diff --git a/.github/workflows/clean_stale_branches.yml b/.github/workflows/clean_stale_branches.yml index 560acca86f58..197595a1ff1e 100644 --- a/.github/workflows/clean_stale_branches.yml +++ b/.github/workflows/clean_stale_branches.yml @@ -6,7 +6,7 @@ on: env: DAY_BEFORE_STALE: 30 DAY_BEFORE_CLOSE: 15 - EXEMPT_LABELS: "Ignore Stale" + EXEMPT_LABELS: "Ignore Stale,External PR" jobs: stale: diff --git a/.gitlab/ci/.gitlab-ci.global.yml b/.gitlab/ci/.gitlab-ci.global.yml index d2183e46f7d9..c6c76e1e9871 100644 --- a/.gitlab/ci/.gitlab-ci.global.yml +++ b/.gitlab/ci/.gitlab-ci.global.yml @@ -406,7 +406,7 @@ - ${CI_PROJECT_DIR}/pipeline_jobs_folder/* when: always services: - - name: docker.art.code.pan.run/build-tools--image-dind:20.10.12-dind + - name: ${DOCKER_IO}/library/docker:20.10.12-dind alias: docker variables: DOCKER_HOST: tcp://docker:2375 @@ -431,6 +431,10 @@ ./Tests/scripts/sdk_pylint_check.sh fi - section_end "Test Infrastructure" + - section_start "Revoking GCP Auth and Configure Docker" + - gcloud auth revoke "${GCS_ARTIFACTS_ACCOUNT_NAME}" >> "${ARTIFACTS_FOLDER}/logs/gcloud_auth.log" 2>&1 + - gcloud auth configure-docker ${DOCKER_IO_DOMAIN} >> "${ARTIFACTS_FOLDER}/logs/configure_docker_with_registry.log" 2>&1 + - section_end "Revoking GCP Auth and Configure Docker" - section_start "Run Unit Testing and Lint" - | if [[ -n $BUCKET_UPLOAD && $TEST_UPLOAD == "true" ]]; then diff --git a/.gitlab/ci/.gitlab-ci.sdk-nightly.yml b/.gitlab/ci/.gitlab-ci.sdk-nightly.yml index 1f4e7789ab5f..263e70e179e1 100644 --- a/.gitlab/ci/.gitlab-ci.sdk-nightly.yml +++ b/.gitlab/ci/.gitlab-ci.sdk-nightly.yml @@ -273,7 +273,7 @@ demisto-sdk-nightly:run-end-to-end-tests-general: - .default-job-settings - .sdk-nightly-schedule-rule-always services: # needed for running lint - - name: docker.art.code.pan.run/build-tools--image-dind:20.10.12-dind + - name: ${DOCKER_IO}/library/docker:20.10.12-dind alias: docker variables: DOCKER_HOST: tcp://docker:2375 @@ -313,7 +313,7 @@ demisto-sdk-nightly:run-end-to-end-tests-xsoar: - .default-job-settings - .sdk-nightly-schedule-rule-always services: # needed for running e2e tests for docker - - name: docker.art.code.pan.run/build-tools--image-dind:20.10.12-dind + - name: ${DOCKER_IO}/library/docker:20.10.12-dind alias: docker variables: DOCKER_HOST: tcp://docker:2375 @@ -388,7 +388,7 @@ demisto-sdk-nightly:run-end-to-end-tests-xsiam: - .default-job-settings - .sdk-nightly-schedule-rule-always services: # needed for running e2e tests for docker - - name: docker.art.code.pan.run/build-tools--image-dind:20.10.12-dind + - name: ${DOCKER_IO}/library/docker:20.10.12-dind alias: docker variables: CLOUD_MACHINES_TYPE: "build" @@ -454,7 +454,7 @@ demisto-sdk-nightly:run-end-to-end-tests-xsoar-saas: - .default-job-settings - .sdk-nightly-schedule-rule-always services: # needed for running e2e tests for docker - - name: docker.art.code.pan.run/build-tools--image-dind:20.10.12-dind + - name: ${DOCKER_IO}/library/docker:20.10.12-dind alias: docker variables: CLOUD_MACHINES_TYPE: "build" @@ -526,7 +526,7 @@ demisto-sdk-nightly:trigger-slack-notify: PIPELINE_TO_QUERY: $CI_PIPELINE_ID WORKFLOW: "Demisto SDK Nightly" JOB_NAME: "demisto-sdk-nightly:fan-in" - DEMISTO_SDK_NIGHTLY: "true" + DEMISTO_SDK_NIGHTLY: $DEMISTO_SDK_NIGHTLY OVERRIDE_SDK_REF: $OVERRIDE_SDK_REF SDK_REF: $SDK_REF SLACK_CHANNEL: $SLACK_CHANNEL diff --git a/.gitlab/ci/.gitlab-ci.slack-notify.yml b/.gitlab/ci/.gitlab-ci.slack-notify.yml index 214f17390814..468b2a1fc5f6 100644 --- a/.gitlab/ci/.gitlab-ci.slack-notify.yml +++ b/.gitlab/ci/.gitlab-ci.slack-notify.yml @@ -1,5 +1,5 @@ default: - image: docker-io.art.code.pan.run/devdemisto/gitlab-content-ci:1.0.0.64455 + image: ${DOCKER_IO}/devdemisto/gitlab-content-ci:1.0.0.64455 artifacts: expire_in: 30 days paths: diff --git a/.gitlab/ci/.gitlab-ci.test-native-candidate.yml b/.gitlab/ci/.gitlab-ci.test-native-candidate.yml index fee290d0633b..88037d653b16 100644 --- a/.gitlab/ci/.gitlab-ci.test-native-candidate.yml +++ b/.gitlab/ci/.gitlab-ci.test-native-candidate.yml @@ -24,6 +24,10 @@ test-native-candidate:run-lint-with-native-candidate: echo "vulture py2 version: $(python2 -m vulture --version 2>&1)" echo "vulture py3 version: $(python3 -m vulture --version 2>&1)" - section_end "Versions" + - section_start "Revoking GCP Auth and Configure Docker" + - gcloud auth revoke "${GCS_ARTIFACTS_ACCOUNT_NAME}" >> "${ARTIFACTS_FOLDER}/logs/gcloud_auth.log" 2>&1 + - gcloud auth configure-docker ${DOCKER_IO_DOMAIN} >> "${ARTIFACTS_FOLDER}/logs/configure_docker_with_registry.log" 2>&1 + - section_end "Revoking GCP Auth and Configure Docker" - section_start "Run Lint with Native Candidate" - | mkdir ./unit-tests diff --git a/.gitlab/ci/.gitlab-ci.variables.yml b/.gitlab/ci/.gitlab-ci.variables.yml index 138015d220e8..9f5d98af61b5 100644 --- a/.gitlab/ci/.gitlab-ci.variables.yml +++ b/.gitlab/ci/.gitlab-ci.variables.yml @@ -39,9 +39,10 @@ variables: TEST_UPLOAD: "true" NATIVE_CANDIDATE_IMAGE: "latest" DEMISTO_SDK_GRAPH_FORCE_CREATE: "true" # change this when the demisto-sdk update-graph command is stable - DEMISTO_SDK_LOG_FILE_PATH: $ARTIFACTS_FOLDER/logs/demisto_sdk_debug.log + DEMISTO_SDK_LOG_FILE_PATH: "${ARTIFACTS_FOLDER}/logs" CONTENT_GITLAB_CI: "true" POETRY_VIRTUALENVS_OPTIONS_ALWAYS_COPY: "true" FF_USE_FASTZIP: "true" POETRY_VERSION: "1.6.1" INSTALL_POETRY: "true" + DOCKER_IO: "docker.io" # defined in the project level CI/CD variables diff --git a/.gitlab/ci/.gitlab-ci.yml b/.gitlab/ci/.gitlab-ci.yml index 32ed3f723d9d..f78ef7b3165c 100644 --- a/.gitlab/ci/.gitlab-ci.yml +++ b/.gitlab/ci/.gitlab-ci.yml @@ -1,6 +1,6 @@ default: - image: docker-io.art.code.pan.run/devdemisto/gitlab-content-ci:1.0.0.64455 + image: ${DOCKER_IO}/devdemisto/gitlab-content-ci:1.0.0.64455 artifacts: expire_in: 30 days paths: diff --git a/.pre-commit-config_template.yaml b/.pre-commit-config_template.yaml index bfbd26238644..1f232d9e6337 100644 --- a/.pre-commit-config_template.yaml +++ b/.pre-commit-config_template.yaml @@ -289,7 +289,7 @@ repos: - decorator==5.1.1 ; python_version >= "3.8" and python_version < "3.11" - defusedxml==0.7.1 ; python_version >= "3.8" and python_version < "3.11" - demisto-py==3.2.13 ; python_version >= "3.8" and python_version < "3.11" - - demisto-sdk==1.25.3 ; python_version >= "3.8" and python_version < "3.11" + - demisto-sdk==1.26.0 ; python_version >= "3.8" and python_version < "3.11" - dictdiffer==0.9.0 ; python_version >= "3.8" and python_version < "3.11" - dictor==0.1.12 ; python_version >= "3.8" and python_version < "3.11" - distlib==0.3.7 ; python_version >= "3.8" and python_version < "3.11" diff --git a/Packs/AHA/Integrations/AHA/AHA.yml b/Packs/AHA/Integrations/AHA/AHA.yml index 447aff5b4ea6..8e98ac2cac03 100644 --- a/Packs/AHA/Integrations/AHA/AHA.yml +++ b/Packs/AHA/Integrations/AHA/AHA.yml @@ -171,7 +171,7 @@ script: script: "-" type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 fromversion: 6.5.0 tests: - No tests (auto formatted) diff --git a/Packs/AHA/ReleaseNotes/1_0_24.md b/Packs/AHA/ReleaseNotes/1_0_24.md new file mode 100644 index 000000000000..1625d359ce38 --- /dev/null +++ b/Packs/AHA/ReleaseNotes/1_0_24.md @@ -0,0 +1,3 @@ +#### Integrations +##### Aha +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/AHA/pack_metadata.json b/Packs/AHA/pack_metadata.json index 05f839aaaba5..e3211b2e64c9 100644 --- a/Packs/AHA/pack_metadata.json +++ b/Packs/AHA/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AHA", "description": "Use the Aha! integration to edit name/title description and status of features in Aha! according to their status in Jira", "support": "xsoar", - "currentVersion": "1.0.23", + "currentVersion": "1.0.24", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AMP/Integrations/CiscoAMPEventCollector/CiscoAMPEventCollector.py b/Packs/AMP/Integrations/CiscoAMPEventCollector/CiscoAMPEventCollector.py new file mode 100644 index 000000000000..b1aa4adb3a45 --- /dev/null +++ b/Packs/AMP/Integrations/CiscoAMPEventCollector/CiscoAMPEventCollector.py @@ -0,0 +1,239 @@ +import demistomock as demisto +from CommonServerPython import * +import urllib3 +from typing import Any + +# Disable insecure warnings +urllib3.disable_warnings() + +''' CONSTANTS ''' + +ISO_8601_FORMAT = "%Y-%m-%dT%H:%M:%S.000Z" + +VENDOR = 'cisco' +PRODUCT = 'secure endpoint' +INTEGRATION_NAME = 'Cisco AMP Event Collector' + +FIRST_FETCH = 'one hour' + +''' CLIENT CLASS ''' + + +class Client(BaseClient): + """ + Client for Cisco AMP + + Args: + client_id (str): The Cisco AMP client_id for API access. + api_key (str): The Cisco AMP api_key for API access. + server_url (str): The Cisco AMP API server URL. + """ + API_VERSION = "v1" + + def __init__(self, proxy: bool, verify: bool, server_url: str, client_id: str, api_key: str): + super().__init__( + base_url=urljoin(server_url, self.API_VERSION), + verify=verify, + proxy=proxy, + auth=(client_id, api_key), + ) + + def get_events(self, start_date: str = None, limit: int = None, offset: int = None) -> dict[str, Any]: + """ + Get a list of events. + Args: + start_date (str, optional): Fetch events that are newer than given time. + Defaults to None. + limit (int, optional): Maximum number of events to return. + Defaults to None. + offset (int, optional): Item number to start looking from. + Defaults to None. + Returns: + Dict[str, Any]: A list of events. + """ + params = remove_empty_elements({ + "start_date": start_date, + "limit": limit, + "offset": offset, + }) + + return self._http_request( + method="GET", + url_suffix="/events", + params=params, + ) + + +def test_module(client: Client, params) -> str: + """ + Tests API connectivity and authentication' + When 'ok' is returned it indicates the integration works like it is supposed to and connection to the service is + successful. + Raises exceptions if something goes wrong. + Args: + client (Client): CiscoAMP client to use. + Returns: + str: 'ok' if test passed, anything else will raise an exception and will fail the test. + """ + + try: + fetch_events(client, params, {}) + except Exception as e: + if 'Unauthorized' in str(e): + return 'Authorization Error: make sure the Client ID and API Key are correctly set' + else: + raise e + return 'ok' + + +def get_events(client, args): + """ + Gets events from Guardicore API. + """ + + _, events = fetch_events(client=client, params=args, last_run={'last_fetch': args.get('from_date', FIRST_FETCH)}) + hr = tableToMarkdown(name='Events', t=events) + return events, CommandResults(readable_output=hr) + + +def get_earliest_events(client, start_date, offset=0): + # A loop of fetching earliest events, + while True: + response = client.get_events(start_date=start_date, limit=500, offset=offset) + # Check if there are more pages to fetch + if "next" not in response["metadata"]["links"]: + break + total_results = response.get('metadata', {}).get('results', {}).get('total') + if not total_results: + raise Exception('wrong response returned') + offset = total_results - 500 + + # Reverses the list of events so that the list is in ascending order + # so that the earliest event will be the first in the list + events = response.get("data") + events.reverse() + return events + + +def iterate_events(events, max_events_per_fetch, previous_ids, last_fetch_timestamp): + + # Copy the previous_ids list to manage the events list suspected of being duplicates for the next fetch + new_previous_ids = previous_ids.copy() + filtered_events: list[dict[str, Any]] = [] + for event in events: + # Break once the maximum number of filtered_events has been achieved. + if len(filtered_events) >= max_events_per_fetch: + demisto.debug('We reached the "max_events_per_fetch" requested by the user') + break + + # Skip if the event ID has been fetched already. + if (event_id := str(event.get("id"))) in previous_ids: + demisto.debug(f'skipping {event_id} as it was appear in previous_ids, which means it was already fetched') + continue + + event_timestamp = arg_to_number(event.get('timestamp') * 1000, required=True, arg_name='event.timestamp') + + event.update({'_time': timestamp_to_datestring(event_timestamp, is_utc=True)}) + filtered_events.append(event) + + # Update the latest event time that was fetched. + # And accordingly initializing the list of `previous_ids` + # to the ids that belong to the time of the last event received + if event_timestamp > last_fetch_timestamp: + demisto.debug('updating the last run') + new_previous_ids = {event_id} + last_fetch_timestamp = event_timestamp + + # Adding the event ID when the event time is equal to the last received event + elif event_timestamp == last_fetch_timestamp: + demisto.debug('adding id to the "new_previous_ids"') + new_previous_ids.add(event_id) + + last_run = { + "last_fetch": timestamp_to_datestring(last_fetch_timestamp, is_utc=True), + "previous_ids": list(new_previous_ids), + } + + return last_run, filtered_events + + +def fetch_events(client: Client, params: dict, last_run: dict): + """ + Fetches events from CiscoAMP API. + """ + max_events_per_fetch = arg_to_number(params.get('max_events_per_fetch')) or 1000 + filtered_events = [] + while max_events_per_fetch: + demisto.debug(f'{last_run=}') + start_date = last_run.get("last_fetch") + if start_date: + start_date = dateparser.parse(start_date).strftime(ISO_8601_FORMAT) # type: ignore[union-attr] + else: + start_date = dateparser.parse(FIRST_FETCH).strftime(ISO_8601_FORMAT) # type: ignore[union-attr] + last_fetch_timestamp = date_to_timestamp(start_date, ISO_8601_FORMAT) + demisto.debug(f'Getting events from: {start_date}') + + # The list of event ids that are suspected of being duplicates + previous_ids = set(last_run.get("previous_ids", [])) + + events = get_earliest_events(client, start_date) + demisto.debug(f'Received {len(events)} events from request') + last_run, events = iterate_events(events, max_events_per_fetch, previous_ids, last_fetch_timestamp) + demisto.debug(f'Remained {len(events)} after filtering') + + filtered_events += events + + if not events: + break + max_events_per_fetch -= len(filtered_events) + + demisto.debug(f'Fetched {len(filtered_events)} events.') + return last_run, filtered_events + + +''' MAIN FUNCTION ''' + + +def main() -> None: + """ + main function, parses params and runs command functions + """ + params = demisto.params() + args = demisto.args() + command = demisto.command() + client_id = params.get('credentials').get('identifier') + api_key = params.get('credentials').get('password') + server_url = urljoin(params.get('url')) + verify_certificate = not argToBoolean(params.get('insecure', False)) + proxy = params.get("proxy", False) + should_push_events = argToBoolean(args.get('should_push_events', False)) + + demisto.debug(f'Command being called is {command}') + try: + client = Client(client_id=client_id, api_key=api_key, + server_url=server_url, proxy=proxy, verify=verify_certificate) + if command == 'test-module': + # This is the call made when pressing the integration Test button. + return_results(test_module(client, params)) + + elif command == 'cisco-amp-get-events': + events, results = get_events(client, args) # type: ignore + return_results(results) + if should_push_events: + send_events_to_xsiam(events, vendor=VENDOR, product=PRODUCT) + + elif command == 'fetch-events': + last_run = demisto.getLastRun() or {} + next_run, events = fetch_events(client, params, last_run) + demisto.setLastRun(next_run) + send_events_to_xsiam(events, vendor=VENDOR, product=PRODUCT) + + # Log exceptions and return errors + except Exception as e: + return_error(f'Failed to execute {command} command.\nError:\n{str(e)}') + + +''' ENTRY POINT ''' + +if __name__ in ('__main__', '__builtin__', 'builtins'): + main() diff --git a/Packs/AMP/Integrations/CiscoAMPEventCollector/CiscoAMPEventCollector.yml b/Packs/AMP/Integrations/CiscoAMPEventCollector/CiscoAMPEventCollector.yml new file mode 100644 index 000000000000..00422057d069 --- /dev/null +++ b/Packs/AMP/Integrations/CiscoAMPEventCollector/CiscoAMPEventCollector.yml @@ -0,0 +1,78 @@ +category: Analytics & SIEM +sectionOrder: +- Connect +- Collect +commonfields: + id: CiscoAMPEventCollector + version: -1 +configuration: +- display: Server URL (e.g., https://url.com) + name: url + required: true + type: 0 + section: Connect +- display: Client ID + name: credentials + required: true + displaypassword: API Key + type: 9 + section: Connect +- defaultvalue: 1000 + section: Collect + display: Max events per fetch + name: max_events_per_fetch + advanced: true + required: false + type: 0 +- display: Trust any certificate (not secure) + name: insecure + required: false + type: 8 + section: Connect + advanced: true +- display: Use system proxy settings + name: proxy + required: false + type: 8 + section: Connect + advanced: true +description: This is the Cisco AMP event collector integration for Cortex XSIAM. +display: Cisco AMP Event Collector +name: CiscoAMPEventCollector +script: + commands: + - arguments: + - auto: PREDEFINED + defaultValue: 'false' + description: If true, the command will create events, otherwise it will only display them. + isArray: false + name: should_push_events + predefined: + - 'true' + - 'false' + required: true + - default: false + description: Maximum results to return. + isArray: false + name: max_events_per_fetch + required: true + secret: false + - default: false + description: Date from which to get events. + name: from_date + required: false + deprecated: false + description: Gets events from Cisco AMP. + execution: false + name: cisco-amp-get-events + dockerimage: demisto/python3:3.10.13.86272 + isfetchevents: true + runonce: false + script: '-' + subtype: python3 + type: python +marketplaces: +- marketplacev2 +fromversion: 6.8.0 +tests: +- No tests (auto formatted) diff --git a/Packs/AMP/Integrations/CiscoAMPEventCollector/CiscoAMPEventCollector_description.md b/Packs/AMP/Integrations/CiscoAMPEventCollector/CiscoAMPEventCollector_description.md new file mode 100644 index 000000000000..ec8c5cedfd35 --- /dev/null +++ b/Packs/AMP/Integrations/CiscoAMPEventCollector/CiscoAMPEventCollector_description.md @@ -0,0 +1,7 @@ +To generate the Credentials: +1. Log into the Console, and navigate to Accounts > API Credentials. +2. Click New API Credential to create a new set of Keys. +3. Provide an Application name. Select the Scope of Read-only or Read & Write. +4. Click the Create button. Save the API Key and Client ID information as some of it will not be available after leaving the screen. + +For additional info check [official docs](https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/201121-Overview-of-the-Cisco-AMP-for-Endpoints.html) \ No newline at end of file diff --git a/Packs/AMP/Integrations/CiscoAMPEventCollector/CiscoAMPEventCollector_image.png b/Packs/AMP/Integrations/CiscoAMPEventCollector/CiscoAMPEventCollector_image.png new file mode 100644 index 000000000000..bfc6471ecd5f Binary files /dev/null and b/Packs/AMP/Integrations/CiscoAMPEventCollector/CiscoAMPEventCollector_image.png differ diff --git a/Packs/AMP/Integrations/CiscoAMPEventCollector/CiscoAMPEventCollector_test.py b/Packs/AMP/Integrations/CiscoAMPEventCollector/CiscoAMPEventCollector_test.py new file mode 100644 index 000000000000..07a503a072ef --- /dev/null +++ b/Packs/AMP/Integrations/CiscoAMPEventCollector/CiscoAMPEventCollector_test.py @@ -0,0 +1,166 @@ +""" +Unit testing for CiscoAMP (Advanced Malware Protection) +""" +import demistomock as demisto # noqa: F401 +from CommonServerPython import * # noqa: F401 +import json +import io +import os +import pytest +from CiscoAMPEventCollector import Client + +API_KEY = "API_Key" +CLIENT_ID = "Client_ID" +SERVER_URL = "https://api.eu.amp.cisco.com" +BASE_URL = f"{SERVER_URL}/{Client.API_VERSION}" + + +def load_mock_response(file_name: str) -> str | io.TextIOWrapper: + """ + Load mock file that simulates an API response. + Args: + file_name (str): Name of the mock response JSON file to return. + Returns: + str: Mock file content. + """ + path = os.path.join("test_data", file_name) + + with open(path, encoding="utf-8") as mock_file: + if os.path.splitext(file_name)[1] == ".json": + return json.loads(mock_file.read()) + + return mock_file + + +@pytest.fixture(autouse=True) +def mock_client() -> Client: + """ + Establish a connection to the client with a URL and API key. + Returns: + Client: Connection to client. + """ + return Client(server_url=SERVER_URL, api_key=API_KEY, client_id=CLIENT_ID, proxy=False, verify=False) + + +@pytest.mark.parametrize( + "last_run, limit, expeted_previous_ids", + [ + ( + { + "last_fetch": "2022-07-18T00:00:00.000Z", + "previous_ids": ["6159258594551267592", "6159258594551267593", "6159258594551267594"] + }, + 1, + ["6159258594551267595"] + ), + ( + {}, + 2, + ["6159258594551267592", "6159258594551267593"] + ), + ( + { + "last_fetch": "1 day", + "previous_ids": ["6159258594551267592"] + }, + 1, + ["6159258594551267592", "6159258594551267593"] + ) + ] +) +def test_fetch_events( + mock_client, + mocker, + last_run: dict[str, str | list[str]], + limit: int, + expeted_previous_ids: list[str], +): + """ + Given: + - cass 1: we have "last_fetch" and "previous ids" with several ids. + - cass 2: last run is empty. + - cass 3: we have "last_fetch" and "previous_ids" with one id. + When: + - run `fetch_events` function and we got. + - cass 1: several event of new and old. + - cass 2: 2 new events with the same 'last_fetch' that was not fetched already. + - cass 3: new event with the same 'last_fetch' as one that was fetched already. + Then: + - cass 1: Ensure in case previous_ids is provided it does not fetch + the events with ids already fetched. + - cass 2: Ensure that when there are two events with the same time + the previous_ids returned contains both ids. + - cass 3: Ensure that when the last event retrieved has the same time + as the event with the id provided in previous_ids + then it returns both ids. + """ + mock_response_1 = load_mock_response("incidents_response_1.json") + mock_response_2 = load_mock_response("incidents_response_2.json") + mock_response_3 = load_mock_response("incidents_response_3.json") + + mocker.patch.object(Client, "get_events", side_effect=[mock_response_1, mock_response_2, mock_response_3]) + mocker.patch("CiscoAMPEventCollector.date_to_timestamp", return_value=1699360451000) + + from CiscoAMPEventCollector import fetch_events + + next_run, incidents = fetch_events(client=mock_client, last_run=last_run, + params={'first_fetch_time': "2023-11-01T23:17:39.000Z", 'max_events_per_fetch': limit}) + + # Validate response + for previous_id in expeted_previous_ids: + assert previous_id in next_run["previous_ids"] + assert len(incidents) == limit + + +def test_fetch_events_with_no_new_incidents( + mock_client, + mocker, +): + """ + Given: + - args with last_run that has previous_ids + (Simulates a given situation where there are no new incidents). + When: + - run `fetch_events` function. + Then: + - Ensure the no incidents returned. + - Ensure the `previous_ids` does not change and stays with the provided id. + """ + mock_response = load_mock_response("incidents_response_3.json") + + mocker.patch.object(Client, "get_events", return_value=mock_response) + + from CiscoAMPEventCollector import fetch_events + + next_run, incidents = fetch_events(client=mock_client, + last_run={ + "last_fatch": "2023-11-15T00:00:00.000Z", + "previous_ids": ["6159258594551267595"] + }, + params={ + 'max_events_per_fetch': 100 + }) + + # Validate response + assert "6159258594551267595" in next_run["previous_ids"] + assert len(incidents) == 0 + + +def test_test_module(mock_client, mocker): + """ + Given: + - params and a successful response. + When: + - run `test-module` function. + Then: + - Ensure it pass successfully. + """ + mock_response = load_mock_response("incidents_response_3.json") + mocker.patch.object(Client, 'get_events', return_value=mock_response) + mocker.patch.object(demisto, 'params', return_value={'credentials': {'identifier': 1234, 'password': 1234}, + 'url': 'https://some_url.com'}) + mocker.patch.object(demisto, 'args', return_value={}) + mocker.patch.object(demisto, 'command', return_value='test-module') + from CiscoAMPEventCollector import main + + main() diff --git a/Packs/AMP/Integrations/CiscoAMPEventCollector/README.md b/Packs/AMP/Integrations/CiscoAMPEventCollector/README.md new file mode 100644 index 000000000000..2149882f4bc1 --- /dev/null +++ b/Packs/AMP/Integrations/CiscoAMPEventCollector/README.md @@ -0,0 +1,45 @@ +This is the Cisco AMP event collector integration for Cortex XSIAM. +This integration was integrated and tested with version v1 of CiscoAMPEventCollector. + +## Configure Cisco AMP Event Collector on Cortex XSIAM + +1. Navigate to **Settings** > **Integrations** > **Servers & Services**. +2. Search for Cisco AMP Event Collector. +3. Click **Add instance** to create and configure a new integration instance. + + | **Parameter** | **Required** | + |-----------------------------------------| --- | + | Server URL (e.g., https://some_url.com) | True | + | Client ID | True | + | API Key | True | + | Max events number per fetch | False | + | Trust any certificate (not secure) | False | + | Use system proxy settings | False | + +4. Click **Test** to validate the URLs, token, and connection. + +## Commands + +You can execute these commands from the Cortex XSIAM CLI, as part of an automation, or in a playbook. +After you successfully execute a command, a DBot message appears in the War Room with the command details. + +### cisco-amp-get-events + +*** +Gets events from Cisco AMP. + +#### Base Command + +`cisco-amp-get-events` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| should_push_events | If true, the command will create events, otherwise it will only display them. Possible values are: true, false. Default is false. | Required | +| max_events_per_fetch | Maximum results to return. | Required | +| from_date | From date to get events from. | Optional | + +#### Context Output + +There is no context output for this command. diff --git a/Packs/AMP/Integrations/CiscoAMPEventCollector/command_examples b/Packs/AMP/Integrations/CiscoAMPEventCollector/command_examples new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/Packs/AMP/Integrations/CiscoAMPEventCollector/test_data/incidents_response_1.json b/Packs/AMP/Integrations/CiscoAMPEventCollector/test_data/incidents_response_1.json new file mode 100644 index 000000000000..c17480c8b9c2 --- /dev/null +++ b/Packs/AMP/Integrations/CiscoAMPEventCollector/test_data/incidents_response_1.json @@ -0,0 +1,133 @@ +{ + "version": "version", + "metadata": { + "links": { + "self": "metadata_links_self", + "next": "metadata_links_next" + }, + "results": { + "total": 1000, + "current_item_count": 500, + "index": 0, + "items_per_page": 500 + } + }, + "data": [ + { + "id": 6159258594551267599, + "timestamp": 1699400707, + "date": "2023-11-07T23:45:07+00:00", + "event_type": "Threat Detected", + "event_type_id": 1090519054, + "connector_guid": "data[0]_connector_guid", + "group_guids": [ + "data[0]_group_guids_0" + ], + "severity": "Medium", + "computer": { + "connector_guid": "data[0]_computer_connector_guid", + "hostname": "data[0]_computer_hostname", + "external_ip": "data[0]_computer_external_ip", + "active": "data[0]_computer_active", + "network_addresses": [ + { + "ip": "data[0]_computer_network_addresses[0]_ip", + "mac": "data[0]_computer_network_addresses[0]_mac" + } + ], + "links": { + "computer": "data[0]_computer_links_computer", + "trajectory": "data[0]_computer_links_trajectory", + "group": "data[0]_computer_links_group" + } + } + }, + { + "id": 6159258594551267598, + "timestamp": 1699400607, + "date": "2023-11-07T23:44:07+00:00", + "event_type": "Threat Detected", + "event_type_id": 1090519054, + "connector_guid": "data[0]_connector_guid", + "group_guids": [ + "data[0]_group_guids_0" + ], + "severity": "Medium", + "computer": { + "connector_guid": "data[0]_computer_connector_guid", + "hostname": "data[0]_computer_hostname", + "external_ip": "data[0]_computer_external_ip", + "active": "data[0]_computer_active", + "network_addresses": [ + { + "ip": "data[0]_computer_network_addresses[0]_ip", + "mac": "data[0]_computer_network_addresses[0]_mac" + } + ], + "links": { + "computer": "data[0]_computer_links_computer", + "trajectory": "data[0]_computer_links_trajectory", + "group": "data[0]_computer_links_group" + } + } + }, + { + "id": 6159258594551267597, + "timestamp": 1699400507, + "date": "2023-11-07T23:43:07+00:00", + "event_type": "Threat Detected", + "event_type_id": 1090519054, + "connector_guid": "data[0]_connector_guid", + "group_guids": [ + "data[0]_group_guids_0" + ], + "severity": "Medium", + "computer": { + "connector_guid": "data[0]_computer_connector_guid", + "hostname": "data[0]_computer_hostname", + "external_ip": "data[0]_computer_external_ip", + "active": "data[0]_computer_active", + "network_addresses": [ + { + "ip": "data[0]_computer_network_addresses[0]_ip", + "mac": "data[0]_computer_network_addresses[0]_mac" + } + ], + "links": { + "computer": "data[0]_computer_links_computer", + "trajectory": "data[0]_computer_links_trajectory", + "group": "data[0]_computer_links_group" + } + } + }, + { + "id": 6159258594551267596, + "timestamp": 1699400407, + "date": "2023-11-07T23:42:07+00:00", + "event_type": "Threat Detected", + "event_type_id": 1090519054, + "connector_guid": "data[0]_connector_guid", + "group_guids": [ + "data[0]_group_guids_0" + ], + "severity": "Medium", + "computer": { + "connector_guid": "data[0]_computer_connector_guid", + "hostname": "data[0]_computer_hostname", + "external_ip": "data[0]_computer_external_ip", + "active": "data[0]_computer_active", + "network_addresses": [ + { + "ip": "data[0]_computer_network_addresses[0]_ip", + "mac": "data[0]_computer_network_addresses[0]_mac" + } + ], + "links": { + "computer": "data[0]_computer_links_computer", + "trajectory": "data[0]_computer_links_trajectory", + "group": "data[0]_computer_links_group" + } + } + } + ] +} \ No newline at end of file diff --git a/Packs/AMP/Integrations/CiscoAMPEventCollector/test_data/incidents_response_2.json b/Packs/AMP/Integrations/CiscoAMPEventCollector/test_data/incidents_response_2.json new file mode 100644 index 000000000000..a6e4cc3f86cd --- /dev/null +++ b/Packs/AMP/Integrations/CiscoAMPEventCollector/test_data/incidents_response_2.json @@ -0,0 +1,132 @@ +{ + "version": "version", + "metadata": { + "links": { + "self": "metadata_links_self" + }, + "results": { + "total": 1000, + "current_item_count": 500, + "index": 500, + "items_per_page": 500 + } + }, + "data": [ + { + "id": 6159258594551267595, + "timestamp": 1699400307, + "date": "2023-11-07T23:45:07+00:00", + "event_type": "Threat Detected", + "event_type_id": 1090519054, + "connector_guid": "data[0]_connector_guid", + "group_guids": [ + "data[0]_group_guids_0" + ], + "severity": "Medium", + "computer": { + "connector_guid": "data[0]_computer_connector_guid", + "hostname": "data[0]_computer_hostname", + "external_ip": "data[0]_computer_external_ip", + "active": "data[0]_computer_active", + "network_addresses": [ + { + "ip": "data[0]_computer_network_addresses[0]_ip", + "mac": "data[0]_computer_network_addresses[0]_mac" + } + ], + "links": { + "computer": "data[0]_computer_links_computer", + "trajectory": "data[0]_computer_links_trajectory", + "group": "data[0]_computer_links_group" + } + } + }, + { + "id": 6159258594551267594, + "timestamp": 1699400207, + "date": "2023-11-07T23:44:07+00:00", + "event_type": "Threat Detected", + "event_type_id": 1090519054, + "connector_guid": "data[0]_connector_guid", + "group_guids": [ + "data[0]_group_guids_0" + ], + "severity": "Medium", + "computer": { + "connector_guid": "data[0]_computer_connector_guid", + "hostname": "data[0]_computer_hostname", + "external_ip": "data[0]_computer_external_ip", + "active": "data[0]_computer_active", + "network_addresses": [ + { + "ip": "data[0]_computer_network_addresses[0]_ip", + "mac": "data[0]_computer_network_addresses[0]_mac" + } + ], + "links": { + "computer": "data[0]_computer_links_computer", + "trajectory": "data[0]_computer_links_trajectory", + "group": "data[0]_computer_links_group" + } + } + }, + { + "id": 6159258594551267593, + "timestamp": 1699360451, + "date": "2023-11-07T23:34:11+00:00", + "event_type": "Threat Detected", + "event_type_id": 1090519054, + "connector_guid": "data[0]_connector_guid", + "group_guids": [ + "data[0]_group_guids_0" + ], + "severity": "Medium", + "computer": { + "connector_guid": "data[0]_computer_connector_guid", + "hostname": "data[0]_computer_hostname", + "external_ip": "data[0]_computer_external_ip", + "active": "data[0]_computer_active", + "network_addresses": [ + { + "ip": "data[0]_computer_network_addresses[0]_ip", + "mac": "data[0]_computer_network_addresses[0]_mac" + } + ], + "links": { + "computer": "data[0]_computer_links_computer", + "trajectory": "data[0]_computer_links_trajectory", + "group": "data[0]_computer_links_group" + } + } + }, + { + "id": 6159258594551267592, + "timestamp": 1699360451, + "date": "2023-11-07T23:34:11+00:00", + "event_type": "Threat Detected", + "event_type_id": 1090519054, + "connector_guid": "data[0]_connector_guid", + "group_guids": [ + "data[0]_group_guids_0" + ], + "severity": "Medium", + "computer": { + "connector_guid": "data[0]_computer_connector_guid", + "hostname": "data[0]_computer_hostname", + "external_ip": "data[0]_computer_external_ip", + "active": "data[0]_computer_active", + "network_addresses": [ + { + "ip": "data[0]_computer_network_addresses[0]_ip", + "mac": "data[0]_computer_network_addresses[0]_mac" + } + ], + "links": { + "computer": "data[0]_computer_links_computer", + "trajectory": "data[0]_computer_links_trajectory", + "group": "data[0]_computer_links_group" + } + } + } + ] +} \ No newline at end of file diff --git a/Packs/AMP/Integrations/CiscoAMPEventCollector/test_data/incidents_response_3.json b/Packs/AMP/Integrations/CiscoAMPEventCollector/test_data/incidents_response_3.json new file mode 100644 index 000000000000..c7d7e2e2b109 --- /dev/null +++ b/Packs/AMP/Integrations/CiscoAMPEventCollector/test_data/incidents_response_3.json @@ -0,0 +1,45 @@ +{ + "version": "version", + "metadata": { + "links": { + "self": "metadata_links_self" + }, + "results": { + "total": 1000, + "current_item_count": 500, + "index": 500, + "items_per_page": 500 + } + }, + "data": [ + { + "id": 6159258594551267595, + "timestamp": 1699400307, + "date": "2023-11-07T23:45:07+00:00", + "event_type": "Threat Detected", + "event_type_id": 1090519054, + "connector_guid": "data[0]_connector_guid", + "group_guids": [ + "data[0]_group_guids_0" + ], + "severity": "Medium", + "computer": { + "connector_guid": "data[0]_computer_connector_guid", + "hostname": "data[0]_computer_hostname", + "external_ip": "data[0]_computer_external_ip", + "active": "data[0]_computer_active", + "network_addresses": [ + { + "ip": "data[0]_computer_network_addresses[0]_ip", + "mac": "data[0]_computer_network_addresses[0]_mac" + } + ], + "links": { + "computer": "data[0]_computer_links_computer", + "trajectory": "data[0]_computer_links_trajectory", + "group": "data[0]_computer_links_group" + } + } + } + ] +} \ No newline at end of file diff --git a/Packs/AMP/ModelingRules/AMP/AMP.xif b/Packs/AMP/ModelingRules/AMP/AMP.xif new file mode 100644 index 000000000000..422e5a9b7fcb --- /dev/null +++ b/Packs/AMP/ModelingRules/AMP/AMP.xif @@ -0,0 +1,48 @@ +[MODEL: dataset = "cisco_secure_endpoint_raw"] +alter + external_ip = computer -> external_ip, + network_addresses_ips = arraymap(computer -> network_addresses[], "@element" -> ip), + first_ip_network_addresses = json_extract_scalar(arrayindex(computer -> network_addresses[], 0), "$.ip"), + file_description = concat(file -> file_name, " - ", file -> disposition), + cloud_ioc_description = cloud_ioc -> description, + remote_ip_network_info = network_info -> remote_ip, + protocol_network_info = network_info -> nfm.protocol +| alter + xdm.event.id = to_string(id), + xdm.event.type = event_type, + xdm.event.description = if(file_description != null and cloud_ioc_description != null, concat(cloud_ioc_description, "; ", file_description), coalesce(cloud_ioc_description, file_description )), + xdm.event.outcome = if(lowercase(event_type) contains "fail", XDM_CONST.OUTCOME_FAILED, lowercase(event_type) contains "succ", XDM_CONST.OUTCOME_SUCCESS, null), + xdm.event.outcome_reason = error -> description, + xdm.alert.original_threat_id = coalesce(detection_id, threat_hunting -> incident_hunt_guid), + xdm.alert.severity = severity, + xdm.alert.original_threat_name = detection, + xdm.alert.name = coalesce(detection, threat_hunting -> incident_title), + xdm.alert.description = threat_hunting -> incident_summary, + xdm.alert.mitre_tactics = arraymap(tactics -> [], trim("@element", "\"")), + xdm.alert.mitre_techniques = arraymap(techniques -> [], trim("@element", "\"")), + xdm.alert.risks = vulnerabilities -> [], + xdm.source.host.hostname = computer -> hostname, + xdm.source.user.username = computer -> user, + xdm.source.agent.identifier = connector_guid, + xdm.intermediate.ipv4 = if(external_ip ~= "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", external_ip, null), + xdm.intermediate.ipv6 = if(external_ip ~= "[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}", external_ip, null), + xdm.source.ipv4 = if(first_ip_network_addresses ~= "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", first_ip_network_addresses, null), + xdm.source.ipv6 = if(first_ip_network_addresses ~= "[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}", first_ip_network_addresses, null), + xdm.source.host.ipv4_addresses = arrayfilter(network_addresses_ips, "@element" ~= "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"), + xdm.source.host.ipv6_addresses = arrayfilter(network_addresses_ips, "@element" ~= "[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}"), + xdm.source.host.mac_addresses = arraymap(computer -> network_addresses[], "@element" -> mac), + xdm.target.file.filename = file -> file_name, + xdm.target.file.path = file -> file_path, + xdm.target.file.md5 = file -> identity.md5, + xdm.target.file.sha256 = file -> identity.sha256, + xdm.source.process.pid = coalesce(to_integer(file -> parent.process_id), to_integer(network_info -> parent.process_id)), + xdm.source.process.command_line = command_line -> arguments, + xdm.source.process.executable.filename = coalesce(file -> parent.file_name, network_info -> parent.file_name), + xdm.source.process.executable.md5 = coalesce(file -> parent.identity.md5, network_info -> parent.identity.md5), + xdm.source.process.executable.sha256 = coalesce(file -> parent.identity.sha256, network_info -> parent.identity.sha256), + xdm.target.ipv4 = if(remote_ip_network_info ~= "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", remote_ip_network_info, null), + xdm.target.ipv6 = if(remote_ip_network_info ~= "[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}", remote_ip_network_info, null), + xdm.target.port = to_integer(network_info -> remote_port), + xdm.target.url = network_info -> dirty_url, + xdm.network.http.url = network_info -> dirty_url, + xdm.network.ip_protocol = if(protocol_network_info = "HOPOPT", XDM_CONST.IP_PROTOCOL_HOPOPT, protocol_network_info = "ICMP",XDM_CONST.IP_PROTOCOL_ICMP, protocol_network_info = "IGMP",XDM_CONST.IP_PROTOCOL_IGMP, protocol_network_info = "GGP",XDM_CONST.IP_PROTOCOL_GGP, protocol_network_info = "IP",XDM_CONST.IP_PROTOCOL_IP, protocol_network_info = "ST",XDM_CONST.IP_PROTOCOL_ST, protocol_network_info = "TCP",XDM_CONST.IP_PROTOCOL_TCP, protocol_network_info = "CBT",XDM_CONST.IP_PROTOCOL_CBT, protocol_network_info = "EGP",XDM_CONST.IP_PROTOCOL_EGP, protocol_network_info = "IGP",XDM_CONST.IP_PROTOCOL_IGP, protocol_network_info = "BBN_RCC_MON",XDM_CONST.IP_PROTOCOL_BBN_RCC_MON, protocol_network_info = "NVP_II",XDM_CONST.IP_PROTOCOL_NVP_II, protocol_network_info = "PUP",XDM_CONST.IP_PROTOCOL_PUP, protocol_network_info = "ARGUS",XDM_CONST.IP_PROTOCOL_ARGUS, protocol_network_info = "EMCON",XDM_CONST.IP_PROTOCOL_EMCON, protocol_network_info = "XNET",XDM_CONST.IP_PROTOCOL_XNET, protocol_network_info = "CHAOS",XDM_CONST.IP_PROTOCOL_CHAOS, protocol_network_info = "UDP",XDM_CONST.IP_PROTOCOL_UDP, protocol_network_info = "MUX",XDM_CONST.IP_PROTOCOL_MUX, protocol_network_info = "DCN_MEAS",XDM_CONST.IP_PROTOCOL_DCN_MEAS, protocol_network_info = "HMP",XDM_CONST.IP_PROTOCOL_HMP, protocol_network_info = "PRM",XDM_CONST.IP_PROTOCOL_PRM, protocol_network_info = "XNS_IDP",XDM_CONST.IP_PROTOCOL_XNS_IDP, protocol_network_info = "TRUNK_1",XDM_CONST.IP_PROTOCOL_TRUNK_1, protocol_network_info = "TRUNK_2",XDM_CONST.IP_PROTOCOL_TRUNK_2, protocol_network_info = "LEAF_1",XDM_CONST.IP_PROTOCOL_LEAF_1, protocol_network_info = "LEAF_2",XDM_CONST.IP_PROTOCOL_LEAF_2, protocol_network_info = "RDP",XDM_CONST.IP_PROTOCOL_RDP, protocol_network_info = "IRTP",XDM_CONST.IP_PROTOCOL_IRTP, protocol_network_info = "ISO_TP4",XDM_CONST.IP_PROTOCOL_ISO_TP4, protocol_network_info = "NETBLT",XDM_CONST.IP_PROTOCOL_NETBLT, protocol_network_info = "MFE_NSP",XDM_CONST.IP_PROTOCOL_MFE_NSP, protocol_network_info = "MERIT_INP",XDM_CONST.IP_PROTOCOL_MERIT_INP, protocol_network_info = "DCCP",XDM_CONST.IP_PROTOCOL_DCCP, protocol_network_info = "3PC",XDM_CONST.IP_PROTOCOL_3PC, protocol_network_info = "IDPR",XDM_CONST.IP_PROTOCOL_IDPR, protocol_network_info = "XTP",XDM_CONST.IP_PROTOCOL_XTP, protocol_network_info = "DDP",XDM_CONST.IP_PROTOCOL_DDP, protocol_network_info = "IDPR_CMTP",XDM_CONST.IP_PROTOCOL_IDPR_CMTP, protocol_network_info = "TP",XDM_CONST.IP_PROTOCOL_TP, protocol_network_info = "IL",XDM_CONST.IP_PROTOCOL_IL, protocol_network_info = "IPV6",XDM_CONST.IP_PROTOCOL_IPV6, protocol_network_info = "SDRP",XDM_CONST.IP_PROTOCOL_SDRP, protocol_network_info = "IPV6_ROUTE",XDM_CONST.IP_PROTOCOL_IPV6_ROUTE, protocol_network_info = "IPV6_FRAG",XDM_CONST.IP_PROTOCOL_IPV6_FRAG, protocol_network_info = "IDRP",XDM_CONST.IP_PROTOCOL_IDRP, protocol_network_info = "RSVP",XDM_CONST.IP_PROTOCOL_RSVP, protocol_network_info = "GRE",XDM_CONST.IP_PROTOCOL_GRE, protocol_network_info = "DSR",XDM_CONST.IP_PROTOCOL_DSR, protocol_network_info = "BNA",XDM_CONST.IP_PROTOCOL_BNA, protocol_network_info = "ESP",XDM_CONST.IP_PROTOCOL_ESP, protocol_network_info = "AH",XDM_CONST.IP_PROTOCOL_AH, protocol_network_info = "I_NLSP",XDM_CONST.IP_PROTOCOL_I_NLSP, protocol_network_info = "SWIPE",XDM_CONST.IP_PROTOCOL_SWIPE, protocol_network_info = "NARP",XDM_CONST.IP_PROTOCOL_NARP, protocol_network_info = "MOBILE",XDM_CONST.IP_PROTOCOL_MOBILE, protocol_network_info = "TLSP",XDM_CONST.IP_PROTOCOL_TLSP, protocol_network_info = "SKIP",XDM_CONST.IP_PROTOCOL_SKIP, protocol_network_info = "IPV6_ICMP",XDM_CONST.IP_PROTOCOL_IPV6_ICMP, protocol_network_info = "IPV6_NONXT",XDM_CONST.IP_PROTOCOL_IPV6_NONXT, protocol_network_info = "IPV6_OPTS",XDM_CONST.IP_PROTOCOL_IPV6_OPTS, protocol_network_info = "CFTP",XDM_CONST.IP_PROTOCOL_CFTP, protocol_network_info = "SAT_EXPAK",XDM_CONST.IP_PROTOCOL_SAT_EXPAK, protocol_network_info = "KRYPTOLAN",XDM_CONST.IP_PROTOCOL_KRYPTOLAN, protocol_network_info = "RVD",XDM_CONST.IP_PROTOCOL_RVD, protocol_network_info = "IPPC",XDM_CONST.IP_PROTOCOL_IPPC, protocol_network_info = "SAT_MON",XDM_CONST.IP_PROTOCOL_SAT_MON, protocol_network_info = "VISA",XDM_CONST.IP_PROTOCOL_VISA, protocol_network_info = "IPCV",XDM_CONST.IP_PROTOCOL_IPCV, protocol_network_info = "CPNX",XDM_CONST.IP_PROTOCOL_CPNX, protocol_network_info = "CPHB",XDM_CONST.IP_PROTOCOL_CPHB, protocol_network_info = "WSN",XDM_CONST.IP_PROTOCOL_WSN, protocol_network_info = "PVP",XDM_CONST.IP_PROTOCOL_PVP, protocol_network_info = "BR_SAT_MON",XDM_CONST.IP_PROTOCOL_BR_SAT_MON, protocol_network_info = "SUN_ND",XDM_CONST.IP_PROTOCOL_SUN_ND, protocol_network_info = "WB_MON",XDM_CONST.IP_PROTOCOL_WB_MON, protocol_network_info = "WB_EXPAK",XDM_CONST.IP_PROTOCOL_WB_EXPAK, protocol_network_info = "ISO_IP",XDM_CONST.IP_PROTOCOL_ISO_IP, protocol_network_info = "VMTP",XDM_CONST.IP_PROTOCOL_VMTP, protocol_network_info = "SECURE_VMTP",XDM_CONST.IP_PROTOCOL_SECURE_VMTP, protocol_network_info = "VINES",XDM_CONST.IP_PROTOCOL_VINES, protocol_network_info = "TTP",XDM_CONST.IP_PROTOCOL_TTP, protocol_network_info = "NSFNET_IGP",XDM_CONST.IP_PROTOCOL_NSFNET_IGP, protocol_network_info = "DGP",XDM_CONST.IP_PROTOCOL_DGP, protocol_network_info = "TCF",XDM_CONST.IP_PROTOCOL_TCF, protocol_network_info = "EIGRP",XDM_CONST.IP_PROTOCOL_EIGRP, protocol_network_info = "OSPFIGP",XDM_CONST.IP_PROTOCOL_OSPFIGP, protocol_network_info = "SPRITE_RPC",XDM_CONST.IP_PROTOCOL_SPRITE_RPC, protocol_network_info = "LARP",XDM_CONST.IP_PROTOCOL_LARP, protocol_network_info = "MTP",XDM_CONST.IP_PROTOCOL_MTP, protocol_network_info = "AX25",XDM_CONST.IP_PROTOCOL_AX25, protocol_network_info = "IPIP",XDM_CONST.IP_PROTOCOL_IPIP, protocol_network_info = "MICP",XDM_CONST.IP_PROTOCOL_MICP, protocol_network_info = "SCC_SP",XDM_CONST.IP_PROTOCOL_SCC_SP, protocol_network_info = "ETHERIP",XDM_CONST.IP_PROTOCOL_ETHERIP, protocol_network_info = "ENCAP",XDM_CONST.IP_PROTOCOL_ENCAP, protocol_network_info = "GMTP",XDM_CONST.IP_PROTOCOL_GMTP, protocol_network_info = "IFMP",XDM_CONST.IP_PROTOCOL_IFMP, protocol_network_info = "PNNI",XDM_CONST.IP_PROTOCOL_PNNI, protocol_network_info = "PIM",XDM_CONST.IP_PROTOCOL_PIM, protocol_network_info = "ARIS",XDM_CONST.IP_PROTOCOL_ARIS, protocol_network_info = "SCPS",XDM_CONST.IP_PROTOCOL_SCPS, protocol_network_info = "QNX",XDM_CONST.IP_PROTOCOL_QNX, protocol_network_info = "AN",XDM_CONST.IP_PROTOCOL_AN, protocol_network_info = "IPCOMP",XDM_CONST.IP_PROTOCOL_IPCOMP, protocol_network_info = "SNP",XDM_CONST.IP_PROTOCOL_SNP, protocol_network_info = "COMPAQ_PEER",XDM_CONST.IP_PROTOCOL_COMPAQ_PEER, protocol_network_info = "IPX_IN_IP",XDM_CONST.IP_PROTOCOL_IPX_IN_IP, protocol_network_info = "VRRP",XDM_CONST.IP_PROTOCOL_VRRP, protocol_network_info = "PGM",XDM_CONST.IP_PROTOCOL_PGM, protocol_network_info = "L2TP",XDM_CONST.IP_PROTOCOL_L2TP, protocol_network_info = "DDX",XDM_CONST.IP_PROTOCOL_DDX, protocol_network_info = "IATP",XDM_CONST.IP_PROTOCOL_IATP, protocol_network_info = "STP",XDM_CONST.IP_PROTOCOL_STP, protocol_network_info = "SRP",XDM_CONST.IP_PROTOCOL_SRP, protocol_network_info = "UTI",XDM_CONST.IP_PROTOCOL_UTI, protocol_network_info = "SMP",XDM_CONST.IP_PROTOCOL_SMP, protocol_network_info = "SM",XDM_CONST.IP_PROTOCOL_SM, protocol_network_info = "PTP",XDM_CONST.IP_PROTOCOL_PTP, protocol_network_info = "ISIS",XDM_CONST.IP_PROTOCOL_ISIS, protocol_network_info = "FIRE",XDM_CONST.IP_PROTOCOL_FIRE, protocol_network_info = "CRTP",XDM_CONST.IP_PROTOCOL_CRTP, protocol_network_info = "CRUDP",XDM_CONST.IP_PROTOCOL_CRUDP, protocol_network_info = "SSCOPMCE",XDM_CONST.IP_PROTOCOL_SSCOPMCE, protocol_network_info = "IPLT",XDM_CONST.IP_PROTOCOL_IPLT, protocol_network_info = "SPS",XDM_CONST.IP_PROTOCOL_SPS, protocol_network_info = "PIPE",XDM_CONST.IP_PROTOCOL_PIPE, protocol_network_info = "SCTP",XDM_CONST.IP_PROTOCOL_SCTP, protocol_network_info = "FC",XDM_CONST.IP_PROTOCOL_FC, protocol_network_info = "RSVP_E2E_IGNORE",XDM_CONST.IP_PROTOCOL_RSVP_E2E_IGNORE, protocol_network_info = "MOBILITY",XDM_CONST.IP_PROTOCOL_MOBILITY, protocol_network_info = "UDPLITE",XDM_CONST.IP_PROTOCOL_UDPLITE, protocol_network_info = "MPLS_IN_IP",XDM_CONST.IP_PROTOCOL_MPLS_IN_IP, protocol_network_info = "MANET",XDM_CONST.IP_PROTOCOL_MANET, protocol_network_info = "HIP",XDM_CONST.IP_PROTOCOL_HIP, protocol_network_info = "SHIM6",XDM_CONST.IP_PROTOCOL_SHIM6, protocol_network_info = "WESP",XDM_CONST.IP_PROTOCOL_WESP, protocol_network_info = "ROHC",XDM_CONST.IP_PROTOCOL_ROHC, protocol_network_info = "RESERVED",XDM_CONST.IP_PROTOCOL_RESERVED,to_string(protocol_network_info)); \ No newline at end of file diff --git a/Packs/AMP/ModelingRules/AMP/AMP.yml b/Packs/AMP/ModelingRules/AMP/AMP.yml new file mode 100644 index 000000000000..be07015c308b --- /dev/null +++ b/Packs/AMP/ModelingRules/AMP/AMP.yml @@ -0,0 +1,6 @@ +fromversion: 8.3.0 +id: AMP_ModelingRule +name: AMP Modeling Rule +rules: '' +schema: '' +tags: \ No newline at end of file diff --git a/Packs/AMP/ModelingRules/AMP/AMP_schema.json b/Packs/AMP/ModelingRules/AMP/AMP_schema.json new file mode 100644 index 000000000000..ab0aa9406dcb --- /dev/null +++ b/Packs/AMP/ModelingRules/AMP/AMP_schema.json @@ -0,0 +1,68 @@ +{ + "cisco_secure_endpoint_raw": { + "computer": { + "type": "string", + "is_array": false + }, + "id": { + "type": "int", + "is_array": false + }, + "event_type": { + "type": "string", + "is_array": false + }, + "file": { + "type": "string", + "is_array": false + }, + "detection_id": { + "type": "string", + "is_array": false + }, + "severity": { + "type": "string", + "is_array": false + }, + "detection": { + "type": "string", + "is_array": false + }, + "connector_guid": { + "type": "string", + "is_array": false + }, + "tactics": { + "type": "string", + "is_array": false + }, + "techniques": { + "type": "string", + "is_array": false + }, + "cloud_ioc": { + "type": "string", + "is_array": false + }, + "command_line": { + "type": "string", + "is_array": false + }, + "vulnerabilities": { + "type": "string", + "is_array": false + }, + "error": { + "type": "string", + "is_array": false + }, + "threat_hunting": { + "type": "string", + "is_array": false + }, + "network_info": { + "type": "string", + "is_array": false + } + } +} \ No newline at end of file diff --git a/Packs/AMP/ReleaseNotes/2_1_0.md b/Packs/AMP/ReleaseNotes/2_1_0.md new file mode 100644 index 000000000000..4cce9660578d --- /dev/null +++ b/Packs/AMP/ReleaseNotes/2_1_0.md @@ -0,0 +1,8 @@ +#### Integrations +##### New: Cisco AMP Event Collector +- New: This is the Cisco AMP event collector integration for Cortex XSIAM.