |
+>| 146948 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 103548, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 60815, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6aca08c08a657c545ca575cc33e124e0e38f8730 | 1686149865 |
+>| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 042e4cb27fc3d6fd7c73e3a217a872495a05c90a | 1686149866 |
+>| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 042e4cb27fc3d6fd7c73e3a217a872495a05c90a | 1686149866 |
+>| 739873 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 195156, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 2a8b44ff48c01cb281e6fc55079211d061ead5c5 | 1686149873 |
+>| 739873 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 195156, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 2a8b44ff48c01cb281e6fc55079211d061ead5c5 | 1686149873 |
+>| 1001023 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12927, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 112532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | f5d3401062623204bff214eef2887ca59171fc8d | 1686149874 |
+>| 1001023 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12927, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 112532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | f5d3401062623204bff214eef2887ca59171fc8d | 1686149874 |
+>| 344860 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 227575, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 1d8d3cffaf275d88d4fc68ec7eb20b30c03225b0 | 1686149875 |
+>| 344860 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 227575, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 1d8d3cffaf275d88d4fc68ec7eb20b30c03225b0 | 1686149875 |
+>| 6738008 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2615445, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2651672, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3ac8e4d7748a9ca0affb66f81978d33e683c4814 | 1686149879 |
+>| 6738008 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2615445, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2651672, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3ac8e4d7748a9ca0affb66f81978d33e683c4814 | 1686149879 |
+>| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | dc5645d2051ac4aac468e02b4ebf62628a73605f | 1686149880 |
+>| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | dc5645d2051ac4aac468e02b4ebf62628a73605f | 1686149880 |
+>| 6343328 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4122595, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4778117, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 2db6a690c35f5f29fc0986760df02acf70d67abf | 1686149881 |
+>| 6343328 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4122595, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4778117, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 2db6a690c35f5f29fc0986760df02acf70d67abf | 1686149881 |
+>| 154231 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110832, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3af52ef8aff5735d794cb2611de951f786961c03 | 1686149900 |
+>| 154231 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110832, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3af52ef8aff5735d794cb2611de951f786961c03 | 1686149900 |
+>| 739903 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 195156, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e4965ce5cd511a3efd00a2caba635bfab3f4e805 | 1686149921 |
+>| 739903 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 195156, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e4965ce5cd511a3efd00a2caba635bfab3f4e805 | 1686149921 |
+>| 5685433 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 150959, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2075729, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6974c8390c179c1a4a9dca8947a1f2378852faad | 1686149931 |
+>| 5685433 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 150959, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2075729, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6974c8390c179c1a4a9dca8947a1f2378852faad | 1686149931 |
+>| 11163136 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9002020, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8469401, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 07a157e4e612f74d0b01b2844eca8afdc2a43955 | 1686149931 |
+>| 11163136 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9002020, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8469401, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 07a157e4e612f74d0b01b2844eca8afdc2a43955 | 1686149931 |
+>| 1408268 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 109800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 440bb2c50ba55eebe34ef8a4e201a17144bd5bc2 | 1686149934 |
+>| 1408268 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 109800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 440bb2c50ba55eebe34ef8a4e201a17144bd5bc2 | 1686149934 |
+>| 2397377 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 91153, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1061201, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6cea94c3692b8930e8a4991d94810f01dffafd47 | 1686149935 |
+>| 2397377 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 91153, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1061201, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6cea94c3692b8930e8a4991d94810f01dffafd47 | 1686149935 |
+>| 22505546 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4456790, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3991479, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8d8af50cf52f96e217de076f925b6bc41f8d0ec5 | 1686149935 |
+>| 22505546 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4456790, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3991479, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8d8af50cf52f96e217de076f925b6bc41f8d0ec5 | 1686149935 |
+>| 42817592 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30365472, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 40659304, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | ec0c5aca4f523a18a8da158ceaf430bbb0d2d1bb | 1686149945 |
+>| 42817592 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30365472, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 40659304, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | ec0c5aca4f523a18a8da158ceaf430bbb0d2d1bb | 1686149945 |
+>| 31211008 | PE+/Exe/QTinstaller | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16799441, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16899630, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8cd67cceebf916ebc1dfa0f3caac9941d2da7318 | 1686149953 |
+>| 31211008 | PE+/Exe/QTinstaller | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16799441, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16899630, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8cd67cceebf916ebc1dfa0f3caac9941d2da7318 | 1686149953 |
+>| 173951 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28226, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 821e2b1a498b28bc2d01e0dc6ef5c9b533e6cddc | 1686149961 |
+>| 173951 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28226, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 821e2b1a498b28bc2d01e0dc6ef5c9b533e6cddc | 1686149961 |
+>| 1001232 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12927, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 112532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 81722e46258f2181c4488ed7e4e016465a054df5 | 1686149962 |
+>| 1001232 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12927, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 112532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 81722e46258f2181c4488ed7e4e016465a054df5 | 1686149962 |
+>| 1408625 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 109800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e497ae5b73b87142c68aa32ca6c8ddc0384a3279 | 1686149962 |
+>| 1408625 | Text/Go | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 109800, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e497ae5b73b87142c68aa32ca6c8ddc0384a3279 | 1686149962 |
+>| 3276768 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070676, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103601, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d6a75b67f5d2e46acd4429b58e972867e9cd5d3a | 1686149979 |
+>| 3276768 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070676, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103601, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d6a75b67f5d2e46acd4429b58e972867e9cd5d3a | 1686149979 |
+>| 91161 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28849, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50403, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 9dcc23c9b21440ad706a182c116309563cd3ffdd | 1686149982 |
+>| 91161 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28849, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50403, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 9dcc23c9b21440ad706a182c116309563cd3ffdd | 1686149982 |
+>| 10193920 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8189124, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8246307, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3d30c8a0198738772f116ae497f63a98e3860397 | 1686149986 |
+>| 10193920 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8189124, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8246307, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3d30c8a0198738772f116ae497f63a98e3860397 | 1686149986 |
+>| 10953728 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8832644, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8334233, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 688225294de1ce81a0b86856e9473a44d79cb2c7 | 1686149992 |
+>| 10953728 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8832644, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8334233, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 688225294de1ce81a0b86856e9473a44d79cb2c7 | 1686149992 |
+>| 13879776 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9063260, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8955389, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6b2579402e748c7ca1efe1f9bb1829b935e2e7a3 | 1686149994 |
+>| 13879776 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9063260, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8955389, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6b2579402e748c7ca1efe1f9bb1829b935e2e7a3 | 1686149994 |
+>| 24079793 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18057198, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8412693, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 1f43bab8c6957fa362fb90c9729c1916eab2bcd0 | 1686150002 |
+>| 24079793 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18057198, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8412693, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 1f43bab8c6957fa362fb90c9729c1916eab2bcd0 | 1686150002 |
+>| 6474752 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2533793, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2591846, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 4cde41ec566dfd3b8bc329e318c4f17e2b4f4829 | 1686150005 |
+>| 6474752 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2533793, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2591846, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 4cde41ec566dfd3b8bc329e318c4f17e2b4f4829 | 1686150005 |
+>| 932698 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 326870, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 54869, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 2cbeabd2324a2a2d98c144c6d884e587223e2ec6 | 1686150015 |
+>| 932698 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 326870, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 54869, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 2cbeabd2324a2a2d98c144c6d884e587223e2ec6 | 1686150015 |
+>| 72837 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 19785, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 43263, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | c7d16b5e7cf3bfff42d2247043551c4175d61d20 | 1686150016 |
+>| 72837 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 19785, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 43263, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | c7d16b5e7cf3bfff42d2247043551c4175d61d20 | 1686150016 |
+>| 36540577 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3889929, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16366923, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | a805ed283e310974d552b3b322b4f18891255757 | 1686150017 |
+>| 36540577 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3889929, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16366923, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | a805ed283e310974d552b3b322b4f18891255757 | 1686150017 |
+>| 5047332 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3313365, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 546ddfb350387e7df8ca8266f8b2b038c7eef2d3 | 1686150017 |
+>| 5047332 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3313365, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 546ddfb350387e7df8ca8266f8b2b038c7eef2d3 | 1686150017 |
+>| 24901120 | PE+/Exe/QTinstaller | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14371897, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14466070, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | fd39aae727a929c51b958ee707c238bfb473ad15 | 1686150022 |
+>| 24901120 | PE+/Exe/QTinstaller | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14371897, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14466070, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | fd39aae727a929c51b958ee707c238bfb473ad15 | 1686150022 |
+>| 34397761 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6212556, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12877011, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 1b67acf2821d6fef6927fc280bc43d62c10f3453 | 1686150023 |
+>| 34397761 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6212556, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12877011, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 1b67acf2821d6fef6927fc280bc43d62c10f3453 | 1686150023 |
+>| 15989124 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 12610545, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | fbeba4bc92ad9ef8a63969244cefd0a89a82faca | 1686150024 |
+>| 30287982 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26848016, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 26812902, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6b0fbcfd179386a5843a327f505fc9792d0ceb73 | 1686150026 |
+>| 30287982 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26848016, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 26812902, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6b0fbcfd179386a5843a327f505fc9792d0ceb73 | 1686150026 |
+>| 9734975 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3297128, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3361389, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8710a30f251eb354a10b9b3ded8f39dcb2511270 | 1686150030 |
+>| 9734975 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3297128, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3361389, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8710a30f251eb354a10b9b3ded8f39dcb2511270 | 1686150030 |
+>| 36550757 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3894018, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16377103, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 2d01a780e7061977aa595ed1ab064a64ca72673f | 1686150034 |
+>| 36550757 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3894018, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16377103, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 2d01a780e7061977aa595ed1ab064a64ca72673f | 1686150034 |
+>| 30241965 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1270683, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19094887, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e73e925688406110576d482b6349f6b4abf6e791 | 1686150034 |
+>| 30241965 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1270683, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19094887, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e73e925688406110576d482b6349f6b4abf6e791 | 1686150034 |
+>| 1159176 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 917880, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1076516, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 75de010f85713ee4d027ad3b425d8810b83e26c5 | 1686150036 |
+>| 1159176 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 917880, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1076516, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 75de010f85713ee4d027ad3b425d8810b83e26c5 | 1686150036 |
+>| 932902 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 216644, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 656004, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 69d5e05c0d3120adbf821c2c81745278e84af7bb | 1686150036 |
+>| 932902 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 216644, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 656004, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 69d5e05c0d3120adbf821c2c81745278e84af7bb | 1686150036 |
+>| 9079296 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6536009, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6512841, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d8abe35af92e46e46ba9279fe6026b44680e4c24 | 1686150040 |
+>| 9079296 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6536009, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6512841, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d8abe35af92e46e46ba9279fe6026b44680e4c24 | 1686150040 |
+>| 36641188 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3930181, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16467533, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 013bd97c6dedc7caabd9b4a867374ae3b0ac264c | 1686150043 |
+>| 36641188 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3930181, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16467533, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 013bd97c6dedc7caabd9b4a867374ae3b0ac264c | 1686150043 |
+>| 34865877 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13375873, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 34219704, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3aa2b177f8a825c6b13e4599eb6958557835926a | 1686150046 |
+>| 34865877 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13375873, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 34219704, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3aa2b177f8a825c6b13e4599eb6958557835926a | 1686150046 |
+>| 57024799 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11320886, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48226201, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | af0677e0ad5168e7ea50bfbfa9d4cc6fb617882b | 1686150048 |
+>| 57024799 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11320886, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48226201, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | af0677e0ad5168e7ea50bfbfa9d4cc6fb617882b | 1686150048 |
+>| 348160 | PE/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 68000a66e0df17b4742280453a78dbd56240d1ee | 1686150052 |
+>| 2395811 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 90869, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1060182, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 5db008d6516d29b3c8dfdf79ef9cf9a9c84afdd7 | 1686150054 |
+>| 2395811 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 90869, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1060182, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 5db008d6516d29b3c8dfdf79ef9cf9a9c84afdd7 | 1686150054 |
+>| 36590144 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3909772, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16416489, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 4cdaa1a635a89f003730568320dd1843b0b4eb9b | 1686150060 |
+>| 36590144 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3909772, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16416489, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 4cdaa1a635a89f003730568320dd1843b0b4eb9b | 1686150060 |
+>| 36515211 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3879798, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16341556, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3354aa087f5e69e2514eb45f86481e3b48dd8c71 | 1686150061 |
+>| 36515211 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3879798, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16341556, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3354aa087f5e69e2514eb45f86481e3b48dd8c71 | 1686150061 |
+>| 33694294 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23513731, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24426219, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | b530c39a703be42f39ea9b0871269121fde6889f | 1686150062 |
+>| 33694294 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23513731, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24426219, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | b530c39a703be42f39ea9b0871269121fde6889f | 1686150062 |
+>| 36537740 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3888816, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16364086, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 33fb0fe07bf41fecddca87af88764a6133dadd47 | 1686150065 |
+>| 36537740 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3888816, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16364086, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 33fb0fe07bf41fecddca87af88764a6133dadd47 | 1686150065 |
+>| 36770403 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3981874, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16596748, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | fff92cc57a76f6fd2fb1a9f83323935488263d20 | 1686150067 |
+>| 36770403 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3981874, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16596748, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | fff92cc57a76f6fd2fb1a9f83323935488263d20 | 1686150067 |
+>| 58043690 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11416838, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11383531, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | b34ec7ccb44bd40e2283f90f51fc7cf5b7c116dc | 1686150088 |
+>| 58043690 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11416838, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11383531, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | b34ec7ccb44bd40e2283f90f51fc7cf5b7c116dc | 1686150088 |
+>| 43296371 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2845294, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 36059397, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 82b57851ed6f20a92ee947f7475ba2f1483fbe40 | 1686150095 |
+>| 43296371 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2845294, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 36059397, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 82b57851ed6f20a92ee947f7475ba2f1483fbe40 | 1686150095 |
+>| 928842 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 50772, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 106169, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | a7e388dc1018be1fe314c4f8cbf03b1afef1f2ce | 1686150097 |
+>| 928842 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 50772, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 106169, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | a7e388dc1018be1fe314c4f8cbf03b1afef1f2ce | 1686150097 |
+>| 932389 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 331131, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50692, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3857f93365c892ca7633a9c53730d6bc1d831a0f | 1686150102 |
+>| 932389 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 331131, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50692, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3857f93365c892ca7633a9c53730d6bc1d831a0f | 1686150102 |
+>| 928275 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 323826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51157, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 5c92ee4a922e8257741a8147f427470ec1fb2cc7 | 1686150102 |
+>| 928275 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 323826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51157, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 5c92ee4a922e8257741a8147f427470ec1fb2cc7 | 1686150102 |
+>| 932276 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 124645, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 684889, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 65dd53f03df7c7fc23c681906bc82faef89b6229 | 1686150102 |
+>| 932276 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 124645, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 684889, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 65dd53f03df7c7fc23c681906bc82faef89b6229 | 1686150102 |
+>| 36531162 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3886168, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16357507, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 4a50c617873f2fe6d95c80c122ed16c47a1418e1 | 1686150102 |
+>| 36531162 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3886168, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16357507, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 4a50c617873f2fe6d95c80c122ed16c47a1418e1 | 1686150102 |
+>| 931071 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 52176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 610004, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 5f98263a56a793c9a5b1eb4137b241b3f2b3a92f | 1686150103 |
+>| 931071 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 52176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 610004, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 5f98263a56a793c9a5b1eb4137b241b3f2b3a92f | 1686150103 |
+>| 7549400 | ELF32 Little/SO | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 313894, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 370505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 33c1abb22a7c450ec7a56d86ed55f2309033a1ad | 1686150103 |
+>| 7549400 | ELF32 Little/SO | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 313894, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 370505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 33c1abb22a7c450ec7a56d86ed55f2309033a1ad | 1686150103 |
+>| 1331824 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 913341, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 824258, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 0a67ebac16528d81e4d4a57c24f5ec98bffe78ba | 1686150104 |
+>| 1331824 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 913341, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 824258, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 0a67ebac16528d81e4d4a57c24f5ec98bffe78ba | 1686150104 |
+>| 968667 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 134578, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 495188, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 388a688ff5360dc566ae1e02c5744423b1474a8c | 1686150104 |
+>| 968667 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 134578, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 495188, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 388a688ff5360dc566ae1e02c5744423b1474a8c | 1686150104 |
+>| 931717 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 423260, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51749, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3ea76a30076f6773a77a0d38cb4329bb87ccdca6 | 1686150105 |
+>| 931717 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 423260, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51749, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3ea76a30076f6773a77a0d38cb4329bb87ccdca6 | 1686150105 |
+>| 8185728 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6588985, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7149558, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | f9042e40b9e538738ff824c1ab905857b9cdc83d | 1686150106 |
+>| 8185728 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6588985, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7149558, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | f9042e40b9e538738ff824c1ab905857b9cdc83d | 1686150106 |
+>| 930985 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 322357, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50952, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6beac76e3513c3e844b4a273ee08a7489a850526 | 1686150106 |
+>| 930985 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 322357, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50952, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6beac76e3513c3e844b4a273ee08a7489a850526 | 1686150106 |
+>| 926603 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47177, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 694431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | c8cef867ea206871eb64383f00f2fabaadb7c276 | 1686150109 |
+>| 926603 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47177, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 694431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | c8cef867ea206871eb64383f00f2fabaadb7c276 | 1686150109 |
+>| 935797 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 138034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 342929, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 73dafc4fdeb216048d15665f036646f99af73913 | 1686150109 |
+>| 935797 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 138034, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 342929, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 73dafc4fdeb216048d15665f036646f99af73913 | 1686150109 |
+>| 931560 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 51372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 609695, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 0123930e0a777ee12c0a73cf035b5bd7f779ec85 | 1686150109 |
+>| 931560 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 51372, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 609695, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 0123930e0a777ee12c0a73cf035b5bd7f779ec85 | 1686150109 |
+>| 935998 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 338376, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59214, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 5cd8dce7e4c4387ac7b5705dbdae6bb065a26bb4 | 1686150110 |
+>| 935998 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 338376, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59214, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 5cd8dce7e4c4387ac7b5705dbdae6bb065a26bb4 | 1686150110 |
+>| 933412 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 43451, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 185008, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 101516f0f938f540ac87d4f88875c39c267ea29e | 1686150112 |
+>| 933412 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 43451, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 185008, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 101516f0f938f540ac87d4f88875c39c267ea29e | 1686150112 |
+>| 6701832 | PE+/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1775780, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2815992, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d194592f1c5946d2d49bc657e9924290ce2e2d2e | 1686150114 |
+>| 6701832 | PE+/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1775780, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2815992, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d194592f1c5946d2d49bc657e9924290ce2e2d2e | 1686150114 |
+>| 3276768 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070676, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103601, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | afa59c4de068f13d617a8090c55f7d0b645d9782 | 1686150114 |
+>| 3276768 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2070676, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2103601, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | afa59c4de068f13d617a8090c55f7d0b645d9782 | 1686150114 |
+>| 173795 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28070, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | bd0f7e58c1600c5a717fcf060c6c260d9d865d22 | 1686150115 |
+>| 173795 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28070, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | bd0f7e58c1600c5a717fcf060c6c260d9d865d22 | 1686150115 |
+>| 931770 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 118609, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 175602, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d85fbe69e08f57750f22ef20ad20e3bb08fb53df | 1686150115 |
+>| 931770 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 118609, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 175602, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d85fbe69e08f57750f22ef20ad20e3bb08fb53df | 1686150115 |
+>| 929834 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 55696, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 651831, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | b4c897b4aaa258b27ee0ff7edf553735481f565d | 1686150116 |
+>| 929834 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 55696, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 651831, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | b4c897b4aaa258b27ee0ff7edf553735481f565d | 1686150116 |
+>| 23668351 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 774742, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23214826, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 4af3d5aee88996ec6952ea9e598b434ee4dc0c28 | 1686150119 |
+>| 23668351 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 774742, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23214826, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 4af3d5aee88996ec6952ea9e598b434ee4dc0c28 | 1686150119 |
+>| 9095348 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2065896, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1838594, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | c8e8441cdad2974770adb2fd9091f4f590188968 | 1686150123 |
+>| 9095348 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2065896, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1838594, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | c8e8441cdad2974770adb2fd9091f4f590188968 | 1686150123 |
+>| 930687 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 118136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 180327, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 961e3cd96bfa7943f71109d0c235fd8b38376f60 | 1686150124 |
+>| 930687 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 118136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 180327, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 961e3cd96bfa7943f71109d0c235fd8b38376f60 | 1686150124 |
+>| 931377 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 401046, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 129705, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 0bb2964f5efb578d0ecc0cf06417d686dde59f77 | 1686150125 |
+>| 931377 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 401046, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 129705, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 0bb2964f5efb578d0ecc0cf06417d686dde59f77 | 1686150125 |
+>| 927231 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 57153, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 688672, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 96625e5eb83bfd90167a64c8e3cc7e7be5b63fe0 | 1686150125 |
+>| 927231 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 57153, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 688672, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 96625e5eb83bfd90167a64c8e3cc7e7be5b63fe0 | 1686150125 |
+>| 3331072 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2187152, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2194102, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 089a0358b27ea0c5d92c823b63add32457501a5e | 1686150126 |
+>| 3331072 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2187152, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2194102, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 089a0358b27ea0c5d92c823b63add32457501a5e | 1686150126 |
+>| 8126464 | ELF64 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3474544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3515704, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 20a165c1eb816ff4ad7d55d49e70a41c1198ead8 | 1686150128 |
+>| 8126464 | ELF64 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3474544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3515704, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 20a165c1eb816ff4ad7d55d49e70a41c1198ead8 | 1686150128 |
+>| 36633572 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3927134, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16459918, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 583d27662efc73f5f42eb81609770e692e9a65ed | 1686150129 |
+>| 36633572 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3927134, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16459918, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 583d27662efc73f5f42eb81609770e692e9a65ed | 1686150129 |
+>| 34389577 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6210700, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12869171, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | ff4a7e7fd300f7b38d41ecfb0ac74a33a1beebce | 1686150135 |
+>| 34389577 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6210700, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12869171, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | ff4a7e7fd300f7b38d41ecfb0ac74a33a1beebce | 1686150135 |
+>| 935988 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 331334, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52342, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 2129c563cfbfbab0111c73f31184e0bf4b1bc3a6 | 1686150139 |
+>| 935988 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 331334, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52342, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 2129c563cfbfbab0111c73f31184e0bf4b1bc3a6 | 1686150139 |
+>| 930473 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 338428, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59098, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 787d91817a5dd4cf63d0454eb240052aa9687619 | 1686150140 |
+>| 930473 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 338428, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59098, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 787d91817a5dd4cf63d0454eb240052aa9687619 | 1686150140 |
+>| 12013103 | PE/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 9115816, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 6a335f4e638e564f836057fe6e0e2af05ec33da8 | 1686150140 |
+>| 6699288 | PE+/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1775780, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2815385, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 4cf4ab87e37b01ecdbb8ed0c8796a4fae7edb3ed | 1686150143 |
+>| 6699288 | PE+/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1775780, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2815385, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 4cf4ab87e37b01ecdbb8ed0c8796a4fae7edb3ed | 1686150143 |
+>| 929276 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47016, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 403386, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 9454c50693d7b390806ced4ef36b9b857b8629fa | 1686150149 |
+>| 929276 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47016, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 403386, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 9454c50693d7b390806ced4ef36b9b857b8629fa | 1686150149 |
+>| 930806 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46563, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 184147, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 274b00db13eebcd6082de509d400fe5251a98f03 | 1686150149 |
+>| 930806 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46563, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 184147, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 274b00db13eebcd6082de509d400fe5251a98f03 | 1686150149 |
+>| 61184217 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 45211537, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 58260786, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d9db0d9b40773587e3f3504ee62dd13f356e2042 | 1686150152 |
+>| 61184217 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 45211537, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 58260786, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d9db0d9b40773587e3f3504ee62dd13f356e2042 | 1686150152 |
+>| 73081759 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12895085, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30003463, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 824ad09d431328843657589c773b0b69b87fe04e | 1686150157 |
+>| 73081759 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12895085, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30003463, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 824ad09d431328843657589c773b0b69b87fe04e | 1686150157 |
+>| 10032511 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1605113, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7068039, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 5ba002fd1aa0d945d508de71864be5fbee45f4fb | 1686150162 |
+>| 10032511 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1605113, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7068039, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 5ba002fd1aa0d945d508de71864be5fbee45f4fb | 1686150162 |
+>| 931686 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 48187, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 409598, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e5842bab24fad9c4287acfed037aab491c47df01 | 1686150163 |
+>| 931686 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 48187, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 409598, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e5842bab24fad9c4287acfed037aab491c47df01 | 1686150163 |
+>| 26278447 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23857885, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23869615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 290617954cdec1062ac608739fe91ff59390d697 | 1686150167 |
+>| 26278447 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23857885, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23869615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 290617954cdec1062ac608739fe91ff59390d697 | 1686150167 |
+>| 34389577 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6210892, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12869363, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 6da793ceb98fba2eca7bf612512c1f19acd4169a | 1686150172 |
+>| 34389577 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6210892, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12869363, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 6da793ceb98fba2eca7bf612512c1f19acd4169a | 1686150172 |
+>| 8946132 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3674270, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3441202, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 90edd03ca6404f5463883a9636f3c0f9898e07bd | 1686150179 |
+>| 8946132 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3674270, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3441202, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 90edd03ca6404f5463883a9636f3c0f9898e07bd | 1686150179 |
+>| 9193604 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1891954, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3260593, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 7e0f6d644b62d3b5796e50c1d385d4a0c9c6e990 | 1686150180 |
+>| 9193604 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1891954, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3260593, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 7e0f6d644b62d3b5796e50c1d385d4a0c9c6e990 | 1686150180 |
+>| 12764160 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8980721, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12260413, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 7b6aa3b5779ec0d82fee559fc4d63ad480d51081 | 1686150184 |
+>| 12764160 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8980721, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12260413, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 7b6aa3b5779ec0d82fee559fc4d63ad480d51081 | 1686150184 |
+>| 3310440 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1999564, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 785846, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 1f432e629ddc3a46933533ecbb34fea9957e75fb | 1686150210 |
+>| 3310440 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1999564, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 785846, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 1f432e629ddc3a46933533ecbb34fea9957e75fb | 1686150210 |
+>| 9573220 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6332741, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7759019, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e65b15c85ad58e8c03d631bc18c60cb8158f284e | 1686150242 |
+>| 9573220 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6332741, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7759019, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e65b15c85ad58e8c03d631bc18c60cb8158f284e | 1686150242 |
+>| 930740 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47540, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 610524, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | b873436ccab36552c99f8fe7061bdbe272d3ce8f | 1686150266 |
+>| 930740 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47540, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 610524, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | b873436ccab36552c99f8fe7061bdbe272d3ce8f | 1686150266 |
+>| 348160 | PE/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | d69278c938ecff91cb1de3e41eb4ad2ada3d7fd7 | 1686150275 |
+>| 348160 | PE/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 9e0b73ab7dd3c5393d59f189f72d86969fe810e6 | 1686150278 |
+>| 96404 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34942, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23974, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 40ae8ce4fd7be204b022a24d145bc76724f29a25 | 1686150284 |
+>| 96404 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34942, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23974, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 40ae8ce4fd7be204b022a24d145bc76724f29a25 | 1686150284 |
+>| 491771 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31265, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 449442, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 311b155865c0b0031906cc3cb642c1451c728b49 | 1686150285 |
+>| 491771 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31265, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 449442, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 311b155865c0b0031906cc3cb642c1451c728b49 | 1686150285 |
+>| 15222705 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3256698, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10462094, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8077d9e9178106ee04bb064f0c4836609b2651a3 | 1686150286 |
+>| 15222705 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3256698, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10462094, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8077d9e9178106ee04bb064f0c4836609b2651a3 | 1686150286 |
+>| 30296948 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26842835, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 26807721, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 083b1295e2caf60b6a41f01b6f87667b98430091 | 1686150290 |
+>| 30296948 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26842835, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 26807721, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 083b1295e2caf60b6a41f01b6f87667b98430091 | 1686150290 |
+>| 6537308 | PE/Exe/Py2ExeInstaller | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5693089, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2822995, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 49e0274cb0a8a40a09bcad3a1713a800e5fb6fd1 | 1686150294 |
+>| 6537308 | PE/Exe/Py2ExeInstaller | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5693089, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2822995, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 49e0274cb0a8a40a09bcad3a1713a800e5fb6fd1 | 1686150294 |
+>| 7247380 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4008699, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4004292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | dc5923d8b5caae31db125694e113c3838d645180 | 1686150295 |
+>| 7247380 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4008699, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4004292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | dc5923d8b5caae31db125694e113c3838d645180 | 1686150295 |
+>| 4502016 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3630751, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3591330, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 0577c58640804c401b437230cced87df2345e29c | 1686150298 |
+>| 4502016 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3630751, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3591330, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 0577c58640804c401b437230cced87df2345e29c | 1686150298 |
+>| 12545978 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10606314, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2930691, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | a74dd66fb887d1af674a86bf6a29b7689e13bcfe | 1686150302 |
+>| 12545978 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10606314, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2930691, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | a74dd66fb887d1af674a86bf6a29b7689e13bcfe | 1686150302 |
+>| 21330944 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15508458, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14984430, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d7d92eeac776fff79b8bb27ae022acb7b2a72d46 | 1686150317 |
+>| 21330944 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15508458, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14984430, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d7d92eeac776fff79b8bb27ae022acb7b2a72d46 | 1686150317 |
+>| 931771 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 414713, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57019, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8cb8155899b4297fa0a00e46789aadf71b9ebae0 | 1686150327 |
+>| 931771 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 414713, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57019, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8cb8155899b4297fa0a00e46789aadf71b9ebae0 | 1686150327 |
+>| 468938 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 20060, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 207216, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 7f8905edbfd2e186ed2a4752c8be165a486871c0 | 1686150330 |
+>| 468938 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 20060, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 207216, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 7f8905edbfd2e186ed2a4752c8be165a486871c0 | 1686150330 |
+>| 3557888 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 509291, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 495464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e07c7eeeec72a3a3d03de92f0c14ad55ad44ba28 | 1686150332 |
+>| 3557888 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 509291, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 495464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e07c7eeeec72a3a3d03de92f0c14ad55ad44ba28 | 1686150332 |
+>| 7852544 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6486978, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6455842, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 4a080485c96493bd3debfad49a284a34760e9b70 | 1686150343 |
+>| 7852544 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6486978, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6455842, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 4a080485c96493bd3debfad49a284a34760e9b70 | 1686150343 |
+>| 15735 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11559, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9762, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | aa7abe3707df21fd8e0aab4609e413c9e9395efe | 1686150351 |
+>| 15735 | Text/TypeScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11559, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9762, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | aa7abe3707df21fd8e0aab4609e413c9e9395efe | 1686150351 |
+>| 931613 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 123803, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 294152, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 4243abf48ba4ec77ba7314dc5617ad5d3b3fd1f4 | 1686150352 |
+>| 931613 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 123803, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 294152, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 4243abf48ba4ec77ba7314dc5617ad5d3b3fd1f4 | 1686150352 |
+>| 948192 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 612819, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 588226, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | a6d3081cbeb195d1edfc1099435bf0f9afaf711a | 1686150354 |
+>| 948192 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 612819, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 588226, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | a6d3081cbeb195d1edfc1099435bf0f9afaf711a | 1686150354 |
+>| 5127484 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3313365, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | ab46a7097d5e33fcc3eefcb097cf651d4b79327e | 1686150356 |
+>| 5127484 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 13808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3313365, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | ab46a7097d5e33fcc3eefcb097cf651d4b79327e | 1686150356 |
+>| 25453056 | PE+/Exe/QTinstaller | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15179465, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15285982, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | ade4a102d363465fc686f2205ccc541641212b76 | 1686150357 |
+>| 25453056 | PE+/Exe/QTinstaller | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15179465, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15285982, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | ade4a102d363465fc686f2205ccc541641212b76 | 1686150357 |
+>| 43717981 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22952660, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21572538, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 730b962ad50fa2261e7cc4cda3cd478e29433cb6 | 1686150363 |
+>| 43717981 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22952660, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21572538, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 730b962ad50fa2261e7cc4cda3cd478e29433cb6 | 1686150363 |
+>| 10340152 | PE/.Net Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 615180, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 2715497b02f441d8f7fd55bcbc73e2dc912c284f | 1686150364 |
+>| 25406657 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5367098, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5417667, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | cec13f5281df131634a68b0f404360f783f557ec | 1686150371 |
+>| 25406657 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5367098, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5417667, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | cec13f5281df131634a68b0f404360f783f557ec | 1686150371 |
+>| 931361 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46225, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 192292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 5c4e9cc203c98e89a989478efaca334e8779af81 | 1686150371 |
+>| 931361 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46225, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 192292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 5c4e9cc203c98e89a989478efaca334e8779af81 | 1686150371 |
+>| 23095627 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 369170, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21391369, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 06f8373056da04c985cd04b94e51ec666612d2cd | 1686150371 |
+>| 23095627 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 369170, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21391369, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 06f8373056da04c985cd04b94e51ec666612d2cd | 1686150371 |
+>| 348160 | PE/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 37848, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 147ae394a900a5d3d735e77dfd86ce49a0991862 | 1686150374 |
+>| 20372117 | PE/Exe/NSIS | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 7242654, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 4f66b0d78adce76fe167fea619b1130503438559 | 1686150375 |
+>| 20280576 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8292185, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8209778, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8db22983306a388d96017ffdb3ab1e00d7ebb43c | 1686150377 |
+>| 20280576 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8292185, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8209778, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8db22983306a388d96017ffdb3ab1e00d7ebb43c | 1686150377 |
+>| 10182656 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3152562, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3805148, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 59f6e8d7adc5364174e1ae0f192ad10d2f9d0117 | 1686150379 |
+>| 10182656 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3152562, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3805148, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 59f6e8d7adc5364174e1ae0f192ad10d2f9d0117 | 1686150379 |
+>| 930152 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 412452, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 62429, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 112c3ef4d7d4fee90f4367199ad90568e963cf66 | 1686150382 |
+>| 930152 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 412452, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 62429, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 112c3ef4d7d4fee90f4367199ad90568e963cf66 | 1686150382 |
+>| 8814592 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4011313, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4713025, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 775b98352e38f238b29f95040424f6c1ac503e8f | 1686150386 |
+>| 8814592 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4011313, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4713025, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 775b98352e38f238b29f95040424f6c1ac503e8f | 1686150386 |
+>| 3282432 | PE+/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 1698382, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | true | 89c5c42946f23ab8da17d62395ec0801fc1ff93f | 1686150394 |
+>| 6444832 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4974746, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5726860, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | dd3646cd6dab41f30705c102b56e633b952bb475 | 1686150397 |
+>| 6444832 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4974746, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5726860, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | dd3646cd6dab41f30705c102b56e633b952bb475 | 1686150397 |
+>| 6474752 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2533783, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2591836, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 696ff8fef64c56e79ea3da6812c7a2edafdc029d | 1686150401 |
+>| 6474752 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2533783, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2591836, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 696ff8fef64c56e79ea3da6812c7a2edafdc029d | 1686150401 |
+>| 86433 | Binary/None | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28868, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50260, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 7195310aa4920e2cb39ddc26b248143499d3b126 | 1686150413 |
+>| 86433 | Binary/None | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28868, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50260, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 7195310aa4920e2cb39ddc26b248143499d3b126 | 1686150413 |
+>| 3267040 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2062484, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2095349, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8f0fc38ce9fde7cde4506f45eaf55a7bd54e1d16 | 1686150421 |
+>| 3267040 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2062484, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2095349, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8f0fc38ce9fde7cde4506f45eaf55a7bd54e1d16 | 1686150421 |
+>| 47601 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25695, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 33096, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 3175ad779cc055b571f0fd1acbd8cc9bfe520280 | 1686150431 |
+>| 47601 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25695, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 33096, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 3175ad779cc055b571f0fd1acbd8cc9bfe520280 | 1686150431 |
+>| 154756 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111362, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 220680831449b8f6588a9cce44741fab554a7ba7 | 1686150441 |
+>| 154756 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111362, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 220680831449b8f6588a9cce44741fab554a7ba7 | 1686150441 |
+>| 151462 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108062, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65135, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 1878b427f101a316442c57209fa17cbe6a1ca0fe | 1686150448 |
+>| 151462 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 108062, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 65135, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 1878b427f101a316442c57209fa17cbe6a1ca0fe | 1686150448 |
+>| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | a9627215cb7c1b43c9f5f594a82a2c1559857d7b | 1686150449 |
+>| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | a9627215cb7c1b43c9f5f594a82a2c1559857d7b | 1686150449 |
+>| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 2d0ed62c390430662fc33d8f57b4eb121139ca54 | 1686150449 |
+>| 89327 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 18110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7042, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 2d0ed62c390430662fc33d8f57b4eb121139ca54 | 1686150449 |
+>| 159341 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 115940, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 73406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | a554594c774d4b5d41f7a5234e2905e14b034987 | 1686150450 |
+>| 159341 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 115940, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 73406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | a554594c774d4b5d41f7a5234e2905e14b034987 | 1686150450 |
+>| 126381 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 70625, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53368, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 505c406d7ea1a2f47312b0966be841028ae919e7 | 1686150450 |
+>| 126381 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 70625, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53368, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 505c406d7ea1a2f47312b0966be841028ae919e7 | 1686150450 |
+>| 14417 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11214, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12222, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 60281e56f446d4a3656a25658ffcbd74f12c5bf4 | 1686150454 |
+>| 14417 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11214, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12222, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 60281e56f446d4a3656a25658ffcbd74f12c5bf4 | 1686150454 |
+>| 154369 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110973, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68402, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | c099dd547b58e74ed8d9c2c6d579ab8e41269500 | 1686150455 |
+>| 154369 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110973, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68402, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | c099dd547b58e74ed8d9c2c6d579ab8e41269500 | 1686150455 |
+>| 155384 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68667, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e24497a1dd5d1e5e41bafc6c5aeb7a7c680f98a4 | 1686150457 |