(Available from Cortex XSIAM 2.0). + +#### Modeling Rules +##### New: AMP Modeling Rule +Added support for Cisco Secure Endpoint events. + diff --git a/Packs/AMP/pack_metadata.json b/Packs/AMP/pack_metadata.json index 04de7b0b60e3..5bcbf171a533 100644 --- a/Packs/AMP/pack_metadata.json +++ b/Packs/AMP/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cisco AMP", "description": "Uses CISCO AMP Endpoint", "support": "xsoar", - "currentVersion": "2.0.19", + "currentVersion": "2.1.0", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", @@ -12,7 +12,7 @@ ], "tags": [], "useCases": [], - "keywords": [], + "keywords": ["Cisco", "AMP", "Secure Endpoint"], "marketplaces": [ "xsoar", "marketplacev2" diff --git a/Packs/AWS-AccessAnalyzer/Integrations/AWS-AccessAnalyzer/AWS-AccessAnalyzer.yml b/Packs/AWS-AccessAnalyzer/Integrations/AWS-AccessAnalyzer/AWS-AccessAnalyzer.yml index ada02ed1cfc6..2ab29cf1e901 100755 --- a/Packs/AWS-AccessAnalyzer/Integrations/AWS-AccessAnalyzer/AWS-AccessAnalyzer.yml +++ b/Packs/AWS-AccessAnalyzer/Integrations/AWS-AccessAnalyzer/AWS-AccessAnalyzer.yml @@ -301,7 +301,7 @@ script: name: roleSessionDuration description: Updates findings with the new values provided in the request. name: aws-access-analyzer-update-findings - dockerimage: demisto/boto3py3:1.0.0.85072 + dockerimage: demisto/boto3py3:1.0.0.86592 isfetch: true runonce: false script: '-' diff --git a/Packs/AWS-AccessAnalyzer/ReleaseNotes/1_1_26.md b/Packs/AWS-AccessAnalyzer/ReleaseNotes/1_1_26.md new file mode 100644 index 000000000000..31ec911c5097 --- /dev/null +++ b/Packs/AWS-AccessAnalyzer/ReleaseNotes/1_1_26.md @@ -0,0 +1,3 @@ +#### Integrations +##### AWS - AccessAnalyzer +- Updated the Docker image to: *demisto/boto3py3:1.0.0.86592*. diff --git a/Packs/AWS-AccessAnalyzer/pack_metadata.json b/Packs/AWS-AccessAnalyzer/pack_metadata.json index b5bed3ecb40b..074095dbecf2 100644 --- a/Packs/AWS-AccessAnalyzer/pack_metadata.json +++ b/Packs/AWS-AccessAnalyzer/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AWS - AccessAnalyzer", "description": "Amazon Web Services IAM Access Analyzer", "support": "xsoar", - "currentVersion": "1.1.25", + "currentVersion": "1.1.26", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AWS-EC2/ReleaseNotes/1_4_2.md b/Packs/AWS-EC2/ReleaseNotes/1_4_2.md new file mode 100644 index 000000000000..bb8461dc6d5b --- /dev/null +++ b/Packs/AWS-EC2/ReleaseNotes/1_4_2.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### AwsEC2GetPublicSGRules +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + diff --git a/Packs/AWS-EC2/Scripts/AwsEC2GetPublicSGRules/AwsEC2GetPublicSGRules.yml b/Packs/AWS-EC2/Scripts/AwsEC2GetPublicSGRules/AwsEC2GetPublicSGRules.yml index e29c4640024e..11313a898db3 100644 --- a/Packs/AWS-EC2/Scripts/AwsEC2GetPublicSGRules/AwsEC2GetPublicSGRules.yml +++ b/Packs/AWS-EC2/Scripts/AwsEC2GetPublicSGRules/AwsEC2GetPublicSGRules.yml @@ -62,6 +62,6 @@ tags: timeout: '0' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole fromversion: 5.0.0 diff --git a/Packs/AWS-EC2/pack_metadata.json b/Packs/AWS-EC2/pack_metadata.json index b72d8572f427..c55f79a6790b 100644 --- a/Packs/AWS-EC2/pack_metadata.json +++ b/Packs/AWS-EC2/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AWS - EC2", "description": "Amazon Web Services Elastic Compute Cloud (EC2)", "support": "xsoar", - "currentVersion": "1.4.1", + "currentVersion": "1.4.2", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AWS-Enrichment-Remediation/Playbooks/playbook-Cloud_Credentials_Rotation_-_AWS.yml b/Packs/AWS-Enrichment-Remediation/Playbooks/playbook-Cloud_Credentials_Rotation_-_AWS.yml index 2ce0ef59cd58..02235d17b098 100644 --- a/Packs/AWS-Enrichment-Remediation/Playbooks/playbook-Cloud_Credentials_Rotation_-_AWS.yml +++ b/Packs/AWS-Enrichment-Remediation/Playbooks/playbook-Cloud_Credentials_Rotation_-_AWS.yml @@ -619,25 +619,17 @@ tasks: policyDocument: simple: |- { - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Deny", - "Action": [ - "*" - ], - "Resource": [ - "*" - ], - "Condition": { - "DateLessThan": { - "aws:TokenIssueTime": "[policy creation time]" - } - } - ] + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Deny", + "Action": "*", + "Resource": "*" + } + ] } policyName: - simple: XSIAM-DenyPolicy-Alert ${alert.id} + simple: XSIAM-DenyPolicy-Alert-${alert.id} roleName: complex: root: AWS.IAM.InstanceProfiles.Roles @@ -1311,12 +1303,6 @@ tasks: complex: root: inputs.instanceID iscontext: true - - - operator: isNotEmpty - left: - value: - complex: - root: inputs.instanceProfileName - iscontext: true - label: USER condition: - - operator: isEqualString diff --git a/Packs/AWS-Enrichment-Remediation/Playbooks/playbook-Cloud_Credentials_Rotation_-_AWS_README.md b/Packs/AWS-Enrichment-Remediation/Playbooks/playbook-Cloud_Credentials_Rotation_-_AWS_README.md index fc8b8831a720..7045df4b3533 100644 --- a/Packs/AWS-Enrichment-Remediation/Playbooks/playbook-Cloud_Credentials_Rotation_-_AWS_README.md +++ b/Packs/AWS-Enrichment-Remediation/Playbooks/playbook-Cloud_Credentials_Rotation_-_AWS_README.md @@ -28,26 +28,26 @@ This playbook does not use any integrations. ### Scripts -* GeneratePassword * Set +* GeneratePassword ### Commands +* aws-ec2-describe-iam-instance-profile-associations * aws-iam-list-attached-role-policies * aws-iam-list-role-policies -* aws-iam-get-instance-profile +* aws-iam-list-policy-versions * aws-iam-create-instance-profile +* aws-iam-get-policy-version +* aws-iam-create-role * aws-iam-attach-policy * aws-iam-put-role-policy -* aws-iam-get-role-policy -* aws-iam-create-role -* aws-iam-get-policy-version -* aws-ec2-describe-regions -* aws-ec2-describe-iam-instance-profile-associations -* aws-iam-list-policy-versions -* aws-ec2-describe-instances * aws-iam-update-login-profile * aws-iam-update-access-key +* aws-iam-get-instance-profile +* aws-ec2-describe-instances +* aws-iam-get-role-policy +* aws-ec2-describe-regions ## Playbook Inputs diff --git a/Packs/AWS-Enrichment-Remediation/ReleaseNotes/1_1_15.md b/Packs/AWS-Enrichment-Remediation/ReleaseNotes/1_1_15.md new file mode 100644 index 000000000000..b7431fd966c0 --- /dev/null +++ b/Packs/AWS-Enrichment-Remediation/ReleaseNotes/1_1_15.md @@ -0,0 +1,7 @@ + +#### Playbooks + +##### Cloud Credentials Rotation - AWS + +- Fixes a bug in the playbook flow where a wrong field was used for the identity type selection +- Removes an unused playbook input from a conditional task diff --git a/Packs/AWS-Enrichment-Remediation/pack_metadata.json b/Packs/AWS-Enrichment-Remediation/pack_metadata.json index f476eaa70e4a..02e202cd9549 100644 --- a/Packs/AWS-Enrichment-Remediation/pack_metadata.json +++ b/Packs/AWS-Enrichment-Remediation/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AWS Enrichment and Remediation", "description": "Playbooks using multiple AWS content packs for enrichment and remediation purposes", "support": "xsoar", - "currentVersion": "1.1.14", + "currentVersion": "1.1.15", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AWS-GuardDuty/Integrations/AWSGuardDuty/AWSGuardDuty.yml b/Packs/AWS-GuardDuty/Integrations/AWSGuardDuty/AWSGuardDuty.yml index 4e8afc6e7ba8..8572757a7e16 100644 --- a/Packs/AWS-GuardDuty/Integrations/AWSGuardDuty/AWSGuardDuty.yml +++ b/Packs/AWS-GuardDuty/Integrations/AWSGuardDuty/AWSGuardDuty.yml @@ -871,7 +871,7 @@ script: - contextPath: AWS.GuardDuty.Members.UpdatedAt description: The time a member was last updated. type: string - dockerimage: demisto/boto3py3:1.0.0.85072 + dockerimage: demisto/boto3py3:1.0.0.86592 isfetch: true runonce: false script: '-' diff --git a/Packs/AWS-GuardDuty/Integrations/AWSGuardDutyEventCollector/AWSGuardDutyEventCollector.yml b/Packs/AWS-GuardDuty/Integrations/AWSGuardDutyEventCollector/AWSGuardDutyEventCollector.yml index 8d2fd3527a30..41dd0d4cc361 100644 --- a/Packs/AWS-GuardDuty/Integrations/AWSGuardDutyEventCollector/AWSGuardDutyEventCollector.yml +++ b/Packs/AWS-GuardDuty/Integrations/AWSGuardDutyEventCollector/AWSGuardDutyEventCollector.yml @@ -112,7 +112,7 @@ script: name: limit description: Manual command used to fetch events and display them. name: aws-gd-get-events - dockerimage: demisto/boto3py3:1.0.0.85072 + dockerimage: demisto/boto3py3:1.0.0.86592 isfetchevents: true subtype: python3 marketplaces: diff --git a/Packs/AWS-GuardDuty/ReleaseNotes/1_3_44.md b/Packs/AWS-GuardDuty/ReleaseNotes/1_3_44.md new file mode 100644 index 000000000000..787a39bb6aac --- /dev/null +++ b/Packs/AWS-GuardDuty/ReleaseNotes/1_3_44.md @@ -0,0 +1,5 @@ +#### Integrations +##### AWS - GuardDuty Event Collector +- Updated the Docker image to: *demisto/boto3py3:1.0.0.86592*. +##### AWS - GuardDuty +- Updated the Docker image to: *demisto/boto3py3:1.0.0.86592*. diff --git a/Packs/AWS-GuardDuty/pack_metadata.json b/Packs/AWS-GuardDuty/pack_metadata.json index c0d4c29d5f4f..3e197b1c927d 100644 --- a/Packs/AWS-GuardDuty/pack_metadata.json +++ b/Packs/AWS-GuardDuty/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AWS - GuardDuty", "description": "Amazon Web Services Guard Duty Service (gd)", "support": "xsoar", - "currentVersion": "1.3.43", + "currentVersion": "1.3.44", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml b/Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml index d6322c0676c3..00dc06bba5a0 100644 --- a/Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml +++ b/Packs/AWS-IAM/Integrations/AWS-IAM/AWS-IAM.yml @@ -1536,7 +1536,7 @@ script: - contextPath: AWS.IAM.Roles.AttachedPolicies.Query.Marker description: When IsTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request. type: string - dockerimage: demisto/boto3py3:1.0.0.85072 + dockerimage: demisto/boto3py3:1.0.0.86592 runonce: false script: '-' subtype: python3 diff --git a/Packs/AWS-IAM/ReleaseNotes/1_1_55.md b/Packs/AWS-IAM/ReleaseNotes/1_1_55.md new file mode 100644 index 000000000000..36a1dea4a801 --- /dev/null +++ b/Packs/AWS-IAM/ReleaseNotes/1_1_55.md @@ -0,0 +1,3 @@ +#### Integrations +##### AWS - Identity and Access Management +- Updated the Docker image to: *demisto/boto3py3:1.0.0.86592*. diff --git a/Packs/AWS-IAM/pack_metadata.json b/Packs/AWS-IAM/pack_metadata.json index 7dc60039b2de..e3eed207faf0 100644 --- a/Packs/AWS-IAM/pack_metadata.json +++ b/Packs/AWS-IAM/pack_metadata.json @@ -3,7 +3,7 @@ "description": "Amazon Web Services Identity and Access Management (IAM)", "support": "xsoar", "author": "Cortex XSOAR", - "currentVersion": "1.1.54", + "currentVersion": "1.1.55", "url": "https://www.paloaltonetworks.com/cortex", "email": "", "created": "2020-04-14T00:00:00Z", diff --git a/Packs/AWS-Route53/Integrations/AWSRoute53/AWSRoute53.yml b/Packs/AWS-Route53/Integrations/AWSRoute53/AWSRoute53.yml index 25b8edb24c2f..a8df78ed74fa 100644 --- a/Packs/AWS-Route53/Integrations/AWSRoute53/AWSRoute53.yml +++ b/Packs/AWS-Route53/Integrations/AWSRoute53/AWSRoute53.yml @@ -401,7 +401,7 @@ script: - contextPath: AWS.Route53.RecordSetsChange.Comment description: A complex type that describes change information about changes made to your hosted zone. type: string - dockerimage: demisto/boto3py3:1.0.0.85072 + dockerimage: demisto/boto3py3:1.0.0.86592 runonce: false script: '' subtype: python3 diff --git a/Packs/AWS-Route53/ReleaseNotes/1_1_27.md b/Packs/AWS-Route53/ReleaseNotes/1_1_27.md new file mode 100644 index 000000000000..360434ca7a2a --- /dev/null +++ b/Packs/AWS-Route53/ReleaseNotes/1_1_27.md @@ -0,0 +1,3 @@ +#### Integrations +##### AWS - Route53 +- Updated the Docker image to: *demisto/boto3py3:1.0.0.86592*. diff --git a/Packs/AWS-Route53/pack_metadata.json b/Packs/AWS-Route53/pack_metadata.json index a8dd9ba90713..15e2f9c47133 100644 --- a/Packs/AWS-Route53/pack_metadata.json +++ b/Packs/AWS-Route53/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AWS - Route53", "description": "Amazon Web Services Managed Cloud DNS Service.", "support": "xsoar", - "currentVersion": "1.1.26", + "currentVersion": "1.1.27", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AWS-SNS/Integrations/AWSSNS/AWSSNS.yml b/Packs/AWS-SNS/Integrations/AWSSNS/AWSSNS.yml index 7c1d40b3172f..062fb6a718a2 100644 --- a/Packs/AWS-SNS/Integrations/AWSSNS/AWSSNS.yml +++ b/Packs/AWS-SNS/Integrations/AWSSNS/AWSSNS.yml @@ -225,7 +225,7 @@ script: outputs: - contextPath: AWS.SNS.Subscriptions.SubscriptionArn description: The Subscription Arn. - dockerimage: demisto/boto3py3:1.0.0.85072 + dockerimage: demisto/boto3py3:1.0.0.86592 script: '' subtype: python3 type: python diff --git a/Packs/AWS-SNS/ReleaseNotes/1_0_10.md b/Packs/AWS-SNS/ReleaseNotes/1_0_10.md new file mode 100644 index 000000000000..fafc90fd834e --- /dev/null +++ b/Packs/AWS-SNS/ReleaseNotes/1_0_10.md @@ -0,0 +1,3 @@ +#### Integrations +##### AWS - SNS +- Updated the Docker image to: *demisto/boto3py3:1.0.0.86592*. diff --git a/Packs/AWS-SNS/pack_metadata.json b/Packs/AWS-SNS/pack_metadata.json index dfe2e4103656..21756b389e53 100644 --- a/Packs/AWS-SNS/pack_metadata.json +++ b/Packs/AWS-SNS/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AWS - SNS", "description": "This is the integration content pack which can create or delete topic/subscription on AWS Simple Notification System and send the message via SNS as well.", "support": "xsoar", - "currentVersion": "1.0.9", + "currentVersion": "1.0.10", "author": "Jie Liau", "url": "", "email": "", diff --git a/Packs/AWS-SecurityHub/Integrations/AWSSecurityHubEventCollector/AWSSecurityHubEventCollector.yml b/Packs/AWS-SecurityHub/Integrations/AWSSecurityHubEventCollector/AWSSecurityHubEventCollector.yml index 74df1e531edd..5455484a2d00 100644 --- a/Packs/AWS-SecurityHub/Integrations/AWSSecurityHubEventCollector/AWSSecurityHubEventCollector.yml +++ b/Packs/AWS-SecurityHub/Integrations/AWSSecurityHubEventCollector/AWSSecurityHubEventCollector.yml @@ -116,7 +116,7 @@ script: name: limit description: Fetch events from AWS Security Hub. name: aws-securityhub-get-events - dockerimage: demisto/boto3py3:1.0.0.84645 + dockerimage: demisto/boto3py3:1.0.0.86592 isfetchevents: true script: '-' subtype: python3 diff --git a/Packs/AWS-SecurityHub/ReleaseNotes/1_3_27.md b/Packs/AWS-SecurityHub/ReleaseNotes/1_3_27.md new file mode 100644 index 000000000000..ab3d781bb79d --- /dev/null +++ b/Packs/AWS-SecurityHub/ReleaseNotes/1_3_27.md @@ -0,0 +1,3 @@ +#### Integrations +##### AWS Security Hub Event Collector +- Updated the Docker image to: *demisto/boto3py3:1.0.0.86592*. diff --git a/Packs/AWS-SecurityHub/pack_metadata.json b/Packs/AWS-SecurityHub/pack_metadata.json index 2523e822f669..6c41f6799b86 100644 --- a/Packs/AWS-SecurityHub/pack_metadata.json +++ b/Packs/AWS-SecurityHub/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AWS - Security Hub", "description": "Amazon Web Services Security Hub Service.", "support": "xsoar", - "currentVersion": "1.3.26", + "currentVersion": "1.3.27", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AbnormalSecurity/Integrations/AbnormalSecurity/AbnormalSecurity.yml b/Packs/AbnormalSecurity/Integrations/AbnormalSecurity/AbnormalSecurity.yml index 5bd1f2cf4a3f..ae64351576c1 100644 --- a/Packs/AbnormalSecurity/Integrations/AbnormalSecurity/AbnormalSecurity.yml +++ b/Packs/AbnormalSecurity/Integrations/AbnormalSecurity/AbnormalSecurity.yml @@ -703,7 +703,7 @@ script: description: Get the latest threat intel feed. name: abnormal-security-get-latest-threat-intel-feed deprecated: true - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 script: "" subtype: python3 type: python diff --git a/Packs/AbnormalSecurity/ReleaseNotes/2_2_4.md b/Packs/AbnormalSecurity/ReleaseNotes/2_2_4.md new file mode 100644 index 000000000000..55414a91ba73 --- /dev/null +++ b/Packs/AbnormalSecurity/ReleaseNotes/2_2_4.md @@ -0,0 +1,3 @@ +#### Integrations +##### Abnormal Security +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/AbnormalSecurity/pack_metadata.json b/Packs/AbnormalSecurity/pack_metadata.json index bcf269374bb5..e22d4bdcb54a 100644 --- a/Packs/AbnormalSecurity/pack_metadata.json +++ b/Packs/AbnormalSecurity/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Abnormal Security", "description": "Abnormal Security detects and protects against the whole spectrum of email attacks", "support": "partner", - "currentVersion": "2.2.3", + "currentVersion": "2.2.4", "author": "Abnormal Security", "url": "", "email": "support@abnormalsecurity.com", diff --git a/Packs/AccentureCTI/Integrations/ACTIIndicatorQuery/ACTIIndicatorQuery.yml b/Packs/AccentureCTI/Integrations/ACTIIndicatorQuery/ACTIIndicatorQuery.yml index cf77d9bf42df..603b95ef3e72 100644 --- a/Packs/AccentureCTI/Integrations/ACTIIndicatorQuery/ACTIIndicatorQuery.yml +++ b/Packs/AccentureCTI/Integrations/ACTIIndicatorQuery/ACTIIndicatorQuery.yml @@ -400,7 +400,7 @@ script: - contextPath: DBotScore.Score description: The actual score. type: String - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/AccentureCTI/ReleaseNotes/2_2_32.md b/Packs/AccentureCTI/ReleaseNotes/2_2_32.md new file mode 100644 index 000000000000..5d002ff64ded --- /dev/null +++ b/Packs/AccentureCTI/ReleaseNotes/2_2_32.md @@ -0,0 +1,3 @@ +#### Integrations +##### ACTI Indicator Query +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/AccentureCTI/pack_metadata.json b/Packs/AccentureCTI/pack_metadata.json index 14dd9c17e712..a5cd2923fe49 100644 --- a/Packs/AccentureCTI/pack_metadata.json +++ b/Packs/AccentureCTI/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Accenture CTI v2", "description": "Accenture CTI provides intelligence regarding security threats and vulnerabilities.", "support": "partner", - "currentVersion": "2.2.31", + "currentVersion": "2.2.32", "author": "Accenture", "url": "https://www.accenture.com/us-en/services/security/cyber-defense", "email": "CTI.AcctManagement@accenture.com", diff --git a/Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml b/Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml index bf40108ae68a..cf4656803bd1 100644 --- a/Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml +++ b/Packs/AccentureCTI_Feed/Integrations/ACTIIndicatorFeed/ACTIIndicatorFeed.yml @@ -150,7 +150,7 @@ script: name: limit description: Gets the feed indicators. name: acti-get-indicators - dockerimage: demisto/py3-tools:1.0.0.84811 + dockerimage: demisto/py3-tools:1.0.0.86612 feed: true runonce: false script: '-' diff --git a/Packs/AccentureCTI_Feed/ReleaseNotes/1_1_34.md b/Packs/AccentureCTI_Feed/ReleaseNotes/1_1_34.md new file mode 100644 index 000000000000..812a1762d683 --- /dev/null +++ b/Packs/AccentureCTI_Feed/ReleaseNotes/1_1_34.md @@ -0,0 +1,3 @@ +#### Integrations +##### ACTI Indicator Feed +- Updated the Docker image to: *demisto/py3-tools:1.0.0.86612*. diff --git a/Packs/AccentureCTI_Feed/pack_metadata.json b/Packs/AccentureCTI_Feed/pack_metadata.json index e51aff014925..5bba200222b5 100644 --- a/Packs/AccentureCTI_Feed/pack_metadata.json +++ b/Packs/AccentureCTI_Feed/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Accenture CTI Feed", "description": "Accenture Cyber Threat Intelligence Feed", "support": "partner", - "currentVersion": "1.1.33", + "currentVersion": "1.1.34", "author": "Accenture", "url": "https://www.accenture.com/us-en/services/security/cyber-defense", "email": "CTI.AcctManagement@accenture.com", diff --git a/Packs/Algosec/ReleaseNotes/1_0_13.md b/Packs/Algosec/ReleaseNotes/1_0_13.md new file mode 100644 index 000000000000..6072411359dd --- /dev/null +++ b/Packs/Algosec/ReleaseNotes/1_0_13.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### AlgosecGetTicket +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + diff --git a/Packs/Algosec/Scripts/AlgosecGetTicket/AlgosecGetTicket.yml b/Packs/Algosec/Scripts/AlgosecGetTicket/AlgosecGetTicket.yml index 4b8ad94ec426..83006209423a 100644 --- a/Packs/Algosec/Scripts/AlgosecGetTicket/AlgosecGetTicket.yml +++ b/Packs/Algosec/Scripts/AlgosecGetTicket/AlgosecGetTicket.yml @@ -20,6 +20,6 @@ dependson: must: - algosec-get-ticket fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) diff --git a/Packs/Algosec/pack_metadata.json b/Packs/Algosec/pack_metadata.json index 94e0cb2a9bc9..d8d223cb5a74 100644 --- a/Packs/Algosec/pack_metadata.json +++ b/Packs/Algosec/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AlgoSec", "description": "Algosec BusinessFlow(ABF), Firewall Analyzer (AFA) and FireFlow(AFF).", "support": "xsoar", - "currentVersion": "1.0.12", + "currentVersion": "1.0.13", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Anomali_Enterprise/Integrations/Anomali_Enterprise/Anomali_Enterprise.yml b/Packs/Anomali_Enterprise/Integrations/Anomali_Enterprise/Anomali_Enterprise.yml index 010912bcd6b2..836795b92ed0 100644 --- a/Packs/Anomali_Enterprise/Integrations/Anomali_Enterprise/Anomali_Enterprise.yml +++ b/Packs/Anomali_Enterprise/Integrations/Anomali_Enterprise/Anomali_Enterprise.yml @@ -173,7 +173,7 @@ script: - contextPath: Domain.Malicious.Description description: A description of the malicious domain. type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/Anomali_Enterprise/ReleaseNotes/1_0_32.md b/Packs/Anomali_Enterprise/ReleaseNotes/1_0_32.md new file mode 100644 index 000000000000..731f244c0b30 --- /dev/null +++ b/Packs/Anomali_Enterprise/ReleaseNotes/1_0_32.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Anomali Match + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Anomali_Enterprise/pack_metadata.json b/Packs/Anomali_Enterprise/pack_metadata.json index 6f58c6a140f1..01ebb9af012c 100644 --- a/Packs/Anomali_Enterprise/pack_metadata.json +++ b/Packs/Anomali_Enterprise/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Anomali Enterprise", "description": "Use Anomali Match to query IOCs and conduct forensic searches.", "support": "xsoar", - "currentVersion": "1.0.31", + "currentVersion": "1.0.32", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.yml b/Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.yml index 5b7500e88140..c86bd89b5e4a 100644 --- a/Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.yml +++ b/Packs/Anomali_ThreatStream/Integrations/AnomaliThreatStreamv3/AnomaliThreatStreamv3.yml @@ -6431,7 +6431,7 @@ script: isArray: true description: Remove tags from the indicators. name: threatstream-remove-indicator-tag - dockerimage: demisto/py3-tools:1.0.0.84811 + dockerimage: demisto/py3-tools:1.0.0.86612 runonce: false script: '-' subtype: python3 diff --git a/Packs/Anomali_ThreatStream/ReleaseNotes/2_2_15.md b/Packs/Anomali_ThreatStream/ReleaseNotes/2_2_15.md new file mode 100644 index 000000000000..29b782acc706 --- /dev/null +++ b/Packs/Anomali_ThreatStream/ReleaseNotes/2_2_15.md @@ -0,0 +1,3 @@ +#### Integrations +##### Anomali ThreatStream v3 +- Updated the Docker image to: *demisto/py3-tools:1.0.0.86612*. diff --git a/Packs/Anomali_ThreatStream/pack_metadata.json b/Packs/Anomali_ThreatStream/pack_metadata.json index a3a7c97b497e..151801d0ac7c 100644 --- a/Packs/Anomali_ThreatStream/pack_metadata.json +++ b/Packs/Anomali_ThreatStream/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Anomali ThreatStream", "description": "Use Anomali ThreatStream to query and submit threats.", "support": "xsoar", - "currentVersion": "2.2.14", + "currentVersion": "2.2.15", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AnsibleTower/Integrations/AnsibleTower/AnsibleTower.yml b/Packs/AnsibleTower/Integrations/AnsibleTower/AnsibleTower.yml index 880e7b931d09..078fee30e748 100644 --- a/Packs/AnsibleTower/Integrations/AnsibleTower/AnsibleTower.yml +++ b/Packs/AnsibleTower/Integrations/AnsibleTower/AnsibleTower.yml @@ -1328,7 +1328,7 @@ script: - contextPath: AnsibleAWX.JobEvents.event_data description: Job's raw event data type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/AnsibleTower/ReleaseNotes/1_1_1.md b/Packs/AnsibleTower/ReleaseNotes/1_1_1.md new file mode 100644 index 000000000000..6ec0e1172991 --- /dev/null +++ b/Packs/AnsibleTower/ReleaseNotes/1_1_1.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Ansible Automation Platform + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/AnsibleTower/pack_metadata.json b/Packs/AnsibleTower/pack_metadata.json index ca98573fe421..fea82fe99ea7 100644 --- a/Packs/AnsibleTower/pack_metadata.json +++ b/Packs/AnsibleTower/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Ansible Automation Platform", "description": "Scale IT automation, manage complex deployments and speed productivity.", "support": "xsoar", - "currentVersion": "1.1.0", + "currentVersion": "1.1.1", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AppNovi/Integrations/appNovi/appNovi.yml b/Packs/AppNovi/Integrations/appNovi/appNovi.yml index 0824e285bb0d..207bb2d1322e 100644 --- a/Packs/AppNovi/Integrations/appNovi/appNovi.yml +++ b/Packs/AppNovi/Integrations/appNovi/appNovi.yml @@ -401,7 +401,7 @@ script: type: textArea description: Server IP to search. description: Search for servers using IP address. - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) fromversion: 6.5.0 diff --git a/Packs/AppNovi/ReleaseNotes/1_0_22.md b/Packs/AppNovi/ReleaseNotes/1_0_22.md new file mode 100644 index 000000000000..e16641cac5ec --- /dev/null +++ b/Packs/AppNovi/ReleaseNotes/1_0_22.md @@ -0,0 +1,3 @@ +#### Integrations +##### appNovi +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/AppNovi/pack_metadata.json b/Packs/AppNovi/pack_metadata.json index eeba4a4058f3..07c016cc62b6 100644 --- a/Packs/AppNovi/pack_metadata.json +++ b/Packs/AppNovi/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AppNovi", "description": "Search your combined security data in appNovi via simplified search or search via the appNovi security graph.", "support": "partner", - "currentVersion": "1.0.21", + "currentVersion": "1.0.22", "author": "appNovi", "url": "https://appnovi.com/support", "email": "", diff --git a/Packs/Armorblox/Integrations/Armorblox/Armorblox.yml b/Packs/Armorblox/Integrations/Armorblox/Armorblox.yml index 0a4443655f37..44704a150353 100644 --- a/Packs/Armorblox/Integrations/Armorblox/Armorblox.yml +++ b/Packs/Armorblox/Integrations/Armorblox/Armorblox.yml @@ -88,7 +88,7 @@ script: - contextPath: Armorblox.Threat.remediation_actions description: Should be the remediation action name for the incident under inspection. type: string - dockerimage: demisto/armorblox:1.0.0.84639 + dockerimage: demisto/armorblox:1.0.0.86345 isfetch: true script: '' subtype: python3 diff --git a/Packs/Armorblox/ReleaseNotes/1_0_32.md b/Packs/Armorblox/ReleaseNotes/1_0_32.md new file mode 100644 index 000000000000..78bd39e290d4 --- /dev/null +++ b/Packs/Armorblox/ReleaseNotes/1_0_32.md @@ -0,0 +1,3 @@ +#### Integrations +##### Armorblox +- Updated the Docker image to: *demisto/armorblox:1.0.0.86345*. diff --git a/Packs/Armorblox/pack_metadata.json b/Packs/Armorblox/pack_metadata.json index 3e6043c650a4..2a964478b55e 100644 --- a/Packs/Armorblox/pack_metadata.json +++ b/Packs/Armorblox/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Armorblox", "description": "Armorblox is an API-based platform that stops targeted email attacks, protects sensitive data, and automates incident response.", "support": "partner", - "currentVersion": "1.0.31", + "currentVersion": "1.0.32", "author": "Armorblox", "url": "https://www.armorblox.com/", "email": "support@armorblox.com", diff --git a/Packs/Ataya/Integrations/Ataya/Ataya.yml b/Packs/Ataya/Integrations/Ataya/Ataya.yml index d75b452ec071..74e81d3e64af 100644 --- a/Packs/Ataya/Integrations/Ataya/Ataya.yml +++ b/Packs/Ataya/Integrations/Ataya/Ataya.yml @@ -39,7 +39,7 @@ script: description: the cilient imsi which need to be assigned. description: approve user to access external network. name: ataya-assign-user - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '' subtype: python3 diff --git a/Packs/Ataya/ReleaseNotes/1_0_3.md b/Packs/Ataya/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..c3be586c48e9 --- /dev/null +++ b/Packs/Ataya/ReleaseNotes/1_0_3.md @@ -0,0 +1,3 @@ +#### Integrations +##### Ataya Harmony +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Ataya/pack_metadata.json b/Packs/Ataya/pack_metadata.json index 2163d99f8a38..1fae6daf7b3a 100644 --- a/Packs/Ataya/pack_metadata.json +++ b/Packs/Ataya/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Ataya", "description": "Integrate with Ataya Harmony for manage the 5G UE session", "support": "partner", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "Ataya Inc.", "url": "https://ataya.io", "email": "", diff --git a/Packs/AtlassianConfluenceCloud/Integrations/AtlassianConfluenceCloud/AtlassianConfluenceCloud.yml b/Packs/AtlassianConfluenceCloud/Integrations/AtlassianConfluenceCloud/AtlassianConfluenceCloud.yml index 3d11d4589ac6..758df2f41e7e 100644 --- a/Packs/AtlassianConfluenceCloud/Integrations/AtlassianConfluenceCloud/AtlassianConfluenceCloud.yml +++ b/Packs/AtlassianConfluenceCloud/Integrations/AtlassianConfluenceCloud/AtlassianConfluenceCloud.yml @@ -1915,7 +1915,7 @@ script: - contextPath: ConfluenceCloud.Group._links.self description: Link to the group. type: String - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/AtlassianConfluenceCloud/ReleaseNotes/1_0_23.md b/Packs/AtlassianConfluenceCloud/ReleaseNotes/1_0_23.md new file mode 100644 index 000000000000..f29327d57ee8 --- /dev/null +++ b/Packs/AtlassianConfluenceCloud/ReleaseNotes/1_0_23.md @@ -0,0 +1,3 @@ +#### Integrations +##### Atlassian Confluence Cloud +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/AtlassianConfluenceCloud/pack_metadata.json b/Packs/AtlassianConfluenceCloud/pack_metadata.json index 16505fec740e..d00cb055a8e2 100644 --- a/Packs/AtlassianConfluenceCloud/pack_metadata.json +++ b/Packs/AtlassianConfluenceCloud/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Atlassian Confluence Cloud", "description": "Atlassian Confluence Cloud allows users to interact with confluence entities like content, space, users and groups. Users can also manage the space permissions.", "support": "xsoar", - "currentVersion": "1.0.22", + "currentVersion": "1.0.23", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Aws-SecretsManager/Integrations/AwsSecretsManager/AwsSecretsManager.yml b/Packs/Aws-SecretsManager/Integrations/AwsSecretsManager/AwsSecretsManager.yml index 8b541c7bc9d3..2a31de325553 100644 --- a/Packs/Aws-SecretsManager/Integrations/AwsSecretsManager/AwsSecretsManager.yml +++ b/Packs/Aws-SecretsManager/Integrations/AwsSecretsManager/AwsSecretsManager.yml @@ -286,7 +286,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/boto3py3:1.0.0.85072 + dockerimage: demisto/boto3py3:1.0.0.86592 fromversion: 6.5.0 tests: - No tests (auto formatted) diff --git a/Packs/Aws-SecretsManager/ReleaseNotes/1_0_36.md b/Packs/Aws-SecretsManager/ReleaseNotes/1_0_36.md new file mode 100644 index 000000000000..74830ef139ff --- /dev/null +++ b/Packs/Aws-SecretsManager/ReleaseNotes/1_0_36.md @@ -0,0 +1,3 @@ +#### Integrations +##### Aws Secrets Manager +- Updated the Docker image to: *demisto/boto3py3:1.0.0.86592*. diff --git a/Packs/Aws-SecretsManager/pack_metadata.json b/Packs/Aws-SecretsManager/pack_metadata.json index 9849961f7f8d..774bf13e52af 100644 --- a/Packs/Aws-SecretsManager/pack_metadata.json +++ b/Packs/Aws-SecretsManager/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AWS Secrets Manager", "description": "AWS Secrets Manager helps you to securely encrypt, store, and retrieve credentials for your databases and other services.", "support": "xsoar", - "currentVersion": "1.0.35", + "currentVersion": "1.0.36", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AzureDataExplorer/Integrations/AzureDataExplorer/AzureDataExplorer.yml b/Packs/AzureDataExplorer/Integrations/AzureDataExplorer/AzureDataExplorer.yml index 57acaf1cf054..9d4ac2d6b5ee 100644 --- a/Packs/AzureDataExplorer/Integrations/AzureDataExplorer/AzureDataExplorer.yml +++ b/Packs/AzureDataExplorer/Integrations/AzureDataExplorer/AzureDataExplorer.yml @@ -434,7 +434,7 @@ script: - description: Generate the login url used for Authorization code flow. name: azure-data-explorer-generate-login-url arguments: [] - dockerimage: demisto/auth-utils:1.0.0.84760 + dockerimage: demisto/auth-utils:1.0.0.86556 runonce: false script: "-" subtype: python3 diff --git a/Packs/AzureDataExplorer/ReleaseNotes/1_2_36.md b/Packs/AzureDataExplorer/ReleaseNotes/1_2_36.md new file mode 100644 index 000000000000..a99bd47b9a65 --- /dev/null +++ b/Packs/AzureDataExplorer/ReleaseNotes/1_2_36.md @@ -0,0 +1,3 @@ +#### Integrations +##### Azure Data Explorer +- Updated the Docker image to: *demisto/auth-utils:1.0.0.86556*. diff --git a/Packs/AzureDataExplorer/pack_metadata.json b/Packs/AzureDataExplorer/pack_metadata.json index b552e3d50743..496d50a7433a 100644 --- a/Packs/AzureDataExplorer/pack_metadata.json +++ b/Packs/AzureDataExplorer/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Azure Data Explorer", "description": "Use Azure Data Explorer integration to collect and analyze data inside clusters of Azure Data Explorer and manage search queries.", "support": "xsoar", - "currentVersion": "1.2.35", + "currentVersion": "1.2.36", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AzureDevOps/Integrations/AzureDevOps/AzureDevOps.yml b/Packs/AzureDevOps/Integrations/AzureDevOps/AzureDevOps.yml index b9bf63079e71..d0fbf8839b15 100644 --- a/Packs/AzureDevOps/Integrations/AzureDevOps/AzureDevOps.yml +++ b/Packs/AzureDevOps/Integrations/AzureDevOps/AzureDevOps.yml @@ -2986,7 +2986,7 @@ script: - description: Generate the login url used for Authorization code flow. name: azure-devops-generate-login-url arguments: [] - dockerimage: demisto/crypto:1.0.0.84658 + dockerimage: demisto/crypto:1.0.0.86361 isremotesyncout: true ismappable: true isfetch: true diff --git a/Packs/AzureDevOps/ReleaseNotes/1_3_14.md b/Packs/AzureDevOps/ReleaseNotes/1_3_14.md new file mode 100644 index 000000000000..ead4d8dba97c --- /dev/null +++ b/Packs/AzureDevOps/ReleaseNotes/1_3_14.md @@ -0,0 +1,3 @@ +#### Integrations +##### AzureDevOps +- Updated the Docker image to: *demisto/crypto:1.0.0.86361*. diff --git a/Packs/AzureDevOps/pack_metadata.json b/Packs/AzureDevOps/pack_metadata.json index 6eb99441d51e..ca784e405c78 100644 --- a/Packs/AzureDevOps/pack_metadata.json +++ b/Packs/AzureDevOps/pack_metadata.json @@ -2,7 +2,7 @@ "name": "AzureDevOps", "description": "Create and manage Git repositories in Azure DevOps Services.", "support": "xsoar", - "currentVersion": "1.3.13", + "currentVersion": "1.3.14", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AzureFirewall/Integrations/AzureFirewall/AzureFirewall.yml b/Packs/AzureFirewall/Integrations/AzureFirewall/AzureFirewall.yml index a8a99448f956..980f5885b005 100644 --- a/Packs/AzureFirewall/Integrations/AzureFirewall/AzureFirewall.yml +++ b/Packs/AzureFirewall/Integrations/AzureFirewall/AzureFirewall.yml @@ -1089,7 +1089,7 @@ script: - contextPath: AzureFirewall.ResourceGroup.type description: The type of the resource group. type: String - dockerimage: demisto/crypto:1.0.0.84658 + dockerimage: demisto/crypto:1.0.0.86361 runonce: false script: '-' subtype: python3 diff --git a/Packs/AzureFirewall/ReleaseNotes/1_1_35.md b/Packs/AzureFirewall/ReleaseNotes/1_1_35.md new file mode 100644 index 000000000000..f8360a449bb7 --- /dev/null +++ b/Packs/AzureFirewall/ReleaseNotes/1_1_35.md @@ -0,0 +1,3 @@ +#### Integrations +##### Azure Firewall +- Updated the Docker image to: *demisto/crypto:1.0.0.86361*. diff --git a/Packs/AzureFirewall/pack_metadata.json b/Packs/AzureFirewall/pack_metadata.json index 70efcbafe0b3..8fe5acbf0300 100644 --- a/Packs/AzureFirewall/pack_metadata.json +++ b/Packs/AzureFirewall/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Azure Firewall", "description": "Azure Firewall is a cloud-native and intelligent network firewall security service that provides breed threat protection for cloud workloads running in Azure.It's a fully stateful, firewall as a service with built-in high availability and unrestricted cloud scalability.", "support": "xsoar", - "currentVersion": "1.1.34", + "currentVersion": "1.1.35", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AzureKeyVault/Integrations/AzureKeyVault/AzureKeyVault.yml b/Packs/AzureKeyVault/Integrations/AzureKeyVault/AzureKeyVault.yml index 5cb5d50152e9..13ce00d15494 100644 --- a/Packs/AzureKeyVault/Integrations/AzureKeyVault/AzureKeyVault.yml +++ b/Packs/AzureKeyVault/Integrations/AzureKeyVault/AzureKeyVault.yml @@ -964,7 +964,7 @@ script: description: Run this command if for some reason you need to rerun the authentication process. execution: false name: azure-key-vault-auth-reset - dockerimage: demisto/crypto:1.0.0.84658 + dockerimage: demisto/crypto:1.0.0.86361 runonce: false script: '-' subtype: python3 diff --git a/Packs/AzureKeyVault/ReleaseNotes/1_1_39.md b/Packs/AzureKeyVault/ReleaseNotes/1_1_39.md new file mode 100644 index 000000000000..2b642a8569cc --- /dev/null +++ b/Packs/AzureKeyVault/ReleaseNotes/1_1_39.md @@ -0,0 +1,3 @@ +#### Integrations +##### Azure Key Vault +- Updated the Docker image to: *demisto/crypto:1.0.0.86361*. diff --git a/Packs/AzureKeyVault/pack_metadata.json b/Packs/AzureKeyVault/pack_metadata.json index 13c00416ce10..73a495cc5632 100644 --- a/Packs/AzureKeyVault/pack_metadata.json +++ b/Packs/AzureKeyVault/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Azure Key Vault", "description": "Use Key Vault to safeguard and manage cryptographic keys and secrets used by cloud applications and services.", "support": "xsoar", - "currentVersion": "1.1.38", + "currentVersion": "1.1.39", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AzureLogAnalytics/Integrations/AzureLogAnalytics/AzureLogAnalytics.yml b/Packs/AzureLogAnalytics/Integrations/AzureLogAnalytics/AzureLogAnalytics.yml index 7932b2404ba0..6b516fb7cc2f 100644 --- a/Packs/AzureLogAnalytics/Integrations/AzureLogAnalytics/AzureLogAnalytics.yml +++ b/Packs/AzureLogAnalytics/Integrations/AzureLogAnalytics/AzureLogAnalytics.yml @@ -683,7 +683,7 @@ script: name: workspace_name description: Delete a Log Analytics workspace table. We recommend you delete the search job when you're done querying the table. This reduces workspace clutter and extra charges for data retention. name: azure-log-analytics-delete-search-job - dockerimage: demisto/crypto:1.0.0.84658 + dockerimage: demisto/crypto:1.0.0.86361 runonce: false script: '-' subtype: python3 diff --git a/Packs/AzureLogAnalytics/ReleaseNotes/1_1_25.md b/Packs/AzureLogAnalytics/ReleaseNotes/1_1_25.md new file mode 100644 index 000000000000..8f59a600d46a --- /dev/null +++ b/Packs/AzureLogAnalytics/ReleaseNotes/1_1_25.md @@ -0,0 +1,3 @@ +#### Integrations +##### Azure Log Analytics +- Updated the Docker image to: *demisto/crypto:1.0.0.86361*. diff --git a/Packs/AzureLogAnalytics/pack_metadata.json b/Packs/AzureLogAnalytics/pack_metadata.json index 134646813bc8..ca6ce1a5b4eb 100644 --- a/Packs/AzureLogAnalytics/pack_metadata.json +++ b/Packs/AzureLogAnalytics/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Azure Log Analytics", "description": "Log Analytics is a service that helps you collect and analyze data generated by resources in your cloud and on-premises environments.", "support": "xsoar", - "currentVersion": "1.1.24", + "currentVersion": "1.1.25", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AzureRiskyUsers/Integrations/AzureRiskyUsers/AzureRiskyUsers.yml b/Packs/AzureRiskyUsers/Integrations/AzureRiskyUsers/AzureRiskyUsers.yml index 63c787248042..1270b084ba3e 100644 --- a/Packs/AzureRiskyUsers/Integrations/AzureRiskyUsers/AzureRiskyUsers.yml +++ b/Packs/AzureRiskyUsers/Integrations/AzureRiskyUsers/AzureRiskyUsers.yml @@ -315,7 +315,7 @@ script: - contextPath: AzureRiskyUsers.RiskDetection.tokenIssuerType description: 'Indicates the type of token issuer for the detected sign-in risk. Possible values are: AzureAD, ADFederationServices, UnknownFutureValue.' type: String - dockerimage: demisto/crypto:1.0.0.84658 + dockerimage: demisto/crypto:1.0.0.86361 runonce: false script: '-' subtype: python3 diff --git a/Packs/AzureRiskyUsers/ReleaseNotes/1_1_30.md b/Packs/AzureRiskyUsers/ReleaseNotes/1_1_30.md new file mode 100644 index 000000000000..03443be7f36e --- /dev/null +++ b/Packs/AzureRiskyUsers/ReleaseNotes/1_1_30.md @@ -0,0 +1,3 @@ +#### Integrations +##### Azure Risky Users +- Updated the Docker image to: *demisto/crypto:1.0.0.86361*. diff --git a/Packs/AzureRiskyUsers/pack_metadata.json b/Packs/AzureRiskyUsers/pack_metadata.json index ac9b80cd783d..d97d90287d8a 100644 --- a/Packs/AzureRiskyUsers/pack_metadata.json +++ b/Packs/AzureRiskyUsers/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Azure Risky Users", "description": "Azure Risky Users provides access to all at-risk users and risk detections in Azure AD environment.", "support": "xsoar", - "currentVersion": "1.1.29", + "currentVersion": "1.1.30", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AzureSQLManagement/Integrations/AzureSQLManagement/AzureSQLManagement.yml b/Packs/AzureSQLManagement/Integrations/AzureSQLManagement/AzureSQLManagement.yml index bccd222bd6c2..f156af72dbfd 100644 --- a/Packs/AzureSQLManagement/Integrations/AzureSQLManagement/AzureSQLManagement.yml +++ b/Packs/AzureSQLManagement/Integrations/AzureSQLManagement/AzureSQLManagement.yml @@ -651,7 +651,7 @@ script: - contextPath: AzureSQL.ResourceGroup.tags description: The tags attached to the resource group. type: String - dockerimage: demisto/crypto:1.0.0.84658 + dockerimage: demisto/crypto:1.0.0.86361 runonce: false script: '-' subtype: python3 diff --git a/Packs/AzureSQLManagement/ReleaseNotes/1_1_40.md b/Packs/AzureSQLManagement/ReleaseNotes/1_1_40.md new file mode 100644 index 000000000000..554f1fedf3f5 --- /dev/null +++ b/Packs/AzureSQLManagement/ReleaseNotes/1_1_40.md @@ -0,0 +1,3 @@ +#### Integrations +##### Azure SQL Management +- Updated the Docker image to: *demisto/crypto:1.0.0.86361*. diff --git a/Packs/AzureSQLManagement/pack_metadata.json b/Packs/AzureSQLManagement/pack_metadata.json index a5e17023a27e..90f054b9fe7f 100644 --- a/Packs/AzureSQLManagement/pack_metadata.json +++ b/Packs/AzureSQLManagement/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Azure SQL Management", "description": "Microsoft Azure SQL Database is a managed cloud database provided as part of Microsoft Azure", "support": "xsoar", - "currentVersion": "1.1.39", + "currentVersion": "1.1.40", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml b/Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml index ec9b203b84cd..e96efc8b6b46 100644 --- a/Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml +++ b/Packs/AzureSentinel/Integrations/AzureSentinel/AzureSentinel.yml @@ -2381,7 +2381,7 @@ script: execution: false name: azure-sentinel-auth-reset arguments: [] - dockerimage: demisto/crypto:1.0.0.84658 + dockerimage: demisto/crypto:1.0.0.86361 isfetch: true runonce: false script: '-' diff --git a/Packs/AzureSentinel/ReleaseNotes/1_5_36.md b/Packs/AzureSentinel/ReleaseNotes/1_5_36.md new file mode 100644 index 000000000000..647a57e1b988 --- /dev/null +++ b/Packs/AzureSentinel/ReleaseNotes/1_5_36.md @@ -0,0 +1,3 @@ +#### Integrations +##### Microsoft Sentinel +- Updated the Docker image to: *demisto/crypto:1.0.0.86361*. diff --git a/Packs/AzureSentinel/pack_metadata.json b/Packs/AzureSentinel/pack_metadata.json index d06660d8a46d..1791a3b80707 100644 --- a/Packs/AzureSentinel/pack_metadata.json +++ b/Packs/AzureSentinel/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Sentinel", "description": "Microsoft Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise.", "support": "xsoar", - "currentVersion": "1.5.35", + "currentVersion": "1.5.36", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/AzureStorageFileShare/Integrations/AzureStorageFileShare/AzureStorageFileShare.yml b/Packs/AzureStorageFileShare/Integrations/AzureStorageFileShare/AzureStorageFileShare.yml index 7d77d659f207..316e2dea10c5 100644 --- a/Packs/AzureStorageFileShare/Integrations/AzureStorageFileShare/AzureStorageFileShare.yml +++ b/Packs/AzureStorageFileShare/Integrations/AzureStorageFileShare/AzureStorageFileShare.yml @@ -210,7 +210,7 @@ script: description: Delete file from Share. execution: true name: azure-storage-fileshare-file-delete - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/AzureStorageFileShare/ReleaseNotes/1_0_24.md b/Packs/AzureStorageFileShare/ReleaseNotes/1_0_24.md new file mode 100644 index 000000000000..f95d91133290 --- /dev/null +++ b/Packs/AzureStorageFileShare/ReleaseNotes/1_0_24.md @@ -0,0 +1,3 @@ +#### Integrations +##### Azure Storage FileShare +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/AzureStorageFileShare/pack_metadata.json b/Packs/AzureStorageFileShare/pack_metadata.json index 6cda57cb5e21..d5a60414e70c 100644 --- a/Packs/AzureStorageFileShare/pack_metadata.json +++ b/Packs/AzureStorageFileShare/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Azure Storage FileShare", "description": "Create and Manage Azure FileShare Files and Directories.", "support": "xsoar", - "currentVersion": "1.0.23", + "currentVersion": "1.0.24", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Base/.pack-ignore b/Packs/Base/.pack-ignore index 3a70652c42bb..43512e3a3209 100644 --- a/Packs/Base/.pack-ignore +++ b/Packs/Base/.pack-ignore @@ -80,6 +80,7 @@ FileResult JavaScript CPE CPEs +debug-entry [tests_require_network] CommonServerPython diff --git a/Packs/Base/ReleaseNotes/1_33_21.md b/Packs/Base/ReleaseNotes/1_33_21.md new file mode 100644 index 000000000000..d070a0bd195e --- /dev/null +++ b/Packs/Base/ReleaseNotes/1_33_21.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### SearchIndicatorRelationships +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + diff --git a/Packs/Base/ReleaseNotes/1_33_22.md b/Packs/Base/ReleaseNotes/1_33_22.md new file mode 100644 index 000000000000..63f5575a3427 --- /dev/null +++ b/Packs/Base/ReleaseNotes/1_33_22.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### CreateIndicatorRelationship + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Base/ReleaseNotes/1_33_23.md b/Packs/Base/ReleaseNotes/1_33_23.md new file mode 100644 index 000000000000..147d3d624558 --- /dev/null +++ b/Packs/Base/ReleaseNotes/1_33_23.