+>| 155384 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 111984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68667, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e24497a1dd5d1e5e41bafc6c5aeb7a7c680f98a4 | 1686150457 |
+>| 154219 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110825, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68400, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 995fd53ad16804fccf466264417695e6b0ab6e20 | 1686150463 |
+>| 154219 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110825, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68400, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 995fd53ad16804fccf466264417695e6b0ab6e20 | 1686150463 |
+>| 381079 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 176266, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 345615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 593b0f2c47aa6bd73428f10ea0360725faf06c42 | 1686150465 |
+>| 381079 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 176266, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 345615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 593b0f2c47aa6bd73428f10ea0360725faf06c42 | 1686150465 |
+>| 163098 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 92473, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 152394, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 942e2fb470bd4008055a8bce6749e9bbccb75ea1 | 1686150468 |
+>| 163098 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 92473, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 152394, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 942e2fb470bd4008055a8bce6749e9bbccb75ea1 | 1686150468 |
+>| 13861856 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9049728, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8942045, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 59dafd4d926ab9a9c34899540af51135fe4bd8da | 1686150470 |
+>| 13861856 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9049728, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8942045, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 59dafd4d926ab9a9c34899540af51135fe4bd8da | 1686150470 |
+>| 164398 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3527, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 58716, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d968e98107f741326dca87d26537cc180932e35f | 1686150471 |
+>| 164398 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3527, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 58716, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d968e98107f741326dca87d26537cc180932e35f | 1686150471 |
+>| 1747296 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1673385, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1497969, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 99917368bb78857bf2f837dce851312a70b9ada7 | 1686150471 |
+>| 1747296 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1673385, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1497969, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 99917368bb78857bf2f837dce851312a70b9ada7 | 1686150471 |
+>| 11576577 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10342763, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10354427, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | dff8243d0b4a32e46a8ac8021d97b0aad21830a4 | 1686150472 |
+>| 11576577 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10342763, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10354427, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | dff8243d0b4a32e46a8ac8021d97b0aad21830a4 | 1686150472 |
+>| 154378 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110980, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68404, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | ea9236fdef65fc30c10218b2140d0942adc1f22b | 1686150472 |
+>| 154378 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110980, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68404, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | ea9236fdef65fc30c10218b2140d0942adc1f22b | 1686150472 |
+>| 39268559 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 64836, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 605486, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 54edf295efcf05160d27fb6834a3caf9f2209ba7 | 1686150475 |
+>| 39268559 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 64836, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 605486, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 54edf295efcf05160d27fb6834a3caf9f2209ba7 | 1686150475 |
+>| 444715 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15462, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 193293, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 55fc77d16e940a3be013328da7d777f419def447 | 1686150476 |
+>| 444715 | Text/JavaScript | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15462, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 193293, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 55fc77d16e940a3be013328da7d777f419def447 | 1686150476 |
+>| 146027 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 102626, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 60254, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 969c08328198fbb0749411234c6a00b0ce5a003d | 1686150478 |
+>| 146027 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 102626, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 60254, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 969c08328198fbb0749411234c6a00b0ce5a003d | 1686150478 |
+>| 154393 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110997, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68402, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | df4b0f26e87a56dd0ee628f3f4e3e4df7ea3adb0 | 1686150478 |
+>| 154393 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 110997, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 68402, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | df4b0f26e87a56dd0ee628f3f4e3e4df7ea3adb0 | 1686150478 |
+>| 407815 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 133036, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 80620, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e35210e1fd190655438816adbb94a276948585d1 | 1686150478 |
+>| 407815 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 133036, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 80620, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e35210e1fd190655438816adbb94a276948585d1 | 1686150478 |
+>| 20620343 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 33910, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 196832, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | a2acda4f1d103c3935fecaceb702793840da5de2 | 1686150481 |
+>| 20620343 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 33910, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 196832, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | a2acda4f1d103c3935fecaceb702793840da5de2 | 1686150481 |
+>| 6009840 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4616975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4984614, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 58d3d4e8011ca5aa7a827bdb32984b46691cb5a9 | 1686150481 |
+>| 6009840 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4616975, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4984614, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 58d3d4e8011ca5aa7a827bdb32984b46691cb5a9 | 1686150481 |
+>| 20632380 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16365, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 208986, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | d2778f896a3ff2d865af50cbcd529dafcf714393 | 1686150482 |
+>| 20632380 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16365, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 208986, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | d2778f896a3ff2d865af50cbcd529dafcf714393 | 1686150482 |
+>| 273248 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4940, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 34578885caf1a2e0b48b46d4e70eb01445acc5f0 | 1686150482 |
+>| 273248 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4940, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 34578885caf1a2e0b48b46d4e70eb01445acc5f0 | 1686150482 |
+>| 344762 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 227460, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | b6caa5f15f08024eda95d3eb61de207ea1db5ca7 | 1686150483 |
+>| 344762 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 227460, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | b6caa5f15f08024eda95d3eb61de207ea1db5ca7 | 1686150483 |
+>| 273249 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4940, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | ddff15d4914ff06b55fbac496362aaae7a2d3c9b | 1686150484 |
+>| 273249 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4940, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | ddff15d4914ff06b55fbac496362aaae7a2d3c9b | 1686150484 |
+>| 456700 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 430650, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 214898, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | a3342c659d56113fcf63287f1f2b51015a32a9fe | 1686150491 |
+>| 456700 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 430650, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 214898, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | a3342c659d56113fcf63287f1f2b51015a32a9fe | 1686150491 |
+>| 20655221 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19076, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | e1a3dcfe7846ac93feb3b6c0d368c619551e2060 | 1686150496 |
+>| 20655221 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19076, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | e1a3dcfe7846ac93feb3b6c0d368c619551e2060 | 1686150496 |
+>| 1808816 | PE/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 201237, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 166562, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | true | 8cee4323aa88793881d1e9753476ffd85e9909d2 | 1686150498 |
+>| 1808816 | PE/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 201237, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 166562, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | true | 8cee4323aa88793881d1e9753476ffd85e9909d2 | 1686150498 |
+>| 17414211 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1697169, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 341432, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 86323712891af72832dd179625c1c9e5f47ef5dc | 1686149728 |
+>| 17414211 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1697169, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 341432, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 86323712891af72832dd179625c1c9e5f47ef5dc | 1686149728 |
+>| 97050 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27202, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48756, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4b894706af749cdad62ced56233c32dc85274212 | 1686149728 |
+>| 97050 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27202, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48756, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4b894706af749cdad62ced56233c32dc85274212 | 1686149728 |
+>| 735478 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 555378, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 733133, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 2d4d4a0e0efea6efab5dff40951a996b10fe594c | 1686149732 |
+>| 735478 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 555378, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 733133, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 2d4d4a0e0efea6efab5dff40951a996b10fe594c | 1686149732 |
+>| 609570 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53613, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8513, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | aaed518e40e25ce0e29bd86cefa05cf4c6cdaad8 | 1686149732 |
+>| 609570 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 53613, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8513, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | aaed518e40e25ce0e29bd86cefa05cf4c6cdaad8 | 1686149732 |
+>| 8295796 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3332145, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1798128, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | eb37a450426a73adc228c0b7af6b389fc7bdf56e | 1686149737 |
+>| 8295796 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3332145, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1798128, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | eb37a450426a73adc228c0b7af6b389fc7bdf56e | 1686149737 |
+>| 13028229 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29013, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 650100, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c38171b6039aed6b7b759e296ace24dc7d025b83 | 1686149738 |
+>| 13028229 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29013, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 650100, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c38171b6039aed6b7b759e296ace24dc7d025b83 | 1686149738 |
+>| 7240420 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4735924, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4985544, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 06b99fba88558d39bdb6dbb429327e38bd1a00a6 | 1686149740 |
+>| 7240420 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4735924, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4985544, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 06b99fba88558d39bdb6dbb429327e38bd1a00a6 | 1686149740 |
+>| 9198608 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6192194, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6196270, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d537cc50888e2276c7faf74e30d23c170738198a | 1686149744 |
+>| 9198608 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6192194, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6196270, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d537cc50888e2276c7faf74e30d23c170738198a | 1686149744 |
+>| 26307192 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3868176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3642636, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0503efcbe5861c3e0d079f9becb3485452b97235 | 1686149749 |
+>| 26307192 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3868176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3642636, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0503efcbe5861c3e0d079f9becb3485452b97235 | 1686149749 |
+>| 108432 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 45813, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17730, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6eb5e3bb205a25257bf20d66e9f4f70a7ae67d76 | 1686149755 |
+>| 108432 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 45813, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17730, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6eb5e3bb205a25257bf20d66e9f4f70a7ae67d76 | 1686149755 |
+>| 22828 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8423, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11498, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 51b0ba00682591290f80e5855f1a4db9998acf09 | 1686149756 |
+>| 22828 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8423, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11498, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 51b0ba00682591290f80e5855f1a4db9998acf09 | 1686149756 |
+>| 22894 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8489, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11564, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0c6f35b25d6e074fab3199944f85df197e063162 | 1686149766 |
+>| 22894 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8489, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11564, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0c6f35b25d6e074fab3199944f85df197e063162 | 1686149766 |
+>| 735481 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 555379, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 733136, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c95b0d982790b576d4b8b0eb0b5eb81c07e8eb87 | 1686149767 |
+>| 735481 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 555379, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 733136, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c95b0d982790b576d4b8b0eb0b5eb81c07e8eb87 | 1686149767 |
+>| 69910542 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 432346, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 401816, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c10dd19fb20e99ac5e03cc854fcb07f3a4689626 | 1686149774 |
+>| 69910542 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 432346, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 401816, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c10dd19fb20e99ac5e03cc854fcb07f3a4689626 | 1686149774 |
+>| 78078 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48075, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6b23dddf010be66788315ffbd673a8786e216cca | 1686149779 |
+>| 78078 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27427, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48075, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6b23dddf010be66788315ffbd673a8786e216cca | 1686149779 |
+>| 55035681 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6445000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5864743, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a20295d2941d01ad89f148221bfeeb4a7ae91c8a | 1686149785 |
+>| 55035681 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6445000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5864743, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a20295d2941d01ad89f148221bfeeb4a7ae91c8a | 1686149785 |
+>| 72160935 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25254788, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 62943840, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 3608d31f0528ed78f3b4c7325f48b21eaae7d6e9 | 1686149790 |
+>| 72160935 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 64192330, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 3608d31f0528ed78f3b4c7325f48b21eaae7d6e9 | 1686149790 |
+>| 72160935 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25254788, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 62943840, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 3608d31f0528ed78f3b4c7325f48b21eaae7d6e9 | 1686149790 |
+>| 5053848 | PE/Exe/UPX | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 4631537, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 9d94d6d2c676ea1391707da336b08adb51a7602e | 1686149811 |
+>| 48064504 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14832618, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6254126, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 949abf3b22fde0d82aabde30b447202a85a22976 | 1686149814 |
+>| 48064504 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14832618, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6254126, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 949abf3b22fde0d82aabde30b447202a85a22976 | 1686149814 |
+>| 17363501 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 276134, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4050570, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | ea2a042555d2ed5031699ab262dd36ee11140a47 | 1686149826 |
+>| 17363501 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 276134, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4050570, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | ea2a042555d2ed5031699ab262dd36ee11140a47 | 1686149826 |
+>| 1097787 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1026714, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1022464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8347104bb4f67e9f6a009dddab7d9ba64c1f1f34 | 1686149827 |
+>| 1097787 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1026714, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1022464, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8347104bb4f67e9f6a009dddab7d9ba64c1f1f34 | 1686149827 |
+>| 9109956 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6903276, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7053407, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 68272eebbf35852ead3ca57e4d4057c1aca9e87f | 1686149828 |
+>| 9109956 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6903276, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7053407, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 68272eebbf35852ead3ca57e4d4057c1aca9e87f | 1686149828 |
+>| 129965 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28324, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49213, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8862e555dfb36ef346c9ab015e9cdc042742f905 | 1686149830 |
+>| 129965 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28324, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49213, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8862e555dfb36ef346c9ab015e9cdc042742f905 | 1686149830 |
+>| 3401029 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 546852, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12694, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4edebb0ccaf461b657eefd6de9daa819718702c5 | 1686149831 |
+>| 3401029 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 546852, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12694, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4edebb0ccaf461b657eefd6de9daa819718702c5 | 1686149831 |
+>| 12211580 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1831826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1825431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | bce246203d8df748692e5d67f7b43779ca18fcb8 | 1686149833 |
+>| 12211580 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1831826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1825431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | bce246203d8df748692e5d67f7b43779ca18fcb8 | 1686149833 |
+>| 130472 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31577, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53131, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | bb95e8d71ced34ca09a220bcd4740c05bb5beaae | 1686149835 |
+>| 130472 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31577, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53131, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | bb95e8d71ced34ca09a220bcd4740c05bb5beaae | 1686149835 |
+>| 21856 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 20432, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 49e3e9c608998a84c76dea1d14979748fa303108 | 1686149836 |
+>| 21856 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10251, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 20432, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 49e3e9c608998a84c76dea1d14979748fa303108 | 1686149836 |
+>| 8761628 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5623501, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5729635, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 638ee91a8195f803fb856b9cc58ec90b4e302d2d | 1686149838 |
+>| 8761628 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5623501, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5729635, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 638ee91a8195f803fb856b9cc58ec90b4e302d2d | 1686149838 |
+>| 80384 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3832, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4633, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d71c31ff1506662b75a69ab2f4c470acd4a608c6 | 1686149840 |
+>| 80384 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3832, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4633, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d71c31ff1506662b75a69ab2f4c470acd4a608c6 | 1686149840 |
+>| 2696810 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11164, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 2bb02417e2229ec6c67723720e8c047473bac428 | 1686149843 |
+>| 2696810 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11164, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 2bb02417e2229ec6c67723720e8c047473bac428 | 1686149843 |
+>| 291468 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30654, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 206411, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 861df3d24be5051f03b772a3614ece4f38c9453f | 1686149843 |
+>| 291468 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30654, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 206411, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 861df3d24be5051f03b772a3614ece4f38c9453f | 1686149843 |
+>| 9605652 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6219463, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7291032, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | dbb08be91da3fbb62d3a940f50ee262b8ee64a00 | 1686149843 |
+>| 9605652 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6219463, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7291032, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | dbb08be91da3fbb62d3a940f50ee262b8ee64a00 | 1686149843 |
+>| 7851776 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5738916, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5715983, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 44ecf0599917582d655aebecad3bff20428a95d5 | 1686149844 |
+>| 7851776 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5738916, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5715983, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 44ecf0599917582d655aebecad3bff20428a95d5 | 1686149844 |
+>| 134280 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31122, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52676, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7b954a9a584dfea3b50aa0d266ece12edd920de3 | 1686149844 |
+>| 134280 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31122, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52676, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7b954a9a584dfea3b50aa0d266ece12edd920de3 | 1686149844 |
+>| 1566720 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47648, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48358, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9ae122565cefb2d077ffd8015b2080dbcd66210a | 1686149846 |
+>| 1566720 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 47648, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48358, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9ae122565cefb2d077ffd8015b2080dbcd66210a | 1686149846 |
+>| 1826525 | PE/Exe/PECompact | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 61949, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1772779, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 00d16698e37238fa735a1f1728bcbd5a43247e80 | 1686149846 |
+>| 1826525 | PE/Exe/PECompact | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 61949, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1772779, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 00d16698e37238fa735a1f1728bcbd5a43247e80 | 1686149846 |
+>| 31410 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29004, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17271, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d11b319f05e4ca0f27820748b503a59f24beb00d | 1686149846 |
+>| 31410 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29004, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17271, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d11b319f05e4ca0f27820748b503a59f24beb00d | 1686149846 |
+>| 81478 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31946, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 38816, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | fc16e1d11e96a3c32f5cb55d5dc6f50deeebc1af | 1686149850 |
+>| 81478 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31946, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 38816, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | fc16e1d11e96a3c32f5cb55d5dc6f50deeebc1af | 1686149850 |
+>| 718416 | Document/None/PDF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 20006, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 140853, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 84c987347c558fb79e603b4ce107e727b35d2ce0 | 1686149850 |
+>| 718416 | Document/None/PDF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 20006, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 140853, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 84c987347c558fb79e603b4ce107e727b35d2ce0 | 1686149850 |
+>| 7765124 | Binary/None/TNEF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1806802, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17011, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1898cb0bd9636e2770bef781e64c14ea930737d9 | 1686149851 |
+>| 7765124 | Binary/None/TNEF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1806802, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17011, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1898cb0bd9636e2770bef781e64c14ea930737d9 | 1686149851 |
+>| 7445844 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5463059, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5443224, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8397215a4ef8f0278ca94ac55bcfb7d951eb5991 | 1686149852 |
+>| 7445844 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5463059, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5443224, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8397215a4ef8f0278ca94ac55bcfb7d951eb5991 | 1686149852 |
+>| 58880 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3006, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5184, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 5e3ce373290c3ff3a161f20ce507f566ec02ef37 | 1686149853 |
+>| 58880 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3006, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5184, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 5e3ce373290c3ff3a161f20ce507f566ec02ef37 | 1686149853 |
+>| 34304 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16023, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 18191, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6419bbc857dfc05244305301ce04fd3101dfbc4e | 1686149856 |
+>| 34304 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16023, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 18191, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6419bbc857dfc05244305301ce04fd3101dfbc4e | 1686149856 |
+>| 13647 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5929, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7760, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | f498fa63f00a6c5d563c78597b1e603f00c292ba | 1686149856 |
+>| 13647 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5929, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7760, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | f498fa63f00a6c5d563c78597b1e603f00c292ba | 1686149856 |
+>| 10867247 | Document/None/PDF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 615042, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2517009, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 80ac906fe3153d272625e4cfd0e953d01dabc718 | 1686149858 |
+>| 10867247 | Document/None/PDF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 615042, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2517009, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 80ac906fe3153d272625e4cfd0e953d01dabc718 | 1686149858 |
+>| 10866832 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2275907, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2454431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6d61d48bbadf3a5eaeec617653c64493c03abc48 | 1686149861 |
+>| 10866832 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2275907, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2454431, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6d61d48bbadf3a5eaeec617653c64493c03abc48 | 1686149861 |
+>| 5101876 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 2341502, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | e846d1ab898e95541e6682720022dfb7433b42a1 | 1686149862 |
+>| 1200556 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 908895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1200168, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a7c06c5ff0f929a52d7d9e88315d9dd6109a7939 | 1686149867 |
+>| 1200556 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 908895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1200168, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a7c06c5ff0f929a52d7d9e88315d9dd6109a7939 | 1686149867 |
+>| 94208 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 52375, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 54543, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | e445f9ab6f8e1b5ca0c0f06e9afeeeaa81cb5fa7 | 1686149871 |
+>| 94208 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 52375, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 54543, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | e445f9ab6f8e1b5ca0c0f06e9afeeeaa81cb5fa7 | 1686149871 |
+>| 4403680 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1070028, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1569453, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 388bf96870666f99c68015c72e470b96afe330b6 | 1686149876 |
+>| 4403680 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1070028, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1569453, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 388bf96870666f99c68015c72e470b96afe330b6 | 1686149876 |
+>| 124306 | Document/None/RTF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 56115, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55176, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0c88ebb87d1db36ec61990b11b9046d8bfc84249 | 1686149876 |
+>| 124306 | Document/None/RTF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 56115, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55176, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0c88ebb87d1db36ec61990b11b9046d8bfc84249 | 1686149876 |
+>| 7532560 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5242377, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6199698, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a7175ec0cf4e1bd0976adf1c64fb4cdea1679a8b | 1686149880 |
+>| 7532560 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5242377, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6199698, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a7175ec0cf4e1bd0976adf1c64fb4cdea1679a8b | 1686149880 |
+>| 89227939 | PE+/Exe/SetupFactory | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 3721968, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 14f646a4c56d4a6908589ff38cfbc8904fef7ffd | 1686149881 |
+>| 23765288 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23568888, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12392190, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 32e0479375a7efd4648e3243d95c8a184b723ff7 | 1686149882 |
+>| 23765288 | PE/Exe | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 12386158, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 32e0479375a7efd4648e3243d95c8a184b723ff7 | 1686149882 |
+>| 23765288 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 23568888, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12392190, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 32e0479375a7efd4648e3243d95c8a184b723ff7 | 1686149882 |
+>| 83456 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3807, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4722, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 08d52dd79c4506e569f6b44dd040c7666e1c990a | 1686149884 |
+>| 83456 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3807, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4722, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 08d52dd79c4506e569f6b44dd040c7666e1c990a | 1686149884 |
+>| 18747429 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1790351, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 434614, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9315db8fd8e974ed3f32fed4af2a87950051db31 | 1686149884 |
+>| 18747429 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1790351, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 434614, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9315db8fd8e974ed3f32fed4af2a87950051db31 | 1686149884 |
+>| 7971248 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6010248, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5922837, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7c0467942d6e3a17cb46f80485735703971be951 | 1686149899 |
+>| 7971248 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6010248, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5922837, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7c0467942d6e3a17cb46f80485735703971be951 | 1686149899 |
+>| 8746736 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6663701, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6518302, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c3905032ee58bd7252bfea670af4fae789ee65bc | 1686149904 |
+>| 8746736 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6663701, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6518302, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c3905032ee58bd7252bfea670af4fae789ee65bc | 1686149904 |
+>| 29495534 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7777152, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14315453, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 5448598e37f1525d59dbde93ed3226c699591660 | 1686149907 |
+>| 29495534 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23706990, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 5448598e37f1525d59dbde93ed3226c699591660 | 1686149907 |
+>| 29495534 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7777152, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14315453, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 5448598e37f1525d59dbde93ed3226c699591660 | 1686149907 |
+>| 20208408 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8042295, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9983725, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1274f648fbf7ec60f349f91426520d5fed741a75 | 1686149911 |
+>| 20208408 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8042295, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9983725, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1274f648fbf7ec60f349f91426520d5fed741a75 | 1686149911 |
+>| 9360804 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6623554, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6393329, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a32a21cc68347f914640067d66a8eb9f3d718f97 | 1686149912 |
+>| 9360804 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6623554, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6393329, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a32a21cc68347f914640067d66a8eb9f3d718f97 | 1686149912 |
+>| 22696990 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 273776, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2310626, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 2ee61b0db428bd1943c0a3a23fa9657bdbae4525 | 1686149917 |
+>| 22696990 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 273776, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2310626, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 2ee61b0db428bd1943c0a3a23fa9657bdbae4525 | 1686149917 |
+>| 45056 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26775, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7215, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4a2a97a3ccc4f69e4369540afa9621517b61a70d | 1686149924 |
+>| 45056 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26775, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7215, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4a2a97a3ccc4f69e4369540afa9621517b61a70d | 1686149924 |
+>| 8178116 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5952245, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6078981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6187f8a655a0c8d63f7c0d0159ec48faf3926397 | 1686149926 |
+>| 8178116 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5952245, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6078981, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6187f8a655a0c8d63f7c0d0159ec48faf3926397 | 1686149926 |
+>| 118949 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27159, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48713, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 010536c2287998f486647077d5f5f4cb14216f21 | 1686149928 |
+>| 118949 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27159, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48713, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 010536c2287998f486647077d5f5f4cb14216f21 | 1686149928 |
+>| 4397292 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1070008, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1563324, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 28104c2b1121a331071889a8285f18e4e5fa857e | 1686149932 |
+>| 4397292 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1070008, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1563324, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 28104c2b1121a331071889a8285f18e4e5fa857e | 1686149932 |
+>| 1126838 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 67755, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 301561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c068b6be9d12ef34c4bff6438217ec83aedb3920 | 1686149932 |
+>| 1126838 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 67755, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 301561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c068b6be9d12ef34c4bff6438217ec83aedb3920 | 1686149932 |
+>| 5742 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1420, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1478, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 784251aee0035f509d9a59f46a7854e3156eb1e8 | 1686149932 |
+>| 5742 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1420, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1478, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 784251aee0035f509d9a59f46a7854e3156eb1e8 | 1686149932 |
+>| 8342696 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5758241, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6719849, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1a5599d9ac6637d73e45a008eb13963a43a42de5 | 1686149933 |
+>| 8342696 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5758241, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6719849, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1a5599d9ac6637d73e45a008eb13963a43a42de5 | 1686149933 |
+>| 10935924 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7358335, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7658163, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | ad38d8e905018d8214d3d086a5314bc8baf530f0 | 1686149935 |
+>| 10935924 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7358335, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7658163, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | ad38d8e905018d8214d3d086a5314bc8baf530f0 | 1686149935 |
+>| 9367552 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3032179, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 699012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | f5e92bd7f79aa5e3dcd577b46ae8adb6ce796fdd | 1686149936 |
+>| 9367552 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3032179, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 699012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | f5e92bd7f79aa5e3dcd577b46ae8adb6ce796fdd | 1686149936 |
+>| 5615616 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 684425, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1855040, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 27177a9974cf5e51e406dfc565abec4323a7f460 | 1686149938 |
+>| 5615616 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 684425, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1855040, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 27177a9974cf5e51e406dfc565abec4323a7f460 | 1686149938 |
+>| 12587776 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1885979, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1879584, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 61f1d317d4b637547328d7bbd8db162332ffca96 | 1686149941 |
+>| 12587776 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1885979, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1879584, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 61f1d317d4b637547328d7bbd8db162332ffca96 | 1686149941 |
+>| 15528080 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7666937, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9603001, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 90006a605fefb15ef0e3ee3a7913e4e3085aa910 | 1686149943 |
+>| 15528080 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7666937, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9603001, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 90006a605fefb15ef0e3ee3a7913e4e3085aa910 | 1686149943 |
+>| 61198027 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3493267, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59650081, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 81fdd91f2f3ad757beaa4e99d1e696fe216572a7 | 1686149946 |
+>| 61198027 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3493267, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 59650081, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 81fdd91f2f3ad757beaa4e99d1e696fe216572a7 | 1686149946 |
+>| 92550 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29380, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50934, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 11e37775d188125698553bb54b92212db30c9868 | 1686149952 |
+>| 92550 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29380, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50934, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 11e37775d188125698553bb54b92212db30c9868 | 1686149952 |
+>| 15909007 | PE+/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1572203, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4403826, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 3044d17533125b0e81479c13a3938c5f680945dd | 1686149952 |
+>| 15909007 | PE+/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1572203, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4403826, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 3044d17533125b0e81479c13a3938c5f680945dd | 1686149952 |
+>| 7030588 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4138419, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3925485, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 3e781f619085938c400ef62d124e1c160d8e606d | 1686149953 |
+>| 7030588 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4138419, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3925485, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 3e781f619085938c400ef62d124e1c160d8e606d | 1686149953 |
+>| 7891860 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5936181, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6065613, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9672712486f68f6ef3fa5ea1051a488652768782 | 1686149956 |
+>| 7891860 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5936181, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6065613, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9672712486f68f6ef3fa5ea1051a488652768782 | 1686149956 |
+>| 1126838 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 67755, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 301561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c068b6be9d12ef34c4bff6438217ec83aedb3920 | 1686149974 |
+>| 1126838 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 67755, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 301561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c068b6be9d12ef34c4bff6438217ec83aedb3920 | 1686149974 |
+>| 58853069 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 453396, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 422866, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7f61bf37ba7a45b4d9686384db4cccec61f67c47 | 1686149975 |
+>| 58853069 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 453396, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 422866, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7f61bf37ba7a45b4d9686384db4cccec61f67c47 | 1686149975 |
+>| 80896 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3807, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4617, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6fc8b4b91789e00438dc40c306b51a4cb607eb8d | 1686149975 |
+>| 80896 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3807, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4617, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6fc8b4b91789e00438dc40c306b51a4cb607eb8d | 1686149975 |
+>| 4090442 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2966063, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3005572, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a9102e50f879a876bcde1a65ed9e66061345af38 | 1686149977 |
+>| 4090442 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2966063, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3005572, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a9102e50f879a876bcde1a65ed9e66061345af38 | 1686149977 |
+>| 11287504 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9611205, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9336911, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 855439438fa49547ac12bdf953b32f72c719b2c9 | 1686149980 |
+>| 11287504 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9611205, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9336911, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 855439438fa49547ac12bdf953b32f72c719b2c9 | 1686149980 |
+>| 51580195 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 192859, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1055775, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | aa57da659dd7d00cce7d1435bfc8459087f51b6f | 1686149983 |
+>| 51580195 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 192859, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1055775, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | aa57da659dd7d00cce7d1435bfc8459087f51b6f | 1686149983 |
+>| 52603562 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5081683, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48790340, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7b645c555f2208a68b7d6aff201736b6e111d3cc | 1686149989 |
+>| 52603562 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5081683, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48790340, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7b645c555f2208a68b7d6aff201736b6e111d3cc | 1686149989 |
+>| 12364752 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10579965, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10306863, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6c745b37d30bdc06e8ace8b4189538403c4d5c8a | 1686149991 |
+>| 12364752 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10579965, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10306863, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6c745b37d30bdc06e8ace8b4189538403c4d5c8a | 1686149991 |
+>| 113599 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28965, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50276, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c797c0ed6564a46ae0ac9973f2b97411dbac4754 | 1686149993 |
+>| 113599 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28965, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50276, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c797c0ed6564a46ae0ac9973f2b97411dbac4754 | 1686149993 |
+>| 8720028 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6232135, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6035292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a12a22c2b0ecdbeb2f98a592328068591520225e | 1686149993 |
+>| 8720028 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6232135, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6035292, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a12a22c2b0ecdbeb2f98a592328068591520225e | 1686149993 |
+>| 11722184 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10006757, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9731199, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d824b4da35e0527c04c91b45111790421e0df9c3 | 1686149993 |
+>| 11722184 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10006757, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9731199, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d824b4da35e0527c04c91b45111790421e0df9c3 | 1686149993 |
+>| 1647430 | Document/None/RTF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1504890, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1514081, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d416c83fd8bc78cc77ef30a8e5543b59f8b58f90 | 1686150001 |
+>| 1647430 | Document/None/RTF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1504890, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1514081, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d416c83fd8bc78cc77ef30a8e5543b59f8b58f90 | 1686150001 |
+>| 8185068 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1729023, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1836665, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a470d52b3da243f0a6e4f29990910c15fe877260 | 1686150003 |
+>| 8185068 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1729023, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1836665, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a470d52b3da243f0a6e4f29990910c15fe877260 | 1686150003 |
+>| 9058488 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2024065, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2076599, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 28cb515f6029996c620d90852ac18089b1ded110 | 1686150004 |
+>| 9058488 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2024065, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2076599, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 28cb515f6029996c620d90852ac18089b1ded110 | 1686150004 |
+>| 6957242 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1535249, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2867970, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 936ed9f8b5e106db89d568cdd6cf0d3768e35e8a | 1686150005 |
+>| 6957242 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1535249, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2867970, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 936ed9f8b5e106db89d568cdd6cf0d3768e35e8a | 1686150005 |
+>| 11402192 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9748709, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9479007, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 67bf7558493de43e5248d5c3fb0eff9ebe15e025 | 1686150005 |
+>| 11402192 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9748709, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9479007, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 67bf7558493de43e5248d5c3fb0eff9ebe15e025 | 1686150005 |
+>| 3560827 | ELF64 Little/SO | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 134236, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3282561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 09a2f81add6a24707bf53b87fc35649648d83d84 | 1686150008 |
+>| 3560827 | ELF64 Little/SO | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 134236, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3282561, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 09a2f81add6a24707bf53b87fc35649648d83d84 | 1686150008 |
+>| 24621335 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1120542, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1090012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 42b2ae12dea46ea047d05762919e9b4bfe5ef788 | 1686150010 |
+>| 24621335 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1120542, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1090012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 42b2ae12dea46ea047d05762919e9b4bfe5ef788 | 1686150010 |
+>| 27294631 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2867337, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5192795, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | fadcba6ae6a7d80804672d39716caf6d6b236548 | 1686150010 |
+>| 27294631 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2867337, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5192795, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | fadcba6ae6a7d80804672d39716caf6d6b236548 | 1686150010 |
+>| 563708 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 71256, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13295, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | ec4ae655adbbb3805d80b71db833024062f40a30 | 1686150022 |
+>| 563708 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 71256, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13295, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | ec4ae655adbbb3805d80b71db833024062f40a30 | 1686150022 |
+>| 23674771 | PE/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1113582, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 898210, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c3b9b20d2b059c554bfedcf02f7e20a78ea0b634 | 1686150029 |
+>| 23674771 | PE/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1113582, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 898210, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c3b9b20d2b059c554bfedcf02f7e20a78ea0b634 | 1686150029 |
+>| 8696352 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6448188, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5556020, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8c6478d4da8936bbd1c41d55d627e5947f350a3c | 1686150030 |
+>| 8696352 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6448188, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5556020, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8c6478d4da8936bbd1c41d55d627e5947f350a3c | 1686150030 |
+>| 89737 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27489, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49043, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | ea0cd712f5841da8a42c88b5531580a67a46606d | 1686150040 |
+>| 89737 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27489, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49043, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | ea0cd712f5841da8a42c88b5531580a67a46606d | 1686150040 |
+>| 7919852 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5071035, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5906334, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 639f26fcdf4cf23f537da436e579d7642bb88a34 | 1686150042 |
+>| 7919852 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5071035, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5906334, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 639f26fcdf4cf23f537da436e579d7642bb88a34 | 1686150042 |
+>| 4740152 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3564800, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3647079, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0e2b28a93eb1a6028a450f2d0fb17b8a4142c838 | 1686150044 |
+>| 4740152 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3564800, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3647079, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0e2b28a93eb1a6028a450f2d0fb17b8a4142c838 | 1686150044 |
+>| 8722544 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6754191, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7446396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 11da04c21b47ff12ad322a6b23556b240c57e132 | 1686150045 |
+>| 8722544 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6754191, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7446396, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 11da04c21b47ff12ad322a6b23556b240c57e132 | 1686150045 |
+>| 3826214 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 68922, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3251864, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 57e01329fd57cdf43d48e6126dcb04a9a649f486 | 1686150045 |
+>| 3826214 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 68922, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3251864, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 57e01329fd57cdf43d48e6126dcb04a9a649f486 | 1686150045 |
+>| 90401 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30206, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51760, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | eb539586df1f83a1ad6a46578ae93af47d28e583 | 1686150050 |
+>| 90401 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 30206, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51760, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | eb539586df1f83a1ad6a46578ae93af47d28e583 | 1686150050 |
+>| 5196432 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1774761, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1594184, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0dfbab7b39fe2df27cc3c450a33703e862548e7c | 1686150050 |
+>| 5196432 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1774761, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1594184, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0dfbab7b39fe2df27cc3c450a33703e862548e7c | 1686150050 |
+>| 88693 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25563, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 47117, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4f0abfde4499ca4265efaa76240165eeec26ae9c | 1686150055 |
+>| 88693 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25563, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 47117, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4f0abfde4499ca4265efaa76240165eeec26ae9c | 1686150055 |
+>| 3114071 | ELF32 Little/SO | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 104418, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2618650, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | e99fb966b75da3eb02a16fcac3b36c3a9194b857 | 1686150056 |
+>| 3114071 | ELF32 Little/SO | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 104418, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2618650, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | e99fb966b75da3eb02a16fcac3b36c3a9194b857 | 1686150056 |
+>| 28120902 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22260169, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 27281148, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0ac06711934890049220bec85d224ca6a69a4abf | 1686150060 |
+>| 28120902 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22260169, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 27281148, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0ac06711934890049220bec85d224ca6a69a4abf | 1686150060 |
+>| 28328686 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6610304, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13148605, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7929803a26acbb9fbec06ee003d65fb01966f3a9 | 1686150077 |
+>| 28328686 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6610304, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13148605, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7929803a26acbb9fbec06ee003d65fb01966f3a9 | 1686150077 |
+>| 28328686 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22540142, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 7929803a26acbb9fbec06ee003d65fb01966f3a9 | 1686150077 |
+>| 18271076 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 273776, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4064513, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8efe34081ab998e156e537df4da387b0a4bd7f08 | 1686150078 |
+>| 18271076 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 273776, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4064513, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8efe34081ab998e156e537df4da387b0a4bd7f08 | 1686150078 |
+>| 28018926 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6300544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12838845, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 3095cf7fcee94f7ca177dd1cb4aea29b5b451116 | 1686150083 |
+>| 28018926 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22230382, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 3095cf7fcee94f7ca177dd1cb4aea29b5b451116 | 1686150083 |
+>| 28018926 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6300544, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12838845, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 3095cf7fcee94f7ca177dd1cb4aea29b5b451116 | 1686150083 |
+>| 27306734 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5588352, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12126653, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 32c438b9048acb085fda9bd828fe370804e83b5c | 1686150084 |
+>| 27306734 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5588352, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12126653, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 32c438b9048acb085fda9bd828fe370804e83b5c | 1686150084 |
+>| 27306734 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 21518190, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 32c438b9048acb085fda9bd828fe370804e83b5c | 1686150084 |
+>| 81650 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16951, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 39263, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 37b6ec97243b59e031215a7c79c76bd535c94a11 | 1686150090 |