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### CommonServerPython + +- Fixed an issue in **execute_command** where the command returns an empty debug-entry when running on XSOAR version 8.x. diff --git a/Packs/Base/ReleaseNotes/1_33_24.md b/Packs/Base/ReleaseNotes/1_33_24.md new file mode 100644 index 000000000000..13b864d3c32a --- /dev/null +++ b/Packs/Base/ReleaseNotes/1_33_24.md @@ -0,0 +1,7 @@ + +#### Scripts + +##### GetIndicatorsByQuery + +- Improved implementation for better performance when using the *populateFields* argument. +- Update the docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py index 4066805e761f..ef4bfec9fc6d 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py @@ -247,6 +247,7 @@ def __del__(self): 'entryInfoFile': 9, 'warning': 11, 'map': 15, + 'debug': 16, 'widget': 17 } @@ -7711,8 +7712,7 @@ def execute_command(command, args, extract_contents=True, fail_on_error=True): return res else: return True, res - - contents = [entry.get('Contents', {}) for entry in res] + contents = [entry.get('Contents', {}) for entry in res if entry['Type'] != entryTypes['debug']] contents = contents[0] if len(contents) == 1 else contents if fail_on_error: diff --git a/Packs/Base/Scripts/CreateIndicatorRelationship/CreateIndicatorRelationship.yml b/Packs/Base/Scripts/CreateIndicatorRelationship/CreateIndicatorRelationship.yml index 52e3bc39475d..d9505ef4a6d5 100644 --- a/Packs/Base/Scripts/CreateIndicatorRelationship/CreateIndicatorRelationship.yml +++ b/Packs/Base/Scripts/CreateIndicatorRelationship/CreateIndicatorRelationship.yml @@ -252,7 +252,7 @@ tags: timeout: '0' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 6.2.0 tests: - Relationships scripts - Test diff --git a/Packs/Base/Scripts/GetIndicatorsByQuery/GetIndicatorsByQuery.py b/Packs/Base/Scripts/GetIndicatorsByQuery/GetIndicatorsByQuery.py index 35661b4295d6..07c16faa7348 100644 --- a/Packs/Base/Scripts/GetIndicatorsByQuery/GetIndicatorsByQuery.py +++ b/Packs/Base/Scripts/GetIndicatorsByQuery/GetIndicatorsByQuery.py @@ -37,7 +37,7 @@ def is_key_match_fields_to_hash(key, fields_to_hash): def hash_multiple(value, fields_to_hash, to_hash=False): if isinstance(value, list): - return list(map(lambda x: hash_multiple(x, fields_to_hash, to_hash), value)) + return [hash_multiple(x, fields_to_hash, to_hash) for x in value] if isinstance(value, dict): for k, v in value.items(): _hash = to_hash or is_key_match_fields_to_hash(k, fields_to_hash) @@ -45,7 +45,7 @@ def hash_multiple(value, fields_to_hash, to_hash=False): return value else: try: - if isinstance(value, (int, float, bool)): + if isinstance(value, int | float | bool): to_hash = False if not isinstance(value, str): value = str(value) @@ -88,11 +88,16 @@ def find_indicators_with_limit_loop(indicator_query: str, limit: int): Finds indicators using while loop with demisto.searchIndicators, and returns result and last page """ iocs: List[dict] = [] - search_indicators = IndicatorsSearcher(query=indicator_query, limit=limit, size=PAGE_SIZE) + search_indicators = IndicatorsSearcher( + query=indicator_query, + limit=limit, + size=PAGE_SIZE, + filter_fields=",".join(populate_fields) if populate_fields else None, + ) for ioc_res in search_indicators: fetched_iocs = ioc_res.get('iocs') or [] iocs.extend(fetched_iocs) - return list(map(lambda x: parse_ioc(x), iocs)) + return [parse_ioc(x) for x in iocs] fields_to_hash, unpopulate_fields, populate_fields = [], [], [] # type: ignore @@ -102,8 +107,8 @@ def main(): global fields_to_hash, unpopulate_fields, populate_fields args = demisto.args() fields_to_hash = frozenset([x for x in argToList(args.get('fieldsToHash', '')) if x]) # type: ignore - unpopulate_fields = frozenset([x for x in argToList(args.get('dontPopulateFields', ''))]) # type: ignore - populate_fields = frozenset([x for x in argToList(args.get('populateFields', ''))]) # type: ignore + unpopulate_fields = frozenset([x for x in argToList(args.get('dontPopulateFields', '')) if x]) # type: ignore + populate_fields = frozenset([x for x in argToList(args.get('populateFields', '')) if x]) # type: ignore limit = int(args.get('limit', PAGE_SIZE)) query = args.get('query', '') offset = int(args.get('offset', 0)) diff --git a/Packs/Base/Scripts/GetIndicatorsByQuery/GetIndicatorsByQuery.yml b/Packs/Base/Scripts/GetIndicatorsByQuery/GetIndicatorsByQuery.yml index c04e61437ff3..4a75736d56b1 100644 --- a/Packs/Base/Scripts/GetIndicatorsByQuery/GetIndicatorsByQuery.yml +++ b/Packs/Base/Scripts/GetIndicatorsByQuery/GetIndicatorsByQuery.yml @@ -29,8 +29,8 @@ tags: - ml timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.66339 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole fromversion: 5.5.0 tests: -- No tests (auto formatted) +- GetIndicatorsByQuery - Test diff --git a/Packs/Base/Scripts/GetIndicatorsByQuery/GetIndicatorsByQuery_test.py b/Packs/Base/Scripts/GetIndicatorsByQuery/GetIndicatorsByQuery_test.py index 141934e98c66..c2006709ddd6 100644 --- a/Packs/Base/Scripts/GetIndicatorsByQuery/GetIndicatorsByQuery_test.py +++ b/Packs/Base/Scripts/GetIndicatorsByQuery/GetIndicatorsByQuery_test.py @@ -24,7 +24,16 @@ }, } -search_indicators_side_effect = [{'iocs': [ioc1, ioc2]}, StopIteration] + +def search_indicators_side_effect(**kwargs): + def parse_ioc(ioc: dict[str, Any]) -> dict: + if not (fields_to_populate := argToList(kwargs.get('populateFields'))): + return ioc + custom_fields = {k: v for k, v in ioc['CustomFields'].items() if k in fields_to_populate} + ioc = {k: v for k, v in ioc.items() if k in fields_to_populate} + return ioc | {"CustomFields": custom_fields} + + return {'iocs': [parse_ioc(ioc1.copy()), parse_ioc(ioc2.copy())], 'total': 2} def get_args(): @@ -60,7 +69,7 @@ def get_args_with_unpopulate(): def test_main(mocker): mocker.patch.object(demisto, 'args', side_effect=get_args) - mocker.patch('CommonServerPython.IndicatorsSearcher.__next__', side_effect=search_indicators_side_effect) + mocker.patch.object(demisto, 'searchIndicators', side_effect=search_indicators_side_effect) entry = main() indicators = entry['Contents'] @@ -71,7 +80,7 @@ def test_main(mocker): def test_main_with_hashing(mocker): mocker.patch.object(demisto, 'args', side_effect=get_args_with_hashing) - mocker.patch('CommonServerPython.IndicatorsSearcher.__next__', side_effect=search_indicators_side_effect) + mocker.patch.object(demisto, 'searchIndicators', side_effect=search_indicators_side_effect) entry = main() indicators = entry['Contents'] @@ -81,20 +90,40 @@ def test_main_with_hashing(mocker): def test_main_populate(mocker): + """ + Given: + - Command arguments: populateFields="testField,indicator_type", dontPopulateFields is not provided + When: + - Running GetIndicatorsByQuery + Then: + - Ensure the expected fields are returned + - Ensure `populateFields` kwarg was passed to `searchIndicators` call + """ mocker.patch.object(demisto, 'args', side_effect=get_args_with_populate) - mocker.patch('CommonServerPython.IndicatorsSearcher.__next__', side_effect=search_indicators_side_effect) + search_indicators = mocker.patch.object(demisto, 'searchIndicators', side_effect=search_indicators_side_effect) entry = main() indicators = entry['Contents'] assert len(indicators) == 2 - assert set(indicators[0].keys()) == set(['indicator_type', 'testField']) + assert set(indicators[0].keys()) == {'indicator_type', 'testField'} + assert "populateFields" in search_indicators.call_args.kwargs def test_main_unpopulate(mocker): + """ + Given: + - Command arguments: dontPopulateFields="testField,indicator_type", populateFields is not provided + When: + - Running GetIndicatorsByQuery + Then: + - Ensure the expected fields are not returned + - Ensure `populateFields` kwarg wasn't passed to `searchIndicators` call + """ mocker.patch.object(demisto, 'args', side_effect=get_args_with_unpopulate) - mocker.patch('CommonServerPython.IndicatorsSearcher.__next__', side_effect=search_indicators_side_effect) + search_indicators = mocker.patch.object(demisto, 'searchIndicators', side_effect=search_indicators_side_effect) entry = main() indicators = entry['Contents'] assert len(indicators) == 2 assert 'testField' not in indicators[0].keys() assert 'indicator_type' not in indicators[0].keys() + assert "populateFields" not in search_indicators.call_args.kwargs diff --git a/Packs/Base/Scripts/SearchIndicatorRelationships/SearchIndicatorRelationships.yml b/Packs/Base/Scripts/SearchIndicatorRelationships/SearchIndicatorRelationships.yml index 97344c00eff7..5c6f984a2967 100644 --- a/Packs/Base/Scripts/SearchIndicatorRelationships/SearchIndicatorRelationships.yml +++ b/Packs/Base/Scripts/SearchIndicatorRelationships/SearchIndicatorRelationships.yml @@ -180,7 +180,7 @@ tags: timeout: '0' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 6.2.0 tests: - Relationships scripts - Test diff --git a/Packs/Base/TestPlaybooks/GetIndicatorsByQuery_-_Test.yml b/Packs/Base/TestPlaybooks/GetIndicatorsByQuery_-_Test.yml new file mode 100644 index 000000000000..6a1d2b55dd6b --- /dev/null +++ b/Packs/Base/TestPlaybooks/GetIndicatorsByQuery_-_Test.yml @@ -0,0 +1,238 @@ +id: GetIndicatorsByQuery - Test +inputs: [] +name: GetIndicatorsByQuery - Test +outputs: [] +quiet: true +starttaskid: "0" +tasks: + "0": + continueonerrortype: "" + id: "0" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "1" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + id: 22ac96cd-cf44-4fa9-88d2-058fb0e5ad55 + iscommand: false + name: "" + version: -1 + description: '' + taskid: 22ac96cd-cf44-4fa9-88d2-058fb0e5ad55 + timertriggers: [] + type: start + view: |- + { + "position": { + "x": 50, + "y": 50 + } + } + "1": + continueonerrortype: "" + id: "1" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "2" + note: false + quietmode: 0 + scriptarguments: + geocountry: + simple: ZZ + internal: + simple: "True" + type: + simple: IP + value: + simple: 1.2.3.4 + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: commands.local.cmd.new.indicator + id: 260a1f58-8e99-4430-846c-61ce9aed44e3 + iscommand: true + name: Create indicator + script: Builtin|||createNewIndicator + type: regular + version: -1 + taskid: 260a1f58-8e99-4430-846c-61ce9aed44e3 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 50, + "y": 195 + } + } + "2": + continueonerrortype: "" + id: "2" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "3" + note: false + quietmode: 0 + scriptarguments: + populateFields: + simple: geocountry + query: + simple: value:1.2.3.4 + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Gets a list of indicator objects and the associated indicator outputs that match the specified query and filters. The results are returned in a structured data file. + id: 8c7364a4-1e73-4eec-8f41-7c97eebb8049 + iscommand: false + name: Search the indicator and populate only geocountry + script: GetIndicatorsByQuery + type: regular + version: -1 + taskid: 8c7364a4-1e73-4eec-8f41-7c97eebb8049 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 50, + "y": 370 + } + } + "3": + continueonerrortype: "" + id: "3" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "4" + note: false + quietmode: 0 + scriptarguments: + contextKey: + simple: IndicatorData + entryID: + simple: ${File.EntryID} + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Loads a JSON file from the war room to context. + id: 891d1a10-3a2c-48d6-858e-570f40649bfd + iscommand: false + name: Load result + script: LoadJSONFileToContext + type: regular + version: -1 + taskid: 891d1a10-3a2c-48d6-858e-570f40649bfd + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 50, + "y": 545 + } + } + "4": + conditions: + - condition: + - - left: + iscontext: true + value: + simple: IndicatorData.geocountry + operator: isExists + - - left: + iscontext: true + value: + simple: IndicatorData.value + operator: isNotExists + label: "yes" + continueonerrortype: "" + id: "4" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + "yes": + - "5" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + id: 162409c9-b24b-4675-8a78-285db5dcb2b6 + iscommand: false + name: Verify context + type: condition + version: -1 + taskid: 162409c9-b24b-4675-8a78-285db5dcb2b6 + timertriggers: [] + type: condition + view: |- + { + "position": { + "x": 50, + "y": 720 + } + } + "5": + continueonerrortype: "" + id: "5" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + id: b2b4daf0-ae12-4b67-8de1-787ae73d118c + iscommand: false + name: Done + type: title + version: -1 + description: '' + taskid: b2b4daf0-ae12-4b67-8de1-787ae73d118c + timertriggers: [] + type: title + view: |- + { + "position": { + "x": 50, + "y": 895 + } + } +version: -1 +view: |- + { + "linkLabelsPosition": {}, + "paper": { + "dimensions": { + "height": 910, + "width": 380, + "x": 50, + "y": 50 + } + } + } +fromversion: 5.5.0 +description: '' diff --git a/Packs/Base/pack_metadata.json b/Packs/Base/pack_metadata.json index e3fa1328c9ac..f24895c5fb24 100644 --- a/Packs/Base/pack_metadata.json +++ b/Packs/Base/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Base", "description": "The base pack for Cortex XSOAR.", "support": "xsoar", - "currentVersion": "1.33.20", + "currentVersion": "1.33.24", "author": "Cortex XSOAR", "serverMinVersion": "6.0.0", "url": "https://www.paloaltonetworks.com/cortex", diff --git a/Packs/Binalyze/Integrations/BinalyzeAIR/BinalyzeAIR.yml b/Packs/Binalyze/Integrations/BinalyzeAIR/BinalyzeAIR.yml index 90b55ef3f715..1bd54a61a05d 100644 --- a/Packs/Binalyze/Integrations/BinalyzeAIR/BinalyzeAIR.yml +++ b/Packs/Binalyze/Integrations/BinalyzeAIR/BinalyzeAIR.yml @@ -97,7 +97,7 @@ script: description: Organization Id of endpoint. type: number description: Acquire evidence from an endpoint. - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 subtype: python3 fromversion: 6.2.0 tests: diff --git a/Packs/Binalyze/ReleaseNotes/1_1_4.md b/Packs/Binalyze/ReleaseNotes/1_1_4.md new file mode 100644 index 000000000000..1dac8394a421 --- /dev/null +++ b/Packs/Binalyze/ReleaseNotes/1_1_4.md @@ -0,0 +1,3 @@ +#### Integrations +##### Binalyze AIR +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Binalyze/pack_metadata.json b/Packs/Binalyze/pack_metadata.json index db922b02f2a5..976cef0d8e33 100644 --- a/Packs/Binalyze/pack_metadata.json +++ b/Packs/Binalyze/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Binalyze AIR", "description": "Collect over 300 different types of evidence under 10 minutes.", "support": "partner", - "currentVersion": "1.1.3", + "currentVersion": "1.1.4", "author": "Binalyze Integration Team", "url": "https://kb.binalyze.com/air/integrations/cortex-xsoar-integration", "email": "support@binalyze.com", diff --git a/Packs/Bitbucket/Integrations/Bitbucket/Bitbucket.yml b/Packs/Bitbucket/Integrations/Bitbucket/Bitbucket.yml index 43438ba1e55f..2e470913afdd 100644 --- a/Packs/Bitbucket/Integrations/Bitbucket/Bitbucket.yml +++ b/Packs/Bitbucket/Integrations/Bitbucket/Bitbucket.yml @@ -2329,6 +2329,6 @@ script: script: "-" type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 tests: - Test_Bitbucket diff --git a/Packs/Bitbucket/ReleaseNotes/1_0_12.md b/Packs/Bitbucket/ReleaseNotes/1_0_12.md new file mode 100644 index 000000000000..cdf6c43af566 --- /dev/null +++ b/Packs/Bitbucket/ReleaseNotes/1_0_12.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Bitbucket +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + diff --git a/Packs/Bitbucket/pack_metadata.json b/Packs/Bitbucket/pack_metadata.json index f972ec428309..ed93d0fa5d53 100644 --- a/Packs/Bitbucket/pack_metadata.json +++ b/Packs/Bitbucket/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Bitbucket", "description": "Bitbucket Cloud is a Git-based code and CI/CD tool optimized for teams using Jira", "support": "xsoar", - "currentVersion": "1.0.11", + "currentVersion": "1.0.12", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Box/Integrations/BoxEventsCollector/BoxEventsCollector.yml b/Packs/Box/Integrations/BoxEventsCollector/BoxEventsCollector.yml index dd43d7d3df60..bdc5b41bca2d 100644 --- a/Packs/Box/Integrations/BoxEventsCollector/BoxEventsCollector.yml +++ b/Packs/Box/Integrations/BoxEventsCollector/BoxEventsCollector.yml @@ -57,7 +57,7 @@ script: defaultValue: 3 days description: Get events. name: box-get-events - dockerimage: demisto/auth-utils:1.0.0.84760 + dockerimage: demisto/auth-utils:1.0.0.86556 runonce: false script: '-' subtype: python3 diff --git a/Packs/Box/Integrations/BoxV2/BoxV2.yml b/Packs/Box/Integrations/BoxV2/BoxV2.yml index 9c0de9176185..6ae59db0fcd7 100644 --- a/Packs/Box/Integrations/BoxV2/BoxV2.yml +++ b/Packs/Box/Integrations/BoxV2/BoxV2.yml @@ -2496,7 +2496,7 @@ script: - contextPath: Box.Folder.item_status description: The status of the parent of the item. type: String - dockerimage: demisto/auth-utils:1.0.0.84760 + dockerimage: demisto/auth-utils:1.0.0.86556 isfetch: true runonce: false script: '-' diff --git a/Packs/Box/ReleaseNotes/3_1_41.md b/Packs/Box/ReleaseNotes/3_1_41.md new file mode 100644 index 000000000000..837eada8f808 --- /dev/null +++ b/Packs/Box/ReleaseNotes/3_1_41.md @@ -0,0 +1,5 @@ +#### Integrations +##### Box Event Collector +- Updated the Docker image to: *demisto/auth-utils:1.0.0.86556*. +##### Box v2 +- Updated the Docker image to: *demisto/auth-utils:1.0.0.86556*. diff --git a/Packs/Box/pack_metadata.json b/Packs/Box/pack_metadata.json index 127a6b32ed1f..e3cedebe5c52 100644 --- a/Packs/Box/pack_metadata.json +++ b/Packs/Box/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Box", "description": "Manage Box users", "support": "xsoar", - "currentVersion": "3.1.40", + "currentVersion": "3.1.41", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Campaign/ReleaseNotes/3_4_1.md b/Packs/Campaign/ReleaseNotes/3_4_1.md new file mode 100644 index 000000000000..a8efed298661 --- /dev/null +++ b/Packs/Campaign/ReleaseNotes/3_4_1.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### GetSendEmailInstances +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + diff --git a/Packs/Campaign/ReleaseNotes/3_4_2.md b/Packs/Campaign/ReleaseNotes/3_4_2.md new file mode 100644 index 000000000000..d1410e8627ba --- /dev/null +++ b/Packs/Campaign/ReleaseNotes/3_4_2.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### SplitCampaignContext + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Campaign/Scripts/GetSendEmailInstances/GetSendEmailInstances.yml b/Packs/Campaign/Scripts/GetSendEmailInstances/GetSendEmailInstances.yml index 87183a8fa1aa..c2fa02f41eb8 100644 --- a/Packs/Campaign/Scripts/GetSendEmailInstances/GetSendEmailInstances.yml +++ b/Packs/Campaign/Scripts/GetSendEmailInstances/GetSendEmailInstances.yml @@ -1,7 +1,7 @@ commonfields: id: GetSendEmailInstances version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 enabled: true name: GetSendEmailInstances runas: DBotWeakRole diff --git a/Packs/Campaign/Scripts/SplitCampaignContext/SplitCampaignContext.yml b/Packs/Campaign/Scripts/SplitCampaignContext/SplitCampaignContext.yml index b4852f00a7fb..30dfdabc66f4 100644 --- a/Packs/Campaign/Scripts/SplitCampaignContext/SplitCampaignContext.yml +++ b/Packs/Campaign/Scripts/SplitCampaignContext/SplitCampaignContext.yml @@ -58,7 +58,7 @@ outputs: type: Unknown scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.5.0 tests: - No tests (auto formatted) diff --git a/Packs/Campaign/pack_metadata.json b/Packs/Campaign/pack_metadata.json index 1774df2ac483..b00d10fa38b5 100644 --- a/Packs/Campaign/pack_metadata.json +++ b/Packs/Campaign/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Phishing Campaign", "description": "This pack can help you find related phishing, spam or other types of email incidents and characterize campaigns.", "support": "xsoar", - "currentVersion": "3.4.0", + "currentVersion": "3.4.2", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CarbonBlackDefense/Integrations/CarbonBlackLiveResponseCloud/CarbonBlackLiveResponseCloud.yml b/Packs/CarbonBlackDefense/Integrations/CarbonBlackLiveResponseCloud/CarbonBlackLiveResponseCloud.yml index 03dff6301672..2ff8a01626a1 100644 --- a/Packs/CarbonBlackDefense/Integrations/CarbonBlackLiveResponseCloud/CarbonBlackLiveResponseCloud.yml +++ b/Packs/CarbonBlackDefense/Integrations/CarbonBlackLiveResponseCloud/CarbonBlackLiveResponseCloud.yml @@ -316,5 +316,5 @@ script: description: Performs a memory dump operation on the remote machine. execution: true outputs: [] - dockerimage: demisto/carbon-black-cloud:1.0.0.83469 + dockerimage: demisto/carbon-black-cloud:1.0.0.86354 subtype: python3 diff --git a/Packs/CarbonBlackDefense/ReleaseNotes/3_1_2.md b/Packs/CarbonBlackDefense/ReleaseNotes/3_1_2.md new file mode 100644 index 000000000000..3deef52b2fd6 --- /dev/null +++ b/Packs/CarbonBlackDefense/ReleaseNotes/3_1_2.md @@ -0,0 +1,3 @@ +#### Integrations +##### Carbon Black Live Response Cloud +- Updated the Docker image to: *demisto/carbon-black-cloud:1.0.0.86354*. diff --git a/Packs/CarbonBlackDefense/pack_metadata.json b/Packs/CarbonBlackDefense/pack_metadata.json index 7804f1afdc0c..a0cd5c9c3360 100644 --- a/Packs/CarbonBlackDefense/pack_metadata.json +++ b/Packs/CarbonBlackDefense/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Carbon Black Endpoint Standard", "description": "Next-generation antivirus + EDR in one cloud-delivered platform that stops commodity malware, advanced malware, non-malware attacks and ransomware.", "support": "xsoar", - "currentVersion": "3.1.1", + "currentVersion": "3.1.2", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.yml b/Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.yml index 295bad02fdbe..5afddf6d3c92 100644 --- a/Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.yml +++ b/Packs/CheckPhish/Integrations/CheckPhish/CheckPhish.yml @@ -204,5 +204,5 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.0.0 diff --git a/Packs/CheckPhish/ReleaseNotes/1_0_20.md b/Packs/CheckPhish/ReleaseNotes/1_0_20.md new file mode 100644 index 000000000000..99964a954f5b --- /dev/null +++ b/Packs/CheckPhish/ReleaseNotes/1_0_20.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### CheckPhish + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/CheckPhish/pack_metadata.json b/Packs/CheckPhish/pack_metadata.json index 6c52dd49e252..7705757d474f 100644 --- a/Packs/CheckPhish/pack_metadata.json +++ b/Packs/CheckPhish/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CheckPhish", "description": "Check any URL to detect suspicious behavior.", "support": "xsoar", - "currentVersion": "1.0.19", + "currentVersion": "1.0.20", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CheckPointSandBlast/Integrations/CheckPointSandBlast/CheckPointSandBlast.yml b/Packs/CheckPointSandBlast/Integrations/CheckPointSandBlast/CheckPointSandBlast.yml index eacf2c7a5777..4668321ee83f 100644 --- a/Packs/CheckPointSandBlast/Integrations/CheckPointSandBlast/CheckPointSandBlast.yml +++ b/Packs/CheckPointSandBlast/Integrations/CheckPointSandBlast/CheckPointSandBlast.yml @@ -557,7 +557,7 @@ script: - contextPath: SandBlast.Quota.Action description: The quota action. type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/CheckPointSandBlast/ReleaseNotes/1_0_11.md b/Packs/CheckPointSandBlast/ReleaseNotes/1_0_11.md new file mode 100644 index 000000000000..9c416b9ed6de --- /dev/null +++ b/Packs/CheckPointSandBlast/ReleaseNotes/1_0_11.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Check Point Threat Emulation (SandBlast) +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + diff --git a/Packs/CheckPointSandBlast/pack_metadata.json b/Packs/CheckPointSandBlast/pack_metadata.json index df6ca594d884..60b374e9c9a6 100644 --- a/Packs/CheckPointSandBlast/pack_metadata.json +++ b/Packs/CheckPointSandBlast/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Check Point Threat Emulation (SandBlast)", "description": "Upload files using polling, the service supports Microsoft Office files, as well as PDF, SWF, archives and executables. Active content will be cleaned from any documents that you upload (Microsoft Office and PDF files only). Query on existing IOCs, file status, analysis, reports. Download files from the database. Supports both appliance and cloud. Supported Threat Emulation versions are any R80x.", "support": "xsoar", - "currentVersion": "1.0.10", + "currentVersion": "1.0.11", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", @@ -24,4 +24,4 @@ "xsoar", "marketplacev2" ] -} +} \ No newline at end of file diff --git a/Packs/CheckpointFirewall/Integrations/CheckPointFirewallV2/CheckPointFirewallV2.yml b/Packs/CheckpointFirewall/Integrations/CheckPointFirewallV2/CheckPointFirewallV2.yml index ce86f341381b..35491ecb1d9f 100644 --- a/Packs/CheckpointFirewall/Integrations/CheckPointFirewallV2/CheckPointFirewallV2.yml +++ b/Packs/CheckpointFirewall/Integrations/CheckPointFirewallV2/CheckPointFirewallV2.yml @@ -1832,7 +1832,7 @@ script: outputs: - contextPath: CheckPoint.DeletedThreatProtections description: '' - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '' subtype: python3 diff --git a/Packs/CheckpointFirewall/ReleaseNotes/2_3_21.md b/Packs/CheckpointFirewall/ReleaseNotes/2_3_21.md new file mode 100644 index 000000000000..3fe917e676b4 --- /dev/null +++ b/Packs/CheckpointFirewall/ReleaseNotes/2_3_21.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### CheckPoint Firewall v2 + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/CheckpointFirewall/pack_metadata.json b/Packs/CheckpointFirewall/pack_metadata.json index f2922deb1dfe..7d16390f9727 100644 --- a/Packs/CheckpointFirewall/pack_metadata.json +++ b/Packs/CheckpointFirewall/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Check Point Firewall", "description": "Manage Check Point firewall via API", "support": "xsoar", - "currentVersion": "2.3.20", + "currentVersion": "2.3.21", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Cherwell/Integrations/Cherwell/Cherwell.yml b/Packs/Cherwell/Integrations/Cherwell/Cherwell.yml index afee8611b95b..5e732c37bc72 100644 --- a/Packs/Cherwell/Integrations/Cherwell/Cherwell.yml +++ b/Packs/Cherwell/Integrations/Cherwell/Cherwell.yml @@ -414,7 +414,7 @@ script: description: Run a One-Step Action using a OneStepActionRequest. This request is used to start a One-Step Action run with additional information, such as prompt values. name: cherwell-run-one-step-action-on-business-object outputs: [] - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true script: '-' type: python diff --git a/Packs/Cherwell/ReleaseNotes/1_0_18.md b/Packs/Cherwell/ReleaseNotes/1_0_18.md new file mode 100644 index 000000000000..2a7d7d7af686 --- /dev/null +++ b/Packs/Cherwell/ReleaseNotes/1_0_18.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Cherwell + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Cherwell/pack_metadata.json b/Packs/Cherwell/pack_metadata.json index 6f11717033b6..f6828b4688a6 100644 --- a/Packs/Cherwell/pack_metadata.json +++ b/Packs/Cherwell/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cherwell", "description": "Cloud-based IT service management solution", "support": "xsoar", - "currentVersion": "1.0.17", + "currentVersion": "1.0.18", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CircleCI/Integrations/CircleCI/CircleCI.yml b/Packs/CircleCI/Integrations/CircleCI/CircleCI.yml index 3a4b82735c49..20f5154f69bc 100644 --- a/Packs/CircleCI/Integrations/CircleCI/CircleCI.yml +++ b/Packs/CircleCI/Integrations/CircleCI/CircleCI.yml @@ -268,7 +268,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.5.0 tests: - No tests (auto formatted) diff --git a/Packs/CircleCI/ReleaseNotes/1_0_25.md b/Packs/CircleCI/ReleaseNotes/1_0_25.md new file mode 100644 index 000000000000..0e795f0143d6 --- /dev/null +++ b/Packs/CircleCI/ReleaseNotes/1_0_25.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### CircleCI + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/CircleCI/pack_metadata.json b/Packs/CircleCI/pack_metadata.json index 183b353f66d5..fa52cf7a62c6 100644 --- a/Packs/CircleCI/pack_metadata.json +++ b/Packs/CircleCI/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CircleCI", "description": "CircleCI is a modern continuous integration and continuous delivery (CI/CD) platform. CircleCI automates the building, testing, and deployment of software.", "support": "xsoar", - "currentVersion": "1.0.24", + "currentVersion": "1.0.25", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CiscoASA/Integrations/CiscoASA/CiscoASA.yml b/Packs/CiscoASA/Integrations/CiscoASA/CiscoASA.yml index 4411aefb93b8..7aaa7e8a0cc0 100644 --- a/Packs/CiscoASA/Integrations/CiscoASA/CiscoASA.yml +++ b/Packs/CiscoASA/Integrations/CiscoASA/CiscoASA.yml @@ -913,7 +913,7 @@ script: - contextPath: CiscoASA.Interface.Type description: The type of interface. type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' type: python diff --git a/Packs/CiscoASA/ReleaseNotes/1_1_4.md b/Packs/CiscoASA/ReleaseNotes/1_1_4.md new file mode 100644 index 000000000000..659496c0fd4e --- /dev/null +++ b/Packs/CiscoASA/ReleaseNotes/1_1_4.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Cisco ASA + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/CiscoASA/pack_metadata.json b/Packs/CiscoASA/pack_metadata.json index c3124709f469..1a508d26a5fb 100644 --- a/Packs/CiscoASA/pack_metadata.json +++ b/Packs/CiscoASA/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cisco ASA", "description": "Cisco Adaptive Security Appliance Software is the core operating system for the Cisco ASA Family. It delivers enterprise-class firewall capabilities for ASA devices.", "support": "xsoar", - "currentVersion": "1.1.3", + "currentVersion": "1.1.4", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CiscoFirepower/Integrations/CiscoFirepower/CiscoFirepower.py b/Packs/CiscoFirepower/Integrations/CiscoFirepower/CiscoFirepower.py index 5072938f2dd9..8751cad8695f 100644 --- a/Packs/CiscoFirepower/Integrations/CiscoFirepower/CiscoFirepower.py +++ b/Packs/CiscoFirepower/Integrations/CiscoFirepower/CiscoFirepower.py @@ -1211,7 +1211,7 @@ def list_intrusion_rule( limit=limit, offset=offset, sort=','.join(sort) if sort else None, - filter_string=filter_string, + filter=filter_string, expanded=expanded_response, ) @@ -1336,7 +1336,7 @@ def list_intrusion_rule_group( params = assign_params( limit=limit, offset=offset, - filter_string=filter_string, + filter=filter_string, expanded=expanded_response, ) diff --git a/Packs/CiscoFirepower/Integrations/CiscoFirepower/CiscoFirepower.yml b/Packs/CiscoFirepower/Integrations/CiscoFirepower/CiscoFirepower.yml index e77ef513bcdd..f2575821f2d3 100644 --- a/Packs/CiscoFirepower/Integrations/CiscoFirepower/CiscoFirepower.yml +++ b/Packs/CiscoFirepower/Integrations/CiscoFirepower/CiscoFirepower.yml @@ -37,7 +37,7 @@ script: - 'MERGE' - 'REPLACE' - name: rule_group_ids - description: 'A comma-separated list of rule groups to which rules should belong. Example are group-id1,group-id2. This is required when importing rules and can be acquired from: ciscofp-list-intrusion-rule-group' + description: 'A comma-separated list of rule groups to which rules should belong. Example are group-id1,group-id2. This is required when importing rules and can be acquired from: ciscofp-list-intrusion-rule-group.' isArray: true - name: validate_only description: 'Define whether to validate or to validate and import rules. True is the default value and sets that rules should be validated and not imported.' @@ -192,13 +192,13 @@ script: description: 'The override state of the rule for the specified intrusion policy. One of: DROP, BLOCK, ALERT, DISABLE, DEFAULT, PASS, REJECT, REACT, REWRITE.' - type: String contextPath: CiscoFP.IntrusionRule.ruleAction.policy.name - description: 'The intrusion policy name' + description: 'The intrusion policy name.' - type: String contextPath: CiscoFP.IntrusionRule.ruleAction.policy.id - description: 'The intrusion Policy ID' + description: 'The intrusion Policy ID.' - type: String contextPath: CiscoFP.IntrusionRule.ruleAction.policy.type - description: 'The type must be intrusionpolicy' + description: 'The type must be intrusionpolicy.' - type: Boolean contextPath: CiscoFP.IntrusionRule.ruleAction.policy.isSystemDefined description: 'Whether the rule is system-defined or user-defined. If the value is false, then rule is user-defined.' @@ -278,10 +278,10 @@ script: description: 'The intrusion policy name.' - type: String contextPath: CiscoFP.IntrusionRule.ruleAction.policy.id - description: 'The intrusion Policy ID' + description: 'The intrusion Policy ID.' - type: String contextPath: CiscoFP.IntrusionRule.ruleAction.policy.type - description: 'The type must be intrusionpolicy' + description: 'The type must be intrusionpolicy.' - type: Boolean contextPath: CiscoFP.IntrusionRule.ruleAction.policy.isSystemDefined description: 'Whether the rule is system-defined or user-defined. If the value is false, then the rule is user-defined.' @@ -312,7 +312,7 @@ script: - name: rule_data description: 'The Snort rule structure data. Guide to Snort rule structure: https://docs.snort.org/rules/' - name: rule_group_ids - description: 'Rule group IDs in a comma-separated list. Can be acquired from: ciscofp-list-intrusion-rule-group' + description: 'Rule group IDs in a comma-separated list. Can be acquired from: ciscofp-list-intrusion-rule-group.' isArray: true - name: update_strategy description: 'The update method to use in the command. Can be "MERGE" or "OVERRIDE". If "MERGE" is used, new rule groups will be appended. If "OVERRIDE" is used, old rule groups will be overwritten.' @@ -1579,7 +1579,7 @@ script: description: The network name. type: String - contextPath: CiscoFP.Network.Value - description: CIDR + description: CIDR. type: String - contextPath: CiscoFP.Network.Overrideable description: Whether the object can be overridden. @@ -1591,7 +1591,7 @@ script: - description: The name of the new object. name: name required: true - - description: CIDR + - description: CIDR. name: value required: true - description: The object description. @@ -1628,7 +1628,7 @@ script: - description: The object name. name: name required: true - - description: CIDR + - description: CIDR. name: value required: true - description: The object description. @@ -1828,7 +1828,7 @@ script: description: The network group address type. type: String - contextPath: CiscoFP.NetworkGroups.Objects.Name - description: The network group object name + description: The network group object name. type: String - contextPath: CiscoFP.NetworkGroups.Objects.ID description: The network group object ID. @@ -2196,7 +2196,7 @@ script: name: limit - description: |- Index of the first item to return. - The default is 0 + The default is 0. name: offset description: Retrieves a list of all application objects. name: ciscofp-list-applications @@ -3296,9 +3296,11 @@ script: - contextPath: CiscoFP.URLGroups.Overridable description: Whether objects can be overridden. type: string - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '' subtype: python3 type: python fromversion: 5.0.0 +tests: +- No tests (auto formatted) diff --git a/Packs/CiscoFirepower/ReleaseNotes/1_2_4.md b/Packs/CiscoFirepower/ReleaseNotes/1_2_4.md new file mode 100644 index 000000000000..582765ce1e0b --- /dev/null +++ b/Packs/CiscoFirepower/ReleaseNotes/1_2_4.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Cisco Firepower + +- Fixed an issue in ***ciscofp-list-intrusion-rule*** command, where it failed when using the *filter* argument. +- Updated the Docker image to *demisto/python3:3.10.13.86272*. \ No newline at end of file diff --git a/Packs/CiscoFirepower/pack_metadata.json b/Packs/CiscoFirepower/pack_metadata.json index 633c16a11888..1e2cb03e2cba 100644 --- a/Packs/CiscoFirepower/pack_metadata.json +++ b/Packs/CiscoFirepower/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cisco Firepower", "description": "Use the CiscoFirepower integration for unified management of firewalls, application control", "support": "xsoar", - "currentVersion": "1.2.3", + "currentVersion": "1.2.4", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CiscoSMA/Integrations/CiscoSMA/CiscoSMA.yml b/Packs/CiscoSMA/Integrations/CiscoSMA/CiscoSMA.yml index 2f0c447443b8..c2b14530772d 100644 --- a/Packs/CiscoSMA/Integrations/CiscoSMA/CiscoSMA.yml +++ b/Packs/CiscoSMA/Integrations/CiscoSMA/CiscoSMA.yml @@ -100,7 +100,7 @@ script: script: '' type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true commands: - name: cisco-sma-spam-quarantine-message-search diff --git a/Packs/CiscoSMA/ReleaseNotes/1_1_27.md b/Packs/CiscoSMA/ReleaseNotes/1_1_27.md new file mode 100644 index 000000000000..963a442926f5 --- /dev/null +++ b/Packs/CiscoSMA/ReleaseNotes/1_1_27.md @@ -0,0 +1,3 @@ +#### Integrations +##### Cisco Security Management Appliance +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/CiscoSMA/pack_metadata.json b/Packs/CiscoSMA/pack_metadata.json index c79be919adef..bb25c40234ca 100644 --- a/Packs/CiscoSMA/pack_metadata.json +++ b/Packs/CiscoSMA/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CiscoSMA", "description": "The Security Management Appliance (SMA) is used to centralize services from Email Security Appliances (ESAs) and Web Security Appliances (WSAs).", "support": "xsoar", - "currentVersion": "1.1.26", + "currentVersion": "1.1.27", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CiscoStealthwatch/Integrations/CiscoStealthwatch/CiscoStealthwatch.yml b/Packs/CiscoStealthwatch/Integrations/CiscoStealthwatch/CiscoStealthwatch.yml index 159dff23a3ce..db129fef29f6 100644 --- a/Packs/CiscoStealthwatch/Integrations/CiscoStealthwatch/CiscoStealthwatch.yml +++ b/Packs/CiscoStealthwatch/Integrations/CiscoStealthwatch/CiscoStealthwatch.yml @@ -283,7 +283,7 @@ script: - contextPath: CiscoStealthwatch.SecurityEventResults.hitCount description: The hit count of the security event. type: str - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/CiscoStealthwatch/ReleaseNotes/1_0_29.md b/Packs/CiscoStealthwatch/ReleaseNotes/1_0_29.md new file mode 100644 index 000000000000..464781029f24 --- /dev/null +++ b/Packs/CiscoStealthwatch/ReleaseNotes/1_0_29.md @@ -0,0 +1,3 @@ +#### Integrations +##### Cisco Secure Network Analytics (Stealthwatch) +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/CiscoStealthwatch/pack_metadata.json b/Packs/CiscoStealthwatch/pack_metadata.json index 9cd41a2f1386..48d4142fc142 100644 --- a/Packs/CiscoStealthwatch/pack_metadata.json +++ b/Packs/CiscoStealthwatch/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cisco Secure Network Analytics (Stealthwatch)", "description": "Cisco Secure Network Analytics (Stealthwatch) provides scalable visibility and security analytics.", "support": "xsoar", - "currentVersion": "1.0.28", + "currentVersion": "1.0.29", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Clarizen/Integrations/ClarizenIAM/ClarizenIAM.yml b/Packs/Clarizen/Integrations/ClarizenIAM/ClarizenIAM.yml index fe421ca68aa7..4daf087bcc3d 100644 --- a/Packs/Clarizen/Integrations/ClarizenIAM/ClarizenIAM.yml +++ b/Packs/Clarizen/Integrations/ClarizenIAM/ClarizenIAM.yml @@ -226,7 +226,7 @@ script: type: String - description: Retrieves a User Profile schema, which holds all of the user fields within the application. Used for outgoing-mapping through the Get Schema option. name: get-mapping-fields - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/Clarizen/ReleaseNotes/1_0_9.md b/Packs/Clarizen/ReleaseNotes/1_0_9.md new file mode 100644 index 000000000000..9fce973ddba0 --- /dev/null +++ b/Packs/Clarizen/ReleaseNotes/1_0_9.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Clarizen IAM +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + diff --git a/Packs/Clarizen/pack_metadata.json b/Packs/Clarizen/pack_metadata.json index 7cf5a5f4386a..817070585ee2 100644 --- a/Packs/Clarizen/pack_metadata.json +++ b/Packs/Clarizen/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Clarizen IAM", "description": "IAM Integration for Clarizen. This pack handles user account auto-provisioning", "support": "xsoar", - "currentVersion": "1.0.8", + "currentVersion": "1.0.9", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CloudConvert/Integrations/CloudConvert/CloudConvert.yml b/Packs/CloudConvert/Integrations/CloudConvert/CloudConvert.yml index 322c1bad2c46..a8496e0f8d95 100644 --- a/Packs/CloudConvert/Integrations/CloudConvert/CloudConvert.yml +++ b/Packs/CloudConvert/Integrations/CloudConvert/CloudConvert.yml @@ -337,7 +337,7 @@ script: - contextPath: CloudConvert.Task.links description: API link for the task. type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/CloudConvert/ReleaseNotes/1_0_8.md b/Packs/CloudConvert/ReleaseNotes/1_0_8.md new file mode 100644 index 000000000000..1270d52b94be --- /dev/null +++ b/Packs/CloudConvert/ReleaseNotes/1_0_8.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### CloudConvert + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/CloudConvert/pack_metadata.json b/Packs/CloudConvert/pack_metadata.json index d4c2c8f20e7e..d8aee695931f 100644 --- a/Packs/CloudConvert/pack_metadata.json +++ b/Packs/CloudConvert/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cloud Convert", "description": "Use this integration to convert files using CloudConvert API", "support": "xsoar", - "currentVersion": "1.0.7", + "currentVersion": "1.0.8", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Data_Exfiltration_Response.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Data_Exfiltration_Response.yml index 79c6584d4c63..3c020c044bb7 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Data_Exfiltration_Response.yml +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Data_Exfiltration_Response.yml @@ -235,7 +235,7 @@ tasks: { "position": { "x": 1260, - "y": 2380 + "y": 2570 } } note: false @@ -269,8 +269,8 @@ tasks: view: |- { "position": { - "x": 680, - "y": 2210 + "x": 930, + "y": 2400 } } note: false @@ -379,11 +379,11 @@ tasks: iscommand: false brand: "" nexttasks: - No: - - "51" Finish Playbook: - "30" - Yes: + "No": + - "51" + "Yes": - "76" separatecontext: false continueonerrortype: "" @@ -837,6 +837,7 @@ tasks: nexttasks: '#none#': - "79" + - "83" separatecontext: false continueonerrortype: "" view: |- @@ -927,8 +928,7 @@ tasks: autoResourceRemediation: simple: "False" autoUserRemediation: - complex: - root: inputs.autoUserRemediationautoUserRemediation + simple: ${inputs.autoUserRemediation} cloudProvider: complex: root: alert @@ -964,7 +964,7 @@ tasks: view: |- { "position": { - "x": 680, + "x": 930, "y": 2040 } } @@ -1113,6 +1113,10 @@ tasks: simple: "1" AzureSearchTime: simple: ago(1d) + GcpProjectName: + complex: + root: alert.cloudproject + accessor: cloudproject GcpTimeSearchFrom: simple: "1" MfaAttemptThreshold: @@ -1144,10 +1148,6 @@ tasks: accessor: cloudprovider failedLogonThreshold: simple: "20" - GcpProjectName: - complex: - root: alert.cloudproject - accessor: cloudproject separatecontext: true continueonerrortype: "" loop: @@ -1169,19 +1169,199 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false + "83": + id: "83" + taskid: af782aef-ba76-45b9-87a3-e6e385bebb1e + type: condition + task: + id: af782aef-ba76-45b9-87a3-e6e385bebb1e + version: -1 + name: Should rotate the credentials automatically? + description: Whether to rotate the credentials automatically. + type: condition + iscommand: false + brand: "" + nexttasks: + '#default#': + - "31" + "yes": + - "84" + separatecontext: false + conditions: + - label: "yes" + condition: + - - operator: isEqualString + left: + value: + simple: inputs.autoUserRemediation + iscontext: true + right: + value: + simple: "true" + ignorecase: true + continueonerrortype: "" + view: |- + { + "position": { + "x": 430, + "y": 2040 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false + "84": + id: "84" + taskid: ff0f8a46-1a28-46b7-81bf-512130aefb3a + type: playbook + task: + id: ff0f8a46-1a28-46b7-81bf-512130aefb3a + version: -1 + name: Cloud Credentials Rotation - Generic + description: |- + ## **Cloud Credentials Rotation - Generic** + + This comprehensive playbook combines the remediation steps from AWS, Azure, and GCP sub-playbooks into a single, cohesive guide. Regardless of which Cloud Service Provider (CSP) you're working with, this playbook will direct you to the relevant steps, ensuring swift and effective response. + + The primary objective is to offer an efficient way to address compromised credentials across different cloud platforms. By consolidating the key steps from AWS, Azure, and GCP, it minimizes the time spent searching for platform-specific procedures and accelerates the remediation process, ensuring the highest level of security for your cloud environments. + + ## **Integrations for Each Sub-Playbook** + + In order to seamlessly execute the actions mentioned in each sub-playbook, specific integrations are essential. These integrations facilitate the automated tasks and processes that the playbook carries out. Here are the required integrations for each sub-playbook: + + ### **AWS Sub-Playbook:** + 1. [**AWS - IAM**](https://xsoar.pan.dev/docs/reference/integrations/aws---iam): Used to manage AWS Identity and Access Management. + 2. [**AWS - EC2**](https://xsoar.pan.dev/docs/reference/integrations/aws---ec2): Essential for managing Amazon Elastic Compute Cloud (EC2) instances. + + ### **GCP Sub-Playbook:** + 1. [**Google Workspace Admin**](https://xsoar.pan.dev/docs/reference/integrations/g-suite-admin): Manages users, groups, and other entities within Google Workspace. + 2. [**GCP-IAM**](https://xsoar.pan.dev/docs/reference/integrations/gcp-iam): Ensures management and control of GCP's Identity and Access Management. + + ### **Azure Sub-Playbook:** + 1. [**Microsoft Graph Users**](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-user): Manages users and related entities in Microsoft Graph. + 2. [**Microsoft Graph Applications**](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-applications): Manages applications within Microsoft Graph. + playbookName: Cloud Credentials Rotation - Generic + type: playbook + iscommand: false + brand: "" + nexttasks: + '#none#': + - "31" + scriptarguments: + AWS-accessKeyID: + simple: ${Core.OriginalAlert.event.identity_orig.accessKeyId} + AWS-instanceID: + complex: + root: alert.username + filters: + - - operator: containsGeneral + left: + value: + simple: alert.username + iscontext: true + right: + value: + simple: i- + transformers: + - operator: Cut + args: + delimiter: + value: + simple: / + fields: + value: + simple: "2" + AWS-newInstanceProfileName: + simple: ${inputs.AWS-newInstanceProfileName} + AWS-newRoleName: + simple: ${inputs.AWS-newRoleName} + AWS-roleNameToRestrict: + simple: ${inputs.AWS-roleNameToRestrict} + AWS-userID: + simple: ${alert.username} + Azure-AppID: + simple: ${Core.OriginalAlert.event.identity_orig.claims.appid} + Azure-ObjectID: + complex: + root: Core.OriginalAlert.event.identity_orig + accessor: claims + transformers: + - operator: Stringify + - operator: RegexExtractAll + args: + error_if_no_match: {} + ignore_case: {} + multi_line: {} + period_matches_newline: {} + regex: + value: + simple: http://schemas.microsoft.com/identity/claims/objectidentifier":"\w{8}\-\w{4}\-\w{4}\-\w{4}\-\w{12} + unpack_matches: {} + - operator: ExtractInbetween + args: + from: + value: + simple: http://schemas.microsoft.com/identity/claims/objectidentifier":" + to: + value: + simple: '"' + Azure-userID: + simple: ${alert.username} + GCP-SAEmail: + simple: ${Core.OriginalAlert.event.identity_orig.principalEmail} + GCP-cloudProject: + simple: ${alert.cloudproject} + GCP-userID: + simple: ${alert.username} + GCP-zone: + simple: ${Core.OriginalAlert.event.zone} + RemediationType: + simple: ${inputs.credentialsRemediationType} + cloudProvider: + simple: ${alert.cloudprovider} + identityType: + simple: ${alert.cloudidentitytype} + shouldCloneSA: + simple: ${inputs.shouldCloneSA} + separatecontext: true + continueonerrortype: "" + loop: + iscommand: false + exitCondition: "" + wait: 1 + max: 100 + view: |- + { + "position": { + "x": 430, + "y": 2230 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: true + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false view: |- { "linkLabelsPosition": { "32_47_#default#": 0.28, "32_64_Malicious": 0.21, - "37_51_False Positive": 0.58, - "37_76_True Positive": 0.43, + "37_30_Finish Playbook": 0.15, "61_57_#default#": 0.61, - "61_64_yes": 0.35 + "61_64_yes": 0.35, + "83_31_#default#": 0.38, + "83_84_yes": 0.44 }, "paper": { "dimensions": { - "height": 2565, + "height": 2755, "width": 1710, "x": 280, "y": -120 @@ -1201,6 +1381,48 @@ inputs: required: false description: 'Whether to execute the block remediation automatically. (Default: False)' playbookInputQuery: +- key: credentialsRemediationType + value: + simple: Reset + required: false + description: |- + The response playbook provides the following remediation actions using AWS, MSGraph Users, GCP and GSuite Admin: + + Reset: By entering "Reset" in the input, the playbook will execute password reset. + Supports: AWS, MSGraph Users, GCP and GSuite Admin. + + Revoke: By entering "Revoke" in the input, the GCP will revoke the access key, GSuite Admin will revoke the access token and the MSGraph Users will revoke the session. + Supports: GCP, GSuite Admin and MSGraph Users. + + Deactivate - By entering "Deactivate" in the input, the playbook will execute access key deactivation. + Supports: AWS. + + ALL: By entering "ALL" in the input, the playbook will execute the all remediation actions provided for each CSP. + playbookInputQuery: +- key: shouldCloneSA + value: + simple: "False" + required: false + description: |- + Whether to clone the compromised SA before putting a deny policy to it. + Supports: AWS. + True/False + playbookInputQuery: +- key: AWS-newInstanceProfileName + value: {} + required: false + description: The new instance profile name to assign in the clone service account flow. + playbookInputQuery: +- key: AWS-newRoleName + value: {} + required: false + description: The new role name to assign in the clone service account flow. + playbookInputQuery: +- key: AWS-roleNameToRestrict + value: {} + required: false + description: If provided, the role will be attached with a deny policy without the compute instance analysis flow. + playbookInputQuery: outputs: [] tests: - No tests (auto formatted) diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Data_Exfiltration_Response_README.md b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Data_Exfiltration_Response_README.md index 85d4bdd4b975..8cfcd4fa015e 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Data_Exfiltration_Response_README.md +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Data_Exfiltration_Response_README.md @@ -16,10 +16,11 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks -* Cloud Response - Generic -* Cloud Threat Hunting - Persistence * Cloud User Investigation - Generic +* Cloud Threat Hunting - Persistence * Handle False Positive Alerts +* Cloud Credentials Rotation - Generic +* Cloud Response - Generic ### Integrations @@ -27,14 +28,14 @@ This playbook does not use any integrations. ### Scripts -* SearchAlertsV2 +* SearchIncidentsV2 ### Commands -* core-get-IP-analytics-prevalence -* core-get-cloud-original-alerts * ip * closeInvestigation +* core-get-cloud-original-alerts +* core-get-IP-analytics-prevalence ## Playbook Inputs @@ -44,6 +45,11 @@ This playbook does not use any integrations. | --- | --- | --- | --- | | autoUserRemediation | Whether to execute the user remediation automatically. \(Default: False\) | False | Optional | | autoBlockIndicators | Whether to execute the block remediation automatically. \(Default: False\) | False | Optional | +| credentialsRemediationType | The response playbook provides the following remediation actions using AWS, MSGraph Users, GCP and GSuite Admin:

Reset: By entering "Reset" in the input, the playbook will execute password reset.
Supports: AWS, MSGraph Users, GCP and GSuite Admin.

Revoke: By entering "Revoke" in the input, the GCP will revoke the access key, GSuite Admin will revoke the access token and the MSGraph Users will revoke the session.
Supports: GCP, GSuite Admin and MSGraph Users.

Deactivate - By entering "Deactivate" in the input, the playbook will execute access key deactivation.
Supports: AWS.

ALL: By entering "ALL" in the input, the playbook will execute the all remediation actions provided for each CSP. | Reset | Optional | +| shouldCloneSA | Whether to clone the compromised SA before putting a deny policy to it.
Supports: AWS.
True/False | False | Optional | +| newInstanceProfileName | The new instance profile name to assign in the clone service account flow. | | Optional | +| AWS-newRoleName | The new role name to assign in the clone service account flow. | | Optional | +| AWS-roleNameToRestrict | If provided, the role will be attached with a deny policy without the compute instance analysis flow. | | Optional | ## Playbook Outputs diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_IAM_User_Access_Investigation.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_IAM_User_Access_Investigation.yml index 2c10970abd1d..c8d4273278d8 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_IAM_User_Access_Investigation.yml +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_IAM_User_Access_Investigation.yml @@ -56,6 +56,7 @@ tasks: nexttasks: '#none#': - "81" + - "87" separatecontext: false continueonerrortype: "" view: |- @@ -89,8 +90,8 @@ tasks: view: |- { "position": { - "x": 550, - "y": 2450 + "x": 1220, + "y": 2620 } } note: false @@ -202,7 +203,7 @@ tasks: task: id: 9bc32470-1e47-447a-8a0b-f41a4049394c version: -1 - name: Close the alert automatically after remediation? + name: Close the alert and finish the investigation? description: Close the alert and finish the investigation? type: condition iscommand: false @@ -230,7 +231,7 @@ tasks: { "position": { "x": 550, - "y": 2110 + "y": 2280 } } note: false @@ -247,7 +248,7 @@ tasks: task: id: 2c77b9cd-84ff-48cc-86cd-a3cb3f439314 version: -1 - name: Close the alert automatically + name: Close alert after remediation description: commands.local.cmd.close.inv script: Builtin|||closeInvestigation type: regular @@ -265,7 +266,7 @@ tasks: { "position": { "x": 770, - "y": 2280 + "y": 2450 } } note: false @@ -375,7 +376,7 @@ tasks: task: id: 62cfaa81-81fb-4166-8f73-e3e903c5e3c5 version: -1 - name: Close the alert manually + name: Continue the investigation description: Continue the investigation. type: regular iscommand: false @@ -389,7 +390,7 @@ tasks: { "position": { "x": 320, - "y": 2280 + "y": 2450 } } note: false @@ -811,8 +812,8 @@ tasks: task: id: 03fb2c84-97c4-4a5e-86d9-14eaffeb57bb version: -1 - name: Set Incident Severity to High - description: commands.local.cmd.set.parent.incident.field + name: Set Alert Severity to High + description: commands.local.cmd.set.parent.alert.field script: Builtin|||setParentIncidentFields type: regular iscommand: true @@ -980,6 +981,192 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false + "86": + id: "86" + taskid: 0126e6bb-4904-4b01-859b-1e238fbbc0f4 + type: playbook + task: + id: 0126e6bb-4904-4b01-859b-1e238fbbc0f4 + version: -1 + name: Cloud Credentials Rotation - Generic + description: |- + ## **Cloud Credentials Rotation - Generic** + + This comprehensive playbook combines the remediation steps from AWS, Azure, and GCP sub-playbooks into a single, cohesive guide. Regardless of which Cloud Service Provider (CSP) you're working with, this playbook will direct you to the relevant steps, ensuring swift and effective response. + + The primary objective is to offer an efficient way to address compromised credentials across different cloud platforms. By consolidating the key steps from AWS, Azure, and GCP, it minimizes the time spent searching for platform-specific procedures and accelerates the remediation process, ensuring the highest level of security for your cloud environments. + + ## **Integrations for Each Sub-Playbook** + + In order to seamlessly execute the actions mentioned in each sub-playbook, specific integrations are essential. These integrations facilitate the automated tasks and processes that the playbook carries out. Here are the required integrations for each sub-playbook: + + ### **AWS Sub-Playbook:** + 1. [**AWS - IAM**](https://xsoar.pan.dev/docs/reference/integrations/aws---iam): Used to manage AWS Identity and Access Management. + 2. [**AWS - EC2**](https://xsoar.pan.dev/docs/reference/integrations/aws---ec2): Essential for managing Amazon Elastic Compute Cloud (EC2) instances. + + ### **GCP Sub-Playbook:** + 1. [**Google Workspace Admin**](https://xsoar.pan.dev/docs/reference/integrations/g-suite-admin): Manages users, groups, and other entities within Google Workspace. + 2. [**GCP-IAM**](https://xsoar.pan.dev/docs/reference/integrations/gcp-iam): Ensures management and control of GCP's Identity and Access Management. + + ### **Azure Sub-Playbook:** + 1. [**Microsoft Graph Users**](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-user): Manages users and related entities in Microsoft Graph. + 2. [**Microsoft Graph Applications**](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-applications): Manages applications within Microsoft Graph. + playbookName: Cloud Credentials Rotation - Generic + type: playbook + iscommand: false + brand: "" + nexttasks: + '#none#': + - "57" + scriptarguments: + AWS-accessKeyID: + simple: ${Core.OriginalAlert.event.identity_orig.accessKeyId} + AWS-instanceID: + complex: + root: alert.username + filters: + - - operator: containsGeneral + left: + value: + simple: alert.username + iscontext: true + right: + value: + simple: i- + transformers: + - operator: Cut + args: + delimiter: + value: + simple: / + fields: + value: + simple: "2" + AWS-newInstanceProfileName: + simple: ${inputs.AWS-newInstanceProfileName} + AWS-newRoleName: + simple: ${inputs.AWS-newRoleName} + AWS-roleNameToRestrict: + simple: ${inputs.AWS-roleNameToRestrict} + AWS-userID: + simple: ${alert.username} + Azure-AppID: + simple: ${Core.OriginalAlert.event.identity_orig.claims.appid} + Azure-ObjectID: + complex: + root: Core.OriginalAlert.event.identity_orig + accessor: claims + transformers: + - operator: Stringify + - operator: RegexExtractAll + args: + error_if_no_match: {} + ignore_case: {} + multi_line: {} + period_matches_newline: {} + regex: + value: + simple: http://schemas.microsoft.com/identity/claims/objectidentifier":"\w{8}\-\w{4}\-\w{4}\-\w{4}\-\w{12} + unpack_matches: {} + - operator: ExtractInbetween + args: + from: + value: + simple: http://schemas.microsoft.com/identity/claims/objectidentifier":" + to: + value: + simple: '"' + Azure-userID: + simple: ${alert.username} + GCP-SAEmail: + simple: ${Core.OriginalAlert.event.identity_orig.principalEmail} + GCP-cloudProject: + simple: ${alert.cloudproject} + GCP-userID: + simple: ${alert.username} + GCP-zone: + simple: ${Core.OriginalAlert.event.zone} + RemediationType: + simple: ${inputs.credentialsRemediationType} + cloudProvider: + simple: ${alert.cloudprovider} + identityType: + simple: ${alert.cloudidentitytype} + shouldCloneSA: + simple: ${inputs.shouldCloneSA} + separatecontext: true + continueonerrortype: "" + loop: + iscommand: false + exitCondition: "" + wait: 1 + max: 100 + view: |- + { + "position": { + "x": 110, + "y": 2110 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: true + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false + "87": + id: "87" + taskid: 06456a85-ca31-4637-844b-2fd3dfce9a41 + type: condition + task: + id: 06456a85-ca31-4637-844b-2fd3dfce9a41 + version: -1 + name: Should rotate the credentials automatically? + description: Whether to rotate the credentials automatically. + type: condition + iscommand: false + brand: "" + nexttasks: + "yes": + - "86" + separatecontext: false + conditions: + - label: "yes" + condition: + - - operator: isEqualString + left: + value: + simple: inputs.autoAccessKeyRemediation + iscontext: true + right: + value: + simple: "true" + ignorecase: true + - operator: isEqualString + left: + value: + simple: inputs.autoUserRemediation + iscontext: true + right: + value: + simple: "true" + ignorecase: true + continueonerrortype: "" + view: |- + { + "position": { + "x": 110, + "y": 1930 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false view: |- { "linkLabelsPosition": { @@ -987,9 +1174,9 @@ view: |- }, "paper": { "dimensions": { - "height": 2705, - "width": 1310, - "x": 290, + "height": 2875, + "width": 1490, + "x": 110, "y": -190 } } @@ -1019,6 +1206,24 @@ inputs: required: false description: Whether to execute the user remediation flow automatically. playbookInputQuery: +- key: credentialsRemediationType + value: + simple: "Reset" + required: false + description: |- + The response playbook provides the following remediation actions using AWS, MSGraph Users, GCP and GSuite Admin: + + Reset: By entering "Reset" in the input, the playbook will execute password reset. + Supports: AWS, MSGraph Users, GCP and GSuite Admin. + + Revoke: By entering "Revoke" in the input, the GCP will revoke the access key, GSuite Admin will revoke the access token and the MSGraph Users will revoke the session. + Supports: GCP, GSuite Admin and MSGraph Users. + + Deactivate - By entering "Deactivate" in the input, the playbook will execute access key deactivation. + Supports: AWS. + + ALL: By entering "ALL" in the input, the playbook will execute the all remediation actions provided for each CSP. + playbookInputQuery: - key: AWS-accessKeyRemediationType value: simple: Disable @@ -1041,6 +1246,28 @@ inputs: Delete - for deleting the user. Revoke - for revoking the user's credentials. playbookInputQuery: +- key: shouldCloneSA + value: {} + required: false + description: |- + Whether to clone the compromised SA before putting a deny policy to it. + True/False + playbookInputQuery: +- key: AWS-newRoleName + value: {} + required: false + description: The name of the new role to create if the analyst decides to clone the service account. + playbookInputQuery: +- key: AWS-newInstanceProfileName + value: {} + required: false + description: The name of the new instance profile to create if the analyst decides to clone the service account. + playbookInputQuery: +- key: AWS-roleNameToRestrict + value: {} + required: false + description: If provided, the role will be attached with a deny policy without the compute instance analysis flow. + playbookInputQuery: - key: Azure-userRemediationType value: simple: Disable @@ -1179,16 +1406,21 @@ inputSections: - inputs: - ShouldCloseAutomatically name: Alert Management - description: Alert management settings and data, including escalation processes, user engagements, and ticketing methods. + description: Alert management settings and data, including escalation processes, user engagements, and ticketing methods - inputs: - autoAccessKeyRemediation - autoBlockIndicators - autoUserRemediation + - credentialsRemediationType name: Remediation description: Remediation settings and data, including containment, eradication, and recovery. - inputs: - AWS-accessKeyRemediationType - AWS-userRemediationType + - shouldCloneSA + - AWS-newRoleName + - AWS-newInstanceProfileName + - AWS-roleNameToRestrict name: AWS Remediation description: AWS Remediation settings and data, including containment, eradication, and recovery. - inputs: diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_IAM_User_Access_Investigation_README.md b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_IAM_User_Access_Investigation_README.md index 73ef71a75b89..84b9735b6cfc 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_IAM_User_Access_Investigation_README.md +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_IAM_User_Access_Investigation_README.md @@ -11,10 +11,11 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks * Ticket Management - Generic -* Cloud IAM Enrichment - Generic * Cloud Response - Generic +* Cloud IAM Enrichment - Generic * Enrichment for Verdict * Handle False Positive Alerts +* Cloud Credentials Rotation - Generic ### Integrations @@ -26,9 +27,9 @@ This playbook does not use any integrations. ### Commands +* setParentIncidentFields * core-get-cloud-original-alerts * closeInvestigation -* setParentIncidentFields ## Playbook Inputs @@ -40,8 +41,13 @@ This playbook does not use any integrations. | autoAccessKeyRemediation | Whether to execute the user remediation flow automatically. | False | Optional | | autoBlockIndicators | Whether to block the indicators automatically. | True | Optional | | autoUserRemediation | Whether to execute the user remediation flow automatically. | False | Optional | +| credentialsRemediationType | The response playbook provides the following remediation actions using AWS, MSGraph Users, GCP and GSuite Admin:

Reset: By entering "Reset" in the input, the playbook will execute password reset.
Supports: AWS, MSGraph Users, GCP and GSuite Admin.

Revoke: By entering "Revoke" in the input, the GCP will revoke the access key, GSuite Admin will revoke the access token and the MSGraph Users will revoke the session.
Supports: GCP, GSuite Admin and MSGraph Users.

Deactivate - By entering "Deactivate" in the input, the playbook will execute access key deactivation.
Supports: AWS.

ALL: By entering "ALL" in the input, the playbook will execute the all remediation actions provided for each CSP. | | Optional | | AWS-accessKeyRemediationType | Choose the remediation type for the user's access key.

AWS available types:
Disable - for disabling the user's access key.
Delete - for deleting the user's access key. | Disable | Optional | | AWS-userRemediationType | Choose the remediation type for the user involved.

AWS available types:
Delete - for deleting the user.
Revoke - for revoking the user's credentials. | Revoke | Optional | +| shouldCloneSA | Whether to clone the compromised SA before putting a deny policy to it.
True/False | | Optional | +| AWS-newRoleName | The name of the new role to create if the analyst decides to clone the service account. | | Optional | +| AWS-newInstanceProfileName | The name of the new instance profile to create if the analyst decides to clone the service account. | | Optional | +| AWS-roleNameToRestrict | If provided, the role will be attached with a deny policy without the compute instance analysis flow. | | Optional | | Azure-userRemediationType | Choose the remediation type for the user involved.

Azure available types:
Disable - for disabling the user.
Delete - for deleting the user. | Disable | Optional | | GCP-accessKeyRemediationType | Choose the remediation type for the user's access key.

GCP available types:
Disable - For disabling the user's access key.
Delete - For deleting the user's access key. | Disable | Optional | | GCP-userRemediationType | Choose the remediation type for the user involved.

GCP available types:
Delete - For deleting the user.
Disable - For disabling the user. | Disable | Optional | diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml index 855d81b00221..3ef683b4cee7 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml @@ -250,9 +250,7 @@ tasks: - - operator: containsGeneral left: value: - complex: - root: Core.OriginalAlert.[0].event - accessor: caller_ip_asn_org + simple: Core.OriginalAlert.event.caller_ip_asn_org iscontext: true right: value: @@ -261,9 +259,7 @@ tasks: - operator: containsGeneral left: value: - complex: - root: Core.OriginalAlert.[0].event - accessor: caller_ip_asn_org + simple: Core.OriginalAlert.event.caller_ip_asn_org iscontext: true right: value: @@ -271,9 +267,7 @@ tasks: - operator: containsGeneral left: value: - complex: - root: Core.OriginalAlert.[0].event - accessor: caller_ip_asn_org + simple: Core.OriginalAlert.event.caller_ip_asn_org iscontext: true right: value: @@ -318,9 +312,7 @@ tasks: - - operator: isEqualNumber left: value: - complex: - root: alertJson.raw_abioc.event - accessor: cloud_agent_external_ip_days_seen_count + simple: Core.OriginalAlert.event.cloud_agent_external_ip_days_seen_count iscontext: true right: value: @@ -328,9 +320,7 @@ tasks: - - operator: isEqualNumber left: value: - complex: - root: alertJson.raw_abioc.event - accessor: cloud_caller_ip_asn_count_distinct_cloud_best_identity + simple: Core.OriginalAlert.event.cloud_caller_ip_asn_count_distinct_cloud_best_identity iscontext: true right: value: diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict_README.md b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict_README.md index 82231184e0dd..05424d44ee78 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict_README.md +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict_README.md @@ -1,3 +1,5 @@ +--- + ## Cloud Token Theft - Set Verdict Playbook The playbook is built from a decision tree whose ultimate goal is to decide whether the observed activity is malicious. @@ -19,6 +21,8 @@ The following tests are performed on the observed activity: - Possible cloud instance metadata service (IMDS) abuse. - Impossible Traveler by cloud identity. +--- + ## Dependencies This playbook uses the following sub-playbooks, integrations, and scripts. @@ -33,12 +37,11 @@ This playbook does not use any integrations. ### Scripts -* getAlerts * Set ### Commands -This playbook does not use any commands. +* getAlerts ## Playbook Inputs @@ -47,7 +50,7 @@ This playbook does not use any commands. | **Name** | **Description** | **Default Value** | **Required** | | --- | --- | --- | --- | | sourceIP | The source IP to search by additional alerts. | | Optional | -| fromDate | The start date for the search additional alerts task.

Filter by from date \(e.g. "3 days ago" or 2006-01-02T15:04:05\+07:00 or 2006-01-02T15:04:05Z\) | | Optional | +| fromDate | The start date for the search additional alerts task.

Filter by from date \(e.g., "3 days ago" or 2006-01-02T15:04:05\+07:00 or 2006-01-02T15:04:05Z\) | | Optional | ## Playbook Outputs diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_Response.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_Response.yml index 34d55330db46..7556d269572e 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_Response.yml +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_Response.yml @@ -1,60 +1,26 @@ id: Cloud Token Theft Response version: -1 name: Cloud Token Theft Response -description: |- - --- - - ## Cloud Token Theft Response Playbook - - The **Cloud Token Theft Response Playbook** provides a structured and comprehensive flow to effectively respond to and mitigate alerts involving the theft of cloud tokens. The playbook supports AWS, GCP, and Azure and executes the following: - - **Cloud Enrichment:** - - Enriches the involved resources - - Enriches the involved identities - - Enriches the involved IPs - - **Verdict Decision Tree:** - - Determines the appropriate verdict based on the investigation findings - - **Early Containment using the Cloud Response - Generic Playbook:** - - Implements early containment measures to prevent further impact - - **Cloud Persistence Threat Hunting:** - - Conducts threat hunting activities to identify any cloud persistence techniques - - **Enriching and Responding to Hunting Findings:** - - Performs additional enrichment and responds to the findings from threat hunting - - **Verdict Handling:** - - Handles false positives identified during the investigation - - Handles true positives by initiating appropriate response actions - - --- -starttaskid: "0" +description: "---\n\n## Cloud Token Theft Response Playbook\n\nThe **Cloud Token Theft Response Playbook** provides a structured and comprehensive flow to effectively respond to and mitigate alerts involving the theft of cloud tokens. The playbook supports AWS, GCP, and Azure and executes the following:\n\n**Cloud Enrichment:**\n- Enriches the involved resources\n- Enriches the involved identities\n- Enriches the involved IPs\n\n**Verdict Decision Tree:**\n- Determines the appropriate verdict based on the investigation findings\n\n**Early Containment using the Cloud Response - Generic Playbook:**\n- Implements early containment measures to prevent further impact\n\n**Cloud Persistence Threat Hunting:**\n- Conducts threat hunting activities to identify any cloud persistence techniques\n\n**Enriching and Responding to Hunting Findings:**\n- Performs additional enrichment and responds to the findings from threat hunting\n\n**Verdict Handling:**\n- Handles false positives identified during the investigation\n- Handles true positives by initiating appropriate response actions\n\n---" +starttaskid: '0' tasks: - "0": - id: "0" + '0': + id: '0' taskid: 72cf7e2b-9a6f-4a1b-821e-f4679e486af5 type: start task: id: 72cf7e2b-9a6f-4a1b-821e-f4679e486af5 version: -1 - name: "" + name: '' iscommand: false - brand: "" + brand: '' description: '' nexttasks: '#none#': - - "1" + - '1' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": -230, - "y": -1470 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": -230,\n \"y\": -1380\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -62,8 +28,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "1": - id: "1" + '1': + id: '1' taskid: e611d3ea-534f-46c9-8647-e82036bbb2d1 type: regular task: @@ -74,27 +40,21 @@ tasks: script: '|||core-get-cloud-original-alerts' type: regular iscommand: true - brand: "" + brand: '' nexttasks: '#none#': - - "2" + - '3' scriptarguments: alert_ids: complex: root: inputs.alert_id - extend-context: - simple: alertData= + filter_alert_fields: + simple: 'false' ignore-outputs: - simple: "false" + simple: 'false' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": -230, - "y": -1340 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": -230,\n \"y\": -1250\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -109,49 +69,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "2": - id: "2" - taskid: 17724863-d960-46ad-8a11-8f42cbf47f0e - type: regular - task: - id: 17724863-d960-46ad-8a11-8f42cbf47f0e - version: -1 - name: Load alert JSON - description: Loads a JSON from a string input, and returns a JSON object result. - scriptName: LoadJSON - type: regular - iscommand: false - brand: "" - nexttasks: - '#none#': - - "3" - scriptarguments: - extend-context: - simple: alertJson= - ignore-outputs: - simple: "true" - input: - complex: - root: alertData.alerts - accessor: original_alert_json - separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": -230, - "y": -1180 - } - } - note: false - timertriggers: [] - ignoreworker: false - skipunavailable: false - quietmode: 0 - isoversize: false - isautoswitchedtoquietmode: false - "3": - id: "3" + '3': + id: '3' taskid: 98397e62-31c7-4b49-876f-a6c4210260ee type: title task: @@ -160,20 +79,14 @@ tasks: name: Check VPN type: title iscommand: false - brand: "" + brand: '' description: '' nexttasks: '#none#': - - "54" + - '54' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": -230, - "y": -1020 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": -230,\n \"y\": -1090\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -181,37 +94,22 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "4": - id: "4" + '4': + id: '4' taskid: a505e901-1a19-4c54-89a5-5679da10c8e7 type: playbook task: id: a505e901-1a19-4c54-89a5-5679da10c8e7 version: -1 name: Cloud Enrichment - Generic - description: |- - --- - - ## Generic Cloud Enrichment Playbook - - The **Cloud Enrichment - Generic Playbook** is designed to unify all the relevant playbooks concerning the enrichment of information in the cloud. It provides a standardized approach to enriching information in cloud environments. - - ### Supported Blocks - - 1. **Cloud IAM Enrichment - Generic** - - Enriches information related to Identity and Access Management (IAM) in the cloud. - - 2. **Cloud Compute Enrichment - Generic** - - Enriches information related to cloud compute resources. - - --- + description: "---\n\n## Generic Cloud Enrichment Playbook\n\nThe **Cloud Enrichment - Generic Playbook** is designed to unify all the relevant playbooks concerning the enrichment of information in the cloud. It provides a standardized approach to enriching information in cloud environments.\n\n### Supported Blocks\n\n1. **Cloud IAM Enrichment - Generic**\n - Enriches information related to Identity and Access Management (IAM) in the cloud.\n\n2. **Cloud Compute Enrichment - Generic**\n - Enriches information related to cloud compute resources.\n\n---" playbookName: Cloud Enrichment - Generic type: playbook iscommand: false - brand: "" + brand: '' nexttasks: '#none#': - - "6" + - '6' scriptarguments: cloudProvider: complex: @@ -222,19 +120,13 @@ tasks: root: alert accessor: username separatecontext: true - continueonerrortype: "" + continueonerrortype: '' loop: iscommand: false - exitCondition: "" + exitCondition: '' wait: 1 max: 100 - view: |- - { - "position": { - "x": -640, - "y": 280 - } - } + view: "{\n \"position\": {\n \"x\": -640,\n \"y\": 210\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -242,8 +134,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "5": - id: "5" + '5': + id: '5' taskid: 296536c2-e825-421c-8e77-d23c4858e540 type: title task: @@ -252,20 +144,14 @@ tasks: name: Threat Hunting type: title iscommand: false - brand: "" + brand: '' description: '' nexttasks: '#none#': - - "44" + - '44' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 450, - "y": 1570 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 450,\n \"y\": 1700\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -273,8 +159,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "6": - id: "6" + '6': + id: '6' taskid: 506a830b-e106-49bb-884d-3046683e101d type: title task: @@ -283,20 +169,14 @@ tasks: name: Analysis type: title iscommand: false - brand: "" + brand: '' description: '' nexttasks: '#none#': - - "42" + - '42' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": -230, - "y": 450 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": -230,\n \"y\": 380\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -304,8 +184,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "8": - id: "8" + '8': + id: '8' taskid: 99b32157-a4b5-4ad2-8949-3664187f3f1a type: condition task: @@ -315,12 +195,12 @@ tasks: description: Checks which verdict was received by the Cloud Token Theft - Set Verdict playbook. type: condition iscommand: false - brand: "" + brand: '' nexttasks: '#default#': - - "49" + - '49' Malicious: - - "50" + - '50' separatecontext: false conditions: - label: Malicious @@ -335,14 +215,8 @@ tasks: value: simple: Malicious ignorecase: true - continueonerrortype: "" - view: |- - { - "position": { - "x": -230, - "y": 750 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": -230,\n \"y\": 680\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -350,29 +224,27 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "9": - id: "9" + '9': + id: '9' taskid: d9455fee-7caf-46ac-8026-364883bdbc26 type: playbook task: id: d9455fee-7caf-46ac-8026-364883bdbc26 version: -1 name: Handle False Positive Alerts - description: | - This playbook handles false positive alerts. - It creates an alert exclusion or alert exception, or adds a file to an allow list based on the alert fields and playbook inputs. + description: "This playbook handles false positive alerts.\nIt creates an alert exclusion or alert exception, or adds a file to an allow list based on the alert fields and playbook inputs.\n" playbookName: Handle False Positive Alerts type: playbook iscommand: false - brand: "" + brand: '' nexttasks: '#none#': - - "41" + - '41' scriptarguments: ShouldCloseAutomatically: - simple: "False" + simple: 'False' ShouldHandleFPautomatically: - simple: "False" + simple: 'False' alertName: complex: root: alert @@ -386,19 +258,13 @@ tasks: root: alert accessor: username separatecontext: true - continueonerrortype: "" + continueonerrortype: '' loop: iscommand: false - exitCondition: "" + exitCondition: '' wait: 1 max: 100 - view: |- - { - "position": { - "x": -230, - "y": 3005 - } - } + view: "{\n \"position\": {\n \"x\": -230,\n \"y\": 3005\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -406,32 +272,22 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "10": - id: "10" + '10': + id: '10' taskid: 0b5c42f1-1adc-47e1-85be-b74017596364 type: playbook task: id: 0b5c42f1-1adc-47e1-85be-b74017596364 version: -1 name: Cloud Response - Generic - description: |- - This playbook provides response playbooks for: - - AWS - - Azure - - GCP - - The response actions available are: - - Terminate/Shut down/Power off an instance - - Delete/Disable a user - - Delete/Revoke/Disable credentials - - Block indicators + description: "This playbook provides response playbooks for:\n- AWS\n- Azure\n- GCP\n\nThe response actions available are:\n- Terminate/Shut down/Power off an instance\n- Delete/Disable a user\n- Delete/Revoke/Disable credentials\n- Block indicators" playbookName: Cloud Response - Generic type: playbook iscommand: false - brand: "" + brand: '' nexttasks: '#none#': - - "5" + - '5' scriptarguments: AWS-userRemediationType: simple: Revoke @@ -442,35 +298,25 @@ tasks: GCP-userRemediationType: simple: Disable autoAccessKeyRemediation: - simple: "False" + simple: 'False' autoBlockIndicators: - simple: "True" + simple: 'True' autoResourceRemediation: - simple: "False" + simple: 'False' autoUserRemediation: - simple: "False" + simple: 'False' cloudProvider: - complex: - root: alert.cloudprovider - accessor: '[0]' + simple: ${alert.cloudprovider} username: - complex: - root: alert.username - accessor: '[0]' + simple: ${alert.username} separatecontext: false - continueonerrortype: "" + continueonerrortype: '' loop: iscommand: false - exitCondition: "" + exitCondition: '' wait: 1 max: 100 - view: |- - { - "position": { - "x": 450, - "y": 1410 - } - } + view: "{\n \"position\": {\n \"x\": 1170,\n \"y\": 1340\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -478,8 +324,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "11": - id: "11" + '11': + id: '11' taskid: 6ec57530-4216-4d77-8f85-35d0df561827 type: title task: @@ -488,20 +334,15 @@ tasks: name: Early Containment type: title iscommand: false - brand: "" + brand: '' description: '' nexttasks: '#none#': - - "10" + - '10' + - '62' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 450, - "y": 1280 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 720,\n \"y\": 1200\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -509,8 +350,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "14": - id: "14" + '14': + id: '14' taskid: 89ca3353-c319-48a6-82ab-3c18ad78136e type: title task: @@ -520,20 +361,14 @@ tasks: description: This script will extract indicators from the given AWS CloudTrail, GCP Logging, or Azure Log Analytics event data. type: title iscommand: false - brand: "" + brand: '' nexttasks: '#none#': - - "47" - - "46" + - '47' + - '46' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 450, - "y": 1890 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 450,\n \"y\": 2010\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -541,8 +376,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "15": - id: "15" + '15': + id: '15' taskid: 94a1e1eb-6884-4f7a-8262-f4cf8179b2d6 type: title task: @@ -551,20 +386,14 @@ tasks: name: Containment type: title iscommand: false - brand: "" + brand: '' description: '' nexttasks: '#none#': - - "51" + - '51' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 890, - "y": 2530 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 890,\n \"y\": 2530\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -572,8 +401,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "19": - id: "19" + '19': + id: '19' taskid: 866c90ea-1631-4f35-8c08-dbca5e72b8e8 type: condition task: @@ -583,15 +412,15 @@ tasks: description: Checks if one of the extracted indicators is suspicious or malicious, or if there are any results from the Cloud Threat Hunting - Persistence playbook. type: condition iscommand: false - brand: "" + brand: '' nexttasks: '#default#': - - "20" - "yes": - - "15" + - '20' + yes: + - '15' separatecontext: false conditions: - - label: "yes" + - label: yes condition: - - operator: isNotEmpty left: @@ -606,7 +435,7 @@ tasks: iscontext: true right: value: - simple: "2" + simple: '2' accessor: Indicator iscontext: true right: @@ -630,14 +459,8 @@ tasks: simple: AzureQuery iscontext: true iscontext: true - continueonerrortype: "" - view: |- - { - "position": { - "x": 450, - "y": 2220 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 450,\n \"y\": 2340\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -645,8 +468,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "20": - id: "20" + '20': + id: '20' taskid: 73551cc9-76bd-48f9-8f38-2fef3a302f11 type: title task: @@ -655,20 +478,14 @@ tasks: name: Manual invetigation type: title iscommand: false - brand: "" + brand: '' description: '' nexttasks: '#none#': - - "22" + - '22' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 450, - "y": 2530 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 450,\n \"y\": 2530\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -676,8 +493,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "22": - id: "22" + '22': + id: '22' taskid: 03e6367e-d3af-4622-8f11-d1352c77c619 type: regular task: @@ -687,19 +504,13 @@ tasks: description: You should investigate the data collected manually and choose how the playbook should continue. type: regular iscommand: false - brand: "" + brand: '' nexttasks: '#none#': - - "23" + - '23' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 450, - "y": 2665 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 450,\n \"y\": 2665\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -707,8 +518,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "23": - id: "23" + '23': + id: '23' taskid: adea59ae-46c6-4565-8ab0-ac19f1301c91 type: condition task: @@ -718,21 +529,15 @@ tasks: description: Whether to contain the threats found. type: condition iscommand: false - brand: "" + brand: '' nexttasks: '#default#': - - "9" - "Yes": - - "51" + - '9' + Yes: + - '51' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 450, - "y": 2830 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 450,\n \"y\": 2830\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -740,8 +545,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "34": - id: "34" + '34': + id: '34' taskid: 9a44b2ac-d8e1-42cd-828b-50908be646c9 type: title task: @@ -750,20 +555,14 @@ tasks: name: Eradication type: title iscommand: false - brand: "" + brand: '' description: '' nexttasks: '#none#': - - "36" + - '36' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 450, - "y": 3180 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 450,\n \"y\": 3180\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -771,32 +570,22 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "35": - id: "35" + '35': + id: '35' taskid: 3a8277ea-891b-4edd-853d-c2e6b2bd0c3c type: playbook task: id: 3a8277ea-891b-4edd-853d-c2e6b2bd0c3c version: -1 name: Cloud Response - Generic - description: |- - This playbook provides response playbooks for: - - AWS - - Azure - - GCP - - The response actions available are: - - Terminate/Shut down/Power off an instance - - Delete/Disable a user - - Delete/Revoke/Disable credentials - - Block indicators + description: "This playbook provides response playbooks for:\n- AWS\n- Azure\n- GCP\n\nThe response actions available are:\n- Terminate/Shut down/Power off an instance\n- Delete/Disable a user\n- Delete/Revoke/Disable credentials\n- Block indicators" playbookName: Cloud Response - Generic type: playbook iscommand: false - brand: "" + brand: '' nexttasks: '#none#': - - "37" + - '37' scriptarguments: AWS-accessKeyRemediationType: simple: Delete @@ -819,13 +608,13 @@ tasks: root: CloudIndicators accessor: access_key_id autoAccessKeyRemediation: - simple: "False" + simple: 'False' autoBlockIndicators: - simple: "False" + simple: 'False' autoResourceRemediation: - simple: "False" + simple: 'False' autoUserRemediation: - simple: "False" + simple: 'False' cloudProvider: complex: root: alert @@ -843,19 +632,13 @@ tasks: root: CloudIndicators accessor: username separatecontext: false - continueonerrortype: "" + continueonerrortype: '' loop: iscommand: false - exitCondition: "" + exitCondition: '' wait: 1 max: 100 - view: |- - { - "position": { - "x": 450, - "y": 3490 - } - } + view: "{\n \"position\": {\n \"x\": 450,\n \"y\": 3490\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -863,8 +646,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "36": - id: "36" + '36': + id: '36' taskid: f7b26e88-099c-4859-8a0e-629596e6b090 type: condition task: @@ -874,21 +657,15 @@ tasks: description: Whether to eradicate the threats. This playbook should be treated with care as its actions are irreversible. type: condition iscommand: false - brand: "" + brand: '' nexttasks: '#default#': - - "37" - "Yes": - - "35" + - '37' + Yes: + - '35' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 450, - "y": 3310 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 450,\n \"y\": 3310\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -896,8 +673,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "37": - id: "37" + '37': + id: '37' taskid: 698ba6ec-2278-4493-8c8f-c89090d79136 type: title task: @@ -906,20 +683,14 @@ tasks: name: Resolution type: title iscommand: false - brand: "" + brand: '' description: '' nexttasks: '#none#': - - "38" + - '38' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 230, - "y": 3660 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 230,\n \"y\": 3660\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -927,8 +698,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "38": - id: "38" + '38': + id: '38' taskid: 876d7226-1120-4c0d-8df4-66b95ed0fd55 type: condition task: @@ -938,21 +709,15 @@ tasks: description: Whether to continue with the investigation manually or close the alert. type: condition iscommand: false - brand: "" + brand: '' nexttasks: '#default#': - - "40" - "Yes": - - "39" + - '40' + Yes: + - '39' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 230, - "y": 3790 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 230,\n \"y\": 3790\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -960,8 +725,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "39": - id: "39" + '39': + id: '39' taskid: 1f50da4e-2d0b-4012-83aa-a865b9b04551 type: regular task: @@ -971,19 +736,13 @@ tasks: description: Continue to investigate manually. type: regular iscommand: false - brand: "" + brand: '' nexttasks: '#none#': - - "40" + - '40' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 450, - "y": 3960 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 450,\n \"y\": 3960\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -991,8 +750,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "40": - id: "40" + '40': + id: '40' taskid: 355623a4-717a-4333-86b9-a75900536328 type: regular task: @@ -1006,19 +765,13 @@ tasks: brand: Builtin nexttasks: '#none#': - - "41" + - '41' scriptarguments: closeReason: simple: True Positive separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 230, - "y": 4130 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 230,\n \"y\": 4130\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1026,8 +779,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "41": - id: "41" + '41': + id: '41' taskid: d09e1a12-93e1-4e50-8e5c-26fdbf28e9ec type: title task: @@ -1036,17 +789,11 @@ tasks: name: Done type: title iscommand: false - brand: "" + brand: '' description: '' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": -230, - "y": 4300 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": -230,\n \"y\": 4300\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1054,8 +801,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "42": - id: "42" + '42': + id: '42' taskid: 6c84bcd2-0d5c-4cf5-8c7a-8e29a87073b3 type: playbook task: @@ -1090,10 +837,10 @@ tasks: playbookName: Cloud Token Theft - Set Verdict type: playbook iscommand: false - brand: "" + brand: '' nexttasks: '#none#': - - "8" + - '8' scriptarguments: fromDate: complex: @@ -1110,19 +857,13 @@ tasks: root: alert accessor: hostip separatecontext: false - continueonerrortype: "" + continueonerrortype: '' loop: iscommand: false - exitCondition: "" + exitCondition: '' wait: 1 max: 100 - view: |- - { - "position": { - "x": -230, - "y": 585 - } - } + view: "{\n \"position\": {\n \"x\": -230,\n \"y\": 515\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1130,28 +871,22 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "43": - id: "43" + '43': + id: '43' taskid: 2662f014-da1e-489b-8060-0c245f55789b type: playbook task: id: 2662f014-da1e-489b-8060-0c245f55789b version: -1 name: IP Enrichment - Generic v2 - description: |- - Enrich IP addresses using one or more integrations. - - - Resolve IP addresses to hostnames (DNS) - - Provide threat information - - Separate internal and external IP addresses - - For internal IP addresses, get host information + description: "Enrich IP addresses using one or more integrations.\n\n- Resolve IP addresses to hostnames (DNS)\n- Provide threat information\n- Separate internal and external IP addresses\n- For internal IP addresses, get host information" playbookName: IP Enrichment - Generic v2 type: playbook iscommand: false - brand: "" + brand: '' nexttasks: '#none#': - - "6" + - '6' scriptarguments: IP: complex: @@ -1168,21 +903,15 @@ tasks: complex: root: inputs.ResolveIP UseReputationCommand: - simple: "False" + simple: 'False' separatecontext: true - continueonerrortype: "" + continueonerrortype: '' loop: iscommand: false - exitCondition: "" + exitCondition: '' wait: 1 max: 100 - view: |- - { - "position": { - "x": 190, - "y": 280 - } - } + view: "{\n \"position\": {\n \"x\": 190,\n \"y\": 210\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1190,46 +919,25 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "44": - id: "44" + '44': + id: '44' taskid: e470723c-a8a3-4166-883b-5f4b38a6e7e6 type: playbook task: id: e470723c-a8a3-4166-883b-5f4b38a6e7e6 version: -1 name: Cloud Threat Hunting - Persistence - description: |- - --- - - ## Cloud Threat Hunting - Persistence Playbook - - The playbook is responsible for hunting persistence activity in the cloud. It supports AWS, GCP, and Azure. - - ### Hunting Queries - - The playbook executes hunting queries for each provider related to each of the following: - - 1. IAM - 2. Compute Resources - 3. Compute Functions - - ### Indicator Extraction - - If relevant events are found during the search, indicators will be extracted using the `ExtractIndicators-CloudLogging` script. - - --- + description: "---\n\n## Cloud Threat Hunting - Persistence Playbook\n\nThe playbook is responsible for hunting persistence activity in the cloud. It supports AWS, GCP, and Azure.\n\n### Hunting Queries\n\nThe playbook executes hunting queries for each provider related to each of the following:\n\n1. IAM\n2. Compute Resources\n3. Compute Functions\n\n### Indicator Extraction\n\nIf relevant events are found during the search, indicators will be extracted using the `ExtractIndicators-CloudLogging` script.\n\n---" playbookName: Cloud Threat Hunting - Persistence type: playbook iscommand: false - brand: "" + brand: '' nexttasks: '#none#': - - "14" + - '14' scriptarguments: AWSAccessKeyID: - complex: - root: Core.OriginalAlert.[0].event - accessor: identity_invoked_by_uuid + simple: ${Core.OriginalAlert.event.identity_invoked_by_uuid} AWSTimespan: complex: root: alert @@ -1247,9 +955,11 @@ tasks: simple: + fields: value: - simple: "1" + simple: '1' AzureTimespan: simple: 2h + GCPProjectName: + simple: ${alert.cloudproject} GCPTimespan: complex: root: alert @@ -1268,15 +978,11 @@ tasks: simple: Z toReplace: value: - simple: "+00:00" + simple: +00:00 cloudProvider: complex: root: alert accessor: cloudprovider - projectName: - complex: - root: alert - accessor: cloudproject region: complex: root: alert @@ -1286,19 +992,13 @@ tasks: root: alert accessor: username separatecontext: false - continueonerrortype: "" + continueonerrortype: '' loop: iscommand: false - exitCondition: "" + exitCondition: '' wait: 1 max: 100 - view: |- - { - "position": { - "x": 450, - "y": 1710 - } - } + view: "{\n \"position\": {\n \"x\": 450,\n \"y\": 1830\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1306,8 +1006,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "46": - id: "46" + '46': + id: '46' taskid: 3ca72ce8-4d38-41bf-84b6-0675027851bd type: playbook task: @@ -1318,10 +1018,10 @@ tasks: playbookName: Entity Enrichment - Generic v3 type: playbook iscommand: false - brand: "" + brand: '' nexttasks: '#none#': - - "19" + - '19' scriptarguments: CVE: complex: @@ -1358,7 +1058,7 @@ tasks: transformers: - operator: uniq ResolveIP: - simple: "False" + simple: 'False' SHA1: complex: root: File @@ -1384,19 +1084,13 @@ tasks: transformers: - operator: uniq separatecontext: true - continueonerrortype: "" + continueonerrortype: '' loop: iscommand: false - exitCondition: "" + exitCondition: '' wait: 1 max: 100 - view: |- - { - "position": { - "x": 660, - "y": 2050 - } - } + view: "{\n \"position\": {\n \"x\": 660,\n \"y\": 2170\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1404,37 +1098,22 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "47": - id: "47" + '47': + id: '47' taskid: eb31ed85-ba4e-4e7f-89af-03e29b765ab1 type: playbook task: id: eb31ed85-ba4e-4e7f-89af-03e29b765ab1 version: -1 name: Cloud Enrichment - Generic - description: |- - --- - - ## Generic Cloud Enrichment Playbook - - The **Cloud Enrichment - Generic Playbook** is designed to unify all the relevant playbooks concerning the enrichment of information in the cloud. It provides a standardized approach to enriching information in cloud environments. - - ### Supported Blocks - - 1. **Cloud IAM Enrichment - Generic** - - Enriches information related to Identity and Access Management (IAM) in the cloud. - - 2. **Cloud Compute Enrichment - Generic** - - Enriches information related to cloud compute resources. - - --- + description: "---\n\n## Generic Cloud Enrichment Playbook\n\nThe **Cloud Enrichment - Generic Playbook** is designed to unify all the relevant playbooks concerning the enrichment of information in the cloud. It provides a standardized approach to enriching information in cloud environments.\n\n### Supported Blocks\n\n1. **Cloud IAM Enrichment - Generic**\n - Enriches information related to Identity and Access Management (IAM) in the cloud.\n\n2. **Cloud Compute Enrichment - Generic**\n - Enriches information related to cloud compute resources.\n\n---" playbookName: Cloud Enrichment - Generic type: playbook iscommand: false - brand: "" + brand: '' nexttasks: '#none#': - - "19" + - '19' scriptarguments: cloudProvider: complex: @@ -1449,19 +1128,13 @@ tasks: root: CloudIndicators accessor: username separatecontext: true - continueonerrortype: "" + continueonerrortype: '' loop: iscommand: false - exitCondition: "" + exitCondition: '' wait: 1 max: 100 - view: |- - { - "position": { - "x": 240, - "y": 2050 - } - } + view: "{\n \"position\": {\n \"x\": 240,\n \"y\": 2170\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1469,8 +1142,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "49": - id: "49" + '49': + id: '49' taskid: 6798a3cc-ca31-44ed-8082-a2029eb938d0 type: condition task: @@ -1480,21 +1153,15 @@ tasks: description: You should investigate the data collected manually and choose how the playbook should continue. type: condition iscommand: false - brand: "" + brand: '' nexttasks: '#default#': - - "9" + - '9' Malicious: - - "50" + - '50' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": -230, - "y": 920 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": -230,\n \"y\": 850\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1502,8 +1169,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "50": - id: "50" + '50': + id: '50' taskid: 7887cd1f-10d5-4bc0-8b99-11260af33fd8 type: condition task: @@ -1513,15 +1180,15 @@ tasks: description: Whether to execute early containment and block the IP address and respond to the username involved. type: condition iscommand: false - brand: "" + brand: '' nexttasks: '#default#': - - "5" - "yes": - - "11" + - '5' + yes: + - '11' separatecontext: false conditions: - - label: "yes" + - label: yes condition: - - operator: isEqualString left: @@ -1531,16 +1198,10 @@ tasks: iscontext: true right: value: - simple: "True" + simple: 'True' ignorecase: true - continueonerrortype: "" - view: |- - { - "position": { - "x": 450, - "y": 1100 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 450,\n \"y\": 1030\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1548,32 +1209,22 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "51": - id: "51" + '51': + id: '51' taskid: a81c56dd-412e-46b0-8a77-1bb72f5c3769 type: playbook task: id: a81c56dd-412e-46b0-8a77-1bb72f5c3769 version: -1 name: Cloud Response - Generic - description: |- - This playbook provides response playbooks for: - - AWS - - Azure - - GCP - - The response actions available are: - - Terminate/Shut down/Power off an instance - - Delete/Disable a user - - Delete/Revoke/Disable credentials - - Block indicators + description: "This playbook provides response playbooks for:\n- AWS\n- Azure\n- GCP\n\nThe response actions available are:\n- Terminate/Shut down/Power off an instance\n- Delete/Disable a user\n- Delete/Revoke/Disable credentials\n- Block indicators" playbookName: Cloud Response - Generic type: playbook iscommand: false - brand: "" + brand: '' nexttasks: '#none#': - - "34" + - '34' scriptarguments: AWS-accessKeyRemediationType: simple: Disable @@ -1589,44 +1240,32 @@ tasks: simple: Stop GCP-userRemediationType: simple: Disable - SourceIP: - complex: - root: CloudIndicators - accessor: source_ip accessKeyId: complex: root: CloudIndicators accessor: access_key_id autoAccessKeyRemediation: - simple: "False" + simple: 'False' autoBlockIndicators: - simple: "True" + simple: 'True' autoResourceRemediation: - simple: "False" + simple: 'False' autoUserRemediation: - simple: "True" + simple: 'True' cloudProvider: - complex: - root: alert.cloudprovider - accessor: '[0]' + simple: ${alert.cloudprovider} username: complex: root: CloudIndicators accessor: username separatecontext: false - continueonerrortype: "" + continueonerrortype: '' loop: iscommand: false - exitCondition: "" + exitCondition: '' wait: 1 max: 100 - view: |- - { - "position": { - "x": 890, - "y": 3000 - } - } + view: "{\n \"position\": {\n \"x\": 890,\n \"y\": 3005\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1634,8 +1273,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "52": - id: "52" + '52': + id: '52' taskid: 24ed2963-3107-45ad-8a3b-b155ad9ff72e type: condition task: @@ -1645,12 +1284,12 @@ tasks: description: Checks if the provided data is comma separated or an URL. type: condition iscommand: false - brand: "" + brand: '' nexttasks: '#default#': - - "60" + - '60' URL: - - "53" + - '53' separatecontext: false conditions: - label: URL @@ -1674,14 +1313,8 @@ tasks: right: value: simple: https:// - continueonerrortype: "" - view: |- - { - "position": { - "x": -630, - "y": -720 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": -630,\n \"y\": -790\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1689,8 +1322,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "53": - id: "53" + '53': + id: '53' taskid: bf94c5a6-0100-4e60-89bc-e35364b5415a type: regular task: @@ -1701,25 +1334,19 @@ tasks: scriptName: ParseHTMLIndicators type: regular iscommand: false - brand: "" + brand: '' nexttasks: '#none#': - - "60" + - '60' scriptarguments: ignore-outputs: - simple: "false" + simple: 'false' url: complex: root: inputs.VPNIPList separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": -630, - "y": -540 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": -630,\n \"y\": -610\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1731,8 +1358,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "54": - id: "54" + '54': + id: '54' taskid: eaaa946c-8d95-4186-8584-793b17a4fc7b type: condition task: @@ -1742,15 +1369,15 @@ tasks: description: Checks if data was provided for the VPNIPList input. type: condition iscommand: false - brand: "" + brand: '' nexttasks: '#default#': - - "59" - "yes": - - "52" + - '59' + yes: + - '52' separatecontext: false conditions: - - label: "yes" + - label: yes condition: - - operator: isNotEmpty left: @@ -1760,14 +1387,8 @@ tasks: iscontext: true right: value: {} - continueonerrortype: "" - view: |- - { - "position": { - "x": -230, - "y": -890 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": -230,\n \"y\": -960\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1775,8 +1396,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "56": - id: "56" + '56': + id: '56' taskid: 6fd2afb3-27a8-4018-8316-b3bd6bc4e1ea type: condition task: @@ -1786,21 +1407,15 @@ tasks: description: Once the attacker's IP address is part of the VPN IP list, the analyst will be required to decide whether to continue with the investigation. type: condition iscommand: false - brand: "" + brand: '' nexttasks: '#default#': - - "9" - "Yes": - - "59" + - '9' + Yes: + - '59' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": -860, - "y": -30 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": -860,\n \"y\": -100\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1808,8 +1423,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "57": - id: "57" + '57': + id: '57' taskid: 1c16c7d0-ffb1-4d5f-8d92-6a0a7e0d8e0c type: regular task: @@ -1823,19 +1438,13 @@ tasks: brand: Builtin nexttasks: '#none#': - - "56" + - '56' scriptarguments: isvpnipaddress: - simple: "true" + simple: 'true' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": -630, - "y": -200 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": -630,\n \"y\": -270\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1843,49 +1452,37 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "58": - id: "58" + '58': + id: '58' taskid: fd775e61-aee3-4cee-8f4f-af31b9676081 type: playbook task: id: fd775e61-aee3-4cee-8f4f-af31b9676081 version: -1 name: TIM - Indicator Relationships Analysis - description: |- - This playbook is designed to assist with a security investigation by providing an analysis of indicator relationships. The following information is included: - - Indicators of compromise (IOCs) related to the investigation. - - Attack patterns related to the investigation. - - Campaigns related to the investigation. - - IOCs associated with the identified campaigns. - - Reports containing details on the identified campaigns. + description: "This playbook is designed to assist with a security investigation by providing an analysis of indicator relationships. The following information is included:\n- Indicators of compromise (IOCs) related to the investigation.\n- Attack patterns related to the investigation.\n- Campaigns related to the investigation.\n- IOCs associated with the identified campaigns.\n- Reports containing details on the identified campaigns." playbookName: TIM - Indicator Relationships Analysis type: playbook iscommand: false - brand: "" + brand: '' nexttasks: '#none#': - - "6" + - '6' scriptarguments: Indicator: complex: root: alert accessor: hostip LimitResults: - simple: "200" + simple: '200' separatecontext: true - continueonerrortype: "" + continueonerrortype: '' loop: iscommand: false - exitCondition: "" + exitCondition: '' wait: 1 max: 100 - view: |- - { - "position": { - "x": -230, - "y": 280 - } - } + view: "{\n \"position\": {\n \"x\": -230,\n \"y\": 210\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1893,8 +1490,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "59": - id: "59" + '59': + id: '59' taskid: 7651a4bf-66c5-4880-894e-b9e89ee7f3b9 type: title task: @@ -1903,22 +1500,16 @@ tasks: name: Enrichment type: title iscommand: false - brand: "" + brand: '' description: '' nexttasks: '#none#': - - "4" - - "58" - - "43" + - '4' + - '58' + - '43' separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": -230, - "y": 140 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": -230,\n \"y\": 70\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1926,8 +1517,8 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "60": - id: "60" + '60': + id: '60' taskid: 626d149e-03db-47df-8186-ed7b64bde19a type: condition task: @@ -1937,15 +1528,15 @@ tasks: description: Checks if the attacker's IP address is part of the VPN IP list. type: condition iscommand: false - brand: "" + brand: '' nexttasks: '#default#': - - "59" - "yes": - - "57" + - '59' + yes: + - '57' separatecontext: false conditions: - - label: "yes" + - label: yes condition: - - operator: containsGeneral left: @@ -1982,14 +1573,155 @@ tasks: complex: root: inputs.VPNIPList iscontext: true - continueonerrortype: "" - view: |- - { - "position": { - "x": -630, - "y": -380 - } - } + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": -630,\n \"y\": -450\n }\n}" + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false + '61': + id: '61' + taskid: b1310b85-32c0-4bb9-88ea-3db371ff6978 + type: playbook + task: + id: b1310b85-32c0-4bb9-88ea-3db371ff6978 + version: -1 + name: Cloud Credentials Rotation - Generic + description: "## **Cloud Credentials Rotation - Generic**\n\nThis comprehensive playbook combines the remediation steps from AWS, Azure, and GCP sub-playbooks into a single, cohesive guide. Regardless of which Cloud Service Provider (CSP) you're working with, this playbook will direct you to the relevant steps, ensuring swift and effective response.\n\nThe primary objective is to offer an efficient way to address compromised credentials across different cloud platforms. By consolidating the key steps from AWS, Azure, and GCP, it minimizes the time spent searching for platform-specific procedures and accelerates the remediation process, ensuring the highest level of security for your cloud environments.\n\n## **Integrations for Each Sub-Playbook**\n\nIn order to seamlessly execute the actions mentioned in each sub-playbook, specific integrations are essential. These integrations facilitate the automated tasks and processes that the playbook carries out. Here are the required integrations for each sub-playbook:\n\n### **AWS Sub-Playbook:**\n1. [**AWS - IAM**](https://xsoar.pan.dev/docs/reference/integrations/aws---iam): Used to manage AWS Identity and Access Management.\n2. [**AWS - EC2**](https://xsoar.pan.dev/docs/reference/integrations/aws---ec2): Essential for managing Amazon Elastic Compute Cloud (EC2) instances.\n\n### **GCP Sub-Playbook:**\n1. [**Google Workspace Admin**](https://xsoar.pan.dev/docs/reference/integrations/g-suite-admin): Manages users, groups, and other entities within Google Workspace.\n2. [**GCP-IAM**](https://xsoar.pan.dev/docs/reference/integrations/gcp-iam): Ensures management and control of GCP's Identity and Access Management.\n\n### **Azure Sub-Playbook:**\n1. [**Microsoft Graph Users**](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-user): Manages users and related entities in Microsoft Graph.\n2. [**Microsoft Graph Applications**](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-applications): Manages applications within Microsoft Graph." + playbookName: Cloud Credentials Rotation - Generic + type: playbook + iscommand: false + brand: '' + nexttasks: + '#none#': + - '5' + scriptarguments: + AWS-accessKeyID: + simple: ${Core.OriginalAlert.event.identity_orig.accessKeyId} + AWS-instanceID: + complex: + root: alert.username + filters: + - - operator: containsGeneral + left: + value: + simple: alert.username + iscontext: true + right: + value: + simple: i- + transformers: + - operator: Cut + args: + delimiter: + value: + simple: / + fields: + value: + simple: '2' + AWS-newInstanceProfileName: + simple: ${inputs.AWS-newInstanceProfileName} + AWS-newRoleName: + simple: ${inputs.AWS-newRoleName} + AWS-roleNameToRestrict: + simple: ${inputs.AWS-roleNameToRestrict} + AWS-userID: + simple: ${alert.username} + Azure-AppID: + simple: ${Core.OriginalAlert.event.identity_orig.claims.appid} + Azure-ObjectID: + complex: + root: Core.OriginalAlert.event.identity_orig + accessor: claims + transformers: + - operator: Stringify + - operator: RegexExtractAll + args: + error_if_no_match: {} + ignore_case: {} + multi_line: {} + period_matches_newline: {} + regex: + value: + simple: http://schemas.microsoft.com/identity/claims/objectidentifier":"\w{8}\-\w{4}\-\w{4}\-\w{4}\-\w{12} + unpack_matches: {} + - operator: ExtractInbetween + args: + from: + value: + simple: http://schemas.microsoft.com/identity/claims/objectidentifier":" + to: + value: + simple: '"' + Azure-userID: + simple: ${alert.username} + GCP-SAEmail: + simple: ${Core.OriginalAlert.event.identity_orig.principalEmail} + GCP-cloudProject: + simple: ${alert.cloudproject} + GCP-userID: + simple: ${alert.username} + GCP-zone: + simple: ${Core.OriginalAlert.event.zone} + RemediationType: + simple: ${inputs.credentialsRemediationType} + cloudProvider: + simple: ${alert.cloudprovider} + identityType: + simple: ${Core.OriginalAlert.event.identity_orig.sessionContext.sessionIssuer.type} + shouldCloneSA: + simple: ${inputs.shouldCloneSA} + separatecontext: true + continueonerrortype: '' + loop: + iscommand: false + exitCondition: '' + wait: 1 + max: 100 + view: "{\n \"position\": {\n \"x\": 720,\n \"y\": 1530\n }\n}" + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: true + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false + '62': + id: '62' + taskid: 1f5bae14-32a0-4c17-8cc8-598bb4fc4778 + type: condition + task: + id: 1f5bae14-32a0-4c17-8cc8-598bb4fc4778 + version: -1 + name: Should rotate the credentials automatically? + description: Whether to rotate the credentials automatically. + type: condition + iscommand: false + brand: '' + nexttasks: + '#default#': + - '5' + yes: + - '61' + separatecontext: false + conditions: + - label: yes + condition: + - - operator: isEqualString + left: + value: + complex: + root: inputs.autoCredentialsRotation + iscontext: true + right: + value: + simple: 'true' + ignorecase: true + continueonerrortype: '' + view: "{\n \"position\": {\n \"x\": 720,\n \"y\": 1340\n }\n}" note: false timertriggers: [] ignoreworker: false @@ -1997,34 +1729,7 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false -view: |- - { - "linkLabelsPosition": { - "19_15_yes": 0.65, - "19_20_#default#": 0.48, - "23_51_Yes": 0.61, - "23_9_#default#": 0.25, - "36_35_Yes": 0.41, - "36_37_#default#": 0.8, - "38_39_Yes": 0.42, - "49_9_#default#": 0.14, - "50_11_yes": 0.38, - "52_53_URL": 0.43, - "54_59_#default#": 0.11, - "56_9_#default#": 0.12, - "60_57_yes": 0.4, - "60_59_#default#": 0.21, - "8_49_#default#": 0.48 - }, - "paper": { - "dimensions": { - "height": 5835, - "width": 2130, - "x": -860, - "y": -1470 - } - } - } +view: "{\n \"linkLabelsPosition\": {\n \"19_15_yes\": 0.65,\n \"19_20_#default#\": 0.48,\n \"23_51_Yes\": 0.61,\n \"23_9_#default#\": 0.25,\n \"36_35_Yes\": 0.41,\n \"36_37_#default#\": 0.8,\n \"38_39_Yes\": 0.42,\n \"49_9_#default#\": 0.14,\n \"50_11_yes\": 0.38,\n \"50_5_#default#\": 0.17,\n \"52_53_URL\": 0.43,\n \"54_59_#default#\": 0.11,\n \"56_9_#default#\": 0.12,\n \"60_57_yes\": 0.4,\n \"60_59_#default#\": 0.21,\n \"62_5_#default#\": 0.56,\n \"62_61_yes\": 0.44,\n \"8_49_#default#\": 0.48\n },\n \"paper\": {\n \"dimensions\": {\n \"height\": 5745,\n \"width\": 2410,\n \"x\": -860,\n \"y\": -1380\n }\n }\n}" inputs: - key: alert_id value: @@ -2041,29 +1746,57 @@ inputs: playbookInputQuery: - key: ResolveIP value: - simple: "True" + simple: 'True' required: false description: Determines whether to convert the IP address to a hostname using a DNS query (True/ False). playbookInputQuery: - key: earlyContainment value: - simple: "False" + simple: 'False' required: false - description: |- - Whether to execute early containment. - This action allows you to respond rapidly but have higher probability for false positives. + description: "Whether to execute early containment.\nThis action allows you to respond rapidly but have higher probability for false positives." playbookInputQuery: - key: VPNIPList value: {} required: false - description: | - This input can process to types of data: - 1. A comma separated list of IP addresses assigned by the VPN provider. (using a XSIAM list or an hardcoded array) - 2. A comma separated list of CIDRs. - 3. A link to an IP addresses list which will be processed and extract the IP dynamically with each execution. + description: "This input can process to types of data:\n1. A comma separated list of IP addresses assigned by the VPN provider. (using a XSIAM list or an hardcoded array)\n2. A comma separated list of CIDRs.\n3. A link to an IP addresses list which will be processed and extract the IP dynamically with each execution.\n" + playbookInputQuery: +- key: AWS-newInstanceProfileName + value: {} + required: false + description: The new instance profile name to assign in the clone service account flow. + playbookInputQuery: +- key: AWS-newRoleName + value: {} + required: false + description: The new role name to assign in the clone service account flow. + playbookInputQuery: +- key: AWS-roleNameToRestrict + value: {} + required: false + description: If provided, the role will be attached with a deny policy without the compute instance analysis flow. + playbookInputQuery: +- key: shouldCloneSA + value: + simple: 'False' + required: false + description: "Whether to clone the compromised SA before putting a deny policy to it.\nSupports: AWS.\nTrue/False" + playbookInputQuery: +- key: autoCredentialsRotation + value: + simple: 'False' + required: false + description: Whether to rotate the identity credentials automatically. + playbookInputQuery: +- key: credentialsRemediationType + value: + simple: Reset + required: false + description: "The response playbook provides the following remediation actions using AWS, MSGraph Users, GCP and GSuite Admin:\n\nReset: By entering \"Reset\" in the input, the playbook will execute password reset.\nSupports: AWS, MSGraph Users, GCP and GSuite Admin.\n\nRevoke: By entering \"Revoke\" in the input, the GCP will revoke the access key, GSuite Admin will revoke the access token and the MSGraph Users will revoke the session.\nSupports: GCP, GSuite Admin and MSGraph Users.\n\nDeactivate - By entering \"Deactivate\" in the input, the playbook will execute access key deactivation.\nSupports: AWS.\n\nALL: By entering \"ALL\" in the input, the playbook will execute the all remediation actions provided for each CSP." playbookInputQuery: outputs: [] tests: - No tests (auto formatted) -marketplaces: ["marketplacev2"] +marketplaces: +- marketplacev2 fromversion: 6.8.0 diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_Response_README.md b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_Response_README.md index ff3f5a0b52a1..58d642935b70 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_Response_README.md +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_Response_README.md @@ -51,13 +51,14 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks -* Cloud Response - Generic -* Handle False Positive Alerts -* TIM - Indicator Relationships Analysis -* Entity Enrichment - Generic v3 * Cloud Threat Hunting - Persistence * IP Enrichment - Generic v2 +* Handle False Positive Alerts +* Cloud Response - Generic +* Cloud Credentials Rotation - Generic * Cloud Token Theft - Set Verdict +* Entity Enrichment - Generic v3 +* TIM - Indicator Relationships Analysis * Cloud Enrichment - Generic ### Integrations @@ -66,14 +67,13 @@ This playbook does not use any integrations. ### Scripts -* LoadJSON * ParseHTMLIndicators ### Commands +* closeInvestigation * core-get-cloud-original-alerts * setAlert -* closeInvestigation ## Playbook Inputs @@ -86,6 +86,12 @@ This playbook does not use any integrations. | ResolveIP | Determines whether to convert the IP address to a hostname using a DNS query \(True/ False\). | True | Optional | | earlyContainment | Whether to execute early containment.
This action allows you to respond rapidly but have higher probability for false positives. | False | Optional | | VPNIPList | This input can process to types of data:
1. A comma separated list of IP addresses assigned by the VPN provider. \(using a XSIAM list or an hardcoded array\)
2. A comma separated list of CIDRs.
3. A link to an IP addresses list which will be processed and extract the IP dynamically with each execution.
| | Optional | +| AWS-newInstanceProfileName | The new instance profile name to assign in the clone service account flow. | | Optional | +| AWS-newRoleName | The new role name to assign in the clone service account flow. | | Optional | +| AWS-roleNameToRestrict | If provided, the role will be attached with a deny policy without the compute instance analysis flow. | | Optional | +| shouldCloneSA | Whether to clone the compromised SA before putting a deny policy to it.
Supports: AWS.
True/False | False | Optional | +| autoCredentialsRotation | Whether to rotate the identity credentials automatically. | False | Optional | +| credentialsRemediationType | The response playbook provides the following remediation actions using AWS, MSGraph Users, GCP and GSuite Admin:

Reset: By entering "Reset" in the input, the playbook will execute password reset.
Supports: AWS, MSGraph Users, GCP and GSuite Admin.

Revoke: By entering "Revoke" in the input, the GCP will revoke the access key, GSuite Admin will revoke the access token and the MSGraph Users will revoke the session.
Supports: GCP, GSuite Admin and MSGraph Users.

Deactivate - By entering "Deactivate" in the input, the playbook will execute access key deactivation.
Supports: AWS.

ALL: By entering "ALL" in the input, the playbook will execute the all remediation actions provided for each CSP. | Reset | Optional | ## Playbook Outputs diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining.yml index 3577282c2318..2590aa974df9 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining.yml +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining.yml @@ -25,7 +25,7 @@ tasks: { "position": { "x": 720, - "y": -400 + "y": -230 } } note: false @@ -185,6 +185,7 @@ tasks: nexttasks: '#none#': - "57" + - "58" scriptarguments: body: simple: |- @@ -316,13 +317,13 @@ tasks: brand: "" nexttasks: '#none#': - - "46" + - "53" scriptarguments: alert_ids: complex: root: inputs.alert_id - extend-context: - simple: alertData= + filter_alert_fields: + simple: "false" ignore-outputs: simple: "false" separatecontext: false @@ -331,7 +332,7 @@ tasks: { "position": { "x": 950, - "y": -260 + "y": -90 } } note: false @@ -448,47 +449,6 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "46": - id: "46" - taskid: 51df4d8f-7064-41be-837d-890b48eac4d0 - type: regular - task: - id: 51df4d8f-7064-41be-837d-890b48eac4d0 - version: -1 - name: Load alert JSON - description: Loads a JSON from the string input, and returns a JSON object result. - scriptName: LoadJSON - type: regular - iscommand: false - brand: "" - nexttasks: - '#none#': - - "53" - scriptarguments: - extend-context: - simple: alertJson= - ignore-outputs: - simple: "true" - input: - complex: - root: alertData.alerts.[0] - accessor: original_alert_json - separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 720, - "y": -80 - } - } - note: false - timertriggers: [] - ignoreworker: false - skipunavailable: false - quietmode: 0 - isoversize: false - isautoswitchedtoquietmode: false "48": id: "48" taskid: 7b42c9f5-0154-4859-8581-eb2e74e97026 @@ -594,7 +554,7 @@ tasks: brand: "" nexttasks: '#none#': - - "46" + - "53" scriptarguments: incident_id: complex: @@ -605,7 +565,7 @@ tasks: { "position": { "x": 490, - "y": -260 + "y": -90 } } note: false @@ -894,8 +854,8 @@ tasks: root: inputs.GCP-userRemediationType accessKeyId: complex: - root: alertJson._all_events._aws_specific_fields - accessor: access_key_id + root: PaloAltoNetworksXDR.OriginalAlert.raw_abioc.event.identity_orig + accessor: accessKeyId autoAccessKeyRemediation: complex: root: inputs.autoAccessKeyRemediation @@ -913,13 +873,11 @@ tasks: root: inputs.cloudProvider region: complex: - root: alertJson._all_events + root: PaloAltoNetworksXDR.OriginalAlert.event accessor: region resourceGroup: complex: - root: |2- - - alertJson._all_events + root: PaloAltoNetworksXDR.OriginalAlert._all_events accessor: referenced_resource transformers: - operator: Cut @@ -932,7 +890,7 @@ tasks: simple: "5" resourceName: complex: - root: alertJson._all_events + root: PaloAltoNetworksXDR.OriginalAlert._all_events accessor: referenced_resource_name resourceZone: complex: @@ -940,7 +898,7 @@ tasks: accessor: zone username: complex: - root: alertJson._all_events + root: PaloAltoNetworksXDR.OriginalAlert._all_events accessor: actor_effective_username transformers: - operator: If-Then-Else @@ -950,7 +908,7 @@ tasks: simple: lhs==rhs else: value: - simple: alertJson._all_events.actor_effective_username + simple: PaloAltoNetworksXDR.OriginalAlert._all_events.actor_effective_username iscontext: true equals: {} lhs: @@ -965,8 +923,9 @@ tasks: simple: GCP then: value: - simple: alertJson._all_events.identity_name + simple: PaloAltoNetworksXDR.OriginalAlert.raw_abioc.event.identity_name iscontext: true + - operator: uniq separatecontext: true continueonerrortype: "" loop: @@ -977,8 +936,8 @@ tasks: view: |- { "position": { - "x": 1310, - "y": 1540 + "x": 1100, + "y": 1550 } } note: false @@ -988,6 +947,165 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false + "58": + id: "58" + taskid: e5ac7604-33c8-4286-85c1-5bf4eda16b35 + type: playbook + task: + id: e5ac7604-33c8-4286-85c1-5bf4eda16b35 + version: -1 + name: Cloud Credentials Rotation - Generic + description: |- + ## **Cloud Credentials Rotation - Generic** + + This comprehensive playbook combines the remediation steps from AWS, Azure, and GCP sub-playbooks into a single, cohesive guide. Regardless of which Cloud Service Provider (CSP) you're working with, this playbook will direct you to the relevant steps, ensuring swift and effective response. + + The primary objective is to offer an efficient way to address compromised credentials across different cloud platforms. By consolidating the key steps from AWS, Azure, and GCP, it minimizes the time spent searching for platform-specific procedures and accelerates the remediation process, ensuring the highest level of security for your cloud environments. + + ## **Integrations for Each Sub-Playbook** + + In order to seamlessly execute the actions mentioned in each sub-playbook, specific integrations are essential. These integrations facilitate the automated tasks and processes that the playbook carries out. Here are the required integrations for each sub-playbook: + + ### **AWS Sub-Playbook:** + 1. [**AWS - IAM**](https://xsoar.pan.dev/docs/reference/integrations/aws---iam): Used to manage AWS Identity and Access Management. + 2. [**AWS - EC2**](https://xsoar.pan.dev/docs/reference/integrations/aws---ec2): Essential for managing Amazon Elastic Compute Cloud (EC2) instances. + + ### **GCP Sub-Playbook:** + 1. [**Google Workspace Admin**](https://xsoar.pan.dev/docs/reference/integrations/g-suite-admin): Manages users, groups, and other entities within Google Workspace. + 2. [**GCP-IAM**](https://xsoar.pan.dev/docs/reference/integrations/gcp-iam): Ensures management and control of GCP's Identity and Access Management. + + ### **Azure Sub-Playbook:** + 1. [**Microsoft Graph Users**](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-user): Manages users and related entities in Microsoft Graph. + 2. [**Microsoft Graph Applications**](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-applications): Manages applications within Microsoft Graph. + playbookName: Cloud Credentials Rotation - Generic + type: playbook + iscommand: false + brand: "" + nexttasks: + '#none#': + - "40" + scriptarguments: + AWS-accessKeyID: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig + accessor: accessKeyId + AWS-instanceID: + complex: + root: alert.username + filters: + - - operator: containsGeneral + left: + value: + simple: alert.username + iscontext: true + right: + value: + simple: i- + ignorecase: true + transformers: + - operator: Cut + args: + delimiter: + value: + simple: / + fields: + value: + simple: "2" + AWS-newInstanceProfileName: + complex: + root: inputs.AWS-newInstanceProfileName + AWS-newRoleName: + complex: + root: inputs.AWS-newRoleName + AWS-roleNameToRestrict: + complex: + root: inputs.AWS-roleNameToRestrict + AWS-userID: + complex: + root: incident + accessor: username + Azure-AppID: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig.claims + accessor: appid + Azure-ObjectID: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig + accessor: claims + transformers: + - operator: RegexExtractAll + args: + error_if_no_match: {} + ignore_case: {} + multi_line: {} + period_matches_newline: {} + regex: + value: + simple: http://schemas.microsoft.com/identity/claims/objectidentifier":"\w{8}\-\w{4}\-\w{4}\-\w{4}\-\w{12} + unpack_matches: {} + - operator: ExtractInbetween + args: + from: + value: + simple: http://schemas.microsoft.com/identity/claims/objectidentifier":" + to: + value: + simple: '"' + Azure-userID: + complex: + root: incident + accessor: username + GCP-SAEmail: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig + accessor: principalEmail + GCP-cloudProject: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event + accessor: project + GCP-userID: + complex: + root: incident + accessor: username + GCP-zone: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event + accessor: zone + RemediationType: + complex: + root: inputs.credentialsRemediationType + cloudProvider: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event + accessor: cloud_provider + identityType: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig.sessionContext.sessionIssuer + accessor: type + shouldCloneSA: + complex: + root: inputs.shouldCloneSA + separatecontext: true + continueonerrortype: "" + loop: + iscommand: false + exitCondition: "" + wait: 1 + max: 100 + view: |- + { + "position": { + "x": 1520, + "y": 1550 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: true + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false view: |- { "linkLabelsPosition": { @@ -1002,10 +1120,10 @@ view: |- }, "paper": { "dimensions": { - "height": 2895, - "width": 1520, + "height": 2725, + "width": 1730, "x": 170, - "y": -400 + "y": -230 } } } @@ -1074,6 +1192,24 @@ inputs: required: false description: Whether to execute the user remediation flow automatically. playbookInputQuery: +- key: credentialsRemediationType + value: + simple: "Reset" + required: false + description: |- + The response playbook provides the following remediation actions using AWS, MSGraph Users, GCP and GSuite Admin: + + Reset: By entering "Reset" in the input, the playbook will execute password reset. + Supports: AWS, MSGraph Users, GCP and GSuite Admin. + + Revoke: By entering "Revoke" in the input, the GCP will revoke the access key, GSuite Admin will revoke the access token and the MSGraph Users will revoke the session. + Supports: GCP, GSuite Admin and MSGraph Users. + + Deactivate - By entering "Deactivate" in the input, the playbook will execute access key deactivation. + Supports: AWS. + + ALL: By entering "ALL" in the input, the playbook will execute the all remediation actions provided for each CSP. + playbookInputQuery: - key: AWS-accessKeyRemediationType value: simple: Disable @@ -1107,6 +1243,29 @@ inputs: Delete - for the user deletion. Revoke - for revoking the user's credentials. playbookInputQuery: +- key: AWS-newRoleName + value: {} + required: false + description: The name of the new role to create if the analyst decides to clone the service account. + playbookInputQuery: +- key: AWS-newInstanceProfileName + value: {} + required: false + description: The name of the new instance profile to create if the analyst decides to clone the service account. + playbookInputQuery: +- key: AWS-roleNameToRestrict + value: {} + required: false + description: If provided, the role will be attached with a deny policy without the compute instance analysis flow. + playbookInputQuery: +- key: shouldCloneSA + value: + simple: "True" + required: false + description: |- + Whether to clone the compromised SA before putting a deny policy to it. + True/False + playbookInputQuery: - key: Azure-resourceRemediationType value: simple: Poweroff @@ -1181,12 +1340,17 @@ inputSections: - autoAccessKeyRemediation - autoResourceRemediation - autoUserRemediation + - credentialsRemediationType name: Remediation description: Remediation settings and data, including containment, eradication, and recovery. - inputs: - AWS-accessKeyRemediationType - AWS-resourceRemediationType - AWS-userRemediationType + - AWS-newRoleName + - AWS-newInstanceProfileName + - AWS-roleNameToRestrict + - shouldCloneSA name: AWS Remediation description: AWS Remediation settings and data, including containment, eradication, and recovery. - inputs: diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining_-_Set_Verdict.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining_-_Set_Verdict.yml index caefe22ed1ea..ef2fe143d312 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining_-_Set_Verdict.yml +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining_-_Set_Verdict.yml @@ -317,7 +317,7 @@ tasks: left: value: complex: - root: alertJson.raw_abioc.event + root: Core.OriginalAlert.event accessor: cloud_agent_external_ip_days_seen_count iscontext: true right: @@ -327,7 +327,7 @@ tasks: left: value: complex: - root: alertJson.raw_abioc.event + root: Core.OriginalAlert.event accessor: cloud_caller_ip_asn_count_distinct_cloud_best_identity iscontext: true right: diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining_README.md b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining_README.md index 22e959ff7671..c081607fdf5a 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining_README.md +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining_README.md @@ -18,6 +18,7 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks +* Cloud Credentials Rotation - Generic * Cortex XDR - XCloud Cryptojacking - Set Verdict * Cloud Response - Generic * Cortex XDR - Cloud Enrichment @@ -29,16 +30,15 @@ This playbook does not use any integrations. ### Scripts * IncreaseIncidentSeverity -* LoadJSON ### Commands -* xdr-update-incident * closeInvestigation +* setIncident +* xdr-update-incident * xdr-get-incident-extra-data -* send-mail * xdr-get-cloud-original-alerts -* setIncident +* send-mail ## Playbook Inputs @@ -57,9 +57,14 @@ This playbook does not use any integrations. | autoAccessKeyRemediation | Whether to execute the user remediation flow automatically. | False | Optional | | autoResourceRemediation | Whether to execute the resource remediation flow automatically. | False | Optional | | autoUserRemediation | Whether to execute the user remediation flow automatically. | False | Optional | +| credentialsRemediationType | The response playbook provides the following remediation actions using AWS, MSGraph Users, GCP and GSuite Admin:

Reset: By entering "Reset" in the input, the playbook will execute password reset.
Supports: AWS, MSGraph Users, GCP and GSuite Admin.

Revoke: By entering "Revoke" in the input, the GCP will revoke the access key, GSuite Admin will revoke the access token and the MSGraph Users will revoke the session.
Supports: GCP, GSuite Admin and MSGraph Users.

Deactivate - By entering "Deactivate" in the input, the playbook will execute access key deactivation.
Supports: AWS.

ALL: By entering "ALL" in the input, the playbook will execute the all remediation actions provided for each CSP. | | Optional | | AWS-accessKeyRemediationType | Choose the remediation type for the user's access key.

AWS available types:
Disable - for disabling the user's access key.
Delete - for the user's access key deletion. | Disable | Optional | | AWS-resourceRemediationType | Choose the remediation type for the instances created.

AWS available types:
Stop - for stopping the instances.
Terminate - for terminating the instances. | Stop | Optional | | AWS-userRemediationType | Choose the remediation type for the user involved.

AWS available types:
Delete - for the user deletion.
Revoke - for revoking the user's credentials. | Revoke | Optional | +| AWS-newRoleName | The name of the new role to create if the analyst decides to clone the service account. | | Optional | +| AWS-newInstanceProfileName | The name of the new instance profile to create if the analyst decides to clone the service account. | | Optional | +| AWS-roleNameToRestrict | If provided, the role will be attached with a deny policy without the compute instance analysis flow. | | Optional | +| shouldCloneSA | Whether to clone the compromised SA before putting a deny policy to it.
True/False | True | Optional | | Azure-resourceRemediationType | Choose the remediation type for the instances created.

Azure available types:
Poweroff - for shutting down the instances.
Delete - for deleting the instances. | Poweroff | Optional | | Azure-userRemediationType | Choose the remediation type for the user involved.

Azure available types:
Disable - for disabling the user.
Delete - for deleting the user. | Disable | Optional | | GCP-accessKeyRemediationType | Choose the remediation type for the user's access key.

GCP available types:
Disable - For disabling the user's access key.
Delete - For the deleting user's access key. | Disable | Optional | diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Data_Exfiltration_Response.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Data_Exfiltration_Response.yml index fde09aa1fb09..89fe2be770dd 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Data_Exfiltration_Response.yml +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Data_Exfiltration_Response.yml @@ -119,7 +119,7 @@ tasks: complex: root: Account.Username transformers: - - operator: uniq + - operator: uniq separatecontext: false continueonerrortype: "" view: |- @@ -342,9 +342,9 @@ tasks: iscommand: false brand: "" nexttasks: - No: + "No": - "30" - Yes: + "Yes": - "76" separatecontext: false continueonerrortype: "" @@ -610,6 +610,7 @@ tasks: nexttasks: '#none#': - "83" + - "86" separatecontext: false continueonerrortype: "" view: |- @@ -1047,19 +1048,176 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false + "86": + id: "86" + taskid: b4d64aed-f0ba-4f76-83a6-67e469740ba7 + type: playbook + task: + id: b4d64aed-f0ba-4f76-83a6-67e469740ba7 + version: -1 + name: Cloud Credentials Rotation - Generic + description: |- + ## **Cloud Credentials Rotation - Generic** + + This comprehensive playbook combines the remediation steps from AWS, Azure, and GCP sub-playbooks into a single, cohesive guide. Regardless of which Cloud Service Provider (CSP) you're working with, this playbook will direct you to the relevant steps, ensuring swift and effective response. + + The primary objective is to offer an efficient way to address compromised credentials across different cloud platforms. By consolidating the key steps from AWS, Azure, and GCP, it minimizes the time spent searching for platform-specific procedures and accelerates the remediation process, ensuring the highest level of security for your cloud environments. + + ## **Integrations for Each Sub-Playbook** + + In order to seamlessly execute the actions mentioned in each sub-playbook, specific integrations are essential. These integrations facilitate the automated tasks and processes that the playbook carries out. Here are the required integrations for each sub-playbook: + + ### **AWS Sub-Playbook:** + 1. [**AWS - IAM**](https://xsoar.pan.dev/docs/reference/integrations/aws---iam): Used to manage AWS Identity and Access Management. + 2. [**AWS - EC2**](https://xsoar.pan.dev/docs/reference/integrations/aws---ec2): Essential for managing Amazon Elastic Compute Cloud (EC2) instances. + + ### **GCP Sub-Playbook:** + 1. [**Google Workspace Admin**](https://xsoar.pan.dev/docs/reference/integrations/g-suite-admin): Manages users, groups, and other entities within Google Workspace. + 2. [**GCP-IAM**](https://xsoar.pan.dev/docs/reference/integrations/gcp-iam): Ensures management and control of GCP's Identity and Access Management. + + ### **Azure Sub-Playbook:** + 1. [**Microsoft Graph Users**](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-user): Manages users and related entities in Microsoft Graph. + 2. [**Microsoft Graph Applications**](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-applications): Manages applications within Microsoft Graph. + playbookName: Cloud Credentials Rotation - Generic + type: playbook + iscommand: false + brand: "" + nexttasks: + '#none#': + - "31" + scriptarguments: + AWS-accessKeyID: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig + accessor: accessKeyId + AWS-instanceID: + complex: + root: alert.username + filters: + - - operator: containsGeneral + left: + value: + simple: alert.username + iscontext: true + right: + value: + simple: i- + ignorecase: true + transformers: + - operator: Cut + args: + delimiter: + value: + simple: / + fields: + value: + simple: "2" + AWS-newInstanceProfileName: + complex: + root: inputs.AWS-newInstanceProfileName + AWS-newRoleName: + complex: + root: inputs.AWS-newRoleName + AWS-roleNameToRestrict: + complex: + root: inputs.AWS-roleNameToRestrict + AWS-userID: + complex: + root: incident + accessor: username + Azure-AppID: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig.claims + accessor: appid + Azure-ObjectID: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig + accessor: claims + transformers: + - operator: RegexExtractAll + args: + error_if_no_match: {} + ignore_case: {} + multi_line: {} + period_matches_newline: {} + regex: + value: + simple: http://schemas.microsoft.com/identity/claims/objectidentifier":"\w{8}\-\w{4}\-\w{4}\-\w{4}\-\w{12} + unpack_matches: {} + - operator: ExtractInbetween + args: + from: + value: + simple: http://schemas.microsoft.com/identity/claims/objectidentifier":" + to: + value: + simple: '"' + Azure-userID: + complex: + root: incident + accessor: username + GCP-SAEmail: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig + accessor: principalEmail + GCP-cloudProject: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event + accessor: project + GCP-userID: + complex: + root: incident + accessor: username + GCP-zone: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event + accessor: zone + RemediationType: + complex: + root: inputs.credentialsRemediationType + cloudProvider: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event + accessor: cloud_provider + identityType: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig.sessionContext.sessionIssuer + accessor: type + shouldCloneSA: + complex: + root: inputs.shouldCloneSA + separatecontext: true + continueonerrortype: "" + loop: + iscommand: false + exitCondition: "" + wait: 1 + max: 100 + view: |- + { + "position": { + "x": 260, + "y": 2040 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: true + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false view: |- { "linkLabelsPosition": { "32_47_#default#": 0.28, - "32_64_Malicious": 0.21, - "37_30_Finish Playbook": 0.31, - "37_76_True Positive": 0.38 + "32_64_Malicious": 0.21 }, "paper": { "dimensions": { "height": 2565, - "width": 1640, - "x": 280, + "width": 1660, + "x": 260, "y": -120 } } @@ -1082,6 +1240,48 @@ inputs: required: false description: 'Whether to execute the block remediation automatically. (Default: False)' playbookInputQuery: +- key: credentialsRemediationType + value: + simple: Reset + required: false + description: |- + The response playbook provides the following remediation actions using AWS, MSGraph Users, GCP and GSuite Admin: + + Reset: By entering "Reset" in the input, the playbook will execute password reset. + Supports: AWS, MSGraph Users, GCP and GSuite Admin. + + Revoke: By entering "Revoke" in the input, the GCP will revoke the access key, GSuite Admin will revoke the access token and the MSGraph Users will revoke the session. + Supports: GCP, GSuite Admin and MSGraph Users. + + Deactivate - By entering "Deactivate" in the input, the playbook will execute access key deactivation. + Supports: AWS. + + ALL: By entering "ALL" in the input, the playbook will execute the all remediation actions provided for each CSP. + playbookInputQuery: +- key: shouldCloneSA + value: + simple: "False" + required: false + description: |- + Whether to clone the compromised SA before putting a deny policy to it. + Supports: AWS. + True/False + playbookInputQuery: +- key: AWS-newRoleName + value: {} + required: false + description: The new role name to assign in the clone service account flow. + playbookInputQuery: +- key: AWS-newInstanceProfileName + value: {} + required: false + description: The new instance profile name to assign in the clone service account flow. + playbookInputQuery: +- key: AWS-roleNameToRestrict + value: {} + required: false + description: If provided, the role will be attached with a deny policy without the compute instance analysis flow. + playbookInputQuery: outputs: [] tests: - No tests (auto formatted) diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Data_Exfiltration_Response_README.md b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Data_Exfiltration_Response_README.md index 07f69f7b0ac3..0ace837d41a4 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Data_Exfiltration_Response_README.md +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Data_Exfiltration_Response_README.md @@ -16,10 +16,18 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks +* Cloud Credentials Rotation - Generic * Cloud User Investigation - Generic * Cloud Threat Hunting - Persistence * Cloud Response - Generic +### Integrations + +This playbook does not use any integrations. + +### Scripts + +This playbook does not use any scripts. ### Commands @@ -34,9 +42,14 @@ This playbook uses the following sub-playbooks, integrations, and scripts. | **Name** | **Description** | **Default Value** | **Required** | | --- | --- | --- | --- | -| alertID | The XDR alert ID | | Optional | +| alertID | The XDR alert ID. | | Optional | | autoUserRemediation | Whether to execute the user remediation automatically. \(Default: False\) | False | Optional | | autoBlockIndicators | Whether to execute the block remediation automatically. \(Default: False\) | False | Optional | +| credentialsRemediationType | The response playbook provides the following remediation actions using AWS, MSGraph Users, GCP and GSuite Admin:

Reset: By entering "Reset" in the input, the playbook will execute password reset.
Supports: AWS, MSGraph Users, GCP and GSuite Admin.

Revoke: By entering "Revoke" in the input, the GCP will revoke the access key, GSuite Admin will revoke the access token and the MSGraph Users will revoke the session.
Supports: GCP, GSuite Admin and MSGraph Users.

Deactivate - By entering "Deactivate" in the input, the playbook will execute access key deactivation.
Supports: AWS.

ALL: By entering "ALL" in the input, the playbook will execute the all remediation actions provided for each CSP. | Reset | Optional | +| shouldCloneSA | Whether to clone the compromised SA before putting a deny policy to it.
Supports: AWS.
True/False | False | Optional | +| AWS-newRoleName | The new role name to assign in the clone service account flow. | | Optional | +| AWS-newInstanceProfileName | The new instance profile name to assign in the clone service account flow. | | Optional | +| AWS-roleNameToRestrict | If provided, the role will be attached with a deny policy without the compute instance analysis flow. | | Optional | ## Playbook Outputs diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Enrichment.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Enrichment.yml index de5e62b0a315..e0588b7a6c39 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Enrichment.yml +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Enrichment.yml @@ -186,22 +186,23 @@ tasks: id: bed915ec-699c-4289-8e18-09a200000d57 version: -1 name: Get Geolocation data - description: Provides data enrichment for IPs. - script: Whois|||ip + description: Gets a quick indicator of the risk associated with an IP address. + script: '|||ip' type: regular iscommand: true - brand: Whois + brand: "" nexttasks: '#none#': - "30" scriptarguments: - extended_data: - simple: "true" ip: complex: - root: alertJson.raw_abioc.event - accessor: caller_ip + root: incident.xdralerts + accessor: hostip + transformers: + - operator: uniq separatecontext: false + continueonerror: true continueonerrortype: "" view: |- { @@ -958,10 +959,10 @@ inputs: playbookInputQuery: outputs: - contextPath: IP - description: The IP objects + description: The IP objects. type: unknown - contextPath: DBotScore - description: Indicator, Score, Type, Vendor + description: Indicator, Score, Type, Vendor. type: unknown - contextPath: Account description: The account object. diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Enrichment_README.md b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Enrichment_README.md index 0d65304609d3..3a2831e24551 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Enrichment_README.md +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Enrichment_README.md @@ -10,26 +10,32 @@ The playbook collects or enriches the following data: - ASN ## Dependencies + This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks -* IP Enrichment - Generic v2 + * Account Enrichment - Generic v2.1 +* IP Enrichment - Generic v2 ### Integrations -* Whois + +This playbook does not use any integrations. ### Scripts -* If-Then-Else + +* IsInCidrRanges * Set * CopyContextToField -* IsInCidrRanges +* If-Then-Else ### Commands + * setIncident * ip ## Playbook Inputs + --- | **Name** | **Description** | **Default Value** | **Required** | @@ -38,12 +44,13 @@ This playbook uses the following sub-playbooks, integrations, and scripts. | InternalRange | A list of internal IP ranges to check IP addresses against. \\nFor IP Enrichment - Generic v2 playbook. | | Optional | ## Playbook Outputs + --- | **Path** | **Description** | **Type** | | --- | --- | --- | -| IP | The IP objects | unknown | -| DBotScore | Indicator, Score, Type, Vendor | unknown | +| IP | The IP objects. | unknown | +| DBotScore | Indicator, Score, Type, Vendor. | unknown | | Account | The account object. | unknown | | IAM | Generic IAM output. | unknown | | ASNType | Checks for cloud ASNs. | unknown | @@ -53,5 +60,7 @@ This playbook uses the following sub-playbooks, integrations, and scripts. | uniqueRegionCount | Involved region distinct count. | unknown | ## Playbook Image + --- -![Cortex XDR - Cloud Enrichment](../doc_files/Cortex_XDR_-_Cloud_Enrichment.png) \ No newline at end of file + +![Cortex XDR - Cloud Enrichment](../doc_files/Cortex_XDR_-_Cloud_Enrichment.png) diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation.yml index 45b00d7dae79..c258ef24e560 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation.yml +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation.yml @@ -24,7 +24,7 @@ tasks: { "position": { "x": 450, - "y": -390 + "y": -230 } } note: false @@ -229,6 +229,7 @@ tasks: nexttasks: '#none#': - "9" + - "21" separatecontext: false continueonerrortype: "" view: |- @@ -354,7 +355,7 @@ tasks: { "position": { "x": 450, - "y": 1350 + "y": 1360 } } note: false @@ -591,7 +592,7 @@ tasks: { "position": { "x": 450, - "y": 1510 + "y": 1530 } } note: false @@ -618,13 +619,13 @@ tasks: brand: "" nexttasks: '#none#': - - "19" + - "20" scriptarguments: alert_ids: complex: root: inputs.alert_id - extend-context: - simple: alertData= + filter_alert_fields: + simple: "false" ignore-outputs: simple: "false" separatecontext: false @@ -633,7 +634,7 @@ tasks: { "position": { "x": 450, - "y": -260 + "y": -100 } } note: false @@ -643,38 +644,32 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "19": - id: "19" - taskid: b99832fa-cba5-4dd2-8e30-9e04ad5e70bc + "20": + id: "20" + taskid: 47a8da82-dab8-4479-88b2-cb441115e42f type: regular task: - id: b99832fa-cba5-4dd2-8e30-9e04ad5e70bc + id: 47a8da82-dab8-4479-88b2-cb441115e42f version: -1 - name: Load alert JSON - description: Loads a JSON from the string input, and returns a JSON object result. - scriptName: LoadJSON + name: Set incident type + description: commands.local.cmd.set.incident + script: Builtin|||setIncident type: regular - iscommand: false - brand: "" + iscommand: true + brand: Builtin nexttasks: '#none#': - - "20" + - "1" scriptarguments: - extend-context: - simple: alertJson= - ignore-outputs: - simple: "true" - input: - complex: - root: alertData.alerts.[0] - accessor: original_alert_json + type: + simple: Cortex XDR - XCLOUD separatecontext: false continueonerrortype: "" view: |- { "position": { "x": 450, - "y": -95 + "y": 70 } } note: false @@ -684,38 +679,162 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "20": - id: "20" - taskid: 47a8da82-dab8-4479-88b2-cb441115e42f - type: regular + "21": + id: "21" + taskid: a1933c13-65f0-443a-8054-961f49ffc08d + type: playbook task: - id: 47a8da82-dab8-4479-88b2-cb441115e42f + id: a1933c13-65f0-443a-8054-961f49ffc08d version: -1 - name: Set incident type - description: commands.local.cmd.set.incident - script: Builtin|||setIncident - type: regular - iscommand: true - brand: Builtin + name: Cloud Credentials Rotation - Generic + description: |- + ## **Cloud Credentials Rotation - Generic** + + This comprehensive playbook combines the remediation steps from AWS, Azure, and GCP sub-playbooks into a single, cohesive guide. Regardless of which Cloud Service Provider (CSP) you're working with, this playbook will direct you to the relevant steps, ensuring swift and effective response. + + The primary objective is to offer an efficient way to address compromised credentials across different cloud platforms. By consolidating the key steps from AWS, Azure, and GCP, it minimizes the time spent searching for platform-specific procedures and accelerates the remediation process, ensuring the highest level of security for your cloud environments. + + ## **Integrations for Each Sub-Playbook** + + In order to seamlessly execute the actions mentioned in each sub-playbook, specific integrations are essential. These integrations facilitate the automated tasks and processes that the playbook carries out. Here are the required integrations for each sub-playbook: + + ### **AWS Sub-Playbook:** + 1. [**AWS - IAM**](https://xsoar.pan.dev/docs/reference/integrations/aws---iam): Used to manage AWS Identity and Access Management. + 2. [**AWS - EC2**](https://xsoar.pan.dev/docs/reference/integrations/aws---ec2): Essential for managing Amazon Elastic Compute Cloud (EC2) instances. + + ### **GCP Sub-Playbook:** + 1. [**Google Workspace Admin**](https://xsoar.pan.dev/docs/reference/integrations/g-suite-admin): Manages users, groups, and other entities within Google Workspace. + 2. [**GCP-IAM**](https://xsoar.pan.dev/docs/reference/integrations/gcp-iam): Ensures management and control of GCP's Identity and Access Management. + + ### **Azure Sub-Playbook:** + 1. [**Microsoft Graph Users**](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-user): Manages users and related entities in Microsoft Graph. + 2. [**Microsoft Graph Applications**](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-applications): Manages applications within Microsoft Graph. + playbookName: Cloud Credentials Rotation - Generic + type: playbook + iscommand: false + brand: "" nexttasks: '#none#': - - "1" + - "17" scriptarguments: - type: - simple: Cortex XDR - XCLOUD - separatecontext: false + AWS-accessKeyID: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig + accessor: accessKeyId + AWS-instanceID: + complex: + root: alert.username + filters: + - - operator: containsGeneral + left: + value: + simple: alert.username + iscontext: true + right: + value: + simple: i- + ignorecase: true + transformers: + - operator: Cut + args: + delimiter: + value: + simple: / + fields: + value: + simple: "2" + AWS-newInstanceProfileName: + complex: + root: inputs.AWS-newInstanceProfileName + AWS-newRoleName: + complex: + root: inputs.AWS-newRoleName + AWS-roleNameToRestrict: + complex: + root: inputs.AWS-roleNameToRestrict + AWS-userID: + complex: + root: incident + accessor: username + Azure-AppID: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig.claims + accessor: appid + Azure-ObjectID: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig + accessor: claims + transformers: + - operator: RegexExtractAll + args: + error_if_no_match: {} + ignore_case: {} + multi_line: {} + period_matches_newline: {} + regex: + value: + simple: http://schemas.microsoft.com/identity/claims/objectidentifier":"\w{8}\-\w{4}\-\w{4}\-\w{4}\-\w{12} + unpack_matches: {} + - operator: ExtractInbetween + args: + from: + value: + simple: http://schemas.microsoft.com/identity/claims/objectidentifier":" + to: + value: + simple: '"' + Azure-userID: + complex: + root: incident + accessor: username + GCP-SAEmail: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig + accessor: principalEmail + GCP-cloudProject: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event + accessor: project + GCP-userID: + complex: + root: incident + accessor: username + GCP-zone: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event + accessor: zone + RemediationType: + complex: + root: inputs.credentialsRemediationType + cloudProvider: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event + accessor: cloud_provider + identityType: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig.sessionContext.sessionIssuer + accessor: type + shouldCloneSA: + complex: + root: inputs.shouldCloneSA + separatecontext: true continueonerrortype: "" + loop: + iscommand: false + exitCondition: "" + wait: 1 + max: 100 view: |- { "position": { - "x": 450, - "y": 70 + "x": 30, + "y": 1360 } } note: false timertriggers: [] ignoreworker: false - skipunavailable: false + skipunavailable: true quietmode: 0 isoversize: false isautoswitchedtoquietmode: false @@ -723,15 +842,15 @@ view: |- { "linkLabelsPosition": { "6_8_yes": 0.38, - "7_10_No": 0.12, + "7_10_No": 0.27, "7_8_Yes": 0.47 }, "paper": { "dimensions": { - "height": 2115, - "width": 1200, - "x": 40, - "y": -390 + "height": 1955, + "width": 1210, + "x": 30, + "y": -230 } } } @@ -759,6 +878,24 @@ inputs: required: false description: Whether to execute the user remediation flow automatically. playbookInputQuery: +- key: credentialsRemediationType + value: + simple: "Reset" + required: false + description: |- + The response playbook provides the following remediation actions using AWS, MSGraph Users, GCP and GSuite Admin: + + Reset: By entering "Reset" in the input, the playbook will execute password reset. + Supports: AWS, MSGraph Users, GCP and GSuite Admin. + + Revoke: By entering "Revoke" in the input, the GCP will revoke the access key, GSuite Admin will revoke the access token and the MSGraph Users will revoke the session. + Supports: GCP, GSuite Admin and MSGraph Users. + + Deactivate - By entering "Deactivate" in the input, the playbook will execute access key deactivation. + Supports: AWS. + + ALL: By entering "ALL" in the input, the playbook will execute the all remediation actions provided for each CSP. + playbookInputQuery: - key: AWS-accessKeyRemediationType value: simple: Disable @@ -781,6 +918,28 @@ inputs: Delete - for the user deletion. Revoke - for revoking the user's credentials. playbookInputQuery: +- key: AWS-newRoleName + value: {} + required: false + description: The name of the new role to create if the analyst decides to clone the service account. + playbookInputQuery: +- key: AWS-newInstanceProfileName + value: {} + required: false + description: The name of the new instance profile to create if the analyst decides to clone the service account. + playbookInputQuery: +- key: AWS-roleNameToRestrict + value: {} + required: false + description: If provided, the role will be attached with a deny policy without the compute instance analysis flow. + playbookInputQuery: +- key: shouldCloneSA + value: {} + required: false + description: |- + Whether to clone the compromised SA before putting a deny policy to it. + True/False + playbookInputQuery: - key: Azure-userRemediationType value: simple: Disable @@ -823,11 +982,16 @@ inputSections: - autoAccessKeyRemediation - autoBlockIndicators - autoUserRemediation + - credentialsRemediationType name: Remediation description: Remediation settings and data, including containment, eradication, and recovery. - inputs: - AWS-accessKeyRemediationType - AWS-userRemediationType + - AWS-newRoleName + - AWS-newInstanceProfileName + - AWS-roleNameToRestrict + - shouldCloneSA name: AWS Remediation description: AWS Remediation settings and data, including containment, eradication, and recovery. - inputs: diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation_README.md b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation_README.md index 9cd8ddea15ed..39d2cffd7184 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation_README.md +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation_README.md @@ -12,9 +12,10 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks -* Cloud IAM Enrichment - Generic * Cloud Response - Generic * Account Enrichment - Generic v2.1 +* Cloud Credentials Rotation - Generic +* Cloud IAM Enrichment - Generic ### Integrations @@ -22,7 +23,7 @@ This playbook does not use any integrations. ### Scripts -* LoadJSON +This playbook does not use any scripts. ### Commands @@ -40,8 +41,13 @@ This playbook does not use any integrations. | autoAccessKeyRemediation | Whether to execute the user remediation flow automatically. | False | Optional | | autoBlockIndicators | Whether to block the indicators automatically. | False | Optional | | autoUserRemediation | Whether to execute the user remediation flow automatically. | False | Optional | +| credentialsRemediationType | The response playbook provides the following remediation actions using AWS, MSGraph Users, GCP and GSuite Admin:

Reset: By entering "Reset" in the input, the playbook will execute password reset.
Supports: AWS, MSGraph Users, GCP and GSuite Admin.