+>| 81650 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 16951, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 39263, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 37b6ec97243b59e031215a7c79c76bd535c94a11 | 1686150090 |
+>| 181777 | Document/None/PDF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9977, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8279, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8e5698b6c99e84ef251da396e57801eea4d4a7e0 | 1686150096 |
+>| 181777 | Document/None/PDF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9977, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8279, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8e5698b6c99e84ef251da396e57801eea4d4a7e0 | 1686150096 |
+>| 271360 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 119107, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 118595, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 2b1c1ebb77a69accf7ade4a6656a229a8236da23 | 1686150101 |
+>| 271360 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 119107, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 118595, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 2b1c1ebb77a69accf7ade4a6656a229a8236da23 | 1686150101 |
+>| 583414 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 304758, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30495, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c90a2097bb3ef3b7782b569aad3a7a402c40ece6 | 1686150102 |
+>| 583414 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 304758, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30495, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c90a2097bb3ef3b7782b569aad3a7a402c40ece6 | 1686150102 |
+>| 5011956 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3830891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4122073, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | bceeab17f46e635c4d2d8e83ba98fc53d3b94409 | 1686150104 |
+>| 5011956 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3830891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4122073, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | bceeab17f46e635c4d2d8e83ba98fc53d3b94409 | 1686150104 |
+>| 22521 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 17697, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22133, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7370d7caf811dc3fb9b8ded4fb3a23d36997253d | 1686150104 |
+>| 22521 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 17697, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22133, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7370d7caf811dc3fb9b8ded4fb3a23d36997253d | 1686150104 |
+>| 7701312 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5240872, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6126943, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | af1458eda29940c81e42bf6a11d689b9363a575b | 1686150107 |
+>| 7701312 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5240872, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6126943, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | af1458eda29940c81e42bf6a11d689b9363a575b | 1686150107 |
+>| 8298484 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1572183, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2680377, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 99047e1bf6e16b647f124db80faf90d91947643e | 1686150109 |
+>| 8298484 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1572183, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2680377, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 99047e1bf6e16b647f124db80faf90d91947643e | 1686150109 |
+>| 105267 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 849, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30630, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 891e13aa1d764808d787be69ae3e8188345891ed | 1686150115 |
+>| 105267 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 849, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 30630, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 891e13aa1d764808d787be69ae3e8188345891ed | 1686150115 |
+>| 6390588 | PE+/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3498419, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3285485, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 732c2810e0cecccdfbcf3a052753060d8158643d | 1686150119 |
+>| 6390588 | PE+/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3498419, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3285485, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 732c2810e0cecccdfbcf3a052753060d8158643d | 1686150119 |
+>| 102498470 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26303220, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15358931, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 89f539a36777589582b45b5ab3f1c4b8c392a519 | 1686150124 |
+>| 102498470 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26303220, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15358931, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 89f539a36777589582b45b5ab3f1c4b8c392a519 | 1686150124 |
+>| 223744 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 21284, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15037, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 025d67d07d1d4c0c6815dd671c5021f2d1dbeb2d | 1686150124 |
+>| 223744 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 21284, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15037, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 025d67d07d1d4c0c6815dd671c5021f2d1dbeb2d | 1686150124 |
+>| 34840 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1586, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 20241, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 247dda310be523a670399ce08ac7576eeffceba9 | 1686150127 |
+>| 34840 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1586, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 20241, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 247dda310be523a670399ce08ac7576eeffceba9 | 1686150127 |
+>| 97689 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34565, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 56119, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | ce2fbbb268352f30e63708658a895b55d5994a21 | 1686150127 |
+>| 97689 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34565, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 56119, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | ce2fbbb268352f30e63708658a895b55d5994a21 | 1686150127 |
+>| 608019 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 120997, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 179775, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 81bc384770e1fcf3d32e38b69e7fa6dfd68eceb5 | 1686150128 |
+>| 608019 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 120997, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 179775, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 81bc384770e1fcf3d32e38b69e7fa6dfd68eceb5 | 1686150128 |
+>| 7109996 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5978050, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4853648, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 2a354db1cbe01973b6ea523d0842327ddafc17b8 | 1686150129 |
+>| 7109996 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5978050, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4853648, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 2a354db1cbe01973b6ea523d0842327ddafc17b8 | 1686150129 |
+>| 11060751 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 208731, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4067711, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d328639db252e6882cde55b4d96fb6c6917ce647 | 1686150135 |
+>| 11060751 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 208731, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4067711, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d328639db252e6882cde55b4d96fb6c6917ce647 | 1686150135 |
+>| 102034 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31083, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52637, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9d13375b63610249a16e7eec10b2be064c7097f7 | 1686150136 |
+>| 102034 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31083, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 52637, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9d13375b63610249a16e7eec10b2be064c7097f7 | 1686150136 |
+>| 24915182 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19126638, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 3c24cca2a6bfa8faaa35756e6814802dbcd751f2 | 1686150137 |
+>| 24915182 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3196800, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9735101, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 3c24cca2a6bfa8faaa35756e6814802dbcd751f2 | 1686150137 |
+>| 24915182 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3196800, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9735101, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 3c24cca2a6bfa8faaa35756e6814802dbcd751f2 | 1686150137 |
+>| 26192622 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 20404078, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 9c9d925179896d29421f881eb5ad77af9e8bc7fb | 1686150137 |
+>| 26192622 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4474240, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11012541, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9c9d925179896d29421f881eb5ad77af9e8bc7fb | 1686150137 |
+>| 26192622 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4474240, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11012541, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9c9d925179896d29421f881eb5ad77af9e8bc7fb | 1686150137 |
+>| 26345710 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 20557166, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | d6d554d74fdfd98418b8fa34338056708291599e | 1686150137 |
+>| 26345710 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4627328, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11165629, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d6d554d74fdfd98418b8fa34338056708291599e | 1686150137 |
+>| 26345710 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4627328, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11165629, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d6d554d74fdfd98418b8fa34338056708291599e | 1686150137 |
+>| 25406702 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3688320, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10226621, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1799c607028ad0ed4d15e46bb80cc0a70683e90f | 1686150137 |
+>| 25406702 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3688320, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10226621, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1799c607028ad0ed4d15e46bb80cc0a70683e90f | 1686150137 |
+>| 25406702 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19618158, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 1799c607028ad0ed4d15e46bb80cc0a70683e90f | 1686150137 |
+>| 25241838 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19453294, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | f5be7fa83024d787932ead402e6a0a63da6eb443 | 1686150138 |
+>| 25241838 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3523456, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10061757, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | f5be7fa83024d787932ead402e6a0a63da6eb443 | 1686150138 |
+>| 25241838 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3523456, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10061757, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | f5be7fa83024d787932ead402e6a0a63da6eb443 | 1686150138 |
+>| 27273966 | PE/Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 21485422, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | f9461339c56853fd3b535f99bc72bd2b897591d0 | 1686150138 |
+>| 27273966 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5555584, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12093885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | f9461339c56853fd3b535f99bc72bd2b897591d0 | 1686150138 |
+>| 27273966 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5555584, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12093885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | f9461339c56853fd3b535f99bc72bd2b897591d0 | 1686150138 |
+>| 26257134 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4538752, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11077053, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | bbda585b97e741d2fb638684255a0c49daafadac | 1686150138 |
+>| 26257134 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 20468590, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | bbda585b97e741d2fb638684255a0c49daafadac | 1686150138 |
+>| 26257134 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4538752, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11077053, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | bbda585b97e741d2fb638684255a0c49daafadac | 1686150138 |
+>| 4620288 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2649834, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2685878, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 102d0b298f078b7d115083307e4ca0ed1bcbd134 | 1686150138 |
+>| 4620288 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2649834, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2685878, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 102d0b298f078b7d115083307e4ca0ed1bcbd134 | 1686150138 |
+>| 489616 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 38581, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22168, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 32de67e7b17be1d18964e2086362b34f3c7b3575 | 1686150138 |
+>| 489616 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 38581, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22168, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 32de67e7b17be1d18964e2086362b34f3c7b3575 | 1686150138 |
+>| 33862 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26439, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23818, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 40caa9fe8fa64c0f9ba67298941a34d042cff179 | 1686150138 |
+>| 33862 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26439, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23818, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 40caa9fe8fa64c0f9ba67298941a34d042cff179 | 1686150138 |
+>| 85008 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49445, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 37c285df8d320279049afa0c23fa334a3bbeda77 | 1686150139 |
+>| 85008 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27891, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49445, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 37c285df8d320279049afa0c23fa334a3bbeda77 | 1686150139 |
+>| 27974382 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22185838, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 153a8db91757b63b2d6f178bb9d02ea5208c9457 | 1686150139 |
+>| 27974382 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6256000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12794301, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 153a8db91757b63b2d6f178bb9d02ea5208c9457 | 1686150139 |
+>| 27974382 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6256000, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12794301, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 153a8db91757b63b2d6f178bb9d02ea5208c9457 | 1686150139 |
+>| 28105966 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6387584, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12925885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d50286aa8bb8c3014247b90adb746b25bfd31003 | 1686150139 |
+>| 28105966 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22317422, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | d50286aa8bb8c3014247b90adb746b25bfd31003 | 1686150139 |
+>| 28105966 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6387584, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12925885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d50286aa8bb8c3014247b90adb746b25bfd31003 | 1686150139 |
+>| 29250286 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7531904, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14070205, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6c074b89819c235bdeb338af24c7c735ad0035ec | 1686150140 |
+>| 29250286 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7531904, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14070205, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6c074b89819c235bdeb338af24c7c735ad0035ec | 1686150140 |
+>| 29250286 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23461742, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 6c074b89819c235bdeb338af24c7c735ad0035ec | 1686150140 |
+>| 58288120 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 41036824, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23548621, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c9812fa79f7c7d3a61f8ed156a3f9047aba84256 | 1686150140 |
+>| 58288120 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 41036824, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 23548621, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c9812fa79f7c7d3a61f8ed156a3f9047aba84256 | 1686150140 |
+>| 27151086 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5432704, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11971005, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6f9101e3313d15831fe21dca4f41cd305a5a42b0 | 1686150140 |
+>| 27151086 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5432704, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11971005, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6f9101e3313d15831fe21dca4f41cd305a5a42b0 | 1686150140 |
+>| 27151086 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 21362542, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 6f9101e3313d15831fe21dca4f41cd305a5a42b0 | 1686150140 |
+>| 25467630 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3749248, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10287549, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 54553aa667794ecaf466add2eb68115e655bb142 | 1686150142 |
+>| 25467630 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3749248, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10287549, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 54553aa667794ecaf466add2eb68115e655bb142 | 1686150142 |
+>| 25467630 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19679086, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 54553aa667794ecaf466add2eb68115e655bb142 | 1686150142 |
+>| 24958190 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3239808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9778109, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 96485038e952a3ea5b05d3b73cb09e16746f05fe | 1686150142 |
+>| 24958190 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19169646, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 96485038e952a3ea5b05d3b73cb09e16746f05fe | 1686150142 |
+>| 24958190 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3239808, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9778109, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 96485038e952a3ea5b05d3b73cb09e16746f05fe | 1686150142 |
+>| 22632960 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12832781, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17325113, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d9470e93a7f0471df16a93a2df001e35f383b358 | 1686150143 |
+>| 22632960 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12832781, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17325113, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d9470e93a7f0471df16a93a2df001e35f383b358 | 1686150143 |
+>| 28521710 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6803328, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13341629, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a9e434ae7946b87a7a35e1ceea2a3585c63364ff | 1686150146 |
+>| 28521710 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22733166, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | a9e434ae7946b87a7a35e1ceea2a3585c63364ff | 1686150146 |
+>| 28521710 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6803328, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13341629, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a9e434ae7946b87a7a35e1ceea2a3585c63364ff | 1686150146 |
+>| 28730094 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7011712, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13550013, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 722d9445761cedf9cf95b00a27484c98b198a087 | 1686150147 |
+>| 28730094 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 22941550, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 722d9445761cedf9cf95b00a27484c98b198a087 | 1686150147 |
+>| 28730094 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7011712, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13550013, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 722d9445761cedf9cf95b00a27484c98b198a087 | 1686150147 |
+>| 19508784 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14359504, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16198715, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a074e8cd0d7f96a1660eb8034c9d4bb659911d8c | 1686150151 |
+>| 19508784 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14359504, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16198715, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a074e8cd0d7f96a1660eb8034c9d4bb659911d8c | 1686150151 |
+>| 134656 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4983, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3404, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 5c5149ddc70c1570f08aeaadf3ae7f9c0b62aa44 | 1686150153 |
+>| 134656 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4983, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3404, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 5c5149ddc70c1570f08aeaadf3ae7f9c0b62aa44 | 1686150153 |
+>| 123956 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35591, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57145, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4151684c657f55df0fbcf6f23e4ff59a3d434933 | 1686150154 |
+>| 123956 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35591, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57145, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4151684c657f55df0fbcf6f23e4ff59a3d434933 | 1686150154 |
+>| 89099 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27245, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48799, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c1c8b28dccfe8d0b1019ccd86c4a64b6deff30f6 | 1686150158 |
+>| 89099 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27245, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48799, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c1c8b28dccfe8d0b1019ccd86c4a64b6deff30f6 | 1686150158 |
+>| 526968 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 656, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9a1f873e7ca75688bb3ecf3538c673994ea8f06e | 1686150159 |
+>| 526968 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 46, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 656, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9a1f873e7ca75688bb3ecf3538c673994ea8f06e | 1686150159 |
+>| 3652720 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1101203, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1128397, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 946bccb4633670592563b838e8905d87d32006c9 | 1686150162 |
+>| 3652720 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1101203, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1128397, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 946bccb4633670592563b838e8905d87d32006c9 | 1686150162 |
+>| 9176564 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6268070, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7592405, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 30a5cb71610bf97bb780db06d1c3a685558cef60 | 1686150163 |
+>| 9176564 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6268070, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7592405, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 30a5cb71610bf97bb780db06d1c3a685558cef60 | 1686150163 |
+>| 6925744 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4923140, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4887861, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c552441469a45b5342205401366537d43dfbf1c3 | 1686150164 |
+>| 6925744 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4923140, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4887861, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c552441469a45b5342205401366537d43dfbf1c3 | 1686150164 |
+>| 7991496 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2569503, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3902224, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9f236dccf15907ee09d04f6c8a451bd42b1d4e2d | 1686150165 |
+>| 7991496 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2569503, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3902224, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9f236dccf15907ee09d04f6c8a451bd42b1d4e2d | 1686150165 |
+>| 5979364 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4057685, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4165750, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 967fcbf4e10d26548398eec462c166d1df722266 | 1686150165 |
+>| 5979364 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4057685, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4165750, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 967fcbf4e10d26548398eec462c166d1df722266 | 1686150165 |
+>| 9728028 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6334598, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6463104, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 5d2ee739905d5f78b6e31684f3bb92423647692b | 1686150166 |
+>| 9728028 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6334598, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6463104, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 5d2ee739905d5f78b6e31684f3bb92423647692b | 1686150166 |
+>| 8267816 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5914695, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5870746, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | bb7e753018fc4b3c1fdc780a364df59d2e566e67 | 1686150167 |
+>| 8267816 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5914695, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5870746, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | bb7e753018fc4b3c1fdc780a364df59d2e566e67 | 1686150167 |
+>| 6904424 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4921711, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5569145, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 750679ecdaac688baa60e32674e510f60cac2ba1 | 1686150167 |
+>| 6904424 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4921711, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5569145, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 750679ecdaac688baa60e32674e510f60cac2ba1 | 1686150167 |
+>| 8668000 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5790672, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5929530, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8d17ecf99008a1800aa77b798c53f75f34db635f | 1686150167 |
+>| 8668000 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5790672, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5929530, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8d17ecf99008a1800aa77b798c53f75f34db635f | 1686150167 |
+>| 8020420 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1730444, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1955210, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 098c13f1d5cc4b6038d67874cd2340c470047bde | 1686150168 |
+>| 8020420 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1730444, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1955210, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 098c13f1d5cc4b6038d67874cd2340c470047bde | 1686150168 |
+>| 9653972 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1796540, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1636817, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 683b6403118d4a672e2f31efef768346320c5d5d | 1686150169 |
+>| 9653972 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1796540, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1636817, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 683b6403118d4a672e2f31efef768346320c5d5d | 1686150169 |
+>| 5534364 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4320126, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4305821, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 2627f11c33033737de957cf52cc29297d0810371 | 1686150169 |
+>| 5534364 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4320126, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4305821, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 2627f11c33033737de957cf52cc29297d0810371 | 1686150169 |
+>| 10148688 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1961186, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2836228, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9834a9b1ff7edf23552ac4e15464a50ced1f90fa | 1686150170 |
+>| 10148688 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1961186, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2836228, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9834a9b1ff7edf23552ac4e15464a50ced1f90fa | 1686150170 |
+>| 8828660 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6406510, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6382932, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 48bd69a510ba602c73863ad2afb6b1455e858335 | 1686150170 |
+>| 8828660 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6406510, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6382932, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 48bd69a510ba602c73863ad2afb6b1455e858335 | 1686150170 |
+>| 6136097 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 3709386, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 5bc8ccc3bfd1b1c9bb5c14f442c70a32efa61a71 | 1686150172 |
+>| 19905987 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2216386, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1636129, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9f547ef8cba3b6f25f8c7fe2cacf62496c78cf09 | 1686150174 |
+>| 19905987 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2216386, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1636129, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9f547ef8cba3b6f25f8c7fe2cacf62496c78cf09 | 1686150174 |
+>| 1215488 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 576416, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 059403186f3a5d4832bd7bf3e137ab532076c37c | 1686150175 |
+>| 62215476 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25262900, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53345796, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | af6b75fe56e8568402c36c11a851c31519729d09 | 1686150176 |
+>| 62215476 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25262900, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 53345796, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | af6b75fe56e8568402c36c11a851c31519729d09 | 1686150176 |
+>| 62215476 | Binary/Archive/ZIP | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 53626293, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | af6b75fe56e8568402c36c11a851c31519729d09 | 1686150176 |
+>| 8790228 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5984952, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7594298, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 791352f0f97961d04505e72dbbc4c90521823212 | 1686150176 |
+>| 8790228 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5984952, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7594298, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 791352f0f97961d04505e72dbbc4c90521823212 | 1686150176 |
+>| 3970896 | PE/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1384326, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3217764, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 739c8e7a85bf46ced7d5926d46f5327b03c13e39 | 1686150177 |
+>| 3970896 | PE/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1384326, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3217764, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 739c8e7a85bf46ced7d5926d46f5327b03c13e39 | 1686150177 |
+>| 370759 | Text/HTML/HTML | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 120638, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | d15409e85cbcd767078d35da6402415a8786b261 | 1686150178 |
+>| 19508784 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14359504, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16198715, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a074e8cd0d7f96a1660eb8034c9d4bb659911d8c | 1686150178 |
+>| 19508784 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 14359504, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16198715, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a074e8cd0d7f96a1660eb8034c9d4bb659911d8c | 1686150178 |
+>| 9376260 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6790310, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7997401, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 69b79a4acbecc8d616965ccde616fbed0bce6bb6 | 1686150180 |
+>| 9376260 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6790310, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7997401, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 69b79a4acbecc8d616965ccde616fbed0bce6bb6 | 1686150180 |
+>| 25092884 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3544155, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3318615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0061d1045777f0d4ffa785a37224981e663cadef | 1686150187 |
+>| 25092884 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3544155, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3318615, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0061d1045777f0d4ffa785a37224981e663cadef | 1686150187 |
+>| 29217518 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23428974, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0 | 1686150197 |
+>| 29217518 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7499136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14037437, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0 | 1686150197 |
+>| 29217518 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7499136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14037437, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a407bb0966cf4665bf7f5a7145d8659dbb8cf3d0 | 1686150197 |
+>| 29422318 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7703936, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14242237, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a90063b91d8f19cd55120a84a2264dbb56e46594 | 1686150197 |
+>| 29422318 | PE/Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23633774, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | a90063b91d8f19cd55120a84a2264dbb56e46594 | 1686150197 |
+>| 29422318 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7703936, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14242237, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a90063b91d8f19cd55120a84a2264dbb56e46594 | 1686150197 |
+>| 25040110 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3321728, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9860029, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229 | 1686150199 |
+>| 25040110 | PE/Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 19251566, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229 | 1686150199 |
+>| 25040110 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3321728, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 9860029, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | f1f94bb6adc57f0f8e47ab859f8a2ba47bea0229 | 1686150199 |
+>| 28910318 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7191936, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13730237, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 765176df2ecd44d2f33c9a3e09cfffd38b86dc64 | 1686150200 |
+>| 28910318 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7191936, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 13730237, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 765176df2ecd44d2f33c9a3e09cfffd38b86dc64 | 1686150200 |
+>| 28910318 | PE/.Net Dll | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 23121774, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | 765176df2ecd44d2f33c9a3e09cfffd38b86dc64 | 1686150200 |
+>| 32130008 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 977110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 761738, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | ae7ff1a8ecc631ba5589735ad0fafbe18d1c41e5 | 1686150201 |
+>| 32130008 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 977110, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 761738, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | ae7ff1a8ecc631ba5589735ad0fafbe18d1c41e5 | 1686150201 |
+>| 66892302 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3139247, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2558990, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 5e440414494a26e2ee213b9b681d867ad39b9f80 | 1686150214 |
+>| 66892302 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3139247, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2558990, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 5e440414494a26e2ee213b9b681d867ad39b9f80 | 1686150214 |
+>| 166833664 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 143364306, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 146750644, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6adeec98314a2649c39350736d889cd272a391b8 | 1686150221 |
+>| 166833664 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 143364306, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 146750644, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6adeec98314a2649c39350736d889cd272a391b8 | 1686150221 |
+>| 138356736 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 113475200, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 116917070, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | eb3c36c843befc50091898fb978f83d45d32e422 | 1686150228 |
+>| 138356736 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 113475200, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 116917070, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | eb3c36c843befc50091898fb978f83d45d32e422 | 1686150228 |
+>| 93670 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28715, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50269, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c3a0a929800a0ebe66ac85e6667c6644e872b09d | 1686150231 |
+>| 93670 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28715, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 50269, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c3a0a929800a0ebe66ac85e6667c6644e872b09d | 1686150231 |
+>| 8553924 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5876359, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6986177, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a3b265af2589cf44aecb2049803a5a4ff84bb202 | 1686150232 |
+>| 8553924 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5876359, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6986177, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a3b265af2589cf44aecb2049803a5a4ff84bb202 | 1686150232 |
+>| 88241 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27207, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48761, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c2643a9a4997e6e3e51685cab2f9c6fd4abc7611 | 1686150237 |
+>| 88241 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27207, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48761, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c2643a9a4997e6e3e51685cab2f9c6fd4abc7611 | 1686150237 |
+>| 9414708 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6335661, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6370528, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7d304cf9efb664f2ccd968904d504ed8c576e654 | 1686150239 |
+>| 9414708 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6335661, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6370528, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7d304cf9efb664f2ccd968904d504ed8c576e654 | 1686150239 |
+>| 10379992 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6814165, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8323239, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | fb499f3e7de44f21eb9cb1a956f3f767d4ed47f0 | 1686150241 |
+>| 10379992 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6814165, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8323239, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | fb499f3e7de44f21eb9cb1a956f3f767d4ed47f0 | 1686150241 |
+>| 5250 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2325, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4097, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 630991c60909126d75f94b113fd177180f6712ea | 1686150245 |
+>| 5250 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2325, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4097, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 630991c60909126d75f94b113fd177180f6712ea | 1686150245 |
+>| 82432 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3828, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4798, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 797c389bd066a4a04c2bce344cb60123443ec81e | 1686150247 |
+>| 82432 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3828, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4798, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 797c389bd066a4a04c2bce344cb60123443ec81e | 1686150247 |
+>| 111806 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29792, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51346, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8ad9ad7f0468ebd22e0d9e8384c4a107857333a5 | 1686150247 |
+>| 111806 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29792, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51346, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8ad9ad7f0468ebd22e0d9e8384c4a107857333a5 | 1686150247 |
+>| 27570 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15335, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19448, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1bfc6472d02cab3b91ce506a17d9cad64804871c | 1686150248 |
+>| 27570 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 15335, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 19448, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1bfc6472d02cab3b91ce506a17d9cad64804871c | 1686150248 |
+>| 450048 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 288291, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 221176, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 111bcee00d7c3d6df8c1420ee0de782eb1937133 | 1686150248 |
+>| 450048 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 288291, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 221176, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 111bcee00d7c3d6df8c1420ee0de782eb1937133 | 1686150248 |
+>| 2600888 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2163112, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2014788, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7e32d3bc9afd569852093401de5c4bb5f44b76ff | 1686150249 |
+>| 2600888 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2163112, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2014788, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7e32d3bc9afd569852093401de5c4bb5f44b76ff | 1686150249 |
+>| 175221 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35882, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57436, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 423a146bc73d434a9f39de260f567dd8d0258d47 | 1686150250 |
+>| 175221 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 35882, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 57436, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 423a146bc73d434a9f39de260f567dd8d0258d47 | 1686150250 |
+>| 8509312 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6222960, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6167524, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 19b22d0a540bac402aa018c7df49bd97bf02f44a | 1686150251 |
+>| 8509312 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6222960, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6167524, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 19b22d0a540bac402aa018c7df49bd97bf02f44a | 1686150251 |
+>| 80864416 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2597762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2017505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | e8a00ce275d0d66559cadb01b10a0ae2d441c60d | 1686150258 |
+>| 80864416 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2597762, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2017505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | e8a00ce275d0d66559cadb01b10a0ae2d441c60d | 1686150258 |
+>| 20964640 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7215661, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11972784, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | e8aeecd01fdf0e1521090598c2180f5cb575f6e6 | 1686150261 |
+>| 20964640 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7215661, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11972784, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | e8aeecd01fdf0e1521090598c2180f5cb575f6e6 | 1686150261 |
+>| 275456 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5162, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6481, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c11a9ca1d3c3b6eaa69adcf6eb9f4c723e990aec | 1686150261 |
+>| 275456 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5162, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6481, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c11a9ca1d3c3b6eaa69adcf6eb9f4c723e990aec | 1686150261 |
+>| 87323 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27477, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49031, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 19f3b61586f5cb7808ed718fae3b99408fcde7b8 | 1686150263 |
+>| 87323 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27477, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49031, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 19f3b61586f5cb7808ed718fae3b99408fcde7b8 | 1686150263 |
+>| 12437976 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10483381, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10170287, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | bd599890f96bfd2cb617bc1155bd15fc40a084ed | 1686150266 |
+>| 12437976 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 10483381, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10170287, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | bd599890f96bfd2cb617bc1155bd15fc40a084ed | 1686150266 |
+>| 10148938 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 864896, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14986, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0233a0fec543e6232060515a2e26cc58c2a75623 | 1686150268 |
+>| 10148938 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 864896, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 14986, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0233a0fec543e6232060515a2e26cc58c2a75623 | 1686150268 |
+>| 9892620 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6562492, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7558230, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 75f9a61c03ade1bbb0cb9046a95a50c6c6fbc09a | 1686150270 |
+>| 9892620 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6562492, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 7558230, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 75f9a61c03ade1bbb0cb9046a95a50c6c6fbc09a | 1686150270 |
+>| 9560808 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6901970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6907982, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | fbcc73b821ae5184783a597050d8ebd62835bfc9 | 1686150270 |
+>| 9560808 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6901970, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6907982, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | fbcc73b821ae5184783a597050d8ebd62835bfc9 | 1686150270 |
+>| 18831446 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 265862, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12964500, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 25e03817dafe65daaa426190b00318324d21cf71 | 1686150270 |
+>| 18831446 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 265862, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12964500, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 25e03817dafe65daaa426190b00318324d21cf71 | 1686150270 |
+>| 8165976 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3933805, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4859118, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | f4678063bfee99893461cd18f9ec4556382d102f | 1686150272 |
+>| 8165976 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3933805, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4859118, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | f4678063bfee99893461cd18f9ec4556382d102f | 1686150272 |
+>| 101077 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27765, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49319, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 62ea9191258518515b4be63a7c69a39b918bd28a | 1686150272 |
+>| 101077 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27765, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49319, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 62ea9191258518515b4be63a7c69a39b918bd28a | 1686150272 |
+>| 8092688 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1464386, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2192617, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | e1e78ef90f835f32fb9bd89fc074c22f7748f3e3 | 1686150273 |
+>| 8092688 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1464386, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2192617, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | e1e78ef90f835f32fb9bd89fc074c22f7748f3e3 | 1686150273 |
+>| 9136128 | PE/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3935869, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3109983, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 48672736929745d0f2716882ccdb099501cb6b1e | 1686150274 |
+>| 9136128 | PE/.Net Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3935869, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3109983, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 48672736929745d0f2716882ccdb099501cb6b1e | 1686150274 |
+>| 6035544 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2875148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3522427, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9d0c0632f5948623baa3c1ff47e51cb7d7fa2e91 | 1686150275 |
+>| 6035544 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 2875148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3522427, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9d0c0632f5948623baa3c1ff47e51cb7d7fa2e91 | 1686150275 |
+>| 13500336 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11443773, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11133887, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1ceec28970dbdc86c09768fdc2bfa305fce4d261 | 1686150276 |
+>| 13500336 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 11443773, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11133887, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1ceec28970dbdc86c09768fdc2bfa305fce4d261 | 1686150276 |
+>| 3376319 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 245960, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15314, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | efd9d71b0975e5847c4615faf5afc5e9f7210ae3 | 1686150277 |
+>| 3376319 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 245960, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 15314, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | efd9d71b0975e5847c4615faf5afc5e9f7210ae3 | 1686150277 |
+>| 103016 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 33875, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55429, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | e412e2c41f29f865786ecf493deafd266c779d88 | 1686150277 |
+>| 103016 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 33875, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55429, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | e412e2c41f29f865786ecf493deafd266c779d88 | 1686150277 |
+>| 7885612 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6087984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6053339, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 80430d7fd0fc7c60d98a89aed4c7bb4495aa6379 | 1686150278 |
+>| 7885612 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6087984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6053339, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 80430d7fd0fc7c60d98a89aed4c7bb4495aa6379 | 1686150278 |
+>| 14178816 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4320653, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5427992, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | ebde3e5d4f5dad37d897d676df2240e7e40e08fe | 1686150278 |
+>| 14178816 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4320653, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5427992, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | ebde3e5d4f5dad37d897d676df2240e7e40e08fe | 1686150278 |
+>| 272896 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8053, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6460, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 3a1800e643dae8652354dc0e1d09e0fdd010f6a4 | 1686150279 |
+>| 272896 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 8053, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6460, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 3a1800e643dae8652354dc0e1d09e0fdd010f6a4 | 1686150279 |
+>| 689819 | Document/None/RTF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 533244, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 590406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 5eb3615197888c564cc0190dcb59bc20c7f5cbd9 | 1686150283 |
+>| 689819 | Document/None/RTF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 533244, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 590406, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 5eb3615197888c564cc0190dcb59bc20c7f5cbd9 | 1686150283 |
+>| 7179516 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1496148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1515461, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8a89d0ad8c999e16a2226fddf4096770486212dd | 1686150284 |
+>| 7179516 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1496148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1515461, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8a89d0ad8c999e16a2226fddf4096770486212dd | 1686150284 |
+>| 8096528 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5711198, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5832392, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0e753811a1a4bda820926842ce75c4e28c955919 | 1686150287 |
+>| 8096528 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5711198, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5832392, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0e753811a1a4bda820926842ce75c4e28c955919 | 1686150287 |
+>| 1766139 | Text/None | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 260148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 825848, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8a6f27250902702f78938252e2671205790648d4 | 1686150288 |
+>| 1766139 | Text/None | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 260148, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 825848, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8a6f27250902702f78938252e2671205790648d4 | 1686150288 |
+>| 10031584 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6627232, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6604495, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8913aed7d56e63add8ed8f65622454ab0b0ed007 | 1686150290 |
+>| 10031584 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6627232, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6604495, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8913aed7d56e63add8ed8f65622454ab0b0ed007 | 1686150290 |
+>| 6598488 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1651604, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2536422, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 03de2c6afdf55d2e9fe71e126a4d8c3bd5a6e513 | 1686150293 |
+>| 6598488 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1651604, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2536422, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 03de2c6afdf55d2e9fe71e126a4d8c3bd5a6e513 | 1686150293 |
+>| 8198736 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1724241, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1717079, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 2a770424281587e72a70f2b38c6393ee43fcb8fe | 1686150293 |
+>| 8198736 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1724241, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1717079, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 2a770424281587e72a70f2b38c6393ee43fcb8fe | 1686150293 |
+>| 8041928 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6164307, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6028674, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 58a086af9f4be29846114490255f118299ee9988 | 1686150298 |
+>| 8041928 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6164307, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6028674, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 58a086af9f4be29846114490255f118299ee9988 | 1686150298 |
+>| 22636544 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12836365, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17328505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4a066f4da5351af20dcc6848fcca14ac7237022d | 1686150304 |
+>| 22636544 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 12836365, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 17328505, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4a066f4da5351af20dcc6848fcca14ac7237022d | 1686150304 |
+>| 31212344 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25069984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24741844, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | de4fab5048313f8ea6d87b1821bfc8707463f688 | 1686150308 |
+>| 31212344 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 25069984, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24741844, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | de4fab5048313f8ea6d87b1821bfc8707463f688 | 1686150308 |
+>| 46181234 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28136043, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 340000, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a7dd7dbd677a352cade7696363a2b69827ed9efa | 1686150316 |
+>| 46181234 | PE/.Net Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 28136043, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 340000, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a7dd7dbd677a352cade7696363a2b69827ed9efa | 1686150316 |
+>| 4268456 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1053136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1079585, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 55d4bb310cf6f691bf7917630349e60f91e69883 | 1686150328 |
+>| 4268456 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1053136, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1079585, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 55d4bb310cf6f691bf7917630349e60f91e69883 | 1686150328 |
+>| 711168 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22283, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 140714, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1cc796892a6c83da4f9d64c7ac496f48e9e87462 | 1686150331 |
+>| 711168 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 22283, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 140714, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1cc796892a6c83da4f9d64c7ac496f48e9e87462 | 1686150331 |
+>| 81041 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26719, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48030, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | fac13be0be3051b4ea5dd0299de7297c50eca677 | 1686150331 |
+>| 81041 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26719, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 48030, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | fac13be0be3051b4ea5dd0299de7297c50eca677 | 1686150331 |
+>| 2149088 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1486348, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1792360, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 918840817f162ce48336914897b0a2b9e94159c6 | 1686150332 |
+>| 2149088 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1486348, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1792360, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 918840817f162ce48336914897b0a2b9e94159c6 | 1686150332 |
+>| 83456 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3829, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4736, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7d2d0a954430071976be168e02000021fe3f8d47 | 1686150334 |
+>| 83456 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3829, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4736, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7d2d0a954430071976be168e02000021fe3f8d47 | 1686150334 |
+>| 81703 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29471, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51025, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 0de6b65809ff0a806b84af7878f46ab7b0961e58 | 1686150335 |
+>| 81703 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 29471, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 51025, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 0de6b65809ff0a806b84af7878f46ab7b0961e58 | 1686150335 |
+>| 1986332 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1489941, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1578610, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | cefdbcf177848c3dbc4660ffa92e0971429717e6 | 1686150335 |
+>| 1986332 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1489941, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1578610, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | cefdbcf177848c3dbc4660ffa92e0971429717e6 | 1686150335 |
+>| 454144 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 282176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 220548, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | e4794fefadbba8fcb81540281ccccb949cccd828 | 1686150336 |
+>| 454144 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 282176, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 220548, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | e4794fefadbba8fcb81540281ccccb949cccd828 | 1686150336 |
+>| 18366038 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7030388, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12499092, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | b8c11b6867eaec662e5217df5c861393fa6220e6 | 1686150336 |
+>| 18366038 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7030388, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12499092, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | b8c11b6867eaec662e5217df5c861393fa6220e6 | 1686150336 |
+>| 8588884 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6284895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6248087, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d9a5feabf05c02918500526e08a432cee2b65615 | 1686150337 |
+>| 8588884 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6284895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6248087, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d9a5feabf05c02918500526e08a432cee2b65615 | 1686150337 |
+>| 9326836 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6567307, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6759624, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | dfb89e0653f80361906802592cd76c3dfbbe0881 | 1686150337 |
+>| 9326836 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6567307, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6759624, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | dfb89e0653f80361906802592cd76c3dfbbe0881 | 1686150337 |
+>| 150057 | Document/None/PDF | {'meta': [], 'identifier': 'ExampleRule', 'tag': [], 'matched_data': [{'string_identifier': 'JG15X3RleHRfc3RyaW5n\n', 'match_offset': 116422, 'matched_string': 'dGV4dCBoZXJl\n'}]} | ruleset2 | 24239959bf00c630739896da7b08cb59011fc08c | false | db9a5761f9beda80273964d79aa8bf589ea00f9d | 1686150338 |
+>| 101408 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27646, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49200, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 920811cc5d0f3a9218886cc0c35f60793859ccff | 1686150340 |