Revoke: By entering "Revoke" in the input, the GCP will revoke the access key, GSuite Admin will revoke the access token and the MSGraph Users will revoke the session.
Supports: GCP, GSuite Admin and MSGraph Users.

Deactivate - By entering "Deactivate" in the input, the playbook will execute access key deactivation.
Supports: AWS.

ALL: By entering "ALL" in the input, the playbook will execute the all remediation actions provided for each CSP. | | Optional | | AWS-accessKeyRemediationType | Choose the remediation type for the user's access key.

AWS available types:
Disable - for disabling the user's access key.
Delete - for deleting the user's access key. | Disable | Optional | | AWS-userRemediationType | Choose the remediation type for the user involved.

AWS available types:
Delete - for the user deletion.
Revoke - for revoking the user's credentials. | Revoke | Optional | +| AWS-newRoleName | The name of the new role to create if the analyst decides to clone the service account. | | Optional | +| AWS-newInstanceProfileName | The name of the new instance profile to create if the analyst decides to clone the service account. | | Optional | +| AWS-roleNameToRestrict | If provided, the role will be attached with a deny policy without the compute instance analysis flow. | | Optional | +| shouldCloneSA | Whether to clone the compromised SA before putting a deny policy to it.
True/False | | Optional | | Azure-userRemediationType | Choose the remediation type for the user involved.

Azure available types:
Disable - for disabling the user.
Delete - for deleting the user. | Disable | Optional | | GCP-accessKeyRemediationType | Choose the remediation type for the user's access key.

GCP available types:
Disable - For disabling the user's access key.
Delete - For deleting the user's access key. | Disable | Optional | | GCP-userRemediationType | Choose the remediation type for the user involved.

GCP available types:
Delete - For deleting the user.
Disable - For disabling the user. | Disable | Optional | diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_-_Set_Verdict.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_-_Set_Verdict.yml index ddbfe726065e..42bd50f3f50a 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_-_Set_Verdict.yml +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_-_Set_Verdict.yml @@ -122,53 +122,19 @@ tasks: id: 980777c8-d213-4f10-848b-290d9e700bba version: -1 name: Get additional alerts - description: |- - Searches Demisto incidents. A summarized version of this scrips is avilable with the summarizedversion argument. - - This automation runs using the default Limited User role, unless you explicitly change the permissions. - For more information, see the section about permissions here: - https://docs-cortex.paloaltonetworks.com/r/Cortex-XSOAR/6.10/Cortex-XSOAR-Administrator-Guide/Automations - scriptName: SearchIncidentsV2 + description: Returns additional data for the specified incident, for example, related alerts, file artifacts, network artifacts, and so on. + script: '|||xdr-get-incident-extra-data' type: regular - iscommand: false - brand: Builtin + iscommand: true + brand: "" nexttasks: '#none#': - "2" scriptarguments: - custom_filter: - simple: |- - { - "OR": [ - { - "AND": [ - { - "SEARCH_FIELD": "agent_ip_addresses", - "SEARCH_TYPE": "IPLIST_MATCH", - "SEARCH_VALUE": "${inputs.sourceIP}" - } - ] - }, - { - "AND": [ - { - "SEARCH_FIELD": "action_local_ip", - "SEARCH_TYPE": "IP_MATCH", - "SEARCH_VALUE": "${inputs.sourceIP}" - } - ] - }, - { - "AND": [ - { - "SEARCH_FIELD": "action_remote_ip", - "SEARCH_TYPE": "IP_MATCH", - "SEARCH_VALUE": "${inputs.sourceIP}" - } - ] - } - ] - } + incident_id: + complex: + root: incident + accessor: xdrincidentid separatecontext: false continueonerrortype: "" view: |- @@ -358,7 +324,7 @@ tasks: left: value: complex: - root: alertJson.raw_abioc.event + root: Core.OriginalAlert.event accessor: cloud_agent_external_ip_days_seen_count iscontext: true right: @@ -368,7 +334,7 @@ tasks: left: value: complex: - root: alertJson.raw_abioc.event + root: Core.OriginalAlert.event accessor: cloud_caller_ip_asn_count_distinct_cloud_best_identity iscontext: true right: @@ -628,14 +594,6 @@ inputs: required: false description: The source IP to search by additional alerts. playbookInputQuery: -- key: fromDate - value: {} - required: false - description: |- - The start date for the search additional alerts task. - - Filter by from date (e.g. "3 days ago" or 2006-01-02T15:04:05+07:00 or 2006-01-02T15:04:05Z) - playbookInputQuery: outputs: - contextPath: alertVerdict description: The alert verdict. diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_-_Set_Verdict_README.md b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_-_Set_Verdict_README.md index 08442ab2351b..97e3bf4a9664 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_-_Set_Verdict_README.md +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_-_Set_Verdict_README.md @@ -37,12 +37,11 @@ This playbook does not use any integrations. ### Scripts -* SearchIncidentsV2 * Set ### Commands -This playbook does not use any commands. +* xdr-get-incident-extra-data ## Playbook Inputs diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_Response.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_Response.yml index 4c02d60b2731..1256db08f796 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_Response.yml +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_Response.yml @@ -52,7 +52,7 @@ tasks: { "position": { "x": -230, - "y": -1470 + "y": -1380 } } note: false @@ -77,7 +77,7 @@ tasks: brand: "" nexttasks: '#none#': - - "2" + - "3" scriptarguments: alert_ids: complex: @@ -93,8 +93,8 @@ tasks: simple: Suspicious usage of EC2 token, Suspicious usage of VM Service Account token, Suspicious usage of AWS Lambda’s token, Suspicious usage of AWS Lambda’s role, Remote usage of an AWS service token, Remote usage of an AWS EKS token, Suspicious usage of an AWS EKS token, Suspicious usage of an AWS ECS token, Remote usage of an AWS ECS token, Suspicious usage of AWS service token, Remote usage of an App engine Service Account token, Suspicious usage of App engine Service Account token, Remote usage of VM Service Account token, Suspicious usage of VM Service Account token, Remote usage of an App engine Service Account token, Suspicious usage of App engine Service Account token ignorecase: true accessor: alertid - extend-context: - simple: alertData= + filter_alert_fields: + simple: "false" ignore-outputs: simple: "false" separatecontext: false @@ -103,7 +103,7 @@ tasks: { "position": { "x": -230, - "y": -1340 + "y": -1250 } } note: false @@ -120,143 +120,6 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "2": - id: "2" - taskid: 3414e15e-a296-4440-857e-b67e8d110e51 - type: regular - task: - id: 3414e15e-a296-4440-857e-b67e8d110e51 - version: -1 - name: Load alert JSON - description: Loads a JSON from a string input, and returns a JSON object result. - scriptName: LoadJSON - type: regular - iscommand: false - brand: "" - nexttasks: - '#none#': - - "3" - scriptarguments: - extend-context: - simple: alertJson= - ignore-outputs: - simple: "true" - input: - complex: - root: alertData.alerts - accessor: original_alert_json - separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": -230, - "y": -1180 - } - } - note: false - timertriggers: [] - ignoreworker: false - fieldMapping: - - incidentfield: ASN - output: - complex: - root: PaloAltoNetworksXDR.OriginalAlert.event - accessor: caller_ip_asn - transformers: - - operator: uniq - - incidentfield: ASN Name - output: - complex: - root: PaloAltoNetworksXDR.OriginalAlert.event - accessor: caller_ip_asn_org - transformers: - - operator: uniq - - incidentfield: Country - output: - complex: - root: PaloAltoNetworksXDR.Incident.alerts - accessor: action_country - transformers: - - operator: uniq - - incidentfield: Operation Type - output: - complex: - root: PaloAltoNetworksXDR.OriginalAlert.event - accessor: operation_name - transformers: - - operator: uniq - - incidentfield: Operation Name - output: - complex: - root: PaloAltoNetworksXDR.OriginalAlert.event - accessor: operation_name_orig - transformers: - - operator: uniq - - incidentfield: Project ID - output: - complex: - root: PaloAltoNetworksXDR.Incident.alerts - filters: - - - operator: inList - left: - value: - simple: PaloAltoNetworksXDR.Incident.alerts.name - iscontext: true - right: - value: - simple: Suspicious usage of EC2 token, Suspicious usage of VM Service Account token, Suspicious usage of AWS Lambda’s token, Suspicious usage of AWS Lambda’s role, Remote usage of an AWS service token, Remote usage of an AWS EKS token, Suspicious usage of an AWS EKS token, Suspicious usage of an AWS ECS token, Remote usage of an AWS ECS token, Suspicious usage of AWS service token, Remote usage of an App engine Service Account token, Suspicious usage of App engine Service Account token, Remote usage of VM Service Account token, Suspicious usage of VM Service Account token, Remote usage of an App engine Service Account token, Suspicious usage of App engine Service Account token - accessor: project - - incidentfield: Identity Type - output: - complex: - root: PaloAltoNetworksXDR.Incident.alerts - filters: - - - operator: inList - left: - value: - simple: PaloAltoNetworksXDR.Incident.alerts.name - iscontext: true - right: - value: - simple: Suspicious usage of EC2 token, Suspicious usage of VM Service Account token, Suspicious usage of AWS Lambda’s token, Suspicious usage of AWS Lambda’s role, Remote usage of an AWS service token, Remote usage of an AWS EKS token, Suspicious usage of an AWS EKS token, Suspicious usage of an AWS ECS token, Remote usage of an AWS ECS token, Suspicious usage of AWS service token, Remote usage of an App engine Service Account token, Suspicious usage of App engine Service Account token, Remote usage of VM Service Account token, Suspicious usage of VM Service Account token, Remote usage of an App engine Service Account token, Suspicious usage of App engine Service Account token - accessor: identity_type - transformers: - - operator: uniq - - incidentfield: Source IP - output: - complex: - root: incident.xdralerts - filters: - - - operator: inList - left: - value: - simple: incident.xdralerts.name - iscontext: true - right: - value: - simple: Suspicious usage of EC2 token, Suspicious usage of VM Service Account token, Suspicious usage of AWS Lambda’s token, Suspicious usage of AWS Lambda’s role, Remote usage of an AWS service token, Remote usage of an AWS EKS token, Suspicious usage of an AWS EKS token, Suspicious usage of an AWS ECS token, Remote usage of an AWS ECS token, Suspicious usage of AWS service token, Remote usage of an App engine Service Account token, Suspicious usage of App engine Service Account token, Remote usage of VM Service Account token, Suspicious usage of VM Service Account token, Remote usage of an App engine Service Account token, Suspicious usage of App engine Service Account token - accessor: hostip - transformers: - - operator: uniq - - incidentfield: Resource Type - output: - complex: - root: PaloAltoNetworksXDR.OriginalAlert.event - accessor: resource_type_orig - transformers: - - operator: uniq - - incidentfield: Region - output: - complex: - root: PaloAltoNetworksXDR.OriginalAlert.event - accessor: region - transformers: - - operator: uniq - skipunavailable: false - quietmode: 0 - isoversize: false - isautoswitchedtoquietmode: false "3": id: "3" taskid: c3da330a-98cc-4a24-8440-7eca8182a113 @@ -278,7 +141,7 @@ tasks: { "position": { "x": -230, - "y": -1020 + "y": -1080 } } note: false @@ -342,7 +205,7 @@ tasks: { "position": { "x": -640, - "y": 280 + "y": 220 } } note: false @@ -404,7 +267,7 @@ tasks: { "position": { "x": -230, - "y": 450 + "y": 390 } } note: false @@ -450,7 +313,7 @@ tasks: { "position": { "x": -230, - "y": 750 + "y": 690 } } note: false @@ -532,7 +395,7 @@ tasks: { "position": { "x": 450, - "y": 1410 + "y": 1370 } } note: false @@ -559,13 +422,14 @@ tasks: nexttasks: '#none#': - "10" + - "63" separatecontext: false continueonerrortype: "" view: |- { "position": { "x": 450, - "y": 1280 + "y": 1220 } } note: false @@ -630,7 +494,7 @@ tasks: { "position": { "x": 890, - "y": 2530 + "y": 2450 } } note: false @@ -734,7 +598,7 @@ tasks: { "position": { "x": 450, - "y": 2530 + "y": 2450 } } note: false @@ -765,7 +629,7 @@ tasks: { "position": { "x": 450, - "y": 2665 + "y": 2585 } } note: false @@ -798,7 +662,7 @@ tasks: { "position": { "x": 450, - "y": 2830 + "y": 2750 } } note: false @@ -829,7 +693,7 @@ tasks: { "position": { "x": 450, - "y": 3180 + "y": 3100 } } note: false @@ -923,7 +787,7 @@ tasks: { "position": { "x": 450, - "y": 3490 + "y": 3410 } } note: false @@ -956,7 +820,7 @@ tasks: { "position": { "x": 450, - "y": 3310 + "y": 3230 } } note: false @@ -987,7 +851,7 @@ tasks: { "position": { "x": 230, - "y": 3660 + "y": 3580 } } note: false @@ -1022,7 +886,7 @@ tasks: { "position": { "x": 230, - "y": 3790 + "y": 3710 } } note: false @@ -1053,7 +917,7 @@ tasks: { "position": { "x": 450, - "y": 3960 + "y": 3880 } } note: false @@ -1088,7 +952,7 @@ tasks: { "position": { "x": 230, - "y": 4130 + "y": 4050 } } note: false @@ -1116,7 +980,7 @@ tasks: { "position": { "x": -230, - "y": 4300 + "y": 4220 } } note: false @@ -1203,7 +1067,7 @@ tasks: { "position": { "x": -230, - "y": 585 + "y": 525 } } note: false @@ -1273,7 +1137,7 @@ tasks: { "position": { "x": 190, - "y": 280 + "y": 220 } } note: false @@ -1321,8 +1185,8 @@ tasks: scriptarguments: AWSAccessKeyID: complex: - root: alertJson.raw_abioc.event._aws_specific_fields - accessor: access_key_id + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig + accessor: accessKeyId AWSTimespan: complex: root: incident @@ -1343,6 +1207,10 @@ tasks: simple: "1" AzureTimespan: simple: 2h + GCPProjectName: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event + accessor: project GCPTimespan: complex: root: incident @@ -1368,10 +1236,6 @@ tasks: accessor: cloudprovider transformers: - operator: uniq - projectName: - complex: - root: incident - accessor: cloudproject region: complex: root: PaloAltoNetworksXDR.OriginalAlert.event @@ -1592,7 +1456,7 @@ tasks: { "position": { "x": -230, - "y": 920 + "y": 860 } } note: false @@ -1638,7 +1502,7 @@ tasks: { "position": { "x": 450, - "y": 1100 + "y": 1030 } } note: false @@ -1726,7 +1590,7 @@ tasks: { "position": { "x": 890, - "y": 3005 + "y": 2925 } } note: false @@ -1783,7 +1647,7 @@ tasks: { "position": { "x": -630, - "y": -720 + "y": -780 } } note: false @@ -1821,7 +1685,7 @@ tasks: { "position": { "x": -630, - "y": -540 + "y": -600 } } note: false @@ -1869,7 +1733,7 @@ tasks: { "position": { "x": -230, - "y": -890 + "y": -950 } } note: false @@ -1973,7 +1837,7 @@ tasks: { "position": { "x": -630, - "y": -380 + "y": -440 } } note: false @@ -2006,7 +1870,7 @@ tasks: { "position": { "x": -860, - "y": -30 + "y": -90 } } note: false @@ -2041,7 +1905,7 @@ tasks: { "position": { "x": -630, - "y": -200 + "y": -260 } } note: false @@ -2101,7 +1965,7 @@ tasks: { "position": { "x": -230, - "y": 280 + "y": 220 } } note: false @@ -2134,7 +1998,7 @@ tasks: { "position": { "x": -230, - "y": 140 + "y": 80 } } note: false @@ -2175,7 +2039,7 @@ tasks: { "position": { "x": -860, - "y": 3010 + "y": 2930 } } note: false @@ -2214,7 +2078,7 @@ tasks: { "position": { "x": -860, - "y": 3185 + "y": 3105 } } note: false @@ -2224,6 +2088,165 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false + "63": + id: "63" + taskid: 79eb65d2-1cd8-4e44-86cc-4355db4ddb08 + type: playbook + task: + id: 79eb65d2-1cd8-4e44-86cc-4355db4ddb08 + version: -1 + name: Cloud Credentials Rotation - Generic + description: |- + ## **Cloud Credentials Rotation - Generic** + + This comprehensive playbook combines the remediation steps from AWS, Azure, and GCP sub-playbooks into a single, cohesive guide. Regardless of which Cloud Service Provider (CSP) you're working with, this playbook will direct you to the relevant steps, ensuring swift and effective response. + + The primary objective is to offer an efficient way to address compromised credentials across different cloud platforms. By consolidating the key steps from AWS, Azure, and GCP, it minimizes the time spent searching for platform-specific procedures and accelerates the remediation process, ensuring the highest level of security for your cloud environments. + + ## **Integrations for Each Sub-Playbook** + + In order to seamlessly execute the actions mentioned in each sub-playbook, specific integrations are essential. These integrations facilitate the automated tasks and processes that the playbook carries out. Here are the required integrations for each sub-playbook: + + ### **AWS Sub-Playbook:** + 1. [**AWS - IAM**](https://xsoar.pan.dev/docs/reference/integrations/aws---iam): Used to manage AWS Identity and Access Management. + 2. [**AWS - EC2**](https://xsoar.pan.dev/docs/reference/integrations/aws---ec2): Essential for managing Amazon Elastic Compute Cloud (EC2) instances. + + ### **GCP Sub-Playbook:** + 1. [**Google Workspace Admin**](https://xsoar.pan.dev/docs/reference/integrations/g-suite-admin): Manages users, groups, and other entities within Google Workspace. + 2. [**GCP-IAM**](https://xsoar.pan.dev/docs/reference/integrations/gcp-iam): Ensures management and control of GCP's Identity and Access Management. + + ### **Azure Sub-Playbook:** + 1. [**Microsoft Graph Users**](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-user): Manages users and related entities in Microsoft Graph. + 2. [**Microsoft Graph Applications**](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-applications): Manages applications within Microsoft Graph. + playbookName: Cloud Credentials Rotation - Generic + type: playbook + iscommand: false + brand: "" + nexttasks: + '#none#': + - "5" + scriptarguments: + AWS-accessKeyID: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig + accessor: accessKeyId + AWS-instanceID: + complex: + root: alert.username + filters: + - - operator: containsGeneral + left: + value: + simple: alert.username + iscontext: true + right: + value: + simple: i- + ignorecase: true + transformers: + - operator: Cut + args: + delimiter: + value: + simple: / + fields: + value: + simple: "2" + AWS-newInstanceProfileName: + complex: + root: inputs.AWS-newInstanceProfileName + AWS-newRoleName: + complex: + root: inputs.AWS-newRoleName + AWS-roleNameToRestrict: + complex: + root: inputs.AWS-roleNameToRestrict + AWS-userID: + complex: + root: incident + accessor: username + Azure-AppID: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig.claims + accessor: appid + Azure-ObjectID: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig + accessor: claims + transformers: + - operator: RegexExtractAll + args: + error_if_no_match: {} + ignore_case: {} + multi_line: {} + period_matches_newline: {} + regex: + value: + simple: http://schemas.microsoft.com/identity/claims/objectidentifier":"\w{8}\-\w{4}\-\w{4}\-\w{4}\-\w{12} + unpack_matches: {} + - operator: ExtractInbetween + args: + from: + value: + simple: http://schemas.microsoft.com/identity/claims/objectidentifier":" + to: + value: + simple: '"' + Azure-userID: + complex: + root: incident + accessor: username + GCP-SAEmail: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig + accessor: principalEmail + GCP-cloudProject: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event + accessor: project + GCP-userID: + complex: + root: incident + accessor: username + GCP-zone: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event + accessor: zone + RemediationType: + complex: + root: inputs.credentialsRemediationType + cloudProvider: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event + accessor: cloud_provider + identityType: + complex: + root: PaloAltoNetworksXDR.OriginalAlert.event.identity_orig.sessionContext.sessionIssuer + accessor: type + shouldCloneSA: + complex: + root: inputs.shouldCloneSA + separatecontext: true + continueonerrortype: "" + loop: + iscommand: false + exitCondition: "" + wait: 1 + max: 100 + view: |- + { + "position": { + "x": 20, + "y": 1370 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: true + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false view: |- { "linkLabelsPosition": { @@ -2234,6 +2257,7 @@ view: |- "36_37_#default#": 0.8, "38_39_Yes": 0.42, "49_61_#default#": 0.1, + "50_5_#default#": 0.47, "54_59_#default#": 0.11, "55_57_yes": 0.43, "55_59_#default#": 0.21, @@ -2243,10 +2267,10 @@ view: |- }, "paper": { "dimensions": { - "height": 5835, + "height": 5665, "width": 2130, "x": -860, - "y": -1470 + "y": -1380 } } } @@ -2312,6 +2336,48 @@ inputs: required: false description: Whether to execute the indicators remediation automatically. playbookInputQuery: +- key: credentialsRemediationType + value: + simple: Reset + required: false + description: |- + The response playbook provides the following remediation actions using AWS, MSGraph Users, GCP and GSuite Admin: + + Reset: By entering "Reset" in the input, the playbook will execute password reset. + Supports: AWS, MSGraph Users, GCP and GSuite Admin. + + Revoke: By entering "Revoke" in the input, the GCP will revoke the access key, GSuite Admin will revoke the access token and the MSGraph Users will revoke the session. + Supports: GCP, GSuite Admin and MSGraph Users. + + Deactivate - By entering "Deactivate" in the input, the playbook will execute access key deactivation. + Supports: AWS. + + ALL: By entering "ALL" in the input, the playbook will execute the all remediation actions provided for each CSP. + playbookInputQuery: +- key: shouldCloneSA + value: + simple: "False" + required: false + description: |- + Whether to clone the compromised SA before putting a deny policy to it. + Supports: AWS. + True/False + playbookInputQuery: +- key: AWS-newRoleName + value: {} + required: false + description: The new role name to assign in the clone service account flow. + playbookInputQuery: +- key: AWS-newInstanceProfileName + value: {} + required: false + description: The new instance profile name to assign in the clone service account flow. + playbookInputQuery: +- key: AWS-roleNameToRestrict + value: {} + required: false + description: If provided, the role will be attached with a deny policy without the compute instance analysis flow. + playbookInputQuery: outputs: [] tests: - No tests (auto formatted) diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_Response_README.md b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_Response_README.md index a5152c8bbe0a..5c28d38d2217 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_Response_README.md +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_XCloud_Token_Theft_Response_README.md @@ -51,13 +51,14 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks -* IP Enrichment - Generic v2 +* Cloud Enrichment - Generic * Cloud Threat Hunting - Persistence -* Cortex XDR - XCloud Token Theft - Set Verdict +* Cloud Credentials Rotation - Generic +* Cloud Response - Generic * TIM - Indicator Relationships Analysis +* Cortex XDR - XCloud Token Theft - Set Verdict +* IP Enrichment - Generic v2 * Entity Enrichment - Generic v3 -* Cloud Enrichment - Generic -* Cloud Response - Generic ### Integrations @@ -66,13 +67,12 @@ This playbook does not use any integrations. ### Scripts * ParseHTMLIndicators -* LoadJSON ### Commands -* xdr-get-cloud-original-alerts -* xdr-update-incident * setIncident +* xdr-update-incident +* xdr-get-cloud-original-alerts * closeInvestigation ## Playbook Inputs @@ -90,6 +90,11 @@ This playbook does not use any integrations. | autoAccessKeyRemediation | Whether to execute the access key remediation automatically. | False | Optional | | autoUserRemediation | Whether to execute the user remediation automatically. | False | Optional | | autoBlockIndicators | Whether to execute the indicators remediation automatically. | False | Optional | +| credentialsRemediationType | The response playbook provides the following remediation actions using AWS, MSGraph Users, GCP and GSuite Admin:

Reset: By entering "Reset" in the input, the playbook will execute password reset.
Supports: AWS, MSGraph Users, GCP and GSuite Admin.

Revoke: By entering "Revoke" in the input, the GCP will revoke the access key, GSuite Admin will revoke the access token and the MSGraph Users will revoke the session.
Supports: GCP, GSuite Admin and MSGraph Users.

Deactivate - By entering "Deactivate" in the input, the playbook will execute access key deactivation.
Supports: AWS.

ALL: By entering "ALL" in the input, the playbook will execute the all remediation actions provided for each CSP. | Reset | Optional | +| shouldCloneSA | Whether to clone the compromised SA before putting a deny policy to it.
Supports: AWS.
True/False | False | Optional | +| AWS-newRoleName | The new role name to assign in the clone service account flow. | | Optional | +| AWS-newInstanceProfileName | The new instance profile name to assign in the clone service account flow. | | Optional | +| AWS-roleNameToRestrict | If provided, the role will be attached with a deny policy without the compute instance analysis flow. | | Optional | ## Playbook Outputs diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-XCloud_Cryptomining.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-XCloud_Cryptomining.yml index a72d764c378d..8b70d87f46cd 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-XCloud_Cryptomining.yml +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-XCloud_Cryptomining.yml @@ -74,7 +74,7 @@ tasks: version: -1 name: Set Incident Severity to High description: commands.local.cmd.set.parent.incident.field - script: Builtin|||setParentIncidentField + script: Builtin|||setParentIncidentFields type: regular iscommand: true brand: Builtin @@ -109,7 +109,7 @@ tasks: task: id: b3b786b8-c446-4170-8557-722d96186c75 version: -1 - name: Set the incident severity + name: Set the alert severity to Low description: Optionally increases the incident severity to the new value if it is greater than the existing severity. scriptName: IncreaseIncidentSeverity type: regular @@ -186,6 +186,7 @@ tasks: nexttasks: '#none#': - "36" + - "58" scriptarguments: body: simple: |- @@ -354,7 +355,7 @@ tasks: view: |- { "position": { - "x": 1310, + "x": 1540, "y": 1880 } } @@ -476,6 +477,8 @@ tasks: root: inputs.alert_id extend-context: simple: alertData= + filter_alert_fields: + simple: "false" ignore-outputs: simple: "false" separatecontext: false @@ -529,8 +532,8 @@ tasks: view: |- { "position": { - "x": 1310, - "y": 2060 + "x": 1320, + "y": 2250 } } note: false @@ -562,8 +565,8 @@ tasks: view: |- { "position": { - "x": 1310, - "y": 2245 + "x": 1320, + "y": 2435 } } note: false @@ -591,7 +594,7 @@ tasks: { "position": { "x": 720, - "y": 2610 + "y": 2790 } } note: false @@ -766,8 +769,8 @@ tasks: view: |- { "position": { - "x": 1310, - "y": 2430 + "x": 1320, + "y": 2620 } } note: false @@ -976,6 +979,193 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false + "58": + id: "58" + taskid: ad5076a5-7198-4fbe-8003-e288bfd83048 + type: condition + task: + id: ad5076a5-7198-4fbe-8003-e288bfd83048 + version: -1 + name: Should rotate the credentials automatically? + description: Whether to rotate the credentials automatically. + type: condition + iscommand: false + brand: "" + nexttasks: + "yes": + - "59" + separatecontext: false + conditions: + - label: "yes" + condition: + - - operator: isEqualString + left: + value: + simple: inputs.autoAccessKeyRemediation + iscontext: true + right: + value: + simple: "true" + ignorecase: true + - operator: isEqualString + left: + value: + simple: inputs.autoUserRemediation + iscontext: true + right: + value: + simple: "true" + ignorecase: true + continueonerrortype: "" + view: |- + { + "position": { + "x": 1110, + "y": 1880 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false + "59": + id: "59" + taskid: c9cef60f-31d3-45b8-8c99-a2e977258a43 + type: playbook + task: + id: c9cef60f-31d3-45b8-8c99-a2e977258a43 + version: -1 + name: Cloud Credentials Rotation - Generic + description: |- + ## **Cloud Credentials Rotation - Generic** + + This comprehensive playbook combines the remediation steps from AWS, Azure, and GCP sub-playbooks into a single, cohesive guide. Regardless of which Cloud Service Provider (CSP) you're working with, this playbook will direct you to the relevant steps, ensuring swift and effective response. + + The primary objective is to offer an efficient way to address compromised credentials across different cloud platforms. By consolidating the key steps from AWS, Azure, and GCP, it minimizes the time spent searching for platform-specific procedures and accelerates the remediation process, ensuring the highest level of security for your cloud environments. + + ## **Integrations for Each Sub-Playbook** + + In order to seamlessly execute the actions mentioned in each sub-playbook, specific integrations are essential. These integrations facilitate the automated tasks and processes that the playbook carries out. Here are the required integrations for each sub-playbook: + + ### **AWS Sub-Playbook:** + 1. [**AWS - IAM**](https://xsoar.pan.dev/docs/reference/integrations/aws---iam): Used to manage AWS Identity and Access Management. + 2. [**AWS - EC2**](https://xsoar.pan.dev/docs/reference/integrations/aws---ec2): Essential for managing Amazon Elastic Compute Cloud (EC2) instances. + + ### **GCP Sub-Playbook:** + 1. [**Google Workspace Admin**](https://xsoar.pan.dev/docs/reference/integrations/g-suite-admin): Manages users, groups, and other entities within Google Workspace. + 2. [**GCP-IAM**](https://xsoar.pan.dev/docs/reference/integrations/gcp-iam): Ensures management and control of GCP's Identity and Access Management. + + ### **Azure Sub-Playbook:** + 1. [**Microsoft Graph Users**](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-user): Manages users and related entities in Microsoft Graph. + 2. [**Microsoft Graph Applications**](https://xsoar.pan.dev/docs/reference/integrations/microsoft-graph-applications): Manages applications within Microsoft Graph. + playbookName: Cloud Credentials Rotation - Generic + type: playbook + iscommand: false + brand: "" + nexttasks: + '#none#': + - "40" + scriptarguments: + AWS-accessKeyID: + simple: ${Core.OriginalAlert.event.identity_orig.accessKeyId} + AWS-instanceID: + complex: + root: alert.username + filters: + - - operator: containsGeneral + left: + value: + simple: alert.username + iscontext: true + right: + value: + simple: i- + transformers: + - operator: Cut + args: + delimiter: + value: + simple: / + fields: + value: + simple: "2" + AWS-newInstanceProfileName: + simple: ${inputs.AWS-newInstanceProfileName} + AWS-newRoleName: + simple: ${inputs.AWS-newRoleName} + AWS-roleNameToRestrict: + simple: ${inputs.AWS-roleNameToRestrict} + AWS-userID: + simple: ${alert.username} + Azure-AppID: + simple: ${Core.OriginalAlert.event.identity_orig.claims.appid} + Azure-ObjectID: + complex: + root: Core.OriginalAlert.event.identity_orig + accessor: claims + transformers: + - operator: Stringify + - operator: RegexExtractAll + args: + error_if_no_match: {} + ignore_case: {} + multi_line: {} + period_matches_newline: {} + regex: + value: + simple: http://schemas.microsoft.com/identity/claims/objectidentifier":"\w{8}\-\w{4}\-\w{4}\-\w{4}\-\w{12} + unpack_matches: {} + - operator: ExtractInbetween + args: + from: + value: + simple: http://schemas.microsoft.com/identity/claims/objectidentifier":" + to: + value: + simple: '"' + Azure-userID: + simple: ${alert.username} + GCP-SAEmail: + simple: ${Core.OriginalAlert.event.identity_orig.principalEmail} + GCP-cloudProject: + simple: ${alert.cloudproject} + GCP-userID: + simple: ${alert.username} + GCP-zone: + simple: ${Core.OriginalAlert.event.zone} + RemediationType: + simple: ${inputs.credentialsRemediationType} + cloudProvider: + simple: ${alert.cloudprovider} + identityType: + simple: ${alert.cloudidentitytype} + shouldCloneSA: + simple: ${inputs.shouldCloneSA} + separatecontext: true + continueonerrortype: "" + loop: + iscommand: false + exitCondition: "" + wait: 1 + max: 100 + view: |- + { + "position": { + "x": 1110, + "y": 2080 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: true + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false +system: true view: |- { "linkLabelsPosition": { @@ -985,11 +1175,12 @@ view: |- "41_54_Yes": 0.42, "49_27_Malicious": 0.62, "49_29_User Verification": 0.61, - "56_32_#default#": 0.49 + "56_32_#default#": 0.49, + "58_59_yes": 0.44 }, "paper": { "dimensions": { - "height": 2875, + "height": 3055, "width": 1260, "x": 720, "y": -200 @@ -1068,6 +1259,24 @@ inputs: required: false description: Whether to execute the user remediation flow automatically. playbookInputQuery: +- key: credentialsRemediationType + value: + simple: "Reset" + required: false + description: |- + The response playbook provides the following remediation actions using AWS, MSGraph Users, GCP and GSuite Admin: + + Reset: By entering "Reset" in the input, the playbook will execute password reset. + Supports: AWS, MSGraph Users, GCP and GSuite Admin. + + Revoke: By entering "Revoke" in the input, the GCP will revoke the access key, GSuite Admin will revoke the access token and the MSGraph Users will revoke the session. + Supports: GCP, GSuite Admin and MSGraph Users. + + Deactivate - By entering "Deactivate" in the input, the playbook will execute access key deactivation. + Supports: AWS. + + ALL: By entering "ALL" in the input, the playbook will execute the all remediation actions provided for each CSP. + playbookInputQuery: - key: AWS-accessKeyRemediationType value: simple: Disable @@ -1101,6 +1310,28 @@ inputs: Delete - for the user deletion. Revoke - for revoking the user's credentials. playbookInputQuery: +- key: shouldCloneSA + value: {} + required: false + description: |- + Whether to clone the compromised SA before putting a deny policy to it. + True/False + playbookInputQuery: +- key: AWS-newRoleName + value: {} + required: false + description: The name of the new role to create if the analyst decides to clone the service account. + playbookInputQuery: +- key: AWS-newInstanceProfileName + value: {} + required: false + description: The name of the new instance profile to create if the analyst decides to clone the service account. + playbookInputQuery: +- key: AWS-roleNameToRestrict + value: {} + required: false + description: If provided, the role will be attached with a deny policy without the compute instance analysis flow. + playbookInputQuery: - key: Azure-resourceRemediationType value: simple: Poweroff @@ -1277,12 +1508,17 @@ inputSections: - autoBlockIndicators - autoResourceRemediation - autoUserRemediation + - credentialsRemediationType name: Remediation description: Remediation settings and data, including containment, eradication, and recovery. - inputs: - AWS-accessKeyRemediationType - AWS-resourceRemediationType - AWS-userRemediationType + - shouldCloneSA + - AWS-newRoleName + - AWS-newInstanceProfileName + - AWS-roleNameToRestrict name: AWS Remediation description: AWS Remediation settings and data, including containment, eradication, and recovery. - inputs: diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-XCloud_Cryptomining_-_Set_Verdict.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-XCloud_Cryptomining_-_Set_Verdict.yml index 833859e401bc..3726534f368c 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-XCloud_Cryptomining_-_Set_Verdict.yml +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-XCloud_Cryptomining_-_Set_Verdict.yml @@ -314,9 +314,7 @@ tasks: - - operator: isEqualNumber left: value: - complex: - root: alertJson.raw_abioc.event - accessor: cloud_agent_external_ip_days_seen_count + simple: Core.OriginalAlert.event.cloud_agent_external_ip_days_seen_count iscontext: true right: value: @@ -324,9 +322,7 @@ tasks: - - operator: isEqualNumber left: value: - complex: - root: alertJson.raw_abioc.event - accessor: cloud_caller_ip_asn_count_distinct_cloud_best_identity + simple: Core.OriginalAlert.event.additional_profiles.profile_cloud_caller_ip_asn.caller_ip_asn.count_distinct_cloud_best_identity iscontext: true right: value: diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-XCloud_Cryptomining_-_Set_Verdict_README.md b/Packs/CloudIncidentResponse/Playbooks/playbook-XCloud_Cryptomining_-_Set_Verdict_README.md index 64b529040e56..13130cd18d63 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-XCloud_Cryptomining_-_Set_Verdict_README.md +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-XCloud_Cryptomining_-_Set_Verdict_README.md @@ -8,22 +8,28 @@ This playbook sets the alert's verdict as malicious if one of the following cond If none of the conditions is true, the playbook will wait for an analyst's decision. ## Dependencies + This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks + This playbook does not use any sub-playbooks. ### Integrations + This playbook does not use any integrations. ### Scripts -* Set + * SearchIncidentsV2 +* Set ### Commands + This playbook does not use any commands. ## Playbook Inputs + --- | **Name** | **Description** | **Default Value** | **Required** | @@ -31,6 +37,7 @@ This playbook does not use any commands. | sourceIP | The source IP of the attack. | | Optional | ## Playbook Outputs + --- | **Path** | **Description** | **Type** | @@ -38,5 +45,7 @@ This playbook does not use any commands. | alertVerdict | The alert verdict | string | ## Playbook Image + --- -![XCloud Cryptojacking - Set Verdict](../doc_files/XCloud_Cryptomining_-_Set_Verdict.png) \ No newline at end of file + +![XCloud Cryptojacking - Set Verdict](../doc_files/XCloud_Cryptomining_-_Set_Verdict.png) diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-XCloud_Cryptomining_README.md b/Packs/CloudIncidentResponse/Playbooks/playbook-XCloud_Cryptomining_README.md index d1c154e3bb7b..3bb22bd33043 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-XCloud_Cryptomining_README.md +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-XCloud_Cryptomining_README.md @@ -29,11 +29,12 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks +* Cloud Response - Generic * XCloud Cryptojacking - Set Verdict -* XCloud Alert Enrichment * Ticket Management - Generic -* Cloud Response - Generic +* Cloud Credentials Rotation - Generic * Handle False Positive Alerts +* XCloud Alert Enrichment ### Integrations @@ -41,15 +42,15 @@ This playbook does not use any integrations. ### Scripts -* IncreaseIncidentSeverity +* IncreaseAlertSeverity * LoadJSON ### Commands * closeInvestigation -* send-mail * core-get-cloud-original-alerts -* setParentIncidentField +* send-mail +* setParentIncidentFields ## Playbook Inputs @@ -69,9 +70,14 @@ This playbook does not use any integrations. | autoBlockIndicators | Whether to block the indicators automatically. | False | Optional | | autoResourceRemediation | Whether to execute the resource remediation flow automatically. | False | Optional | | autoUserRemediation | Whether to execute the user remediation flow automatically. | False | Optional | +| credentialsRemediationType | The response playbook provides the following remediation actions using AWS, MSGraph Users, GCP and GSuite Admin:

Reset: By entering "Reset" in the input, the playbook will execute password reset.
Supports: AWS, MSGraph Users, GCP and GSuite Admin.

Revoke: By entering "Revoke" in the input, the GCP will revoke the access key, GSuite Admin will revoke the access token and the MSGraph Users will revoke the session.
Supports: GCP, GSuite Admin and MSGraph Users.

Deactivate - By entering "Deactivate" in the input, the playbook will execute access key deactivation.
Supports: AWS.

ALL: By entering "ALL" in the input, the playbook will execute the all remediation actions provided for each CSP. | | Optional | | AWS-accessKeyRemediationType | Choose the remediation type for the user's access key.

AWS available types:
Disable - for disabling the user's access key.
Delete - for the user's access key deletion. | Disable | Optional | | AWS-resourceRemediationType | Choose the remediation type for the instances created.

AWS available types:
Stop - for stopping the instances.
Terminate - for terminating the instances. | Stop | Optional | | AWS-userRemediationType | Choose the remediation type for the user involved.

AWS available types:
Delete - for the user deletion.
Revoke - for revoking the user's credentials. | Revoke | Optional | +| shouldCloneSA | Whether to clone the compromised SA before putting a deny policy to it.
True/False | | Optional | +| AWS-newRoleName | The name of the new role to create if the analyst decides to clone the service account. | | Optional | +| AWS-newInstanceProfileName | The name of the new instance profile to create if the analyst decides to clone the service account. | | Optional | +| AWS-roleNameToRestrict | If provided, the role will be attached with a deny policy without the compute instance analysis flow. | | Optional | | Azure-resourceRemediationType | Choose the remediation type for the instances created.

Azure available types:
Poweroff - for shutting down the instances.
Delete - for deleting the instances. | Poweroff | Optional | | Azure-userRemediationType | Choose the remediation type for the user involved.

Azure available types:
Disable - for disabling the user.
Delete - for deleting the user. | Disable | Optional | | GCP-accessKeyRemediationType | Choose the remediation type for the user's access key.

GCP available types:
Disable - For disabling the user's access key.
Delete - For the deleting user's access key. | Disable | Optional | diff --git a/Packs/CloudIncidentResponse/ReleaseNotes/1_0_13.md b/Packs/CloudIncidentResponse/ReleaseNotes/1_0_13.md new file mode 100644 index 000000000000..613dd37f06c3 --- /dev/null +++ b/Packs/CloudIncidentResponse/ReleaseNotes/1_0_13.md @@ -0,0 +1,42 @@ + +#### Playbooks + +##### Cortex XDR - Cloud Data Exfiltration Response + +- Improved remediation capabilities using the Cloud Credentials Rotation playbook. +##### Cloud Token Theft Response + +- Improved remediation capabilities using the Cloud Credentials Rotation playbook. +##### Cortex XDR - XCloud Token Theft Response + +- Improved remediation capabilities using the Cloud Credentials Rotation playbook. +##### Cloud Token Theft - Set Verdict + +- Improved remediation capabilities using the Cloud Credentials Rotation playbook. +##### Cortex XDR - XCloud Token Theft - Set Verdict + +- Improved remediation capabilities using the Cloud Credentials Rotation playbook. +##### XCloud Cryptojacking - Set Verdict + +- Improved remediation capabilities using the Cloud Credentials Rotation playbook. +##### Cloud IAM User Access Investigation + +- Improved remediation capabilities using the Cloud Credentials Rotation playbook. +##### Cortex XDR - XCloud Cryptojacking - Set Verdict + +- Improved remediation capabilities using the Cloud Credentials Rotation playbook. +##### XCloud Cryptojacking + +- Improved remediation capabilities using the Cloud Credentials Rotation playbook. +##### Cortex XDR - XCloud Cryptojacking + +- Improved remediation capabilities using the Cloud Credentials Rotation playbook. +##### Cortex XDR - Cloud IAM User Access Investigation + +- Improved remediation capabilities using the Cloud Credentials Rotation playbook. +##### Cloud Data Exfiltration Response + +- Improved remediation capabilities using the Cloud Credentials Rotation playbook. +##### Cortex XDR - Cloud Enrichment + +- Improved remediation capabilities using the Cloud Credentials Rotation playbook. diff --git a/Packs/CloudIncidentResponse/doc_files/Cloud_Data_Exfiltration_Response.png b/Packs/CloudIncidentResponse/doc_files/Cloud_Data_Exfiltration_Response.png index a9e9c24f2729..89d4a5679b40 100644 Binary files a/Packs/CloudIncidentResponse/doc_files/Cloud_Data_Exfiltration_Response.png and b/Packs/CloudIncidentResponse/doc_files/Cloud_Data_Exfiltration_Response.png differ diff --git a/Packs/CloudIncidentResponse/doc_files/Cloud_IAM_User_Access_Investigation.png b/Packs/CloudIncidentResponse/doc_files/Cloud_IAM_User_Access_Investigation.png index de34814820f8..594c977b6d24 100644 Binary files a/Packs/CloudIncidentResponse/doc_files/Cloud_IAM_User_Access_Investigation.png and b/Packs/CloudIncidentResponse/doc_files/Cloud_IAM_User_Access_Investigation.png differ diff --git a/Packs/CloudIncidentResponse/doc_files/Cloud_Token_Theft_Response.png b/Packs/CloudIncidentResponse/doc_files/Cloud_Token_Theft_Response.png index 1a5306e6b616..da4987dc83f0 100644 Binary files a/Packs/CloudIncidentResponse/doc_files/Cloud_Token_Theft_Response.png and b/Packs/CloudIncidentResponse/doc_files/Cloud_Token_Theft_Response.png differ diff --git a/Packs/CloudIncidentResponse/doc_files/Cortex_XDR_-_Cloud_Cryptomining.png b/Packs/CloudIncidentResponse/doc_files/Cortex_XDR_-_Cloud_Cryptomining.png index b0a07dcdec3c..a69cef7c24aa 100644 Binary files a/Packs/CloudIncidentResponse/doc_files/Cortex_XDR_-_Cloud_Cryptomining.png and b/Packs/CloudIncidentResponse/doc_files/Cortex_XDR_-_Cloud_Cryptomining.png differ diff --git a/Packs/CloudIncidentResponse/doc_files/Cortex_XDR_-_Cloud_Data_Exfiltration_Response.png b/Packs/CloudIncidentResponse/doc_files/Cortex_XDR_-_Cloud_Data_Exfiltration_Response.png index 9fd2e47dcbcd..8786bd7d3f33 100644 Binary files a/Packs/CloudIncidentResponse/doc_files/Cortex_XDR_-_Cloud_Data_Exfiltration_Response.png and b/Packs/CloudIncidentResponse/doc_files/Cortex_XDR_-_Cloud_Data_Exfiltration_Response.png differ diff --git a/Packs/CloudIncidentResponse/doc_files/Cortex_XDR_-_Cloud_IAM_User_Access_Investigation.png b/Packs/CloudIncidentResponse/doc_files/Cortex_XDR_-_Cloud_IAM_User_Access_Investigation.png index cdd1e9561c3a..6847cfd8dd7c 100644 Binary files a/Packs/CloudIncidentResponse/doc_files/Cortex_XDR_-_Cloud_IAM_User_Access_Investigation.png and b/Packs/CloudIncidentResponse/doc_files/Cortex_XDR_-_Cloud_IAM_User_Access_Investigation.png differ diff --git a/Packs/CloudIncidentResponse/doc_files/Cortex_XDR_-_XCloud_Token_Theft_Response.png b/Packs/CloudIncidentResponse/doc_files/Cortex_XDR_-_XCloud_Token_Theft_Response.png index 74f6cdc4dd21..56c6a303e1c5 100644 Binary files a/Packs/CloudIncidentResponse/doc_files/Cortex_XDR_-_XCloud_Token_Theft_Response.png and b/Packs/CloudIncidentResponse/doc_files/Cortex_XDR_-_XCloud_Token_Theft_Response.png differ diff --git a/Packs/CloudIncidentResponse/doc_files/XCloud_Cryptomining.png b/Packs/CloudIncidentResponse/doc_files/XCloud_Cryptomining.png index ff84e2606596..54deee0c7e5d 100644 Binary files a/Packs/CloudIncidentResponse/doc_files/XCloud_Cryptomining.png and b/Packs/CloudIncidentResponse/doc_files/XCloud_Cryptomining.png differ diff --git a/Packs/CloudIncidentResponse/pack_metadata.json b/Packs/CloudIncidentResponse/pack_metadata.json index 3a2d09e0107e..d3438020c7f9 100644 --- a/Packs/CloudIncidentResponse/pack_metadata.json +++ b/Packs/CloudIncidentResponse/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cloud Incident Response", "description": "This content Pack helps you automate collection, investigation, and remediation of incidents related to cloud infrastructure activities in AWS, Azure, and GCP.", "support": "xsoar", - "currentVersion": "1.0.12", + "currentVersion": "1.0.13", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CommonScripts/ReleaseNotes/1_13_27.md b/Packs/CommonScripts/ReleaseNotes/1_13_27.md new file mode 100644 index 000000000000..e2690d47da35 --- /dev/null +++ b/Packs/CommonScripts/ReleaseNotes/1_13_27.md @@ -0,0 +1,168 @@ + +#### Scripts + +##### DecodeMimeHeader + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### DisableUserWrapper + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### ParseYAML + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### GetInstances + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### PrettyPrint + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### Base64EncodeV2 + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### DisplayHTML + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### SetByIncidentId + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### LookupCSV + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### FeedRelatedIndicatorsWidget + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### URLSSLVerification + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### ArrayToCSV + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### TimeStampCompare + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### IsListExist + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### MaliciousRatioReputation + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### SetMultipleValues + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### DomainReputation + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### DumpJSON + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### SearchIndicator + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### CheckFieldValue + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### IdentifyAttachedEmail + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### TopMaliciousRatioIndicators + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### GetLicenseID + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### Strings + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### CheckSenderDomainDistance + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### HTTPListRedirects + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### ConvertTimezoneFromUTC + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### SetWithTemplate + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### CheckIndicatorValue + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### RunPollingCommand + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### AddKeyToList + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### ResolveShortenedURL + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### ExtractAttackPattern + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### BreachConfirmationHTML + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### PortListenCheck + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### JSONtoCSV + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### ParseCSV + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### CalculateEntropy + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### CreateHash + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### SendEmailOnSLABreach + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### Base64ListToFile + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### PositiveDetectionsVSDetectionEngines + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### MatchRegexV2 + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### RunDockerCommand + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### GetEntries + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### JSONFileToCSV + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### cveReputationV2 + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### RepopulateFiles + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### SearchIncidentsSummary + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### StopScheduledTask + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### IsolationAssetWrapper + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### RemoveKeyFromList + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### VerifyIPv6Indicator + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### ReadFile + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### SetTime + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/CommonScripts/ReleaseNotes/1_13_28.md b/Packs/CommonScripts/ReleaseNotes/1_13_28.md new file mode 100644 index 000000000000..d69639046a2c --- /dev/null +++ b/Packs/CommonScripts/ReleaseNotes/1_13_28.md @@ -0,0 +1,7 @@ + +#### Scripts + +##### GetIndicatorDBotScoreFromCache + +- Fixed an issue where the ***GetIndicatorDBotScoreFromCache*** automation failed when no IOCs were returned from the cache. +- Updated the Docker image to *demisto/python3:3.10.13.86272*. diff --git a/Packs/CommonScripts/ReleaseNotes/1_13_29.md b/Packs/CommonScripts/ReleaseNotes/1_13_29.md new file mode 100644 index 000000000000..7db47e249932 --- /dev/null +++ b/Packs/CommonScripts/ReleaseNotes/1_13_29.md @@ -0,0 +1,21 @@ + +#### Scripts + +##### CompareLists + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### SSDeepReputation + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### IsInternalDomainName + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### ListUsedDockerImages + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### FilterByList + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### GenerateRandomUUID + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/CommonScripts/ReleaseNotes/1_13_30.md b/Packs/CommonScripts/ReleaseNotes/1_13_30.md new file mode 100644 index 000000000000..b9c04778602c --- /dev/null +++ b/Packs/CommonScripts/ReleaseNotes/1_13_30.md @@ -0,0 +1,9 @@ + +#### Scripts + +##### NumberOfPhishingAttemptPerUser + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### DockerHardeningCheck + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/CommonScripts/ReleaseNotes/1_13_31.md b/Packs/CommonScripts/ReleaseNotes/1_13_31.md new file mode 100644 index 000000000000..2a3850106d8b --- /dev/null +++ b/Packs/CommonScripts/ReleaseNotes/1_13_31.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### HttpV2 + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/CommonScripts/Scripts/AddKeyToList/AddKeyToList.yml b/Packs/CommonScripts/Scripts/AddKeyToList/AddKeyToList.yml index 3ff848b04198..a831c26bb3ba 100644 --- a/Packs/CommonScripts/Scripts/AddKeyToList/AddKeyToList.yml +++ b/Packs/CommonScripts/Scripts/AddKeyToList/AddKeyToList.yml @@ -33,5 +33,5 @@ tags: [] timeout: '0' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.0.0 diff --git a/Packs/CommonScripts/Scripts/ArrayToCSV/ArrayToCSV.yml b/Packs/CommonScripts/Scripts/ArrayToCSV/ArrayToCSV.yml index 21aa03ceebfc..563a2471646f 100644 --- a/Packs/CommonScripts/Scripts/ArrayToCSV/ArrayToCSV.yml +++ b/Packs/CommonScripts/Scripts/ArrayToCSV/ArrayToCSV.yml @@ -16,7 +16,7 @@ runas: DBotWeakRole script: "" scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tags: - transformer - general diff --git a/Packs/CommonScripts/Scripts/Base64EncodeV2/Base64EncodeV2.yml b/Packs/CommonScripts/Scripts/Base64EncodeV2/Base64EncodeV2.yml index 7c8de474040f..0d62b9ffa2f2 100644 --- a/Packs/CommonScripts/Scripts/Base64EncodeV2/Base64EncodeV2.yml +++ b/Packs/CommonScripts/Scripts/Base64EncodeV2/Base64EncodeV2.yml @@ -13,7 +13,7 @@ outputs: type: string script: '-' subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tags: - Utility - incident-action-button diff --git a/Packs/CommonScripts/Scripts/Base64ListToFile/Base64ListToFile.yml b/Packs/CommonScripts/Scripts/Base64ListToFile/Base64ListToFile.yml index 34ba70987ad1..a8100d24cb9d 100644 --- a/Packs/CommonScripts/Scripts/Base64ListToFile/Base64ListToFile.yml +++ b/Packs/CommonScripts/Scripts/Base64ListToFile/Base64ListToFile.yml @@ -40,6 +40,6 @@ outputs: description: EntryID of the file (only in case of report type=json) scripttarget: 0 fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - Base64 File in List Test diff --git a/Packs/CommonScripts/Scripts/BreachConfirmationHTML/BreachConfirmationHTML.yml b/Packs/CommonScripts/Scripts/BreachConfirmationHTML/BreachConfirmationHTML.yml index 3c12bb312740..26b7f050e452 100644 --- a/Packs/CommonScripts/Scripts/BreachConfirmationHTML/BreachConfirmationHTML.yml +++ b/Packs/CommonScripts/Scripts/BreachConfirmationHTML/BreachConfirmationHTML.yml @@ -1,7 +1,7 @@ commonfields: id: BreachConfirmationHTML version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 enabled: true name: BreachConfirmationHTML runas: DBotWeakRole diff --git a/Packs/CommonScripts/Scripts/CalculateEntropy/CalculateEntropy.yml b/Packs/CommonScripts/Scripts/CalculateEntropy/CalculateEntropy.yml index bee716288702..5a3267e187f8 100644 --- a/Packs/CommonScripts/Scripts/CalculateEntropy/CalculateEntropy.yml +++ b/Packs/CommonScripts/Scripts/CalculateEntropy/CalculateEntropy.yml @@ -24,5 +24,5 @@ tags: - entropy timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.0.0 diff --git a/Packs/CommonScripts/Scripts/CheckFieldValue/CheckFieldValue.yml b/Packs/CommonScripts/Scripts/CheckFieldValue/CheckFieldValue.yml index 263b66ea5ff5..3dcf9e4c9b7c 100644 --- a/Packs/CommonScripts/Scripts/CheckFieldValue/CheckFieldValue.yml +++ b/Packs/CommonScripts/Scripts/CheckFieldValue/CheckFieldValue.yml @@ -31,7 +31,7 @@ tags: - polling timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/CheckIndicatorValue/CheckIndicatorValue.yml b/Packs/CommonScripts/Scripts/CheckIndicatorValue/CheckIndicatorValue.yml index 7e6c79c14e3f..9643b0d235a0 100644 --- a/Packs/CommonScripts/Scripts/CheckIndicatorValue/CheckIndicatorValue.yml +++ b/Packs/CommonScripts/Scripts/CheckIndicatorValue/CheckIndicatorValue.yml @@ -34,7 +34,7 @@ outputs: type: boolean scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole fromversion: 6.5.0 tests: diff --git a/Packs/CommonScripts/Scripts/CheckSenderDomainDistance/CheckSenderDomainDistance.yml b/Packs/CommonScripts/Scripts/CheckSenderDomainDistance/CheckSenderDomainDistance.yml index 7bde5479cf8b..83bfafc098b5 100644 --- a/Packs/CommonScripts/Scripts/CheckSenderDomainDistance/CheckSenderDomainDistance.yml +++ b/Packs/CommonScripts/Scripts/CheckSenderDomainDistance/CheckSenderDomainDistance.yml @@ -29,6 +29,6 @@ scripttarget: 0 dependson: {} timeout: 0s fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/CompareLists/CompareLists.yml b/Packs/CommonScripts/Scripts/CompareLists/CompareLists.yml index b9b69213004c..64a7dccbe420 100644 --- a/Packs/CommonScripts/Scripts/CompareLists/CompareLists.yml +++ b/Packs/CommonScripts/Scripts/CompareLists/CompareLists.yml @@ -25,6 +25,6 @@ outputs: description: Common items that were found in both lists scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole fromversion: 5.0.0 diff --git a/Packs/CommonScripts/Scripts/ConvertTimezoneFromUTC/ConvertTimezoneFromUTC.yml b/Packs/CommonScripts/Scripts/ConvertTimezoneFromUTC/ConvertTimezoneFromUTC.yml index e429ee2b041e..2a7111794034 100644 --- a/Packs/CommonScripts/Scripts/ConvertTimezoneFromUTC/ConvertTimezoneFromUTC.yml +++ b/Packs/CommonScripts/Scripts/ConvertTimezoneFromUTC/ConvertTimezoneFromUTC.yml @@ -17,7 +17,7 @@ commonfields: contentitemexportablefields: contentitemfields: fromServerVersion: "" -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 enabled: true name: ConvertTimezoneFromUTC runas: DBotWeakRole diff --git a/Packs/CommonScripts/Scripts/CreateHash/CreateHash.yml b/Packs/CommonScripts/Scripts/CreateHash/CreateHash.yml index e161d4b61b55..3e2e65a167eb 100644 --- a/Packs/CommonScripts/Scripts/CreateHash/CreateHash.yml +++ b/Packs/CommonScripts/Scripts/CreateHash/CreateHash.yml @@ -21,7 +21,7 @@ commonfields: contentitemexportablefields: contentitemfields: fromServerVersion: '' -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 enabled: true name: CreateHash outputs: diff --git a/Packs/CommonScripts/Scripts/CveReputationV2/CveReputationV2.yml b/Packs/CommonScripts/Scripts/CveReputationV2/CveReputationV2.yml index 5005d29713ba..608e4be99d91 100644 --- a/Packs/CommonScripts/Scripts/CveReputationV2/CveReputationV2.yml +++ b/Packs/CommonScripts/Scripts/CveReputationV2/CveReputationV2.yml @@ -20,7 +20,7 @@ dependson: must: - cve timeout: 2.4µs -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runonce: false fromversion: 6.5.0 tests: diff --git a/Packs/CommonScripts/Scripts/DecodeMimeHeader/DecodeMimeHeader.yml b/Packs/CommonScripts/Scripts/DecodeMimeHeader/DecodeMimeHeader.yml index ffc046fc155e..b86026e7b6e3 100644 --- a/Packs/CommonScripts/Scripts/DecodeMimeHeader/DecodeMimeHeader.yml +++ b/Packs/CommonScripts/Scripts/DecodeMimeHeader/DecodeMimeHeader.yml @@ -16,5 +16,5 @@ outputs: description: The result of decoded value. type: string scripttarget: 0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.0.0 diff --git a/Packs/CommonScripts/Scripts/DisableUserWrapper/DisableUserWrapper.yml b/Packs/CommonScripts/Scripts/DisableUserWrapper/DisableUserWrapper.yml index 70edf7678b04..64f5b4273ccd 100644 --- a/Packs/CommonScripts/Scripts/DisableUserWrapper/DisableUserWrapper.yml +++ b/Packs/CommonScripts/Scripts/DisableUserWrapper/DisableUserWrapper.yml @@ -64,7 +64,7 @@ tags: timeout: '0' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 6.0.0 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/DisplayHTML/DisplayHTML.yml b/Packs/CommonScripts/Scripts/DisplayHTML/DisplayHTML.yml index 6ddda49b09ba..5b668d13a948 100644 --- a/Packs/CommonScripts/Scripts/DisplayHTML/DisplayHTML.yml +++ b/Packs/CommonScripts/Scripts/DisplayHTML/DisplayHTML.yml @@ -22,6 +22,6 @@ args: description: Add a header text to the output scripttarget: 0 fromversion: 6.5.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/DockerHardeningCheck/DockerHardeningCheck.yml b/Packs/CommonScripts/Scripts/DockerHardeningCheck/DockerHardeningCheck.yml index 308086e8b150..c6f76088ae1a 100644 --- a/Packs/CommonScripts/Scripts/DockerHardeningCheck/DockerHardeningCheck.yml +++ b/Packs/CommonScripts/Scripts/DockerHardeningCheck/DockerHardeningCheck.yml @@ -41,7 +41,7 @@ args: defaultValue: cgroup scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole fromversion: 5.0.0 tests: diff --git a/Packs/CommonScripts/Scripts/DomainReputation/DomainReputation.yml b/Packs/CommonScripts/Scripts/DomainReputation/DomainReputation.yml index 5134f4ffa0e7..a112c0bbaa0f 100644 --- a/Packs/CommonScripts/Scripts/DomainReputation/DomainReputation.yml +++ b/Packs/CommonScripts/Scripts/DomainReputation/DomainReputation.yml @@ -19,6 +19,6 @@ fromversion: 5.0.0 marketplaces: - xsoar - marketplacev2 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/DumpJSON/DumpJSON.yml b/Packs/CommonScripts/Scripts/DumpJSON/DumpJSON.yml index f0ac2d1c58bc..5dd6ec038b64 100644 --- a/Packs/CommonScripts/Scripts/DumpJSON/DumpJSON.yml +++ b/Packs/CommonScripts/Scripts/DumpJSON/DumpJSON.yml @@ -19,6 +19,6 @@ outputs: description: The JSON object as string. scripttarget: 0 fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) \ No newline at end of file diff --git a/Packs/CommonScripts/Scripts/ExtractAttackPattern/ExtractAttackPattern.yml b/Packs/CommonScripts/Scripts/ExtractAttackPattern/ExtractAttackPattern.yml index fe18c6cedf02..3896a0cf538c 100644 --- a/Packs/CommonScripts/Scripts/ExtractAttackPattern/ExtractAttackPattern.yml +++ b/Packs/CommonScripts/Scripts/ExtractAttackPattern/ExtractAttackPattern.yml @@ -15,7 +15,7 @@ args: isArray: true scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole tests: - ExtractAttackPattern-Test diff --git a/Packs/CommonScripts/Scripts/FeedRelatedIndicatorsWidget/FeedRelatedIndicatorsWidget.yml b/Packs/CommonScripts/Scripts/FeedRelatedIndicatorsWidget/FeedRelatedIndicatorsWidget.yml index e3c627b6648a..9fb010414ca5 100644 --- a/Packs/CommonScripts/Scripts/FeedRelatedIndicatorsWidget/FeedRelatedIndicatorsWidget.yml +++ b/Packs/CommonScripts/Scripts/FeedRelatedIndicatorsWidget/FeedRelatedIndicatorsWidget.yml @@ -9,5 +9,5 @@ tags: - dynamic-indicator-section timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.0.0 diff --git a/Packs/CommonScripts/Scripts/FilterByList/FilterByList.yml b/Packs/CommonScripts/Scripts/FilterByList/FilterByList.yml index 07b12fb7f5ea..c33947a2c093 100644 --- a/Packs/CommonScripts/Scripts/FilterByList/FilterByList.yml +++ b/Packs/CommonScripts/Scripts/FilterByList/FilterByList.yml @@ -49,4 +49,4 @@ runas: DBotWeakRole tests: - FilterByList - Test fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 diff --git a/Packs/CommonScripts/Scripts/GenerateRandomUUID/GenerateRandomUUID.yml b/Packs/CommonScripts/Scripts/GenerateRandomUUID/GenerateRandomUUID.yml index 8ba124816f74..baffb711ebb7 100644 --- a/Packs/CommonScripts/Scripts/GenerateRandomUUID/GenerateRandomUUID.yml +++ b/Packs/CommonScripts/Scripts/GenerateRandomUUID/GenerateRandomUUID.yml @@ -12,5 +12,5 @@ script: '' subtype: python3 tags: [] type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.0.0 diff --git a/Packs/CommonScripts/Scripts/GetEntries/GetEntries.yml b/Packs/CommonScripts/Scripts/GetEntries/GetEntries.yml index 3ef6671884cd..36dd9375636c 100644 --- a/Packs/CommonScripts/Scripts/GetEntries/GetEntries.yml +++ b/Packs/CommonScripts/Scripts/GetEntries/GetEntries.yml @@ -32,7 +32,7 @@ outputs: description: Last modified time of the entry scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole fromversion: 6.5.0 tests: diff --git a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.py b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.py index e34177f4fb6c..606bbd897d42 100644 --- a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.py +++ b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.py @@ -16,28 +16,27 @@ def main(): ) return_entries = [] + iocs = res.get('iocs') or [] + for data in iocs: + score = data["score"] + vendor = "XSOAR" + reliability = data.get("aggregatedReliability") + indicatorType = data["indicator_type"] + expirationStatus = data.get("expirationStatus") != "active" + value: str = data["value"] + + dbotscore = { + "Indicator": value, + "Type": indicatorType, + "Vendor": vendor, + "Score": score, + "Reliability": reliability, + "Expired": expirationStatus + } - if 'iocs' in res and len(res['iocs']) > 0: - for data in res['iocs']: - score = data["score"] - vendor = "XSOAR" - reliability = data.get("aggregatedReliability") - indicatorType = data["indicator_type"] - expirationStatus = data.get("expirationStatus") != "active" - value: str = data["value"] - - dbotscore = { - "Indicator": value, - "Type": indicatorType, - "Vendor": vendor, - "Score": score, - "Reliability": reliability, - "Expired": expirationStatus - } - - return_entries.append(dbotscore) - with contextlib.suppress(KeyError): # for multiple IOCs with same value but different casing - unique_values.remove(value.lower()) + return_entries.append(dbotscore) + with contextlib.suppress(KeyError): # for multiple IOCs with same value but different casing + unique_values.remove(value.lower()) values_not_found = list({v for v in values if v.lower() in unique_values}) # return the values with the original casing diff --git a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.yml b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.yml index d82cff7a4e5f..25e26b884286 100644 --- a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.yml +++ b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache.yml @@ -7,7 +7,7 @@ comment: Get the overall score for the indicator as calculated by DBot. commonfields: id: GetIndicatorDBotScoreFromCache version: -1 -dockerimage: demisto/python3:3.10.13.80593 +dockerimage: demisto/python3:3.10.13.86272 enabled: true name: GetIndicatorDBotScoreFromCache runas: DBotWeakRole diff --git a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py index 99ed68b71205..a5b562df94dd 100644 --- a/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py +++ b/Packs/CommonScripts/Scripts/GetIndicatorDBotScoreFromCache/GetIndicatorDBotScoreFromCache_test.py @@ -158,3 +158,24 @@ def test_query_values(mocker): 'value:("test2~.com" "test~.com")', 'value:("test~.com" "test2~.com")', ] + + +def test_no_iocs_returned_from_search_indicators(mocker): + """ + Given: + A single indicator value (Test.com) with no cache. + When: + Running GetIndicatorDBotScoreFromCache script. + Then: + Ensure no iocs were returned. + """ + + mocker.patch.object(demisto, "args", return_value={'value': ["Test.com"]}) + mocker.patch.object(demisto, "searchIndicators", return_value={'iocs': None}) + mocker.patch.object(GetIndicatorDBotScoreFromCache, "return_results") + + GetIndicatorDBotScoreFromCache.main() + return_results_calls = GetIndicatorDBotScoreFromCache.return_results.call_args_list + expected_result = set() + indicators_results = return_results_calls[0][1] + assert {i["Indicator"] for i in indicators_results} == expected_result diff --git a/Packs/CommonScripts/Scripts/GetInstances/GetInstances.yml b/Packs/CommonScripts/Scripts/GetInstances/GetInstances.yml index d11dfb471a7f..7c0efa5bb10a 100644 --- a/Packs/CommonScripts/Scripts/GetInstances/GetInstances.yml +++ b/Packs/CommonScripts/Scripts/GetInstances/GetInstances.yml @@ -37,7 +37,7 @@ outputs: type: string scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole fromversion: 5.0.0 tests: diff --git a/Packs/CommonScripts/Scripts/GetLicenseID/GetLicenseID.yml b/Packs/CommonScripts/Scripts/GetLicenseID/GetLicenseID.yml index d0437e7e4165..0883a9396f85 100644 --- a/Packs/CommonScripts/Scripts/GetLicenseID/GetLicenseID.yml +++ b/Packs/CommonScripts/Scripts/GetLicenseID/GetLicenseID.yml @@ -13,7 +13,7 @@ outputs: type: string scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole fromversion: 6.5.0 tests: diff --git a/Packs/CommonScripts/Scripts/HTTPListRedirects/HTTPListRedirects.yml b/Packs/CommonScripts/Scripts/HTTPListRedirects/HTTPListRedirects.yml index 36d51c3a2ede..b1970b97d7da 100644 --- a/Packs/CommonScripts/Scripts/HTTPListRedirects/HTTPListRedirects.yml +++ b/Packs/CommonScripts/Scripts/HTTPListRedirects/HTTPListRedirects.yml @@ -40,6 +40,6 @@ outputs: description: The URL redirects from the given URL scripttarget: 0 fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) \ No newline at end of file diff --git a/Packs/CommonScripts/Scripts/HttpV2/HttpV2.yml b/Packs/CommonScripts/Scripts/HttpV2/HttpV2.yml index 8ab26a6d8f1c..756dd8089484 100644 --- a/Packs/CommonScripts/Scripts/HttpV2/HttpV2.yml +++ b/Packs/CommonScripts/Scripts/HttpV2/HttpV2.yml @@ -127,7 +127,7 @@ tags: - basescript timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - HttpV2-test fromversion: 6.5.0 diff --git a/Packs/CommonScripts/Scripts/IdentifyAttachedEmail/IdentifyAttachedEmail.yml b/Packs/CommonScripts/Scripts/IdentifyAttachedEmail/IdentifyAttachedEmail.yml index 88cc5719e5d3..457c9ea0e60c 100644 --- a/Packs/CommonScripts/Scripts/IdentifyAttachedEmail/IdentifyAttachedEmail.yml +++ b/Packs/CommonScripts/Scripts/IdentifyAttachedEmail/IdentifyAttachedEmail.yml @@ -28,4 +28,4 @@ tests: - Process Email - Generic - Test - Incident Starter - Phishing v2 - Test - Incident Starter fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 diff --git a/Packs/CommonScripts/Scripts/IsInternalDomainName/IsInternalDomainName.yml b/Packs/CommonScripts/Scripts/IsInternalDomainName/IsInternalDomainName.yml index 37c2efc62e78..c18eefc876f6 100644 --- a/Packs/CommonScripts/Scripts/IsInternalDomainName/IsInternalDomainName.yml +++ b/Packs/CommonScripts/Scripts/IsInternalDomainName/IsInternalDomainName.yml @@ -32,5 +32,5 @@ tags: - Utility timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.0.0 diff --git a/Packs/CommonScripts/Scripts/IsListExist/IsListExist.yml b/Packs/CommonScripts/Scripts/IsListExist/IsListExist.yml index 557baa331157..b4416e927c86 100644 --- a/Packs/CommonScripts/Scripts/IsListExist/IsListExist.yml +++ b/Packs/CommonScripts/Scripts/IsListExist/IsListExist.yml @@ -16,4 +16,4 @@ scripttarget: 0 tests: - No test fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 diff --git a/Packs/CommonScripts/Scripts/IsolationAssetWrapper/IsolationAssetWrapper.yml b/Packs/CommonScripts/Scripts/IsolationAssetWrapper/IsolationAssetWrapper.yml index e38a38247afb..74dac8483819 100644 --- a/Packs/CommonScripts/Scripts/IsolationAssetWrapper/IsolationAssetWrapper.yml +++ b/Packs/CommonScripts/Scripts/IsolationAssetWrapper/IsolationAssetWrapper.yml @@ -74,7 +74,7 @@ tags: timeout: '0' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 6.0.0 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/JSONFileToCSV/JSONFileToCSV.yml b/Packs/CommonScripts/Scripts/JSONFileToCSV/JSONFileToCSV.yml index 79081c87ee91..795030eef5a0 100644 --- a/Packs/CommonScripts/Scripts/JSONFileToCSV/JSONFileToCSV.yml +++ b/Packs/CommonScripts/Scripts/JSONFileToCSV/JSONFileToCSV.yml @@ -42,4 +42,4 @@ tags: [] tests: - JSONtoCSV-Test fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 diff --git a/Packs/CommonScripts/Scripts/JSONtoCSV/JSONtoCSV.yml b/Packs/CommonScripts/Scripts/JSONtoCSV/JSONtoCSV.yml index 0ebf9a48c1e3..128458a24963 100644 --- a/Packs/CommonScripts/Scripts/JSONtoCSV/JSONtoCSV.yml +++ b/Packs/CommonScripts/Scripts/JSONtoCSV/JSONtoCSV.yml @@ -36,4 +36,4 @@ scripttarget: 0 tests: - JSONtoCSV-Test fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 diff --git a/Packs/CommonScripts/Scripts/ListUsedDockerImages/ListUsedDockerImages.yml b/Packs/CommonScripts/Scripts/ListUsedDockerImages/ListUsedDockerImages.yml index 1e27119d4e75..c66ec0b0ebd9 100644 --- a/Packs/CommonScripts/Scripts/ListUsedDockerImages/ListUsedDockerImages.yml +++ b/Packs/CommonScripts/Scripts/ListUsedDockerImages/ListUsedDockerImages.yml @@ -33,7 +33,7 @@ tags: timeout: '0' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 6.1.0 tests: - ListUsedDockerImages - Test diff --git a/Packs/CommonScripts/Scripts/LookupCSV/LookupCSV.yml b/Packs/CommonScripts/Scripts/LookupCSV/LookupCSV.yml index d6b48e702757..dcac13073f6d 100644 --- a/Packs/CommonScripts/Scripts/LookupCSV/LookupCSV.yml +++ b/Packs/CommonScripts/Scripts/LookupCSV/LookupCSV.yml @@ -32,7 +32,7 @@ outputs: description: The value that was searched. scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole commonfields: id: LookupCSV diff --git a/Packs/CommonScripts/Scripts/MaliciousRatioReputation/MaliciousRatioReputation.yml b/Packs/CommonScripts/Scripts/MaliciousRatioReputation/MaliciousRatioReputation.yml index 51e9e591c213..9d005102565c 100644 --- a/Packs/CommonScripts/Scripts/MaliciousRatioReputation/MaliciousRatioReputation.yml +++ b/Packs/CommonScripts/Scripts/MaliciousRatioReputation/MaliciousRatioReputation.yml @@ -19,6 +19,6 @@ args: description: 'Malicious ratio threshold to set indicator as suspicious. ' defaultValue: "0.3" scripttarget: 0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/MatchRegexV2/MatchRegexV2.yml b/Packs/CommonScripts/Scripts/MatchRegexV2/MatchRegexV2.yml index a790bf66b3d1..5a5240572d38 100644 --- a/Packs/CommonScripts/Scripts/MatchRegexV2/MatchRegexV2.yml +++ b/Packs/CommonScripts/Scripts/MatchRegexV2/MatchRegexV2.yml @@ -29,7 +29,7 @@ tags: timeout: '0' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.0.0 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/NumberOfPhishingAttemptPerUser/NumberOfPhishingAttemptPerUser.yml b/Packs/CommonScripts/Scripts/NumberOfPhishingAttemptPerUser/NumberOfPhishingAttemptPerUser.yml index e3790bb0f130..0ba0c01f263c 100644 --- a/Packs/CommonScripts/Scripts/NumberOfPhishingAttemptPerUser/NumberOfPhishingAttemptPerUser.yml +++ b/Packs/CommonScripts/Scripts/NumberOfPhishingAttemptPerUser/NumberOfPhishingAttemptPerUser.yml @@ -15,7 +15,7 @@ tags: - dynamic-section timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 subtype: python3 tests: - No test diff --git a/Packs/CommonScripts/Scripts/ParseCSV/ParseCSV.yml b/Packs/CommonScripts/Scripts/ParseCSV/ParseCSV.yml index 61492224692f..1452f74f2941 100644 --- a/Packs/CommonScripts/Scripts/ParseCSV/ParseCSV.yml +++ b/Packs/CommonScripts/Scripts/ParseCSV/ParseCSV.yml @@ -58,4 +58,4 @@ runas: DBotWeakRole tests: - No tests fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 diff --git a/Packs/CommonScripts/Scripts/ParseYAML/ParseYAML.yml b/Packs/CommonScripts/Scripts/ParseYAML/ParseYAML.yml index 8347e9c7253c..85a610f3744a 100644 --- a/Packs/CommonScripts/Scripts/ParseYAML/ParseYAML.yml +++ b/Packs/CommonScripts/Scripts/ParseYAML/ParseYAML.yml @@ -6,7 +6,7 @@ comment: Parses a YAML string into context commonfields: id: ParseYAML version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 enabled: true name: ParseYAML outputs: diff --git a/Packs/CommonScripts/Scripts/PortListenCheck/PortListenCheck.yml b/Packs/CommonScripts/Scripts/PortListenCheck/PortListenCheck.yml index d1f949d319df..c664447ccb70 100644 --- a/Packs/CommonScripts/Scripts/PortListenCheck/PortListenCheck.yml +++ b/Packs/CommonScripts/Scripts/PortListenCheck/PortListenCheck.yml @@ -21,6 +21,6 @@ outputs: type: boolean scripttarget: 0 fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) \ No newline at end of file diff --git a/Packs/CommonScripts/Scripts/PositiveDetectionsVSDetectionEngines/PositiveDetectionsVSDetectionEngines.yml b/Packs/CommonScripts/Scripts/PositiveDetectionsVSDetectionEngines/PositiveDetectionsVSDetectionEngines.yml index 41b440e3a907..5afff784fc9b 100644 --- a/Packs/CommonScripts/Scripts/PositiveDetectionsVSDetectionEngines/PositiveDetectionsVSDetectionEngines.yml +++ b/Packs/CommonScripts/Scripts/PositiveDetectionsVSDetectionEngines/PositiveDetectionsVSDetectionEngines.yml @@ -14,7 +14,7 @@ tags: - dynamic-indicator-section timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole tests: - No test diff --git a/Packs/CommonScripts/Scripts/PrettyPrint/PrettyPrint.yml b/Packs/CommonScripts/Scripts/PrettyPrint/PrettyPrint.yml index 596c653427f5..374f96069dbe 100644 --- a/Packs/CommonScripts/Scripts/PrettyPrint/PrettyPrint.yml +++ b/Packs/CommonScripts/Scripts/PrettyPrint/PrettyPrint.yml @@ -17,7 +17,7 @@ args: description: The value to pretty-print. scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole tests: - No test - unit test diff --git a/Packs/CommonScripts/Scripts/ReadFile/ReadFile.yml b/Packs/CommonScripts/Scripts/ReadFile/ReadFile.yml index e58810a415ab..046bcff83e59 100644 --- a/Packs/CommonScripts/Scripts/ReadFile/ReadFile.yml +++ b/Packs/CommonScripts/Scripts/ReadFile/ReadFile.yml @@ -60,6 +60,6 @@ type: python subtype: python3 runas: DBotWeakRole fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/RemoveKeyFromList/RemoveKeyFromList.yml b/Packs/CommonScripts/Scripts/RemoveKeyFromList/RemoveKeyFromList.yml index 1c91c346c15a..983ef162ef0c 100644 --- a/Packs/CommonScripts/Scripts/RemoveKeyFromList/RemoveKeyFromList.yml +++ b/Packs/CommonScripts/Scripts/RemoveKeyFromList/RemoveKeyFromList.yml @@ -16,5 +16,5 @@ tags: [] timeout: '0' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.0.0 diff --git a/Packs/CommonScripts/Scripts/RepopulateFiles/RepopulateFiles.yml b/Packs/CommonScripts/Scripts/RepopulateFiles/RepopulateFiles.yml index 1420df0a2f09..267970abc6c7 100644 --- a/Packs/CommonScripts/Scripts/RepopulateFiles/RepopulateFiles.yml +++ b/Packs/CommonScripts/Scripts/RepopulateFiles/RepopulateFiles.yml @@ -67,6 +67,6 @@ scripttarget: 0 subtype: python3 runas: DBotWeakRole fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/ResolveShortenedURL/ResolveShortenedURL.yml b/Packs/CommonScripts/Scripts/ResolveShortenedURL/ResolveShortenedURL.yml index a3ba2565de1a..1007b7077951 100644 --- a/Packs/CommonScripts/Scripts/ResolveShortenedURL/ResolveShortenedURL.yml +++ b/Packs/CommonScripts/Scripts/ResolveShortenedURL/ResolveShortenedURL.yml @@ -63,4 +63,4 @@ scripttarget: 0 tests: - "No test" fromversion: 6.5.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 diff --git a/Packs/CommonScripts/Scripts/RunDockerCommand/RunDockerCommand.yml b/Packs/CommonScripts/Scripts/RunDockerCommand/RunDockerCommand.yml index 607740cb0cfe..ab39053b3271 100644 --- a/Packs/CommonScripts/Scripts/RunDockerCommand/RunDockerCommand.yml +++ b/Packs/CommonScripts/Scripts/RunDockerCommand/RunDockerCommand.yml @@ -22,6 +22,6 @@ outputs: description: This will have the full results as a single string of the results. You will need to parse the results of the command into the format you want. Try looking at commands like ExtractRegex or create your own follow on automation script that will parse the results into the format you would like. scripttarget: 0 fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/RunPollingCommand/RunPollingCommand.yml b/Packs/CommonScripts/Scripts/RunPollingCommand/RunPollingCommand.yml index ecc60630d87d..5bb242ac185c 100644 --- a/Packs/CommonScripts/Scripts/RunPollingCommand/RunPollingCommand.yml +++ b/Packs/CommonScripts/Scripts/RunPollingCommand/RunPollingCommand.yml @@ -32,4 +32,4 @@ args: scripttarget: 0 tests: - No test -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 diff --git a/Packs/CommonScripts/Scripts/SSDeepReputation/SSDeepReputation.yml b/Packs/CommonScripts/Scripts/SSDeepReputation/SSDeepReputation.yml index 0800e7c700a0..8ad1604ae5e1 100644 --- a/Packs/CommonScripts/Scripts/SSDeepReputation/SSDeepReputation.yml +++ b/Packs/CommonScripts/Scripts/SSDeepReputation/SSDeepReputation.yml @@ -20,6 +20,6 @@ args: defaultValue: '50' scripttarget: 0 fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/SearchIncidentsSummary/SearchIncidentsSummary.yml b/Packs/CommonScripts/Scripts/SearchIncidentsSummary/SearchIncidentsSummary.yml index fdc2d6cb1ab7..27082ca51c63 100644 --- a/Packs/CommonScripts/Scripts/SearchIncidentsSummary/SearchIncidentsSummary.yml +++ b/Packs/CommonScripts/Scripts/SearchIncidentsSummary/SearchIncidentsSummary.yml @@ -63,7 +63,7 @@ commonfields: contentitemexportablefields: contentitemfields: fromServerVersion: "" -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 enabled: true name: SearchIncidentsSummary outputs: diff --git a/Packs/CommonScripts/Scripts/SearchIndicator/SearchIndicator.yml b/Packs/CommonScripts/Scripts/SearchIndicator/SearchIndicator.yml index 84d88e960873..7279b737b513 100644 --- a/Packs/CommonScripts/Scripts/SearchIndicator/SearchIndicator.yml +++ b/Packs/CommonScripts/Scripts/SearchIndicator/SearchIndicator.yml @@ -19,7 +19,7 @@ commonfields: contentitemexportablefields: contentitemfields: fromServerVersion: "" -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 enabled: true name: SearchIndicator outputs: diff --git a/Packs/CommonScripts/Scripts/SendEmailOnSLABreach/SendEmailOnSLABreach.yml b/Packs/CommonScripts/Scripts/SendEmailOnSLABreach/SendEmailOnSLABreach.yml index b4b87c727e6d..98b51b9c9782 100644 --- a/Packs/CommonScripts/Scripts/SendEmailOnSLABreach/SendEmailOnSLABreach.yml +++ b/Packs/CommonScripts/Scripts/SendEmailOnSLABreach/SendEmailOnSLABreach.yml @@ -20,4 +20,4 @@ fromversion: 6.5.0 marketplaces: - xsoar - marketplacev2 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 diff --git a/Packs/CommonScripts/Scripts/SetByIncidentId/SetByIncidentId.yml b/Packs/CommonScripts/Scripts/SetByIncidentId/SetByIncidentId.yml index 8e8f703937bb..b2446acb84d0 100644 --- a/Packs/CommonScripts/Scripts/SetByIncidentId/SetByIncidentId.yml +++ b/Packs/CommonScripts/Scripts/SetByIncidentId/SetByIncidentId.yml @@ -43,4 +43,4 @@ scripttarget: 0 tests: - No test fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 diff --git a/Packs/CommonScripts/Scripts/SetMultipleValues/SetMultipleValues.yml b/Packs/CommonScripts/Scripts/SetMultipleValues/SetMultipleValues.yml index f7c872b5b954..07e5d9ef9893 100644 --- a/Packs/CommonScripts/Scripts/SetMultipleValues/SetMultipleValues.yml +++ b/Packs/CommonScripts/Scripts/SetMultipleValues/SetMultipleValues.yml @@ -22,6 +22,6 @@ args: description: Comma separated list of values scripttarget: 0 fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/SetTime/SetTime.yml b/Packs/CommonScripts/Scripts/SetTime/SetTime.yml index f8a52fb4d072..184ec303e5de 100644 --- a/Packs/CommonScripts/Scripts/SetTime/SetTime.yml +++ b/Packs/CommonScripts/Scripts/SetTime/SetTime.yml @@ -17,6 +17,6 @@ scripttarget: 0 dependson: {} timeout: 0s fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/SetWithTemplate/SetWithTemplate.yml b/Packs/CommonScripts/Scripts/SetWithTemplate/SetWithTemplate.yml index 93e46106cbcf..0fef98bf6f94 100644 --- a/Packs/CommonScripts/Scripts/SetWithTemplate/SetWithTemplate.yml +++ b/Packs/CommonScripts/Scripts/SetWithTemplate/SetWithTemplate.yml @@ -58,7 +58,7 @@ args: defaultValue: "false" scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole fromversion: 6.5.0 tests: diff --git a/Packs/CommonScripts/Scripts/StopScheduledTask/StopScheduledTask.yml b/Packs/CommonScripts/Scripts/StopScheduledTask/StopScheduledTask.yml index 6f3bb224824f..d762c26612ef 100644 --- a/Packs/CommonScripts/Scripts/StopScheduledTask/StopScheduledTask.yml +++ b/Packs/CommonScripts/Scripts/StopScheduledTask/StopScheduledTask.yml @@ -17,6 +17,6 @@ args: scripttarget: 0 timeout: 0s fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/Strings/Strings.yml b/Packs/CommonScripts/Scripts/Strings/Strings.yml index e5aca8450975..f0ddc572df5d 100644 --- a/Packs/CommonScripts/Scripts/Strings/Strings.yml +++ b/Packs/CommonScripts/Scripts/Strings/Strings.yml @@ -25,6 +25,6 @@ scripttarget: 0 dependson: {} timeout: 0s fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/TimeStampCompare/TimeStampCompare.yml b/Packs/CommonScripts/Scripts/TimeStampCompare/TimeStampCompare.yml index 3fbf008ab872..34d06ae02486 100644 --- a/Packs/CommonScripts/Scripts/TimeStampCompare/TimeStampCompare.yml +++ b/Packs/CommonScripts/Scripts/TimeStampCompare/TimeStampCompare.yml @@ -28,5 +28,5 @@ subtype: python3 tags: [] timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.0.0 diff --git a/Packs/CommonScripts/Scripts/TopMaliciousRatioIndicators/TopMaliciousRatioIndicators.yml b/Packs/CommonScripts/Scripts/TopMaliciousRatioIndicators/TopMaliciousRatioIndicators.yml index b259d24566a7..7e27e853c7cd 100644 --- a/Packs/CommonScripts/Scripts/TopMaliciousRatioIndicators/TopMaliciousRatioIndicators.yml +++ b/Packs/CommonScripts/Scripts/TopMaliciousRatioIndicators/TopMaliciousRatioIndicators.yml @@ -23,6 +23,6 @@ args: description: Maximum number of results to display. defaultValue: "100" scripttarget: 0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/URLSSLVerification/URLSSLVerification.yml b/Packs/CommonScripts/Scripts/URLSSLVerification/URLSSLVerification.yml index 460217087aeb..8ff3e011ad1c 100644 --- a/Packs/CommonScripts/Scripts/URLSSLVerification/URLSSLVerification.yml +++ b/Packs/CommonScripts/Scripts/URLSSLVerification/URLSSLVerification.yml @@ -47,6 +47,6 @@ outputs: type: number scripttarget: 0 fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) diff --git a/Packs/CommonScripts/Scripts/VerifyIPv6Indicator/VerifyIPv6Indicator.yml b/Packs/CommonScripts/Scripts/VerifyIPv6Indicator/VerifyIPv6Indicator.yml index d34197fa9eb7..7adf46d1849a 100644 --- a/Packs/CommonScripts/Scripts/VerifyIPv6Indicator/VerifyIPv6Indicator.yml +++ b/Packs/CommonScripts/Scripts/VerifyIPv6Indicator/VerifyIPv6Indicator.yml @@ -15,7 +15,7 @@ tags: - indicator-format timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole tests: - No test diff --git a/Packs/CommonScripts/pack_metadata.json b/Packs/CommonScripts/pack_metadata.json index ee06809a1c02..6f66cfec2b55 100644 --- a/Packs/CommonScripts/pack_metadata.json +++ b/Packs/CommonScripts/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Common Scripts", "description": "Frequently used scripts pack.", "support": "xsoar", - "currentVersion": "1.13.26", + "currentVersion": "1.13.31", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CommonWidgets/ReleaseNotes/1_2_47.md b/Packs/CommonWidgets/ReleaseNotes/1_2_47.md new file mode 100644 index 000000000000..8fc69a81f1a4 --- /dev/null +++ b/Packs/CommonWidgets/ReleaseNotes/1_2_47.md @@ -0,0 +1,4 @@ + +#### Scripts +##### RSSWidget +- Updated the Docker image to: *demisto/py3-tools:1.0.0.86612*. \ No newline at end of file diff --git a/Packs/CommonWidgets/Scripts/RSSWidget/RSSWidget.yml b/Packs/CommonWidgets/Scripts/RSSWidget/RSSWidget.yml index 3f69014a97ec..b6ee7c548d62 100644 --- a/Packs/CommonWidgets/Scripts/RSSWidget/RSSWidget.yml +++ b/Packs/CommonWidgets/Scripts/RSSWidget/RSSWidget.yml @@ -31,7 +31,7 @@ args: defaultValue: 'false' scripttarget: 0 subtype: python3 -dockerimage: demisto/py3-tools:1.0.0.84811 +dockerimage: demisto/py3-tools:1.0.0.86612 runas: DBotWeakRole fromversion: 5.5.0 tests: diff --git a/Packs/CommonWidgets/pack_metadata.json b/Packs/CommonWidgets/pack_metadata.json index 89bd44a64306..b9de8a1a72e3 100644 --- a/Packs/CommonWidgets/pack_metadata.json +++ b/Packs/CommonWidgets/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Common Widgets", "description": "Frequently used widgets pack.", "support": "xsoar", - "currentVersion": "1.2.46", + "currentVersion": "1.2.47", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CommunityCommonScripts/ReleaseNotes/1_1_6.md b/Packs/CommunityCommonScripts/ReleaseNotes/1_1_6.md new file mode 100644 index 000000000000..86aafb501504 --- /dev/null +++ b/Packs/CommunityCommonScripts/ReleaseNotes/1_1_6.md @@ -0,0 +1,5 @@ + +#### Scripts + +##### redactindicator +- Modify the script so that it can be used as a transformer. diff --git a/Packs/CommunityCommonScripts/Scripts/RedactIndicator/RedactIndicator.py b/Packs/CommunityCommonScripts/Scripts/RedactIndicator/RedactIndicator.py index dad8604797fe..684ca5b661c1 100644 --- a/Packs/CommunityCommonScripts/Scripts/RedactIndicator/RedactIndicator.py +++ b/Packs/CommunityCommonScripts/Scripts/RedactIndicator/RedactIndicator.py @@ -1314,9 +1314,6 @@ ".zuerich": "[.]zuerich", ".zw": "[.]zw"} -text = demisto.args()['indicator'] -searchkey = demisto.args().get('searchkey') - def redactIP(ip): iplist = ip.split(".") @@ -1332,35 +1329,50 @@ def redactemail(email): return newemail -ip = re.compile(r"\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b") +def main(): + try: + args = demisto.args() + if not args.get('value') and not args.get('indicator'): + return_error('Must provide either arg "value" or arg "indicator".') + text = args.get('value', args.get('indicator')) + searchkey = demisto.args().get('searchkey') + ip = re.compile(r"\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b") + redactDictBASIC = {"http": "hxxp", "meow": "hxxp", "HTTP": "hxxp"} + + redactDict = {} + searchkeyDict = {} + if searchkey is not None: + if len(searchkey) > 1: + Redact_String = "" + for item in searchkey.split(","): + if (item.startswith("$#=")): + Redact_String = item.split("=")[1] + else: + searchkeyDict.update({item.strip(): Redact_String}) + for key, value in searchkeyDict.items(): + text = text.replace(str(key).strip(), str(value).strip()) -redactDictBASIC = {"http": "hxxp", "meow": "hxxp", "HTTP": "hxxp"} + for item in ip.findall(text): + redactDict.update({item: redactIP(item)}) -redactDict = {} -searchkeyDict = {} -if searchkey is not None: - if len(searchkey) > 1: - Redact_String = "" - for item in searchkey.split(","): - if (item.startswith("$#=")): - Redact_String = item.split("=")[1] - else: - searchkeyDict.update({item.strip(): Redact_String}) - for key, value in searchkeyDict.items(): + email = re.compile(r'[\w\.-]+@[\w\.-]+') + for item in email.findall(text): + redactDict.update({item: redactemail(item)}) + for key, value in redactDict.items(): + text = text.replace(str(key).strip(), str(value).strip()) + for key, value in redactDictBASIC.items(): + text = text.replace(str(key).strip(), str(value).strip()) + for key, value in ROOOT_Domain_List.items(): text = text.replace(str(key).strip(), str(value).strip()) + output = CommandResults( + outputs_prefix="Redacted_inicator", + outputs=text + ) + return_results(output) + except Exception as ex: + demisto.error(traceback.format_exc()) # print the traceback + return_error(f'Failed to execute redactindicator. Error: {str(ex)}') -for item in ip.findall(text): - redactDict.update({item: redactIP(item)}) -email = re.compile(r'[\w\.-]+@[\w\.-]+') -for item in email.findall(text): - redactDict.update({item: redactemail(item)}) -for key, value in redactDict.items(): - text = text.replace(str(key).strip(), str(value).strip()) -for key, value in redactDictBASIC.items(): - text = text.replace(str(key).strip(), str(value).strip()) -for key, value in ROOOT_Domain_List.items(): - text = text.replace(str(key).strip(), str(value).strip()) -context = demisto.context() -demisto.executeCommand('Set', {'key': "Redacted_inicator", 'value': text}) -return_results(text) +if __name__ in ('__main__', '__builtin__', 'builtins'): + main() diff --git a/Packs/CommunityCommonScripts/Scripts/RedactIndicator/RedactIndicator.yml b/Packs/CommunityCommonScripts/Scripts/RedactIndicator/RedactIndicator.yml index e99f97930766..ec46ed70dcd1 100644 --- a/Packs/CommunityCommonScripts/Scripts/RedactIndicator/RedactIndicator.yml +++ b/Packs/CommunityCommonScripts/Scripts/RedactIndicator/RedactIndicator.yml @@ -1,21 +1,26 @@ args: -- description: Indicator to be redacted +- description: Indicator to be redacted. + name: value +- description: 'Indicator to be redacted (can be used instead of ''value'' for backwards compatibility).' name: indicator - required: true -- description: 'string which should be REDACTED ' +- description: 'string which should be REDACTED.' name: searchkey -comment: Redactindicator can help you to defang/redact any kind of indicator (IPv4, url, domain and email), IP addresses will be in the dotted representation like 8.8.8[.].8, all domains will be example[.]com. Optional you can define a "searchkey" which does not to be case sensitive, which will be replaced as +comment: Redactindicator can help you to defang/redact any kind of indicator (IPv4, url, domain and email), IP addresses will be in the dotted representation like 8.8.8[.].8, all domains will be example[.]com. Optional you can define a "searchkey" which does not to be case sensitive, which will be replaced as . commonfields: id: redactindicator version: -1 enabled: true name: redactindicator -script: '-' +script: '' subtype: python3 -timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole fromversion: 6.0.0 tests: - No tests (auto formatted) +engineinfo: {} +runonce: false +scripttarget: 0 +tags: +- transformer diff --git a/Packs/CommunityCommonScripts/pack_metadata.json b/Packs/CommunityCommonScripts/pack_metadata.json index ae329608b4ff..3d280f62ee05 100644 --- a/Packs/CommunityCommonScripts/pack_metadata.json +++ b/Packs/CommunityCommonScripts/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Community Common Scripts", "description": "A pack that contains community scripts", "support": "community", - "currentVersion": "1.1.5", + "currentVersion": "1.1.6", "author": "", "url": "https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/bd-p/Cortex_XSOAR_Discussions", "email": "", @@ -22,4 +22,4 @@ "marketplacev2" ], "githubUser": [] -} \ No newline at end of file +} diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Cortex_Endpoint_Enrichment.yml b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Cortex_Endpoint_Enrichment.yml new file mode 100644 index 000000000000..606301cbd3be --- /dev/null +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Cortex_Endpoint_Enrichment.yml @@ -0,0 +1,1431 @@ +id: Cortex ASM - Cortex Endpoint Enrichment +inputs: +- description: IP address of service + key: RemoteIP + playbookInputQuery: + required: false + value: {} +name: Cortex ASM - Cortex Endpoint Enrichment +outputs: [] +starttaskid: "0" +tasks: + "0": + continueonerrortype: "" + id: "0" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "9" + - "44" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + id: 0238da21-5885-4f70-804b-f6eeac7dbcd7 + iscommand: false + name: "" + version: -1 + description: '' + taskid: 0238da21-5885-4f70-804b-f6eeac7dbcd7 + timertriggers: [] + type: start + view: |- + { + "position": { + "x": 670, + "y": -40 + } + } + "6": + continueonerror: true + continueonerrortype: "" + id: "6" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "10" + note: false + quietmode: 0 + scriptarguments: + public_ip_list: + complex: + root: inputs.RemoteIP + separatecontext: false + skipunavailable: true + task: + brand: "" + description: Gets a list of endpoints, according to the passed filters. If there are no filters, all endpoints are returned. Filtering by multiple fields will be concatenated using the AND condition (OR is not supported). Maximum result set size is 100. Offset is the zero-based number of endpoints from the start of the result set (start by counting from 0). + id: fa22e7e1-68bc-4759-8ac4-b1a432d13b3f + iscommand: true + name: Core IR Search device + script: Cortex Core - IR|||core-get-endpoints + type: regular + version: -1 + taskid: fa22e7e1-68bc-4759-8ac4-b1a432d13b3f + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 460, + "y": 300 + } + } + "8": + continueonerrortype: "" + id: "8" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "19" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + id: 79053a42-f0cb-4751-826c-e08a359d3990 + iscommand: false + name: Closing Stage + type: title + version: -1 + description: '' + taskid: 79053a42-f0cb-4751-826c-e08a359d3990 + timertriggers: [] + type: title + view: |- + { + "position": { + "x": 60, + "y": 2080 + } + } + "9": + conditions: + - condition: + - - ignorecase: true + left: + iscontext: true + value: + complex: + filters: + - - left: + iscontext: true + value: + simple: modules.brand + operator: isEqualString + right: + value: + simple: Cortex Core - IR + - - left: + iscontext: true + value: + simple: modules.state + operator: isEqualString + right: + value: + simple: active + root: modules + operator: isExists + - - left: + iscontext: true + value: + complex: + root: inputs.RemoteIP + operator: isExists + label: "yes" + continueonerrortype: "" + id: "9" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#default#': + - "8" + "yes": + - "6" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Checks if there is an active instance of the Core - IR integration enabled and input values are defined to pull enrichment data. + id: 17e91dd6-4328-46db-85de-8fd0b7e50f84 + iscommand: false + name: Is Core IR enabled and input value defined? + type: condition + version: -1 + taskid: 17e91dd6-4328-46db-85de-8fd0b7e50f84 + timertriggers: [] + type: condition + view: |- + { + "position": { + "x": 460, + "y": 100 + } + } + "10": + conditions: + - condition: + - - left: + iscontext: true + value: + complex: + accessor: endpoint_id + root: Core.Endpoint + operator: isExists + right: + value: {} + label: "yes" + continueonerrortype: "" + id: "10" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#default#': + - "8" + "yes": + - "26" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Check whether the last command returned endpoint information or not. + id: 1616c292-8f7d-4c62-892f-352b62c56290 + iscommand: false + name: Was there a response? + type: condition + version: -1 + taskid: 1616c292-8f7d-4c62-892f-352b62c56290 + timertriggers: [] + type: condition + view: |- + { + "position": { + "x": 670, + "y": 660 + } + } + "12": + continueonerrortype: "" + id: "12" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "21" + note: false + quietmode: 0 + scriptarguments: + gridfield: + simple: asmsystemids + keys: + simple: type,id,link + val1: + simple: ASSET-TYPE + val2: + simple: Cortex Endpoint + val3: + simple: n/a + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: Sets the type of cloud asset to the grid field for the ASM system IDs object. + id: ba68749e-b4c5-4603-82f6-a18d67da78a1 + iscommand: false + name: Set system IDs grid field (type) + script: GridFieldSetup + type: regular + version: -1 + taskid: ba68749e-b4c5-4603-82f6-a18d67da78a1 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 2400, + "y": 1200 + } + } + "14": + continueonerrortype: "" + id: "14" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "12" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + id: 20271aae-a5a2-45d2-8a41-9f260804db89 + iscommand: false + name: System IDs + type: title + version: -1 + description: '' + taskid: 20271aae-a5a2-45d2-8a41-9f260804db89 + timertriggers: [] + type: title + view: |- + { + "position": { + "x": 2400, + "y": 1070 + } + } + "17": + continueonerrortype: "" + id: "17" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "19" + note: false + quietmode: 0 + scriptarguments: + append: + simple: "true" + key: + simple: asm_fields_set_for_cortex_endpoint + value: + simple: "true" + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Set a value in context under the key you entered. + id: 8f5e8e13-6670-4273-8c6a-3e7877a502e7 + iscommand: false + name: Set true flag for completed enrichment + script: Set + type: regular + version: -1 + taskid: 8f5e8e13-6670-4273-8c6a-3e7877a502e7 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 1250, + "y": 2005 + } + } + "18": + continueonerrortype: "" + id: "18" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "42" + note: false + quietmode: 0 + scriptarguments: + gridfield: + simple: asmenrichmentstatus + keys: + simple: source,record_exists,timestamp + val1: + simple: CORTEX-ENDPOINT + val2: + simple: "true" + val3: + simple: TIMESTAMP + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: |- + Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. Instead of a value you can enter `TIMESTAMP` to get the current timestamp in ISO format. For example: + `!GridFieldSetup keys=ip,src,timestamp val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" val3="TIMESTAMP" gridfiled="gridfield"` + id: 43d30f3b-f283-40ea-83f5-3a61e5dcf552 + iscommand: false + name: Set ASM enrichment status to true + script: GridFieldSetup + type: regular + version: -1 + taskid: 43d30f3b-f283-40ea-83f5-3a61e5dcf552 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": -140, + "y": 2430 + } + } + "19": + conditions: + - condition: + - - left: + iscontext: true + value: + simple: asm_fields_set_for_cortex_endpoint + operator: isTrue + right: + value: {} + label: "yes" + continueonerrortype: "" + id: "19" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#default#': + - "20" + "yes": + - "18" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Check if enrichment was performed by checking for a value of true in the relevant flag variable. + id: a086cad1-cfe6-4dff-84f8-724c46336b3c + iscommand: false + name: Was enrichment performed? + type: condition + version: -1 + taskid: a086cad1-cfe6-4dff-84f8-724c46336b3c + timertriggers: [] + type: condition + view: |- + { + "position": { + "x": 60, + "y": 2240 + } + } + "20": + continueonerrortype: "" + id: "20" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "42" + note: false + quietmode: 0 + scriptarguments: + gridfield: + simple: asmenrichmentstatus + keys: + simple: source,record_exists,timestamp + val1: + simple: CORTEX-ENDPOINT + val2: + simple: "false" + val3: + simple: TIMESTAMP + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: |- + Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. Instead of a value you can enter `TIMESTAMP` to get the current timestamp in ISO format. For example: + `!GridFieldSetup keys=ip,src,timestamp val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" val3="TIMESTAMP" gridfiled="gridfield"` + id: 77bcd196-a02e-4a58-8a2f-5c9bcca304f2 + iscommand: false + name: Set ASM enrichment status to false + script: GridFieldSetup + type: regular + version: -1 + taskid: 77bcd196-a02e-4a58-8a2f-5c9bcca304f2 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 280, + "y": 2430 + } + } + "21": + continueonerrortype: "" + id: "21" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "37" + note: false + quietmode: 0 + scriptarguments: + gridfield: + simple: asmsystemids + keys: + simple: type,id,link + val1: + simple: CORTEX-ENDPOINT-ASSET-ID + val2: + complex: + accessor: endpoint_id + root: Core.Endpoint + val3: + simple: n/a + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: Sets the type of cloud asset to the grid field for the ASM system IDs object. + id: feeb2ba4-4e38-4f9d-8df5-da5547fd9a25 + iscommand: false + name: Set system IDs grid field (endpoint ID) + script: GridFieldSetup + type: regular + version: -1 + taskid: feeb2ba4-4e38-4f9d-8df5-da5547fd9a25 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 2400, + "y": 1370 + } + } + "22": + continueonerrortype: "" + id: "22" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "17" + note: false + quietmode: 0 + scriptarguments: + gridfield: + simple: asmprivateip + keys: + simple: ip,source + val1: + complex: + accessor: ip + root: Core.Endpoint + val2: + simple: Cortex Endpoint + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: |- + Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. For example: + `!GridFieldSetup keys=ip,src val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" gridfiled="gridfield"` + id: e7fc4ec3-ddff-4218-8345-e15db0428b26 + iscommand: false + name: Set private IP grid field + script: GridFieldSetup + type: regular + version: -1 + taskid: e7fc4ec3-ddff-4218-8345-e15db0428b26 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 1250, + "y": 1445 + } + } + "23": + continueonerrortype: "" + id: "23" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "22" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + id: a906956a-9dd9-4829-8338-04aa50b151a8 + iscommand: false + name: Private IP + type: title + version: -1 + description: '' + taskid: a906956a-9dd9-4829-8338-04aa50b151a8 + timertriggers: [] + type: title + view: |- + { + "position": { + "x": 1250, + "y": 1295 + } + } + "24": + continueonerrortype: "" + id: "24" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "35" + - "38" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + id: 7823bb62-660b-4032-8821-b42673988e82 + iscommand: false + name: Tags + type: title + version: -1 + description: '' + taskid: 7823bb62-660b-4032-8821-b42673988e82 + timertriggers: [] + type: title + view: |- + { + "position": { + "x": 620, + "y": 1295 + } + } + "25": + continueonerrortype: "" + id: "25" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "17" + note: false + quietmode: 0 + scriptarguments: + gridfield: + simple: asmtags + keys: + simple: key,value,source + val1: + complex: + accessor: endpoint_tags + root: Core.Endpoint.tags + val2: + simple: n/a + val3: + simple: Cortex Endpoint + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: |- + Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. For example: + `!GridFieldSetup keys=ip,src val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" gridfiled="gridfield"` + id: ab07529f-6400-40d3-8b92-a1951fc14cce + iscommand: false + name: Set tags grid field + script: GridFieldSetup + type: regular + version: -1 + taskid: ab07529f-6400-40d3-8b92-a1951fc14cce + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 440, + "y": 1690 + } + } + "26": + continueonerrortype: "" + id: "26" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "14" + - "32" + - "33" + - "36" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + id: b5dd0794-e238-4341-892c-3af9c2ee0157 + iscommand: false + name: Set grid fields + type: title + version: -1 + description: '' + taskid: b5dd0794-e238-4341-892c-3af9c2ee0157 + timertriggers: [] + type: title + view: |- + { + "position": { + "x": 680, + "y": 880 + } + } + "27": + continueonerrortype: "" + id: "27" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "28" + note: false + quietmode: 0 + scriptarguments: + text: + complex: + accessor: users + root: Core.Endpoint + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: commands.local.cmd.extract.indicators + id: de72ce19-b695-470f-88b0-32da6b4a9e70 + iscommand: true + name: Extract indicators + script: Builtin|||extractIndicators + type: regular + version: -1 + taskid: de72ce19-b695-470f-88b0-32da6b4a9e70 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 1760, + "y": 1445 + } + } + "28": + conditions: + - condition: + - - left: + iscontext: true + value: + complex: + accessor: Email + root: ExtractedIndicators + operator: isExists + right: + value: {} + label: "yes" + continueonerrortype: "" + id: "28" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#default#': + - "40" + "yes": + - "29" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Check whether the last command extracted an email address or not. + id: 2b145bfe-7056-410c-8fc6-a8aba70fc1cb + iscommand: false + name: Was an email found? + type: condition + version: -1 + taskid: 2b145bfe-7056-410c-8fc6-a8aba70fc1cb + timertriggers: [] + type: condition + view: |- + { + "position": { + "x": 1780, + "y": 1620 + } + } + "29": + continueonerrortype: "" + id: "29" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "17" + note: false + quietmode: 0 + scriptarguments: + gridfield: + simple: asmserviceownerunrankedraw + keys: + simple: name,email,source,timestamp + val1: + simple: n/a + val2: + complex: + accessor: Email + root: ExtractedIndicators + val3: + simple: Cortex Endpoint + val4: + simple: TIMESTAMP + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: |- + Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. For example: + `!GridFieldSetup keys=ip,src val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" gridfiled="gridfield"` + id: 2757aeaa-88f5-4ece-8dbf-c99616df5ab9 + iscommand: false + name: Set service owner grid field + script: GridFieldSetup + type: regular + version: -1 + taskid: 2757aeaa-88f5-4ece-8dbf-c99616df5ab9 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 1940, + "y": 1820 + } + } + "31": + continueonerrortype: "" + id: "31" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "27" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + id: 6c43dfdc-58c5-4ebf-8113-3b11457ba3de + iscommand: false + name: Service Owner + type: title + version: -1 + description: '' + taskid: 6c43dfdc-58c5-4ebf-8113-3b11457ba3de + timertriggers: [] + type: title + view: |- + { + "position": { + "x": 1760, + "y": 1290 + } + } + "32": + conditions: + - condition: + - - left: + iscontext: true + value: + complex: + accessor: ip + root: Core.Endpoint + operator: isExists + right: + value: {} + label: "yes" + continueonerrortype: "" + id: "32" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#default#': + - "8" + "yes": + - "23" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Check whether the last command returned endpoint information with private IPs. + id: 9378b3c7-59dd-406c-87ee-17a23bb4924e + iscommand: false + name: Are there private IPs? + type: condition + version: -1 + taskid: 9378b3c7-59dd-406c-87ee-17a23bb4924e + timertriggers: [] + type: condition + view: |- + { + "position": { + "x": 1250, + "y": 1070 + } + } + "33": + conditions: + - condition: + - - left: + iscontext: true + value: + complex: + accessor: endpoint_tags + root: Core.Endpoint.tags + operator: isNotEmpty + - left: + iscontext: true + value: + complex: + accessor: server_tags + root: Core.Endpoint.tags + operator: isNotEmpty + label: "yes" + continueonerrortype: "" + id: "33" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#default#': + - "8" + "yes": + - "24" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Check whether the last command returned endpoint information with tags. + id: 4d05328c-ffd4-4b38-8305-70f3dd3cfe1a + iscommand: false + name: Are there tags? + type: condition + version: -1 + taskid: 4d05328c-ffd4-4b38-8305-70f3dd3cfe1a + timertriggers: [] + type: condition + view: |- + { + "position": { + "x": 610, + "y": 1070 + } + } + "35": + conditions: + - condition: + - - left: + iscontext: true + value: + complex: + accessor: endpoint_tags + root: Core.Endpoint.tags + operator: isNotEmpty + right: + value: {} + label: "yes" + continueonerrortype: "" + id: "35" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#default#': + - "8" + "yes": + - "25" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Check whether the last command returned endpoint information with tags. + id: 31416513-da7a-47b6-8742-9aaebc89377f + iscommand: false + name: Are there endpoint tags? + type: condition + version: -1 + taskid: 31416513-da7a-47b6-8742-9aaebc89377f + timertriggers: [] + type: condition + view: |- + { + "position": { + "x": 440, + "y": 1450 + } + } + "36": + conditions: + - condition: + - - left: + iscontext: true + value: + complex: + accessor: users + root: Core.Endpoint + operator: isNotEmpty + right: + value: {} + label: "yes" + continueonerrortype: "" + id: "36" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#default#': + - "8" + "yes": + - "31" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Check whether the last command returned endpoint user information. + id: d593576f-d572-4d1f-86f5-e0ad293686fd + iscommand: false + name: Are there potential service owners? + type: condition + version: -1 + taskid: d593576f-d572-4d1f-86f5-e0ad293686fd + timertriggers: [] + type: condition + view: |- + { + "position": { + "x": 1750, + "y": 1070 + } + } + "37": + continueonerrortype: "" + id: "37" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "17" + note: false + quietmode: 0 + scriptarguments: + gridfield: + simple: asmsystemids + keys: + simple: type,id,link + val1: + simple: CORTEX-ENDPOINT-ASSET-NAME + val2: + complex: + accessor: endpoint_name + root: Core.Endpoint + val3: + simple: n/a + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: Sets the type of cloud asset to the grid field for the ASM system IDs object. + id: 4ae4d755-7bc7-414e-8288-0bad8cf55311 + iscommand: false + name: Set system IDs grid field (endpoint name) + script: GridFieldSetup + type: regular + version: -1 + taskid: 4ae4d755-7bc7-414e-8288-0bad8cf55311 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 2400, + "y": 1540 + } + } + "38": + conditions: + - condition: + - - left: + iscontext: true + value: + complex: + accessor: server_tags + root: Core.Endpoint.tags + operator: isNotEmpty + label: "yes" + continueonerrortype: "" + id: "38" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#default#': + - "8" + "yes": + - "39" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Check whether the last command returned endpoint information with tags. + id: 7fdb265a-353f-40b8-89ba-dbfb29fac684 + iscommand: false + name: Are there server tags? + type: condition + version: -1 + taskid: 7fdb265a-353f-40b8-89ba-dbfb29fac684 + timertriggers: [] + type: condition + view: |- + { + "position": { + "x": 840, + "y": 1450 + } + } + "39": + continueonerrortype: "" + id: "39" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "17" + note: false + quietmode: 0 + scriptarguments: + gridfield: + simple: asmtags + keys: + simple: key,value,source + val1: + complex: + accessor: server_tags + root: Core.Endpoint.tags + val2: + simple: n/a + val3: + simple: Cortex Endpoint + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: |- + Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. For example: + `!GridFieldSetup keys=ip,src val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" gridfiled="gridfield"` + id: c8e64030-e51c-4030-87f8-8768c79c6a0a + iscommand: false + name: Set tags grid field + script: GridFieldSetup + type: regular + version: -1 + taskid: c8e64030-e51c-4030-87f8-8768c79c6a0a + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 840, + "y": 1690 + } + } + "40": + continueonerrortype: "" + id: "40" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "17" + note: false + quietmode: 0 + scriptarguments: + gridfield: + simple: asmserviceownerunrankedraw + keys: + simple: name,email,source,timestamp + val1: + complex: + accessor: users + root: Core.Endpoint + val2: + simple: n/a + val3: + simple: Cortex Endpoint + val4: + simple: TIMESTAMP + separatecontext: false + skipunavailable: false + task: + brand: Builtin + description: |- + Automation used to more easily populate a grid field. This is necessary when you want to assign certain values as static or if you have context paths that you will assign to different values as well. For example: + `!GridFieldSetup keys=ip,src val1=${AWS.EC2.Instances.NetworkInterfaces.PrivateIpAddress} val2="AWS" gridfiled="gridfield"` + id: 3a35e422-b63c-4d7e-80f9-8dea114d3f19 + iscommand: false + name: Set service owner grid field + script: GridFieldSetup + type: regular + version: -1 + taskid: 3a35e422-b63c-4d7e-80f9-8dea114d3f19 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 1520, + "y": 1820 + } + } + "42": + continueonerrortype: "" + id: "42" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + id: 0fb551b3-7b30-4fc1-8962-4c81b31f788c + iscommand: false + name: Done + type: title + version: -1 + description: '' + taskid: 0fb551b3-7b30-4fc1-8962-4c81b31f788c + timertriggers: [] + type: title + view: |- + { + "position": { + "x": 50, + "y": 2650 + } + } + "43": + continueonerrortype: "" + id: "43" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "45" + note: false + quietmode: 0 + scriptarguments: + ignore-outputs: + simple: "false" + public_ip_list: + complex: + root: inputs.RemoteIP + separatecontext: false + skipunavailable: true + task: + brand: "" + description: Gets a list of endpoints, according to the passed filters. If there are no filters, all endpoints are returned. Filtering by multiple fields will be concatenated using the AND condition (OR is not supported). Maximum result set size is 100. Offset is the zero-based number of endpoints from the start of the result set (start by counting from 0). + id: 4d75150d-52dc-4fb0-85e4-3bde0caf5830 + iscommand: true + name: Cortex XDR Search device + script: Cortex XDR - IR|||xdr-get-endpoints + type: regular + version: -1 + taskid: 4d75150d-52dc-4fb0-85e4-3bde0caf5830 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 880, + "y": 300 + } + } + "44": + conditions: + - condition: + - - ignorecase: true + left: + iscontext: true + value: + complex: + filters: + - - left: + iscontext: true + value: + simple: modules.brand + operator: isEqualString + right: + value: + simple: Cortex XDR - IR + - - left: + iscontext: true + value: + simple: modules.state + operator: isEqualString + right: + value: + simple: active + root: modules + operator: isExists + right: + value: {} + - - left: + iscontext: true + value: + complex: + root: inputs.RemoteIP + operator: isExists + label: "yes" + continueonerrortype: "" + id: "44" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#default#': + - "8" + "yes": + - "43" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Checks if there is an active instance of the Cortex XDR integration enabled and input values are defined to pull enrichment data. + id: 1d11fce0-171c-4e32-8a80-98e125d2e2cb + iscommand: false + name: Is Cortex XDR enabled and input value defined? + type: condition + version: -1 + taskid: 1d11fce0-171c-4e32-8a80-98e125d2e2cb + timertriggers: [] + type: condition + view: |- + { + "position": { + "x": 880, + "y": 100 + } + } + "45": + continueonerrortype: "" + id: "45" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "10" + note: false + quietmode: 0 + scriptarguments: + append: + simple: "true" + key: + simple: Core.Endpoint + value: + simple: ${PaloAltoNetworksXDR.Endpoint} + separatecontext: false + skipunavailable: false + task: + brand: "" + description: Set a value in context under the key you entered. + id: ecb38b40-d8bc-40cd-8c1b-5792cf7bf7d8 + iscommand: false + name: Set temporary context + script: Set + type: regular + version: -1 + taskid: ecb38b40-d8bc-40cd-8c1b-5792cf7bf7d8 + timertriggers: [] + type: regular + view: |- + { + "position": { + "x": 880, + "y": 440 + } + } +version: -1 +view: |- + { + "linkLabelsPosition": { + "10_8_#default#": 0.21, + "32_8_#default#": 0.11, + "33_8_#default#": 0.16, + "35_8_#default#": 0.13, + "36_8_#default#": 0.12, + "38_8_#default#": 0.12, + "44_8_#default#": 0.12, + "9_8_#default#": 0.17 + }, + "paper": { + "dimensions": { + "height": 2755, + "width": 2920, + "x": -140, + "y": -40 + } + } + } +tests: +- No tests (auto formatted) +fromversion: 6.8.0 +description: 'This playbook is used to pull information from Cortex Endpoint (XSIAM/XDR) systems for enrichment purposes.' diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Cortex_Endpoint_Enrichment_README.md b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Cortex_Endpoint_Enrichment_README.md new file mode 100644 index 000000000000..3a8398b5cd10 --- /dev/null +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Cortex_Endpoint_Enrichment_README.md @@ -0,0 +1,44 @@ +This playbook is used to pull information from Cortex Endpoint (XSIAM/XDR) systems for enrichment purposes. + +## Dependencies + +This playbook uses the following sub-playbooks, integrations, and scripts. + +### Sub-playbooks + +This playbook does not use any sub-playbooks. + +### Integrations + +* Cortex Core - IR +* Cortex XDR - IR + +### Scripts + +* GridFieldSetup +* Set + +### Commands + +* core-get-endpoints +* xdr-get-endpoints +* extractIndicators + +## Playbook Inputs + +--- + +| **Name** | **Description** | **Default Value** | **Required** | +| --- | --- | --- | --- | +| RemoteIP | IP address of the service. | | Optional | + +## Playbook Outputs + +--- +There are no outputs for this playbook. + +## Playbook Image + +--- + +![Cortex ASM - Cortex Endpoint Enrichment](../doc_files/Cortex_ASM_-_Cortex_Endpoint_Enrichment.png) diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Enrichment.yml b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Enrichment.yml index 9e5a95862d7e..ec94ab64077a 100644 --- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Enrichment.yml +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Enrichment.yml @@ -6,10 +6,10 @@ starttaskid: "0" tasks: "0": id: "0" - taskid: 707ae055-ad09-4095-8efe-52e6f420c6d6 + taskid: 8d5dbe75-e3d4-4313-8bb4-3bc416bb3b8a type: start task: - id: 707ae055-ad09-4095-8efe-52e6f420c6d6 + id: 8d5dbe75-e3d4-4313-8bb4-3bc416bb3b8a version: -1 name: "" iscommand: false @@ -36,10 +36,10 @@ tasks: isautoswitchedtoquietmode: false "1": id: "1" - taskid: afac9400-fc75-453d-846f-273e3bbf13cc + taskid: 8fc95915-ad1a-4e94-8934-50053af216e4 type: condition task: - id: afac9400-fc75-453d-846f-273e3bbf13cc + id: 8fc95915-ad1a-4e94-8934-50053af216e4 version: -1 name: Is there an IP address? description: Determines if the IP address has been supplied to proceed with cloud enrichment. @@ -79,7 +79,7 @@ tasks: { "position": { "x": 110, - "y": 1845 + "y": 1575 } } note: false @@ -91,10 +91,10 @@ tasks: isautoswitchedtoquietmode: false "3": id: "3" - taskid: 2956f9c9-4e87-450a-8ba6-7f9ebe1b0d52 + taskid: bae432f1-a99e-44ef-8dfd-c06cd17b9271 type: title task: - id: 2956f9c9-4e87-450a-8ba6-7f9ebe1b0d52 + id: bae432f1-a99e-44ef-8dfd-c06cd17b9271 version: -1 name: ServiceNow Enrichment type: title @@ -110,7 +110,7 @@ tasks: { "position": { "x": 460, - "y": 2270 + "y": 2080 } } note: false @@ -122,10 +122,10 @@ tasks: isautoswitchedtoquietmode: false "6": id: "6" - taskid: ccfecc2c-304e-4628-838a-be37eb08e210 + taskid: 60b765de-17d1-47f3-81e2-872a28774620 type: condition task: - id: ccfecc2c-304e-4628-838a-be37eb08e210 + id: 60b765de-17d1-47f3-81e2-872a28774620 version: -1 name: Was there a result? description: Determines if there was a result from the previous command to continue cloud enrichment. @@ -153,7 +153,7 @@ tasks: { "position": { "x": 460, - "y": 455 + "y": 435 } } note: false @@ -165,10 +165,10 @@ tasks: isautoswitchedtoquietmode: false "7": id: "7" - taskid: fa0c0f0c-d963-436c-8d42-be65f5678b2d + taskid: b30f029a-f6fe-496c-8c52-c241983692fb type: condition task: - id: fa0c0f0c-d963-436c-8d42-be65f5678b2d + id: b30f029a-f6fe-496c-8c52-c241983692fb version: -1 name: What provider is this service? description: Determines which cloud provider the service is in order to direct to the correct enrichment. @@ -309,7 +309,7 @@ tasks: { "position": { "x": 460, - "y": 1550 + "y": 1400 } } note: false @@ -321,10 +321,10 @@ tasks: isautoswitchedtoquietmode: false "11": id: "11" - taskid: e71df879-5af3-4121-8f31-faa72ced0d55 + taskid: 59d2a4ff-e6e0-4a39-8d0e-9e041fb13f76 type: condition task: - id: e71df879-5af3-4121-8f31-faa72ced0d55 + id: 59d2a4ff-e6e0-4a39-8d0e-9e041fb13f76 version: -1 name: Is Cortex ASM enabled and is there a service? description: Determines if the "Cortex Attack Surface Management" integration instance is configured and that there is a service to continue with enrichment. @@ -377,7 +377,7 @@ tasks: { "position": { "x": 460, - "y": 70 + "y": 0 } } note: false @@ -389,10 +389,10 @@ tasks: isautoswitchedtoquietmode: false "35": id: "35" - taskid: e424f88e-a401-416a-83c0-e6c9217e38b8 + taskid: 5827381b-3e20-45e6-8fd0-82e981f15c06 type: title task: - id: e424f88e-a401-416a-83c0-e6c9217e38b8 + id: 5827381b-3e20-45e6-8fd0-82e981f15c06 version: -1 name: Cloud Enrichment type: title @@ -408,7 +408,7 @@ tasks: { "position": { "x": 460, - "y": 1405 + "y": 1265 } } note: false @@ -420,10 +420,10 @@ tasks: isautoswitchedtoquietmode: false "38": id: "38" - taskid: 90713529-2cdf-4dbf-8f9f-9d359fd604c6 + taskid: 03fb1120-28e7-4a0e-875d-a3b13dc29a8a type: title task: - id: 90713529-2cdf-4dbf-8f9f-9d359fd604c6 + id: 03fb1120-28e7-4a0e-875d-a3b13dc29a8a version: -1 name: Complete type: title @@ -436,7 +436,7 @@ tasks: { "position": { "x": 110, - "y": 5960 + "y": 5610 } } note: false @@ -448,10 +448,10 @@ tasks: isautoswitchedtoquietmode: false "61": id: "61" - taskid: 7117f72b-178d-4f7f-837a-b81dda158360 + taskid: 14e6642a-c405-4706-8367-4c8e708c191d type: playbook task: - id: 7117f72b-178d-4f7f-837a-b81dda158360 + id: 14e6642a-c405-4706-8367-4c8e708c191d version: -1 name: Cortex ASM - ServiceNow CMDB Enrichment type: playbook @@ -477,7 +477,7 @@ tasks: { "position": { "x": 460, - "y": 2420 + "y": 2210 } } note: false @@ -489,10 +489,10 @@ tasks: isautoswitchedtoquietmode: false "62": id: "62" - taskid: 5145cb80-4830-4c71-8825-e449be9e5cdc + taskid: cb1861a2-5f3d-485e-8577-efc1539fcaf9 type: title task: - id: 5145cb80-4830-4c71-8825-e449be9e5cdc + id: cb1861a2-5f3d-485e-8577-efc1539fcaf9 version: -1 name: Tenable.io Enrichment type: title @@ -508,7 +508,7 @@ tasks: { "position": { "x": 460, - "y": 2780 + "y": 2540 } } note: false @@ -520,10 +520,10 @@ tasks: isautoswitchedtoquietmode: false "63": id: "63" - taskid: 1bd916b2-fada-4a0e-82af-498ee53be767 + taskid: 249a0a6e-ec59-4ecf-8bc9-a653b0cc8dcf type: playbook task: - id: 1bd916b2-fada-4a0e-82af-498ee53be767 + id: 249a0a6e-ec59-4ecf-8bc9-a653b0cc8dcf version: -1 name: Cortex ASM - Tenable.io Enrichment description: Given the IP address this playbook enriches Tenable.io information relevant to ASM alerts. @@ -551,7 +551,7 @@ tasks: { "position": { "x": 460, - "y": 2930 + "y": 2670 } } note: false @@ -563,10 +563,10 @@ tasks: isautoswitchedtoquietmode: false "66": id: "66" - taskid: 767d896c-a426-4936-8b95-9d17d79a9a59 + taskid: 961f5823-47ec-4caa-8f05-af42d0ef28bc type: regular task: - id: 767d896c-a426-4936-8b95-9d17d79a9a59 + id: 961f5823-47ec-4caa-8f05-af42d0ef28bc version: -1 name: Get external service information description: Get service details according to the service ID. @@ -594,7 +594,7 @@ tasks: { "position": { "x": 460, - "y": 280 + "y": 270 } } note: false @@ -606,10 +606,10 @@ tasks: isautoswitchedtoquietmode: false "67": id: "67" - taskid: 417cd33b-1bae-4810-89d9-9c8bf20da579 + taskid: 1f83a760-1cd2-4a27-87d3-cfebd7bcb1c3 type: regular task: - id: 417cd33b-1bae-4810-89d9-9c8bf20da579 + id: 1f83a760-1cd2-4a27-87d3-cfebd7bcb1c3 version: -1 name: Set protocol description: commands.local.cmd.set.incident @@ -631,7 +631,7 @@ tasks: { "position": { "x": 460, - "y": 1240 + "y": 1100 } } note: false @@ -643,10 +643,10 @@ tasks: isautoswitchedtoquietmode: false "68": id: "68" - taskid: ed952f0e-11c6-4885-882d-6e8ff891c607 + taskid: 02b9a5b3-011a-4174-8102-47b182af6349 type: regular task: - id: ed952f0e-11c6-4885-882d-6e8ff891c607 + id: 02b9a5b3-011a-4174-8102-47b182af6349 version: -1 name: Infer whether service is used for development (vs. production) description: Identify whether the service is a "development" server. Development servers have no external users and run no production workflows. These servers might be named "dev", but they might also be named "qa", "pre-production", "user acceptance testing", or use other non-production terms. This automation uses both public data visible to anyone (`active_classifications` as derived by Xpanse ASM) as well as checking internal data for AI-learned indicators of development systems (`asm_tags` as derived from integrations with non-public systems). @@ -688,7 +688,7 @@ tasks: { "position": { "x": 110, - "y": 5610 + "y": 5280 } } note: false @@ -700,10 +700,10 @@ tasks: isautoswitchedtoquietmode: false "69": id: "69" - taskid: eee181a6-dd94-4a76-8931-14c08bd4f629 + taskid: e6a6c9b3-95b7-4c85-8ad6-2c9c165d59ca type: playbook task: - id: eee181a6-dd94-4a76-8931-14c08bd4f629 + id: e6a6c9b3-95b7-4c85-8ad6-2c9c165d59ca version: -1 name: Cortex ASM - Azure Enrichment description: Given the IP address, this playbook enriches Azure information relevant to ASM alerts. @@ -725,7 +725,13 @@ tasks: exitCondition: "" wait: 1 max: 0 - view: "{\n \"position\": {\n \"x\": 1070,\n \"y\": 1830\n }\n}" + view: |- + { + "position": { + "x": 1070, + "y": 1680 + } + } note: false timertriggers: [] ignoreworker: false @@ -735,10 +741,10 @@ tasks: isautoswitchedtoquietmode: false "70": id: "70" - taskid: cfc67225-41c6-4c9d-8da6-049af541962a + taskid: f4e5d947-fbc0-46af-82c7-581ff23547fc type: title task: - id: cfc67225-41c6-4c9d-8da6-049af541962a + id: f4e5d947-fbc0-46af-82c7-581ff23547fc version: -1 name: Splunk Enrichment type: title @@ -754,7 +760,7 @@ tasks: { "position": { "x": 460, - "y": 3100 + "y": 2830 } } note: false @@ -766,10 +772,10 @@ tasks: isautoswitchedtoquietmode: false "71": id: "71" - taskid: 77e554f5-6d68-4c68-8b01-a5b02728d97c + taskid: 42597166-447c-4f51-8eec-f9ee56a39cfa type: playbook task: - id: 77e554f5-6d68-4c68-8b01-a5b02728d97c + id: 42597166-447c-4f51-8eec-f9ee56a39cfa version: -1 name: Cortex ASM - Splunk Enrichment description: 'Given the IP address this playbook enriches information from Splunk results relevant to ASM alerts. ' @@ -797,7 +803,7 @@ tasks: { "position": { "x": 460, - "y": 3240 + "y": 2960 } } note: false @@ -809,10 +815,10 @@ tasks: isautoswitchedtoquietmode: false "72": id: "72" - taskid: 26a8fb38-eece-4f85-8772-a5bea1ef5bf3 + taskid: fcf58aef-87c8-44dc-8721-2bfd92278810 type: playbook task: - id: 26a8fb38-eece-4f85-8772-a5bea1ef5bf3 + id: fcf58aef-87c8-44dc-8721-2bfd92278810 version: -1 name: Cortex ASM - Rapid7 Enrichment description: Given the IP address this playbook enriches Rapid7 InsightVM (Nexpose) information relevant to ASM alerts. @@ -840,7 +846,7 @@ tasks: { "position": { "x": 460, - "y": 3540 + "y": 3250 } } note: false @@ -852,10 +858,10 @@ tasks: isautoswitchedtoquietmode: false "73": id: "73" - taskid: ff4cb6f6-4a95-480d-8372-274be35cd716 + taskid: 80e14db8-5a6e-4974-8ee9-2592f8faf339 type: title task: - id: ff4cb6f6-4a95-480d-8372-274be35cd716 + id: 80e14db8-5a6e-4974-8ee9-2592f8faf339 version: -1 name: Rapid7 Enrichment type: title @@ -871,7 +877,7 @@ tasks: { "position": { "x": 460, - "y": 3410 + "y": 3120 } } note: false @@ -883,10 +889,10 @@ tasks: isautoswitchedtoquietmode: false "74": id: "74" - taskid: e0c3749d-a1a8-48d0-839f-f46bced5908a + taskid: 511d3c2e-4e40-4b5e-81fa-4448d0617cee type: title task: - id: e0c3749d-a1a8-48d0-839f-f46bced5908a + id: 511d3c2e-4e40-4b5e-81fa-4448d0617cee version: -1 name: Qualys Enrichment type: title @@ -902,7 +908,7 @@ tasks: { "position": { "x": 460, - "y": 3710 + "y": 3410 } } note: false @@ -914,10 +920,10 @@ tasks: isautoswitchedtoquietmode: false "75": id: "75" - taskid: d89b0824-c2db-4763-8a5f-6abc308a1bbc + taskid: 83fc6f7a-6408-417c-8f4c-c294fa71b6af type: playbook task: - id: d89b0824-c2db-4763-8a5f-6abc308a1bbc + id: 83fc6f7a-6408-417c-8f4c-c294fa71b6af version: -1 name: Cortex ASM - Qualys Enrichment description: Given the IP address this playbook enriches information from Qualys assets. @@ -945,7 +951,7 @@ tasks: { "position": { "x": 460, - "y": 3860 + "y": 3540 } } note: false @@ -957,10 +963,10 @@ tasks: isautoswitchedtoquietmode: false "76": id: "76" - taskid: 68c813fd-d7ac-42c7-816d-491602271006 + taskid: b2e4a2b0-c98a-4b26-891e-f0e46e3051c3 type: playbook task: - id: 68c813fd-d7ac-42c7-816d-491602271006 + id: b2e4a2b0-c98a-4b26-891e-f0e46e3051c3 version: -1 name: Cortex ASM - GCP Enrichment description: Given the IP address this playbook enriches GCP information relevant to ASM alerts. @@ -973,7 +979,13 @@ tasks: - "3" separatecontext: true continueonerrortype: "" - view: "{\n \"position\": {\n \"x\": 790,\n \"y\": 1940\n }\n}" + view: |- + { + "position": { + "x": 800, + "y": 1790 + } + } note: false timertriggers: [] ignoreworker: false @@ -983,10 +995,10 @@ tasks: isautoswitchedtoquietmode: false "78": id: "78" - taskid: 2c9ccf25-d6d7-4190-8c99-1fc8070543b8 + taskid: b47dd9bc-3b60-481b-80e3-7c28f00d8d60 type: playbook task: - id: 2c9ccf25-d6d7-4190-8c99-1fc8070543b8 + id: b47dd9bc-3b60-481b-80e3-7c28f00d8d60 version: -1 name: Cortex ASM - Service Ownership type: playbook @@ -1003,7 +1015,7 @@ tasks: { "position": { "x": 110, - "y": 5780 + "y": 5440 } } note: false @@ -1015,10 +1027,10 @@ tasks: isautoswitchedtoquietmode: false "79": id: "79" - taskid: 30f84900-27fd-424d-8051-a91c4d87af6d + taskid: fc7041a9-0b73-473f-8383-28a7e8f27b5f type: playbook task: - id: 30f84900-27fd-424d-8051-a91c4d87af6d + id: fc7041a9-0b73-473f-8383-28a7e8f27b5f version: -1 name: Cortex ASM - Prisma Cloud Enrichment description: Given the IP address this playbook enriches information from Prisma Cloud. @@ -1050,7 +1062,7 @@ tasks: { "position": { "x": 460, - "y": 4190 + "y": 3830 } } note: false @@ -1062,10 +1074,10 @@ tasks: isautoswitchedtoquietmode: false "80": id: "80" - taskid: eed7577f-162a-4042-8eaa-c4384adef815 + taskid: 86ea25e8-35ac-41ed-84b5-79d9edba8c67 type: condition task: - id: eed7577f-162a-4042-8eaa-c4384adef815 + id: 86ea25e8-35ac-41ed-84b5-79d9edba8c67 version: -1 name: Are there any emails in tags? description: Checks if there is email in the tags. @@ -1113,7 +1125,7 @@ tasks: { "position": { "x": 460, - "y": 4780 + "y": 4570 } } note: false @@ -1125,10 +1137,10 @@ tasks: isautoswitchedtoquietmode: false "81": id: "81" - taskid: f0de2cb0-8219-45d8-8f48-7b60800debd4 + taskid: 772ea111-00e3-496f-8e31-ca431de2353b type: title task: - id: f0de2cb0-8219-45d8-8f48-7b60800debd4 + id: 772ea111-00e3-496f-8e31-ca431de2353b version: -1 name: Service Owner from Tags type: title @@ -1144,7 +1156,7 @@ tasks: { "position": { "x": 460, - "y": 5050 + "y": 4820 } } note: false @@ -1156,10 +1168,10 @@ tasks: isautoswitchedtoquietmode: false "82": id: "82" - taskid: 89126ba3-8333-4af3-8f83-616e09d691fd + taskid: e5e7e221-bd10-41b9-850d-3255de42395c type: regular task: - id: 89126ba3-8333-4af3-8f83-616e09d691fd + id: e5e7e221-bd10-41b9-850d-3255de42395c version: -1 name: Get current time description: | @@ -1177,7 +1189,7 @@ tasks: { "position": { "x": 460, - "y": 5190 + "y": 4950 } } note: false @@ -1189,10 +1201,10 @@ tasks: isautoswitchedtoquietmode: false "83": id: "83" - taskid: 78f5637d-4f48-41ab-841b-895674d3abcb + taskid: bebad225-af88-459a-8922-c895da3b4b22 type: regular task: - id: 78f5637d-4f48-41ab-841b-895674d3abcb + id: bebad225-af88-459a-8922-c895da3b4b22 version: -1 name: Set service owners from Tag grid field description: |- @@ -1259,7 +1271,7 @@ tasks: { "position": { "x": 460, - "y": 5380 + "y": 5110 } } note: false @@ -1271,10 +1283,10 @@ tasks: isautoswitchedtoquietmode: false "84": id: "84" - taskid: 050b5d22-2fb0-4814-8276-f08c52d61550 + taskid: 575e1330-58ac-46f4-865d-90b726f4913a type: playbook task: - id: 050b5d22-2fb0-4814-8276-f08c52d61550 + id: 575e1330-58ac-46f4-865d-90b726f4913a version: -1 name: Cortex ASM - AWS Enrichment type: playbook @@ -1302,7 +1314,13 @@ tasks: exitCondition: "" wait: 1 max: 0 - view: "{\n \"position\": {\n \"x\": 460,\n \"y\": 2055\n }\n}" + view: |- + { + "position": { + "x": 460, + "y": 1905 + } + } note: false timertriggers: [] ignoreworker: false @@ -1312,10 +1330,10 @@ tasks: isautoswitchedtoquietmode: false "85": id: "85" - taskid: 3461edd7-5812-4d17-8400-790a579d22f9 + taskid: c3569b49-537f-4bec-8669-bc9b871c700d type: regular task: - id: 3461edd7-5812-4d17-8400-790a579d22f9 + id: c3569b49-537f-4bec-8669-bc9b871c700d version: -1 name: Sleep for 1 hour description: Sleep for X seconds @@ -1337,7 +1355,7 @@ tasks: { "position": { "x": 940, - "y": 640 + "y": 610 } } note: false @@ -1349,10 +1367,10 @@ tasks: isautoswitchedtoquietmode: false "86": id: "86" - taskid: 38d3fe39-1010-4002-8b80-ac576f6ff0de + taskid: 530bee0a-c292-456c-8fb4-df383e8c1ceb type: condition task: - id: 38d3fe39-1010-4002-8b80-ac576f6ff0de + id: 530bee0a-c292-456c-8fb4-df383e8c1ceb version: -1 name: Was there a result? description: Determines if there was a result from the previous command to continue cloud enrichment. @@ -1380,7 +1398,7 @@ tasks: { "position": { "x": 940, - "y": 1040 + "y": 930 } } note: false @@ -1392,10 +1410,10 @@ tasks: isautoswitchedtoquietmode: false "87": id: "87" - taskid: c6dcc51d-3f02-4487-83a9-8792a9ffe086 + taskid: 2639a169-6226-4fc6-89cf-b18e94ab8364 type: regular task: - id: c6dcc51d-3f02-4487-83a9-8792a9ffe086 + id: 2639a169-6226-4fc6-89cf-b18e94ab8364 version: -1 name: Get external service information description: Get service details according to the service ID. @@ -1423,7 +1441,7 @@ tasks: { "position": { "x": 940, - "y": 830 + "y": 770 } } note: false @@ -1435,10 +1453,10 @@ tasks: isautoswitchedtoquietmode: false '88': id: '88' - taskid: 125cd39f-8428-4912-814d-24dccb282501 + taskid: b2dbfba1-bd1e-4ad8-856f-7f5588e5e87c type: playbook task: - id: 125cd39f-8428-4912-814d-24dccb282501 + id: b2dbfba1-bd1e-4ad8-856f-7f5588e5e87c version: -1 name: Cortex ASM - On Prem Enrichment type: playbook @@ -1468,7 +1486,13 @@ tasks: exitCondition: '' wait: 1 max: 0 - view: "{\n \"position\": {\n \"x\": 1350,\n \"y\": 1720\n }\n}" + view: |- + { + "position": { + "x": 1340, + "y": 1575 + } + } note: false timertriggers: [] ignoreworker: false @@ -1478,10 +1502,10 @@ tasks: isautoswitchedtoquietmode: false '89': id: '89' - taskid: e59153b9-d279-4431-85cd-6995de62fd4c + taskid: 3a6a9a5b-9caa-49c2-84fc-4278c39c360c type: playbook task: - id: e59153b9-d279-4431-85cd-6995de62fd4c + id: 3a6a9a5b-9caa-49c2-84fc-4278c39c360c version: -1 name: Cortex ASM - ServiceNow ITSM Enrichment type: playbook @@ -1541,7 +1565,7 @@ tasks: { "position": { "x": 460, - "y": 2605 + "y": 2375 } } note: false @@ -1566,20 +1590,20 @@ tasks: skipunavailable: false task: brand: "" - id: cc19c840-2c26-4065-851e-67a9ef8b327c + id: 6c285b25-4a3a-417d-8db9-7bab605df0c9 iscommand: false name: Prisma Cloud Enrichment type: title version: -1 description: '' - taskid: cc19c840-2c26-4065-851e-67a9ef8b327c + taskid: 6c285b25-4a3a-417d-8db9-7bab605df0c9 timertriggers: [] type: title view: |- { "position": { "x": 460, - "y": 4030 + "y": 3700 } } "91": @@ -1597,20 +1621,20 @@ tasks: skipunavailable: false task: brand: "" - id: 160f232f-015d-41f0-8607-f5907e0ac530 + id: 330ce148-45fe-4a28-8b87-b6930b300857 iscommand: false name: Active Directory Enrichment type: title version: -1 description: '' - taskid: 160f232f-015d-41f0-8607-f5907e0ac530 + taskid: 330ce148-45fe-4a28-8b87-b6930b300857 timertriggers: [] type: title view: |- { "position": { "x": 460, - "y": 4380 + "y": 3990 } } "93": @@ -1626,7 +1650,7 @@ tasks: wait: 1 nexttasks: '#none#': - - "80" + - "95" note: false quietmode: 0 scriptarguments: @@ -1637,20 +1661,91 @@ tasks: task: brand: "" description: Playbook to enriches Service owner in Azure directory. - id: 3a35a0de-0312-4243-8dd6-31f69c85dc65 + id: 64221fe1-7d24-4116-8433-7dde23e88a2b iscommand: false name: Cortex ASM - Active Directory Enrichment playbookId: Cortex ASM - Active Directory Enrichment type: playbook version: -1 - taskid: 3a35a0de-0312-4243-8dd6-31f69c85dc65 + taskid: 64221fe1-7d24-4116-8433-7dde23e88a2b timertriggers: [] type: playbook view: |- { "position": { "x": 460, - "y": 4550 + "y": 4120 + } + } + "94": + continueonerrortype: "" + id: "94" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + loop: + exitCondition: "" + iscommand: false + max: 100 + wait: 1 + nexttasks: + '#none#': + - "80" + note: false + quietmode: 0 + scriptarguments: + RemoteIP: + simple: ${inputs.RemoteIP} + separatecontext: true + skipunavailable: false + task: + brand: "" + description: This playbook is used to pull information from Cortex Endpoint (XSIAM/XDR) systems for enrichment purposes. + id: 40eef9bd-ae5a-4ea4-8a5c-9c3d55dabdd2 + iscommand: false + name: Cortex ASM - Cortex Endpoint Enrichment + playbookId: Cortex ASM - Cortex Endpoint Enrichment + type: playbook + version: -1 + taskid: 40eef9bd-ae5a-4ea4-8a5c-9c3d55dabdd2 + timertriggers: [] + type: playbook + view: |- + { + "position": { + "x": 460, + "y": 4410 + } + } + "95": + continueonerrortype: "" + id: "95" + ignoreworker: false + isautoswitchedtoquietmode: false + isoversize: false + nexttasks: + '#none#': + - "94" + note: false + quietmode: 0 + separatecontext: false + skipunavailable: false + task: + brand: "" + id: 2ec48b64-a84e-41ce-8a75-52385e333823 + iscommand: false + name: Cortex Endpoint Enrichment + type: title + version: -1 + description: '' + taskid: 2ec48b64-a84e-41ce-8a75-52385e333823 + timertriggers: [] + type: title + view: |- + { + "position": { + "x": 460, + "y": 4280 } } view: |- @@ -1665,8 +1760,8 @@ view: |- }, "paper": { "dimensions": { - "height": 6155, - "width": 1620, + "height": 5805, + "width": 1610, "x": 110, "y": -130 } diff --git a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Enrichment_README.md b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Enrichment_README.md index 11c992e80940..75f8814c0cb3 100644 --- a/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Enrichment_README.md +++ b/Packs/CortexAttackSurfaceManagement/Playbooks/Cortex_ASM_-_Enrichment_README.md @@ -7,14 +7,15 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks * Cortex ASM - AWS Enrichment +* Cortex ASM - Active Directory Enrichment * Cortex ASM - Azure Enrichment +* Cortex ASM - Cortex Endpoint Enrichment_Core_Combo * Cortex ASM - GCP Enrichment * Cortex ASM - On Prem Enrichment * Cortex ASM - Prisma Cloud Enrichment * Cortex ASM - Qualys Enrichment -* Cortex ASM - Rapid7 Enrichment -* Cortex ASM - Service Ownership * Cortex ASM - ServiceNow CMDB Enrichment +* Cortex ASM - ServiceNow ITSM Enrichment * Cortex ASM - Splunk Enrichment * Cortex ASM - Tenable.io Enrichment @@ -25,9 +26,9 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Scripts * Sleep +* InferWhetherServiceIsDev * GetTime * GridFieldSetup -* InferWhetherServiceIsDev ### Commands diff --git a/Packs/CortexAttackSurfaceManagement/README.md b/Packs/CortexAttackSurfaceManagement/README.md index 5b61ca9a5888..da9f97d5fd47 100644 --- a/Packs/CortexAttackSurfaceManagement/README.md +++ b/Packs/CortexAttackSurfaceManagement/README.md @@ -77,7 +77,7 @@ The main active response playbook is the `Cortex ASM - ASM Alert` playbook. This - [Cortex ASM - ASM Alert](#cortex-asm---asm-alert) - [Cortex ASM - AWS Enrichment](#cortex-asm---aws-enrichment) - [Cortex ASM - Azure Enrichment](#cortex-asm---azure-enrichment) - - [Cortex ASM - Decision](#cortex-asm---decision) + - [Cortex ASM - Cortex Endpoint Enrichment](#cortex-asm---cortex-endpoint-enrichment) - [Cortex ASM - Detect Service](#cortex-asm---detect-service) - [Cortex ASM - Email Notification](#cortex-asm---email-notification) - [Cortex ASM - Enrichment](#cortex-asm---enrichment) @@ -133,11 +133,11 @@ A playbook that given the IP address enriches Azure information relevant to ASM ![Cortex ASM - Azure Enrichment](https://raw.githubusercontent.com/demisto/content/master/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Azure_Enrichment.png) -#### Cortex ASM - Decision +#### Cortex ASM - Cortex Endpoint Enrichment -A playbook that returns "RemediationAction" options based on meeting "Automated Remediation Requirements" as well as whether ServiceNowV2 integration is set up. +This playbook is used to pull information from Cortex Endpoint (XSIAM/XDR) systems for enrichment purposes. -![Cortex ASM - Decision](https://raw.githubusercontent.com/demisto/content/master/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Decision.png) +![Cortex ASM - Cortex Endpoint Enrichment](https://raw.githubusercontent.com/demisto/content/935a77339c2b1ecde3b9ea64992018bd625c61ed/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Cortex_Endpoint_Enrichment.png) #### Cortex ASM - Detect Service diff --git a/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_27.md b/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_27.md new file mode 100644 index 000000000000..6d805fcaaf15 --- /dev/null +++ b/Packs/CortexAttackSurfaceManagement