+>| 101408 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 27646, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 49200, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 920811cc5d0f3a9218886cc0c35f60793859ccff | 1686150340 |
+>| 17661014 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6325364, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11794068, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 86e5a6461a4c70641f1d9f05b363a6ee9ad9e967 | 1686150341 |
+>| 17661014 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6325364, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11794068, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 86e5a6461a4c70641f1d9f05b363a6ee9ad9e967 | 1686150341 |
+>| 17709654 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6374004, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11842708, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d0286f449fe9b310149eba7c643ef32980b20c0a | 1686150343 |
+>| 17709654 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6374004, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 11842708, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d0286f449fe9b310149eba7c643ef32980b20c0a | 1686150343 |
+>| 18516054 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7180404, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12649108, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | a629d0a626ea29b61a59fa12f74ecae92f111d2b | 1686150345 |
+>| 18516054 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7180404, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12649108, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | a629d0a626ea29b61a59fa12f74ecae92f111d2b | 1686150345 |
+>| 13872608 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9059948, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8952253, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9583081e5b7c0f4f74b2222a23fc058d667ab595 | 1686150351 |
+>| 13872608 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9059948, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8952253, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9583081e5b7c0f4f74b2222a23fc058d667ab595 | 1686150351 |
+>| 82432 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3812, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4691, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 39d12fff02df078867efb755f7353480b5f6c0bc | 1686150357 |
+>| 82432 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3812, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4691, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 39d12fff02df078867efb755f7353480b5f6c0bc | 1686150357 |
+>| 2272971 | Text/None | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 74664, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 619547, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 67c71d50582dea8fedfe6a3b234936a626ffaeb2 | 1686150357 |
+>| 2272971 | Text/None | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 74664, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 619547, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 67c71d50582dea8fedfe6a3b234936a626ffaeb2 | 1686150357 |
+>| 8879376 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5745648, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5751012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1a773ba334a1fc0f818bbd42f77a4e1d946065a9 | 1686150360 |
+>| 8879376 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5745648, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5751012, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1a773ba334a1fc0f818bbd42f77a4e1d946065a9 | 1686150360 |
+>| 7755441 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 406771, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21825, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 812184db6861a00260557e33605b51d0042ff585 | 1686150360 |
+>| 7755441 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 406771, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 21825, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 812184db6861a00260557e33605b51d0042ff585 | 1686150360 |
+>| 5618928 | MachO32 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3904124, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4378424, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | d1b2e67d1e6066e353d169cfcdcb67b76360ad94 | 1686150361 |
+>| 5618928 | MachO32 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3904124, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4378424, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | d1b2e67d1e6066e353d169cfcdcb67b76360ad94 | 1686150361 |
+>| 7870848 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5851887, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5929958, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 350122e4dba72eec4fcf1b5b91d172335c85d7a9 | 1686150369 |
+>| 7870848 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5851887, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5929958, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 350122e4dba72eec4fcf1b5b91d172335c85d7a9 | 1686150369 |
+>| 8173600 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5940668, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5601532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | ecc1080cc4303734260b958a79cefb40ae6d0153 | 1686150372 |
+>| 8173600 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 5940668, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5601532, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | ecc1080cc4303734260b958a79cefb40ae6d0153 | 1686150372 |
+>| 366711 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83827, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363899, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | cf2f0e2acfc86560055a39013db63285b1d78a03 | 1686150388 |
+>| 366711 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83827, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363899, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | cf2f0e2acfc86560055a39013db63285b1d78a03 | 1686150388 |
+>| 9487360 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6897389, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6936885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4106e8b239bb92d9fa524b3a6d667c7115b0b666 | 1686150401 |
+>| 9487360 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6897389, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6936885, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4106e8b239bb92d9fa524b3a6d667c7115b0b666 | 1686150401 |
+>| 58555814 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1184014, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10951600, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 7c14bdf271b74f35da06091594293c7502c82107 | 1686150401 |
+>| 58555814 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1184014, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 10951600, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 7c14bdf271b74f35da06091594293c7502c82107 | 1686150401 |
+>| 366706 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363894, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 52a6a217b72415fc38bde13c0f077e47671a7845 | 1686150410 |
+>| 366706 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83826, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363894, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 52a6a217b72415fc38bde13c0f077e47671a7845 | 1686150410 |
+>| 21275520 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7310445, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12111641, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 9dc59205f47be9eac8046b5b259f2ccf65ceddc6 | 1686150414 |
+>| 21275520 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7310445, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12111641, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 9dc59205f47be9eac8046b5b259f2ccf65ceddc6 | 1686150414 |
+>| 86684 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34414, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55968, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4120782b6b598f4a7e95b4c480c791cffe37a268 | 1686150422 |
+>| 86684 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34414, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 55968, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4120782b6b598f4a7e95b4c480c791cffe37a268 | 1686150422 |
+>| 5327272 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3979083, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2767474, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | eb86c40eb9e7de2c827db61b705530e5945c4562 | 1686150442 |
+>| 5327272 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3979083, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2767474, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | eb86c40eb9e7de2c827db61b705530e5945c4562 | 1686150442 |
+>| 1686113 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 192055, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16350, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 8d02b28113241f8c6bb4f6313a19950876eca116 | 1686150448 |
+>| 1686113 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 192055, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 16350, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 8d02b28113241f8c6bb4f6313a19950876eca116 | 1686150448 |
+>| 35515 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34829, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22757, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4767545f40d35fbfee5bbd359fe6be615e679ff9 | 1686150452 |
+>| 35515 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 34829, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 22757, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4767545f40d35fbfee5bbd359fe6be615e679ff9 | 1686150452 |
+>| 7892976 | ELF64 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3577820, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3615204, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 94c89fd87cf33f18c9b1783bb133633aa5b28234 | 1686150454 |
+>| 7892976 | ELF64 Little/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3577820, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 3615204, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 94c89fd87cf33f18c9b1783bb133633aa5b28234 | 1686150454 |
+>| 242700 | Document/None/RTF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 41619, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 3d526a12778e918e2350d23aa02bfa7cd2c448d0 | 1686150455 |
+>| 242700 | Document/None/RTF | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 31895, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 41619, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 3d526a12778e918e2350d23aa02bfa7cd2c448d0 | 1686150455 |
+>| 7525504 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1861301, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1676862, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | b2eed81dd77100042b7e918b4f5cacc2d6444aa6 | 1686150455 |
+>| 7525504 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 1861301, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1676862, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | b2eed81dd77100042b7e918b4f5cacc2d6444aa6 | 1686150455 |
+>| 74127 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26665, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 47554, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | c1ad6cf9c783302cedf77c209ae4d5a11d05b07f | 1686150464 |
+>| 74127 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 26665, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 47554, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | c1ad6cf9c783302cedf77c209ae4d5a11d05b07f | 1686150464 |
+>| 6306744 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4682682, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5358994, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 1fa90eebb148c20a065f0a78d5794f00c7bb51a4 | 1686150481 |
+>| 6306744 | DEX/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 4682682, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 5358994, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 1fa90eebb148c20a065f0a78d5794f00c7bb51a4 | 1686150481 |
+>| 8729572 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3118958, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2893418, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6eebfafb77dac46dd9a0541cbd719f59d18ae74a | 1686150486 |
+>| 8729572 | PE/Exe/NSIS | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3118958, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 2893418, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6eebfafb77dac46dd9a0541cbd719f59d18ae74a | 1686150486 |
+>| 662567 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 467856, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24033, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4273c4cdb874a9caeddfb76f5e712480246928a6 | 1686150489 |
+>| 662567 | Email/None/MIME | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 467856, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 24033, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4273c4cdb874a9caeddfb76f5e712480246928a6 | 1686150489 |
+>| 366703 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83825, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363891, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 4791aa7a9d8123b974c9b3e41fc3269bfa287c28 | 1686150489 |
+>| 366703 | Text/HTML/HTML | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 83825, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 363891, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 4791aa7a9d8123b974c9b3e41fc3269bfa287c28 | 1686150489 |
+>| 18824790 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 259206, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12957844, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 3d779c8998dfba56449ad09dbd24db692d2b6528 | 1686150490 |
+>| 18824790 | PE/Dll | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 259206, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 12957844, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 3d779c8998dfba56449ad09dbd24db692d2b6528 | 1686150490 |
+>| 8471556 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7414380, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6887310, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | f10efe378fb0fa90ca1ee5dcdfee615b1473a74e | 1686150490 |
+>| 8471556 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 7414380, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 6887310, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | f10efe378fb0fa90ca1ee5dcdfee615b1473a74e | 1686150490 |
+>| 81408 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3819, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4611, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 76c28f712820786cbe6cbeb7f9789480a7ac3b23 | 1686150491 |
+>| 81408 | Binary/Archive/Compound | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 3819, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 4611, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 76c28f712820786cbe6cbeb7f9789480a7ac3b23 | 1686150491 |
+>| 13890720 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9051048, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8736852, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 121299e36826d127762d70605c78118223be66a3 | 1686150497 |
+>| 13890720 | PE+/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 9051048, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 8736852, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 121299e36826d127762d70605c78118223be66a3 | 1686150497 |
+>| 18482183 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6662509, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1459423, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | SuperHunt | c739753a2575d69ae31b33122622b6a736660508 | false | 6010aef2725e64cdeab0e91df479bf0e0a7be14c | 1686150499 |
+>| 18482183 | PE/Exe | {'meta': [], 'identifier': 'Example', 'tag': [], 'matched_data': [{'string_identifier': 'JHN0cmluZzE=\n', 'match_offset': 6662509, 'matched_string': 'cGF5\n'}, {'string_identifier': 'JHN0cmluZzI=\n', 'match_offset': 1459423, 'matched_string': 'aW1tZWRpYXRlbHk=\n'}]} | ruleset1 | c739753a2575d69ae31b33122622b6a736660508 | false | 6010aef2725e64cdeab0e91df479bf0e0a7be14c | 1686150499 |
+
+
+### reversinglabs-titaniumcloud-yara-retro-hunt-actions
+
+***
+Perform various YARA retroactive hunting actions.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-yara-retro-hunt-actions`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| yara_retro_action | YARA retro hunt action. Possible values are: ENABLE RETRO HUNT, START RETRO HUNT, CHECK STATUS, CANCEL RETRO HUNT. | Required |
+| ruleset_name | Name of the YARA ruleset. | Required |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.enable_yara_retro | Unknown | |
+| ReversingLabs.start_yara_retro | Unknown | |
+| ReversingLabs.check_yara_retro_status | Unknown | |
+| ReversingLabs.cancel_yara_retro | Unknown | |
+
+#### Command example
+```!reversinglabs-titaniumcloud-yara-retro-hunt-actions yara_retro_action="CHECK STATUS" ruleset_name=SuperHunt```
+#### Context Example
+```json
+{
+ "ReversingLabs": {
+ "check_yara_retro_status": {
+ "estimated_finish_time": null,
+ "finish_time": "2023-05-18T11:31:12",
+ "progress": null,
+ "reason": null,
+ "retro_status": "FINISHED",
+ "ruleset_name": "SuperHunt",
+ "start_time": "2023-05-18T11:30:35"
+ }
+ }
+}
+```
+
+#### Human Readable Output
+
+>{
+> "estimated_finish_time": null,
+> "finish_time": "2023-05-18T11:31:12",
+> "progress": null,
+> "reason": null,
+> "retro_status": "FINISHED",
+> "ruleset_name": "SuperHunt",
+> "start_time": "2023-05-18T11:30:35"
+>}
+
+### reversinglabs-titaniumcloud-yara-retro-matches-feed
+
+***
+Returns a recordset of YARA ruleset matches in the specified time range.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-yara-retro-matches-feed`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| time_format | Define the time format that is used. Possible values are: utc, timestamp. | Required |
+| time_value | Time value in the defined format. | Required |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.yara_retro_matches_feed | Unknown | |
+
+#### Command example
+```!reversinglabs-titaniumcloud-yara-retro-matches-feed time_format=timestamp time_value=1686063146```
+#### Context Example
+```json
+{
+ "ReversingLabs": {
+ "yara_retro_matches_feed": {
+ "rl": {
+ "feed": {
+ "entries": [],
+ "last_timestamp": 1686149546,
+ "name": "YARA Retro Match Continuous Feed",
+ "time_range": {
+ "from": "Tue, 06 Jun 2023 14:52:26 +0000",
+ "to": "Wed, 07 Jun 2023 14:52:26 +0000"
+ }
+ }
+ }
+ }
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs YARA Retro Matches Feed for time value 1686063146
+> **Last timestamp**: 1686149546
+> **From**: Tue, 06 Jun 2023 14:52:26 +0000
+> **To**: Wed, 07 Jun 2023 14:52:26 +0000
+>
+> ### Entries
+>**No entries.**
+
+
+### reversinglabs-titaniumcloud-reanalyze-sample
+
+***
+Accepts a hash of a sample in the cloud that you want to reanalyze.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-reanalyze-sample`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| hash | Hash string. | Required |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.reanalyze_sample | Unknown | |
+
+#### Command example
+```!reversinglabs-titaniumcloud-reanalyze-sample hash=21841b32c6165b27dddbd4d6eb3a672defe54271```
+#### Context Example
+```json
+{
+ "ReversingLabs": {
+ "reanalyze_sample": "Sample sent for rescanning"
+ }
+}
+```
+
+#### Human Readable Output
+
+>Sample sent for rescanning
+
+### reversinglabs-titaniumcloud-imphash-similarity
+
+***
+Accepts an imphash and returns a list of SHA-1 hashes of files sharing that imphash.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-imphash-similarity`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| imphash | Imphash string. | Required |
+| max_results | Maximum number of returned results. Default is 5000. | Optional |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.imphash_similarity | Unknown | |
+
+#### Command example
+```!reversinglabs-titaniumcloud-imphash-similarity imphash=fb815acbc7109e8c83537d7d9c7020be max_results=2```
+#### Context Example
+```json
+{
+ "ReversingLabs": {
+ "imphash_similarity": [
+ "0001af77206c3bc81b26d13bc5e6737770076dbd",
+ "0001d0cb17013c46d70d9f7bbb2adebf523c65c8"
+ ]
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs Imphash Similarity for fb815acbc7109e8c83537d7d9c7020be
+> ### SHA-1 list
+>|Hashes|
+>|---|
+>| 0001af77206c3bc81b26d13bc5e6737770076dbd |
+>| 0001d0cb17013c46d70d9f7bbb2adebf523c65c8 |
+
+
+### reversinglabs-titaniumcloud-url-downloaded-files
+
+***
+Returns a list of files downloaded from the provided URL.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-url-downloaded-files`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| url | URL string. | Required |
+| extended_results | Return extended results. Possible values are: true, false. Default is True. | Optional |
+| classification | Return only results with this classification. Possible values are: MALICIOUS, SUSPICIOUS, KNOWN, UNKNOWN. | Optional |
+| last_analysis | Return results from the last analysis. Possible values are: true, false. | Optional |
+| analysis_id | Return results from a specific analysis. | Optional |
+| results_per_page | Number of results per query. Default is 1000. | Optional |
+| max_results | Maximum number of results. Default is 5000. | Optional |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.url_downloaded_files | Unknown | |
+
+#### Command example
+```!reversinglabs-titaniumcloud-url-downloaded-files max_results=2 url=https://www.nytimes.com/ extended_results=true results_per_page=2```
+#### Context Example
+```json
+{
+ "ReversingLabs": {
+ "url_downloaded_files": [
+ {
+ "classification": "KNOWN",
+ "first_download": "2022-02-26T15:52:16",
+ "first_seen": "2022-02-26T16:50:11",
+ "last_download": "2022-02-26T15:52:16",
+ "last_seen": "2022-02-26T17:05:38",
+ "md5": "8f16d9b505328d012335e15ad71dba04",
+ "sample_available": true,
+ "sample_size": 1188968,
+ "sample_type": "Text/HTML/HTML",
+ "sha1": "001647571e28b34d55e02c9ed298242bf8249931",
+ "sha256": "12ee005e585d8fce2023a848514b408b70ff4a6b4df5be44ee86d9db3960dadd",
+ "threat_level": 0,
+ "trust_factor": 2
+ },
+ {
+ "classification": "KNOWN",
+ "first_download": "2023-02-22T01:02:45",
+ "first_seen": "2023-02-22T02:00:22",
+ "last_download": "2023-02-22T01:02:45",
+ "last_seen": "2023-03-07T05:07:26",
+ "md5": "f9b456b6222561142301f223a2c7c9a9",
+ "sample_available": true,
+ "sample_size": 52579,
+ "sample_type": "Text/XML",
+ "sha1": "0034b543da787385621ef607153058aa176cfbdc",
+ "sha256": "f55bfb144d01e405ce6a2435292acd90d7292126e4b2c7ab17553c9c4c442a0c",
+ "threat_level": 0,
+ "trust_factor": 2
+ }
+ ]
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs Files Downloaded from URL https://www.nytimes.com/
+> ### Downloaded files
+>|classification|first_download|first_seen|last_download|last_seen|md5|sample_available|sample_size|sample_type|sha1|sha256|threat_level|trust_factor|
+>|---|---|---|---|---|---|---|---|---|---|---|---|---|
+>| KNOWN | 2022-02-26T15:52:16 | 2022-02-26T16:50:11 | 2022-02-26T15:52:16 | 2022-02-26T17:05:38 | 8f16d9b505328d012335e15ad71dba04 | true | 1188968 | Text/HTML/HTML | 001647571e28b34d55e02c9ed298242bf8249931 | 12ee005e585d8fce2023a848514b408b70ff4a6b4df5be44ee86d9db3960dadd | 0 | 2 |
+>| KNOWN | 2023-02-22T01:02:45 | 2023-02-22T02:00:22 | 2023-02-22T01:02:45 | 2023-03-07T05:07:26 | f9b456b6222561142301f223a2c7c9a9 | true | 52579 | Text/XML | 0034b543da787385621ef607153058aa176cfbdc | f55bfb144d01e405ce6a2435292acd90d7292126e4b2c7ab17553c9c4c442a0c | 0 | 2 |
+
+
+### reversinglabs-titaniumcloud-url-latest-analyses-feed
+
+***
+Returns the latest URL analysis reports.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-url-latest-analyses-feed`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| results_per_page | Number of results per query. Default is 1000. | Optional |
+| max_results | Maximum number of results. Default is 5000. | Optional |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.url_latest_analyses_feed | Unknown | |
+
+#### Command example
+```!reversinglabs-titaniumcloud-url-latest-analyses-feed results_per_page=2 max_results=2```
+#### Context Example
+```json
+{
+ "InfoFile": {
+ "EntryID": "7704@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
+ "Info": "text/plain",
+ "Name": "ReversingLabs Latest URL Analyses Feed",
+ "Size": 782,
+ "Type": "ASCII text"
+ },
+ "ReversingLabs": {
+ "url_latest_analyses_feed": [
+ {
+ "analysis_id": "1686146896780f90",
+ "analysis_time": "2023-06-07T14:08:19",
+ "availability_status": "online",
+ "final_url": "https://ftp.mozilla.org/pub/firefox/releases/99.0b7/update/win64-aarch64/eo/firefox-99.0b7.complete.mar",
+ "url": "https://ftp.mozilla.org/pub/firefox/releases/99.0b7/update/win64-aarch64/eo/firefox-99.0b7.complete.mar"
+ },
+ {
+ "analysis_id": "168614689679c15f",
+ "analysis_time": "2023-06-07T14:08:19",
+ "availability_status": "online",
+ "final_url": "https://ftp.mozilla.org/pub/firefox/releases/91.0b8/update/mac/be/firefox-91.0b5-91.0b8.partial.mar",
+ "url": "https://ftp.mozilla.org/pub/firefox/releases/91.0b8/update/mac/be/firefox-91.0b5-91.0b8.partial.mar"
+ }
+ ]
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs Latest URL Analyses Feed
+> ### Latest URL analyses
+>|analysis_id|analysis_time|availability_status|final_url|url|
+>|---|---|---|---|---|
+>| 1686146896780f90 | 2023-06-07T14:08:19 | online | https://ftp.mozilla.org/pub/firefox/releases/99.0b7/update/win64-aarch64/eo/firefox-99.0b7.complete.mar | https://ftp.mozilla.org/pub/firefox/releases/99.0b7/update/win64-aarch64/eo/firefox-99.0b7.complete.mar |
+>| 168614689679c15f | 2023-06-07T14:08:19 | online | https://ftp.mozilla.org/pub/firefox/releases/91.0b8/update/mac/be/firefox-91.0b5-91.0b8.partial.mar | https://ftp.mozilla.org/pub/firefox/releases/91.0b8/update/mac/be/firefox-91.0b5-91.0b8.partial.mar |
+
+
+### reversinglabs-titaniumcloud-url-analyses-feed-from-date
+
+***
+Returns URL analyses reports from the defined time onward.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-url-analyses-feed-from-date`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| time_format | Define the time format that is used. Possible values are: utc, timestamp. | Required |
+| start_time | Time value in the defined format. | Required |
+| results_per_page | Number of results per query. Default is 1000. | Optional |
+| max_results | Maximum number of results. Default is 5000. | Optional |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.url_analyses_feed_from_date | Unknown | |
+
+#### Command example
+```!reversinglabs-titaniumcloud-url-analyses-feed-from-date results_per_page=2 max_results=2 time_format=timestamp start_time=1685976746```
+#### Context Example
+```json
+{
+ "InfoFile": {
+ "EntryID": "7695@08d0efc0-7fc6-4c26-8ae9-f3bfc7b92a59",
+ "Info": "text/plain",
+ "Name": "ReversingLabs URL Analyses Feed From Date 1685976746",
+ "Size": 846,
+ "Type": "ASCII text"
+ },
+ "ReversingLabs": {
+ "url_analyses_feed_from_date": [
+ {
+ "analysis_id": "168597674625002a",
+ "analysis_time": "2023-06-05T14:52:28",
+ "availability_status": "online",
+ "final_url": "http://ftp.riken.jp/Linux/debian/debian/dists/bookworm-proposed-updates/main/i18n/Translation-en.diff/T-2023-06-03-1403.07-F-2023-01-20-0206.46.gz",
+ "url": "http://ftp.riken.jp/Linux/debian/debian/dists/bookworm-proposed-updates/main/i18n/Translation-en.diff/T-2023-06-03-1403.07-F-2023-01-20-0206.46.gz"
+ },
+ {
+ "analysis_id": "168597674529c352",
+ "analysis_time": "2023-06-05T14:52:28",
+ "availability_status": "online",
+ "final_url": "http://cigarettescigs.com/marengo-cigarettes-c-226.html?zenid=1ur5fbj6tboo2ulacuejibatq2",
+ "url": "http://cigarettescigs.com/marengo-cigarettes-c-226.html?zenid=1ur5fbj6tboo2ulacuejibatq2"
+ }
+ ]
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs URL Analyses Feed From Date 1685976746
+> ### URL analyses from specified date
+>|analysis_id|analysis_time|availability_status|final_url|url|
+>|---|---|---|---|---|
+>| 168597674625002a | 2023-06-05T14:52:28 | online | http://ftp.riken.jp/Linux/debian/debian/dists/bookworm-proposed-updates/main/i18n/Translation-en.diff/T-2023-06-03-1403.07-F-2023-01-20-0206.46.gz | http://ftp.riken.jp/Linux/debian/debian/dists/bookworm-proposed-updates/main/i18n/Translation-en.diff/T-2023-06-03-1403.07-F-2023-01-20-0206.46.gz |
+>| 168597674529c352 | 2023-06-05T14:52:28 | online | http://cigarettescigs.com/marengo-cigarettes-c-226.html?zenid=1ur5fbj6tboo2ulacuejibatq2 | http://cigarettescigs.com/marengo-cigarettes-c-226.html?zenid=1ur5fbj6tboo2ulacuejibatq2 |
+
+
+### reversinglabs-titaniumcloud-domain-report
+
+***
+Returns a domain analysis report.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-domain-report`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| domain | Domain string. | Required |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.domain_report | Unknown | The domain analysis report. |
+
+#### Command example
+```!reversinglabs-titaniumcloud-domain-report domain=bloom-artists.com```
+#### Context Example
+```json
+{
+ "DBotScore": {
+ "Indicator": "bloom-artists.com",
+ "Reliability": "C - Fairly reliable",
+ "Score": 0,
+ "Type": "domain",
+ "Vendor": "ReversingLabs TitaniumCloud v2"
+ },
+ "Domain": {
+ "Name": "bloom-artists.com"
+ },
+ "ReversingLabs": {
+ "domain_report": {
+ "rl": {
+ "downloaded_files_statistics": {
+ "known": 54,
+ "malicious": 1,
+ "suspicious": 0,
+ "total": 55,
+ "unknown": 0
+ },
+ "last_dns_records": [
+ {
+ "provider": "ReversingLabs",
+ "type": "A",
+ "value": "85.187.128.34"
+ }
+ ],
+ "last_dns_records_time": "2023-08-25T09:34:16",
+ "modified_time": "2023-11-06T12:06:50",
+ "requested_domain": "bloom-artists.com",
+ "third_party_reputations": {
+ "sources": [
+ {
+ "detection": "undetected",
+ "source": "phishing_database",
+ "update_time": "2023-11-06T02:25:55"
+ },
+ {
+ "detection": "undetected",
+ "source": "0xSI_f33d",
+ "update_time": "2023-11-06T06:22:03"
+ },
+ {
+ "detection": "undetected",
+ "source": "cyradar",
+ "update_time": "2023-11-06T08:15:05"
+ },
+ {
+ "detect_time": "2023-10-22T21:13:34",
+ "detection": "malicious",
+ "source": "adminus_labs",
+ "update_time": "2023-11-06T12:06:50"
+ },
+ {
+ "detection": "undetected",
+ "source": "apwg",
+ "update_time": "2023-11-02T17:30:36"
+ },
+ {
+ "detection": "undetected",
+ "source": "netstar",
+ "update_time": "2023-11-06T11:39:40"
+ },
+ {
+ "detection": "undetected",
+ "source": "threatfox_abuse_ch",
+ "update_time": "2023-11-06T08:20:49"
+ },
+ {
+ "detection": "undetected",
+ "source": "botvrij",
+ "update_time": "2023-11-06T02:26:03"
+ },
+ {
+ "detection": "undetected",
+ "source": "alphamountain",
+ "update_time": "2023-11-06T10:57:13"
+ },
+ {
+ "detection": "undetected",
+ "source": "comodo_valkyrie",
+ "update_time": "2023-11-06T05:53:24"
+ },
+ {
+ "detection": "undetected",
+ "source": "web_security_guard",
+ "update_time": "2022-01-21T06:56:15"
+ },
+ {
+ "detection": "undetected",
+ "source": "osint",
+ "update_time": "2023-11-06T01:30:13"
+ },
+ {
+ "detect_time": "2023-10-23T03:27:25",
+ "detection": "malicious",
+ "source": "crdf",
+ "update_time": "2023-11-06T08:34:19"
+ }
+ ],
+ "statistics": {
+ "clean": 0,
+ "malicious": 2,
+ "total": 13,
+ "undetected": 11
+ }
+ },
+ "top_threats": [
+ {
+ "files_count": 1,
+ "threat_level": 5,
+ "threat_name": "Win32.Trojan.RedLine"
+ }
+ ]
+ }
+ }
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs Domain Report for bloom-artists.com
+> ### Last DNS records
+>|provider|type|value|
+>|---|---|---|
+>| ReversingLabs | A | 85.187.128.34 |
+>
+>
+>**Last DNS records time**: 2023-08-25T09:34:16
+>
+> ### Top threats
+>|files_count|threat_level|threat_name|
+>|---|---|---|
+>| 1 | 5 | Win32.Trojan.RedLine |
+>
+> ### Third party statistics
+> **CLEAN**: 0
+> **MALICIOUS**: 2
+> **UNDETECTED**: 11
+> **TOTAL**: 13
+>
+> ### Third party sources
+>|detection|source|update_time|
+>|---|---|---|
+>| undetected | phishing_database | 2023-11-06T02:25:55 |
+>| undetected | 0xSI_f33d | 2023-11-06T06:22:03 |
+>| undetected | cyradar | 2023-11-06T08:15:05 |
+>| **malicious** | adminus_labs | 2023-11-06T12:06:50 |
+>| undetected | apwg | 2023-11-02T17:30:36 |
+>| undetected | netstar | 2023-11-06T11:39:40 |
+>| undetected | threatfox_abuse_ch | 2023-11-06T08:20:49 |
+>| undetected | botvrij | 2023-11-06T02:26:03 |
+>| undetected | alphamountain | 2023-11-06T10:57:13 |
+>| undetected | comodo_valkyrie | 2023-11-06T05:53:24 |
+>| undetected | web_security_guard | 2022-01-21T06:56:15 |
+>| undetected | osint | 2023-11-06T01:30:13 |
+>| **malicious** | crdf | 2023-11-06T08:34:19 |
+>
+> ### Downloaded files statistics
+> **KNOWN**: 54
+> **MALICIOUS**: 1
+> **SUSPICIOUS**: 0
+> **UNKNOWN**: 0
+> **TOTAL**: 55
+>
+
+### reversinglabs-titaniumcloud-domain-downloaded-files
+
+***
+Returns a list of files downloaded from a domain.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-domain-downloaded-files`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| domain | Domain string. | Required |
+| classification | Return only files of this classification. Possible values are: MALICIOUS, SUSPICIOUS, KNOWN. | Optional |
+| result_limit | Maximum number of returned results. Default is 50000. | Optional |
+| results_per_page | Number of results returned per request. Default is 1000. | Optional |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.domain_downloaded_files | Unknown | The list of files downloaded from a domain. |
+
+#### Command example
+```!reversinglabs-titaniumcloud-domain-downloaded-files domain=bloom-artists.com classification=MALICIOUS result_limit=10 results_per_page=3```
+#### Context Example
+```json
+{
+ "DBotScore": {
+ "Indicator": "bloom-artists.com",
+ "Reliability": "C - Fairly reliable",
+ "Score": 0,
+ "Type": "domain",
+ "Vendor": "ReversingLabs TitaniumCloud v2"
+ },
+ "Domain": {
+ "Name": "bloom-artists.com"
+ },
+ "ReversingLabs": {
+ "domain_downloaded_files": [
+ {
+ "classification": "MALICIOUS",
+ "first_download": "2023-07-08T06:13:02",
+ "first_seen": "2023-07-08T00:39:23",
+ "last_download": "2023-07-08T15:11:31",
+ "last_download_url": "http://bloom-artists.com/wp-includes/class-wp-image-editors.php?filename=winx32apideftype.exe",
+ "last_seen": "2023-09-26T15:25:41",
+ "malware_family": "RedLine",
+ "malware_type": "Trojan",
+ "md5": "2796bf32abbebdd11a35603f3453214d",
+ "platform": "Win32",
+ "sample_available": true,
+ "sample_size": 3697248,
+ "sample_type": "PE/Exe",
+ "sha1": "96826340af3f4708b16f8f0e3eb29ad0ce5bb6f8",
+ "sha256": "0edc6dae7ee848bf465be34edfc49377b7da304798445685e4a7d45d4983f166",
+ "threat_level": 5,
+ "threat_name": "Win32.Trojan.RedLine",
+ "trust_factor": 5
+ }
+ ]
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs Files downloaded from domain bloom-artists.com
+> ### Downloaded files
+>|classification|first_download|first_seen|last_download|last_download_url|last_seen|malware_family|malware_type|md5|platform|sample_available|sample_size|sample_type|sha1|sha256|threat_level|threat_name|trust_factor|
+>|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
+>| MALICIOUS | 2023-07-08T06:13:02 | 2023-07-08T00:39:23 | 2023-07-08T15:11:31 | http://bloom-artists.com/wp-includes/class-wp-image-editors.php?filename=winx32apideftype.exe | 2023-09-26T15:25:41 | RedLine | Trojan | 2796bf32abbebdd11a35603f3453214d | Win32 | true | 3697248 | PE/Exe | 96826340af3f4708b16f8f0e3eb29ad0ce5bb6f8 | 0edc6dae7ee848bf465be34edfc49377b7da304798445685e4a7d45d4983f166 | 5 | Win32.Trojan.RedLine | 5 |
+
+
+### reversinglabs-titaniumcloud-domain-urls
+
+***
+Returns a list of URL-s associated with the requested domain.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-domain-urls`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| domain | Domain string. | Required |
+| result_limit | Maximum number of returned results. Default is 50000. | Optional |
+| results_per_page | Number of results returned per request. Default is 1000. | Optional |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.domain_urls | Unknown | The list of URL-s associated with the requested domain. |
+
+#### Command example
+```!reversinglabs-titaniumcloud-domain-urls result_limit=10 results_per_page=3 domain=bloom-artists.com```
+#### Context Example
+```json
+{
+ "DBotScore": {
+ "Indicator": "bloom-artists.com",
+ "Reliability": "C - Fairly reliable",
+ "Score": 0,
+ "Type": "domain",
+ "Vendor": "ReversingLabs TitaniumCloud v2"
+ },
+ "Domain": {
+ "Name": "bloom-artists.com"
+ },
+ "ReversingLabs": {
+ "domain_urls": [
+ {
+ "url": "https://bloom-artists.com/wp-content/uploads/2021/01/cropped-%C3%A8%C2%97%C2%9D%C3%A9%C2%BB%C2%9E%C3%A4%C2%BA%C2%AE%C3%A5%C2%8D%C2%94%C3%A6%C2%9C%C2%83-logo-1-32x32.jpg"
+ },
+ {
+ "url": "https://bloom-artists.com/wp-content/themes/Avada/assets/min/js/general/avada-custom-header.js?ver=7.2.1"
+ },
+ {
+ "url": "https://bloom-artists.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-animations.js?ver=6.2.2"
+ },
+ {
+ "url": "https://bloom-artists.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.requestAnimationFrame.js?ver=1"
+ },
+ {
+ "url": "https://bloom-artists.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-bg.js?ver=1"
+ },
+ {
+ "url": "https://bloom-artists.com/2021/01/15/teacher-2/"
+ },
+ {
+ "url": "https://bloom-artists.com/wp-json/"
+ },
+ {
+ "url": "https://bloom-artists.com/2021/01/15/author-6/"
+ },
+ {
+ "url": "https://bloom-artists.com/wp-content/plugins/convertplug/modules/slide_in/assets/demos"
+ },
+ {
+ "url": "https://bloom-artists.com/wp-content/themes/Avada/assets/min/js/general/avada-live-search.js?ver=7.2.1"
+ }
+ ]
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs URL-s associated with domain bloom-artists.com
+> ### URL list
+>|url|
+>|---|
+>| https://bloom-artists.com/wp-content/uploads/2021/01/cropped-%C3%A8%C2%97%C2%9D%C3%A9%C2%BB%C2%9E%C3%A4%C2%BA%C2%AE%C3%A5%C2%8D%C2%94%C3%A6%C2%9C%C2%83-logo-1-32x32.jpg |
+>| https://bloom-artists.com/wp-content/themes/Avada/assets/min/js/general/avada-custom-header.js?ver=7.2.1 |
+>| https://bloom-artists.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-animations.js?ver=6.2.2 |
+>| https://bloom-artists.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.requestAnimationFrame.js?ver=1 |
+>| https://bloom-artists.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-bg.js?ver=1 |
+>| https://bloom-artists.com/2021/01/15/teacher-2/ |
+>| https://bloom-artists.com/wp-json/ |
+>| https://bloom-artists.com/2021/01/15/author-6/ |
+>| https://bloom-artists.com/wp-content/plugins/convertplug/modules/slide_in/assets/demos |
+>| https://bloom-artists.com/wp-content/themes/Avada/assets/min/js/general/avada-live-search.js?ver=7.2.1 |
+
+
+### reversinglabs-titaniumcloud-domain-to-ip
+
+***
+Returns a list of IP addresses resolved from a domain.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-domain-to-ip`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| domain | Domain string. | Required |
+| result_limit | Maximum number of returned results. Default is 50000. | Optional |
+| results_per_page | Number of results returned per request. Default is 1000. | Optional |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.domain_to_ip | Unknown | The list of IP addresses resolved from the domain. |
+
+#### Command example
+```!reversinglabs-titaniumcloud-domain-to-ip results_per_page=3 domain=bloom-artists.com result_limit=10```
+#### Context Example
+```json
+{
+ "DBotScore": {
+ "Indicator": "bloom-artists.com",
+ "Reliability": "C - Fairly reliable",
+ "Score": 0,
+ "Type": "domain",
+ "Vendor": "ReversingLabs TitaniumCloud v2"
+ },
+ "Domain": {
+ "Name": "bloom-artists.com"
+ },
+ "ReversingLabs": {
+ "domain_to_ip": [
+ {
+ "ip": "85.187.128.34",
+ "last_resolution_time": "2023-08-25T09:34:16",
+ "provider": "ReversingLabs"
+ }
+ ]
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs IP addresses resolved from domain bloom-artists.com
+> ### IP address list
+>|ip|last_resolution_time|provider|
+>|---|---|---|
+>| 85.187.128.34 | 2023-08-25T09:34:16 | ReversingLabs |
+
+
+### reversinglabs-titaniumcloud-domain-related-domains
+
+***
+Returns a list of domains related to the submitted domain.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-domain-related-domains`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| domain | Domain string. | Required |
+| result_limit | Maximum number of returned results. Default is 50000. | Optional |
+| results_per_page | Number of results returned per request. Default is 1000. | Optional |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.domain_related_domains | Unknown | The list of domains related to the submitted domain. |
+
+#### Command example
+```!reversinglabs-titaniumcloud-domain-related-domains domain=smsv4.ufcfan.org result_limit=10 results_per_page=3```
+#### Context Example
+```json
+{
+ "DBotScore": {
+ "Indicator": "smsv4.ufcfan.org",
+ "Reliability": "C - Fairly reliable",
+ "Score": 0,
+ "Type": "domain",
+ "Vendor": "ReversingLabs TitaniumCloud v2"
+ },
+ "Domain": {
+ "Name": "smsv4.ufcfan.org"
+ },
+ "ReversingLabs": {
+ "domain_related_domains": [
+ {
+ "domain": "mstanley.ufcfan.org"
+ },
+ {
+ "domain": "ketogendietmo.ufcfan.org"
+ },
+ {
+ "domain": "vmze-crypto511386.marketscoin.ufcfan.org"
+ },
+ {
+ "domain": "cxip-crypto665491.marketscoin.ufcfan.org"
+ },
+ {
+ "domain": "xgzc-crypto767019.marketscoin.ufcfan.org"
+ },
+ {
+ "domain": "dejar-de-roncar.ufcfan.org"
+ },
+ {
+ "domain": "uolv-crypto969448.marketscoin.ufcfan.org"
+ },
+ {
+ "domain": "nowornever1.ufcfan.org"
+ },
+ {
+ "domain": "the.ufcfan.org"
+ },
+ {
+ "domain": "onedrshapointooo.ufcfan.org"
+ }
+ ]
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs domains related to domain smsv4.ufcfan.org
+> ### Domain list
+>|domain|
+>|---|
+>| mstanley.ufcfan.org |
+>| ketogendietmo.ufcfan.org |
+>| vmze-crypto511386.marketscoin.ufcfan.org |
+>| cxip-crypto665491.marketscoin.ufcfan.org |
+>| xgzc-crypto767019.marketscoin.ufcfan.org |
+>| dejar-de-roncar.ufcfan.org |
+>| uolv-crypto969448.marketscoin.ufcfan.org |
+>| nowornever1.ufcfan.org |
+>| the.ufcfan.org |
+>| onedrshapointooo.ufcfan.org |
+
+
+### reversinglabs-titaniumcloud-ip-report
+
+***
+Returns an IP address analysis report.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-ip-report`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| ip | IP address. | Required |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.ip_report | Unknown | The IP address analysis report. |
+
+#### Command example
+```!reversinglabs-titaniumcloud-ip-report ip=5.42.64.70```
+#### Context Example
+```json
+{
+ "DBotScore": {
+ "Indicator": "5.42.64.70",
+ "Reliability": "C - Fairly reliable",
+ "Score": 0,
+ "Type": "ip",
+ "Vendor": "ReversingLabs TitaniumCloud v2"
+ },
+ "IP": {
+ "Address": "5.42.64.70"
+ },
+ "ReversingLabs": {
+ "ip_report": {
+ "rl": {
+ "downloaded_files_statistics": {
+ "known": 0,
+ "malicious": 0,
+ "suspicious": 0,
+ "total": 0,
+ "unknown": 0
+ },
+ "modified_time": "2023-11-06T12:00:35",
+ "requested_ip": "5.42.64.70",
+ "third_party_reputations": {
+ "sources": [
+ {
+ "detection": "undetected",
+ "source": "adminus_labs",
+ "update_time": "2023-11-06T12:00:35"
+ },
+ {
+ "detection": "undetected",
+ "source": "apwg",
+ "update_time": "2023-11-01T21:23:52"
+ },
+ {
+ "detection": "undetected",
+ "source": "threatfox_abuse_ch",
+ "update_time": "2023-11-06T08:20:49"
+ },
+ {
+ "detection": "undetected",
+ "source": "alphamountain",
+ "update_time": "2023-11-06T10:57:13"
+ },
+ {
+ "detection": "undetected",
+ "source": "osint",
+ "update_time": "2023-11-06T01:30:13"
+ },
+ {
+ "detection": "undetected",
+ "source": "feodotracker",
+ "update_time": "2023-11-06T05:28:24"
+ },
+ {
+ "detect_time": "2023-10-27T03:54:23",
+ "detection": "malicious",
+ "source": "crdf",
+ "update_time": "2023-11-06T08:34:19"
+ }
+ ],
+ "statistics": {
+ "clean": 0,
+ "malicious": 1,
+ "total": 7,
+ "undetected": 6
+ }
+ }
+ }
+ }
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs IP address report for 5.42.64.70
+> ### Downloaded files statistics
+> **KNOWN**: 0
+> **MALICIOUS**: 0
+> **SUSPICIOUS**: 0
+> **UNKNOWN**: 0
+> **TOTAL**: 0
+>
+> ### Third party statistics
+> **CLEAN**: 0
+> **MALICIOUS**: 1
+> **UNDETECTED**: 6
+> **TOTAL**: 7
+>
+> ### Third party sources
+>|detection|source|update_time|
+>|---|---|---|
+>| undetected | adminus_labs | 2023-11-06T12:00:35 |
+>| undetected | apwg | 2023-11-01T21:23:52 |
+>| undetected | threatfox_abuse_ch | 2023-11-06T08:20:49 |
+>| undetected | alphamountain | 2023-11-06T10:57:13 |
+>| undetected | osint | 2023-11-06T01:30:13 |
+>| undetected | feodotracker | 2023-11-06T05:28:24 |
+>| **malicious** | crdf | 2023-11-06T08:34:19 |
+
+
+### reversinglabs-titaniumcloud-ip-downloaded-files
+
+***
+Returns a list of files downloaded from an IP address.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-ip-downloaded-files`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| ip | IP address. | Required |
+| classification | Return only files of this classification. Possible values are: MALICIOUS, SUSPICIOUS, KNOWN. | Optional |
+| result_limit | Maximum number of returned results. Default is 50000. | Optional |
+| results_per_page | Number of results returned per request. Default is 1000. | Optional |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.ip_downloaded_files | Unknown | The list of files downloaded from an IP address. |
+
+#### Command example
+```!reversinglabs-titaniumcloud-ip-downloaded-files ip=61.253.71.111 result_limit=10 results_per_page=3 classification=KNOWN```
+#### Context Example
+```json
+{
+ "DBotScore": {
+ "Indicator": "61.253.71.111",
+ "Reliability": "C - Fairly reliable",
+ "Score": 0,
+ "Type": "ip",
+ "Vendor": "ReversingLabs TitaniumCloud v2"
+ },
+ "IP": {
+ "Address": "61.253.71.111"
+ },
+ "ReversingLabs": {
+ "ip_downloaded_files": [
+ {
+ "classification": "KNOWN",
+ "first_download": "2023-07-07T17:19:28",
+ "first_seen": "2023-07-07T17:19:28",
+ "last_download": "2023-07-07T17:19:28",
+ "last_download_url": "http://zexeq.com/lancer/get.php?first=true&pid=C3B16B41D6F86B32953BEB04946D0A6E",
+ "last_seen": "2023-07-07T19:59:59",
+ "md5": "797eccd405422c693c0191979ff6ef4a",
+ "sample_available": true,
+ "sample_size": 556,
+ "sample_type": "Text/JSON",
+ "sha1": "91b32dca495014f75ffdee6faa698bdf6434d8fb",
+ "sha256": "4b89d4825098a840cd456b2b5885dcb2877f64860849241fa1f61ae222ad17bf",
+ "threat_level": 0,
+ "trust_factor": 5
+ },
+ {
+ "classification": "KNOWN",
+ "first_download": "2023-06-02T11:22:59",
+ "first_seen": "2023-06-02T11:22:59",
+ "last_download": "2023-06-02T11:22:59",
+ "last_download_url": "http://zexeq.com/lancer/get.php?first=true&pid=254EAF666E5FA09BE8619B6A01AF9288",
+ "last_seen": "2023-07-24T13:15:30",
+ "md5": "c64e2b30fda16b0196942265d3dd5fef",
+ "sample_available": true,
+ "sample_size": 560,
+ "sample_type": "Text/JSON",
+ "sha1": "d8e27451c3045d36059275900c471d6fbb0cabf4",
+ "sha256": "196a50b5dd9a72e24acb81c757df553d1e0f5c072d52672decb5c598f203b4c5",
+ "threat_level": 0,
+ "trust_factor": 5
+ },
+ {
+ "classification": "KNOWN",
+ "first_download": "2023-07-06T13:27:18",
+ "first_seen": "2023-07-06T13:27:18",
+ "last_download": "2023-07-06T13:27:18",
+ "last_download_url": "http://zexeq.com/test1/get.php?first=false&pid=DF224B838A5638467035D81D43816702",
+ "last_seen": "2023-07-13T18:31:02",
+ "md5": "4dea2d4466b52c08d0b8276dd0c45172",
+ "sample_available": true,
+ "sample_size": 556,
+ "sample_type": "Text/JSON",
+ "sha1": "e8f717a59b8c1c5290797642d9442612ea234657",
+ "sha256": "8575ac48af341192f571d55002370cc945c56dd43655731d76348f4df6d232a7",
+ "threat_level": 0,
+ "trust_factor": 5
+ }
+ ]
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs Files downloaded from IP address 61.253.71.111
+> ### Downloaded files
+>|classification|first_download|first_seen|last_download|last_download_url|last_seen|md5|sample_available|sample_size|sample_type|sha1|sha256|threat_level|trust_factor|
+>|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
+>| KNOWN | 2023-07-07T17:19:28 | 2023-07-07T17:19:28 | 2023-07-07T17:19:28 | http://zexeq.com/lancer/get.php?first=true&pid=C3B16B41D6F86B32953BEB04946D0A6E | 2023-07-07T19:59:59 | 797eccd405422c693c0191979ff6ef4a | true | 556 | Text/JSON | 91b32dca495014f75ffdee6faa698bdf6434d8fb | 4b89d4825098a840cd456b2b5885dcb2877f64860849241fa1f61ae222ad17bf | 0 | 5 |
+>| KNOWN | 2023-06-02T11:22:59 | 2023-06-02T11:22:59 | 2023-06-02T11:22:59 | http://zexeq.com/lancer/get.php?first=true&pid=254EAF666E5FA09BE8619B6A01AF9288 | 2023-07-24T13:15:30 | c64e2b30fda16b0196942265d3dd5fef | true | 560 | Text/JSON | d8e27451c3045d36059275900c471d6fbb0cabf4 | 196a50b5dd9a72e24acb81c757df553d1e0f5c072d52672decb5c598f203b4c5 | 0 | 5 |
+>| KNOWN | 2023-07-06T13:27:18 | 2023-07-06T13:27:18 | 2023-07-06T13:27:18 | http://zexeq.com/test1/get.php?first=false&pid=DF224B838A5638467035D81D43816702 | 2023-07-13T18:31:02 | 4dea2d4466b52c08d0b8276dd0c45172 | true | 556 | Text/JSON | e8f717a59b8c1c5290797642d9442612ea234657 | 8575ac48af341192f571d55002370cc945c56dd43655731d76348f4df6d232a7 | 0 | 5 |
+
+
+### reversinglabs-titaniumcloud-ip-urls
+
+***
+Returns a list of URL-s associated with an IP address.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-ip-urls`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| ip | IP address. | Required |
+| result_limit | Maximum number of returned results. Default is 50000. | Optional |
+| results_per_page | Number of results returned per request. Default is 1000. | Optional |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.ip_urls | Unknown | The list of URL-s associated with an IP address. |
+
+#### Command example
+```!reversinglabs-titaniumcloud-ip-urls ip=61.253.71.111 result_limit=10 results_per_page=3```
+#### Context Example
+```json
+{
+ "DBotScore": {
+ "Indicator": "61.253.71.111",
+ "Reliability": "C - Fairly reliable",
+ "Score": 0,
+ "Type": "ip",
+ "Vendor": "ReversingLabs TitaniumCloud v2"
+ },
+ "IP": {
+ "Address": "61.253.71.111"
+ },
+ "ReversingLabs": {
+ "ip_urls": [
+ {
+ "url": "http://zexeq.com/lancer/get.php?first=true&pid=254EAF666E5FA09BE8619B6A01AF9288"
+ },
+ {
+ "url": "http://zexeq.com/lancer/get.php?first=true&pid=C3B16B41D6F86B32953BEB04946D0A6E"
+ },
+ {
+ "url": "http://zexeq.com/test1/get.php?first=false&pid=DF224B838A5638467035D81D43816702"
+ }
+ ]
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs URL-s associated with IP address 61.253.71.111
+> ### URL list
+>|url|
+>|---|
+>| http://zexeq.com/lancer/get.php?first=true&pid=254EAF666E5FA09BE8619B6A01AF9288 |
+>| http://zexeq.com/lancer/get.php?first=true&pid=C3B16B41D6F86B32953BEB04946D0A6E |
+>| http://zexeq.com/test1/get.php?first=false&pid=DF224B838A5638467035D81D43816702 |
+
+
+### reversinglabs-titaniumcloud-ip-to-domain
+
+***
+Returns a list of IP to domain mappings.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-ip-to-domain`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| ip | IP address. | Required |
+| result_limit | Maximum number of returned results. Default is 50000. | Optional |
+| results_per_page | Number of results returned per request. Default is 1000. | Optional |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.ip_to_domain | Unknown | The list of IP to domain mappings. |
+
+#### Command example
+```!reversinglabs-titaniumcloud-ip-to-domain results_per_page=3 ip=61.253.71.111 result_limit=10```
+#### Context Example
+```json
+{
+ "DBotScore": {
+ "Indicator": "61.253.71.111",
+ "Reliability": "C - Fairly reliable",
+ "Score": 0,
+ "Type": "ip",
+ "Vendor": "ReversingLabs TitaniumCloud v2"
+ },
+ "IP": {
+ "Address": "61.253.71.111"
+ },
+ "ReversingLabs": {
+ "ip_to_domain": [
+ {
+ "host_name": "zexeq.com",
+ "last_resolution_time": "2023-07-07T17:19:28",
+ "provider": "ReversingLabs"
+ }
+ ]
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs IP to domain mappings for IP address 61.253.71.111
+> ### Domain list
+>|host_name|last_resolution_time|provider|
+>|---|---|---|
+>| zexeq.com | 2023-07-07T17:19:28 | ReversingLabs |
+
+
+### reversinglabs-titaniumcloud-network-reputation
+
+***
+Returns network reputation for requested network locations.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-network-reputation`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| network_locations | A comma-separated list of network locations. The list should have no spaces. | Required |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.network_reputation | Unknown | Network reputation. |
+
+#### Command example
+```!reversinglabs-titaniumcloud-network-reputation network_locations=http://43.138.221.139/jquery-3.3.1.min.js,61.253.71.111,bloom-artists.com```
+#### Context Example
+```json
+{
+ "ReversingLabs": {
+ "network_reputation": {
+ "rl": {
+ "entries": [
+ {
+ "associated_malware": false,
+ "categories": [
+ "phishing",
+ "command_and_control"
+ ],
+ "classification": "malicious",
+ "first_seen": "2022-09-11T11:54:39",
+ "last_seen": "2023-04-14T11:15:51",
+ "reason": "third_party_reputation",
+ "requested_network_location": "http://43.138.221.139/jquery-3.3.1.min.js",
+ "third_party_reputations": {
+ "clean": 0,
+ "malicious": 2,
+ "total": 19,
+ "undetected": 17
+ },
+ "type": "url"
+ },
+ {
+ "associated_malware": false,
+ "first_seen": "2023-11-06T13:10:15",
+ "last_seen": "2023-07-24T13:15:52",
+ "requested_network_location": "61.253.71.111",
+ "third_party_reputations": {
+ "clean": 0,
+ "malicious": 0,
+ "total": 7,
+ "undetected": 7
+ },
+ "type": "ip"
+ },
+ {
+ "associated_malware": true,
+ "first_seen": "2023-10-22T21:13:34",
+ "last_seen": "2023-10-23T03:27:25",
+ "requested_network_location": "bloom-artists.com",
+ "third_party_reputations": {
+ "clean": 0,
+ "malicious": 2,
+ "total": 13,
+ "undetected": 11
+ },
+ "type": "domain"
+ }
+ ]
+ }
+ }
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs Reputation for the following network locations: http://43.138.221.139/jquery-3.3.1.min.js, 61.253.71.111, bloom-artists.com
+> ### Network locations
+>|associated_malware|categories|classification|first_seen|last_seen|reason|requested_network_location|third_party_reputations_clean|third_party_reputations_malicious|third_party_reputations_total|third_party_reputations_undetected|type|
+>|---|---|---|---|---|---|---|---|---|---|---|---|
+>| false | phishing,
command_and_control | **malicious** | 2022-09-11T11:54:39 | 2023-04-14T11:15:51 | third_party_reputation | http://43.138.221.139/jquery-3.3.1.min.js | 0 | 2 | 19 | 17 | url |
+>| false | | | 2023-11-06T13:10:15 | 2023-07-24T13:15:52 | | 61.253.71.111 | 0 | 0 | 7 | 7 | ip |
+>| true | | | 2023-10-22T21:13:34 | 2023-10-23T03:27:25 | | bloom-artists.com | 0 | 2 | 13 | 11 | domain |
+
+
+### reversinglabs-titaniumcloud-network-reputation-override
+
+***
+Sets and removes user-requested network reputation overrides.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-network-reputation-override`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| set_overrides_list | Network locations whose reputations should be overriden. The locations should be written as a string in the following format - 'network_location,location_type,new_classification\|network_location,location_type,new_classification\|network_location,location_type,new_classification'. | Optional |
+| remove_overrides_list | Network locations whose reputation overrides should be removed. The locations should be written as a string in the following format - 'network_location,location_type\|network_location,location_type\|network_location,location_type'. | Optional |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.network_reputation_override | Unknown | Network reputation user override. |
+
+#### Command example
+```!reversinglabs-titaniumcloud-network-reputation-override set_overrides_list="http://163.197.220.144/5x8x,url,suspicious|http://163.197.220.144/j.ad,url,known" remove_overrides_list="http://43.138.221.139/jquery-3.3.1.min.js,url"```
+#### Context Example
+```json
+{
+ "ReversingLabs": {
+ "network_reputation_override": {
+ "rl": {
+ "user_override": {
+ "created_overrides": [
+ {
+ "classification": "suspicious",
+ "network_location": "http://163.197.220.144/5x8x",
+ "reason": "user_override",
+ "type": "url"
+ },
+ {
+ "classification": "known",
+ "network_location": "http://163.197.220.144/j.ad",
+ "reason": "user_override",
+ "type": "url"
+ }
+ ],
+ "removed_overrides": [
+ {
+ "network_location": "http://43.138.221.139/jquery-3.3.1.min.js",
+ "type": "url"
+ }
+ ]
+ }
+ }
+ }
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs Network reputation user override
+> ### Created overrides
+>|classification|network_location|reason|type|
+>|---|---|---|---|
+>| suspicious | http://163.197.220.144/5x8x | user_override | url |
+>| known | http://163.197.220.144/j.ad | user_override | url |
+>
+> ### Removed overrides
+>|network_location|type|
+>|---|---|
+>| http://43.138.221.139/jquery-3.3.1.min.js | url |
+
+
+### reversinglabs-titaniumcloud-network-reputation-overrides-list
+
+***
+Lists the active network reputation overrides.
+
+#### Base Command
+
+`reversinglabs-titaniumcloud-network-reputation-overrides-list`
+
+#### Input
+
+| **Argument Name** | **Description** | **Required** |
+| --- | --- | --- |
+| result_limit | Maximum number of returned results. Default is 50000. | Optional |
+
+#### Context Output
+
+| **Path** | **Type** | **Description** |
+| --- | --- | --- |
+| ReversingLabs.network_reputation_overrides_list | Unknown | Network reputation overrides list. |
+
+#### Command example
+```!reversinglabs-titaniumcloud-network-reputation-overrides-list result_limit=10```
+#### Context Example
+```json
+{
+ "ReversingLabs": {
+ "network_reputation_overrides_list": [
+ {
+ "network_location": "https://cisco.com/",
+ "type": "url"
+ },
+ {
+ "network_location": "http://banco.colpatria.com.co/banca-virtual/login/",
+ "type": "url"
+ },
+ {
+ "network_location": "http://cvisd.com/",
+ "type": "url"
+ },
+ {
+ "network_location": "https://ca-sil.com/",
+ "type": "url"
+ },
+ {
+ "network_location": "http://partner.frontread.com/",
+ "type": "url"
+ },
+ {
+ "network_location": "https://eclipse.org/",
+ "type": "url"
+ },
+ {
+ "network_location": "http://163.197.220.144/5x8x",
+ "type": "url"
+ },
+ {
+ "network_location": "https://ajestudios.com/",
+ "type": "url"
+ },
+ {
+ "network_location": "https://openairmt.org/",
+ "type": "url"
+ },
+ {
+ "network_location": "https://synnexfpt.com/",
+ "type": "url"
+ }
+ ]
+ }
+}
+```
+
+#### Human Readable Output
+
+>## ReversingLabs Network reputation active user overrides list
+> ### Network location list
+>|network_location|type|
+>|---|---|
+>| https://cisco.com/ | url |
+>| http://banco.colpatria.com.co/banca-virtual/login/ | url |
+>| http://cvisd.com/ | url |
+>| https://ca-sil.com/ | url |
+>| http://partner.frontread.com/ | url |
+>| https://eclipse.org/ | url |
+>| http://163.197.220.144/5x8x | url |
+>| https://ajestudios.com/ | url |
+>| https://openairmt.org/ | url |
+>| https://synnexfpt.com/ | url |
+
### reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis
diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsA1000v2_image.png b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsA1000v2_image.png
new file mode 100644
index 000000000000..9260b7079709
Binary files /dev/null and b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsA1000v2_image.png differ
diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py
index 7636b6e2f893..89aa1b111f1d 100644
--- a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py
+++ b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py
@@ -926,7 +926,8 @@ def detonate_sample_command():
response = da.detonate_sample(sample_sha1=sha1, platform=platform)
except Exception as e:
if hasattr(e, "response_object"):
- return_error(f"status code: {e.response_object.status_code}, message: {e.response_object.text}")
+ return_error(f"status code: {e.response_object.status_code}, "
+ f"message: {e.response_object.text}") # type: ignore[attr-defined]
return_error(str(e))
@@ -967,7 +968,8 @@ def sample_dynamic_analysis_results_command():
)
except Exception as e:
if hasattr(e, "response_object"):
- return_error(f"status code: {e.response_object.status_code}, message: {e.response_object.text}")
+ return_error(f"status code: {e.response_object.status_code}, "
+ f"message: {e.response_object.text}") # type: ignore[attr-defined]
return_error(str(e))
@@ -1034,7 +1036,8 @@ def detonate_url_command():
response = da.detonate_url(url_string=url, platform=platform)
except Exception as e:
if hasattr(e, "response_object"):
- return_error(f"status code: {e.response_object.status_code}, message: {e.response_object.text}")
+ return_error(f"status code: {e.response_object.status_code}, "
+ f"message: {e.response_object.text}") # type: ignore[attr-defined]
return_error(str(e))
@@ -1048,7 +1051,7 @@ def detonate_url_output(response_json, url):
report_base = response_json.get("rl", {})
markdown = f"""## ReversingLabs submit URL {url} for Dynamic Analysis\n **Status**: {report_base.get("status")}
- **Requested UR**: {report_base.get("url")}
+ **Requested URL**: {report_base.get("url")}
**URL SHA1**: {report_base.get("sha1")}
**URL BASE64**: {report_base.get("url_base64")}
**Analysis ID**: {report_base.get("analysis_id")}
@@ -1081,28 +1084,37 @@ def url_dynamic_analysis_results_command():
except Exception as e:
if hasattr(e, "response_object"):
- return_error(f"status code: {e.response_object.status_code}, message: {e.response_object.text}")
+ return_error(f"status code: {e.response_object.status_code}, "
+ f"message: {e.response_object.text}") # type: ignore[attr-defined]
return_error(str(e))
response_json = response.json()
- results, file_results = url_dynamic_analysis_results_output(response_json=response_json, passed_url=url)
+ results, file_results = url_dynamic_analysis_results_output(
+ response_json=response_json,
+ passed_url=url,
+ passed_sha1=sha1
+ )
return_results([results, file_results])
-def url_dynamic_analysis_results_output(response_json, passed_url=None):
+def url_dynamic_analysis_results_output(response_json, passed_url=None, passed_sha1=None):
url = response_json.get("rl", {}).get("report", {}).get("url", passed_url)
+ sha1 = response_json.get("rl", {}).get("report", {}).get("sha1", passed_sha1)
classification = response_json.get("rl", {}).get("report", {}).get("classification")
- url_base64 = response_json.get("rl", {}).get("report", {}).get("url_base54")
- sha1 = response_json.get("rl", {}).get("report", {}).get("sha1")
last_analysis = response_json.get("rl", {}).get("report", {}).get("last_analysis")
- markdown = f"""## ReversingLabs URL Dynamic Analysis output for URL {url}\n **Classification**: {classification}
- **URL SHA1**: {sha1}
- **URL BASE64**: {url_base64}
- **Last analysis**: {last_analysis}\n ### Full report is returned as JSON in a downloadable file
- """
+ markdown = f"## ReversingLabs URL Dynamic Analysis output for URL\n **Classification**: {classification}\n"
+
+ if last_analysis:
+ markdown = markdown + f"**Last analysis**: {last_analysis}\n"
+
+ if url:
+ markdown = markdown + f"**Requested URL**: {url}\n"
+
+ if sha1:
+ markdown = markdown + f"**URL SHA1**: {sha1}"
d_bot_score = classification_to_score(classification.upper())
diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.yml b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.yml
index 03abf1a18885..3ddd4b809dbe 100644
--- a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.yml
+++ b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.yml
@@ -794,7 +794,7 @@ script:
- contextPath: ReversingLabs.network_reputation_overrides_list
description: Network reputation overrides list.
type: Unknown
- dockerimage: demisto/reversinglabs-sdk-py3:2.0.0.85058
+ dockerimage: demisto/reversinglabs-sdk-py3:2.0.0.86428
runonce: false
script: '-'
subtype: python3
diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2_image.png b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2_image.png
deleted file mode 100644
index 7a15203055a7..000000000000
Binary files a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2_image.png and /dev/null differ
diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2_test.py b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2_test.py
index 855d2448bed1..4c19d8e8580a 100644
--- a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2_test.py
+++ b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2_test.py
@@ -7,7 +7,7 @@
url_latest_analyses_feed_output, url_analyses_feed_from_date_output, yara_ruleset_output, yara_retro_actions_output, \
format_proxy, domain_report_output, domain_downloaded_files_output, domain_urls_output, domain_to_ip_output, \
domain_related_domains_output, ip_report_output, ip_downloaded_files_output, ip_urls_output, ip_to_domain_output, \
- network_reputation_output, detonate_url_output, create_da_object, url_dynamic_analysis_results_output
+ network_reputation_output, detonate_url_output
import demistomock as demisto
import pytest
@@ -329,13 +329,6 @@ def test_network_reputation_output():
assert result.to_context() == test_context
-
-
-
-
-
-
-
def test_detonate_sample_output():
test_report = load_json("test_data/detonate_sample.json")
test_context = load_json("test_data/detonate_sample_context.json")
diff --git a/Packs/ReversingLabs_Titanium_Cloud/ReleaseNotes/2_5_0.md b/Packs/ReversingLabs_Titanium_Cloud/ReleaseNotes/2_5_0.md
index 206a9f340320..6736053139c9 100644
--- a/Packs/ReversingLabs_Titanium_Cloud/ReleaseNotes/2_5_0.md
+++ b/Packs/ReversingLabs_Titanium_Cloud/ReleaseNotes/2_5_0.md
@@ -1,6 +1,6 @@
#### Integrations
##### ReversingLabs TitaniumCloud v2
-- Updated the Docker image to: *demisto/reversinglabs-sdk-py3:2.0.0.85058*.
+- Updated the Docker image to: *demisto/reversinglabs-sdk-py3:2.0.0.86428*.
- Updated the ***reversinglabs-titaniumcloud-submit-for-dynamic-analysis*** command: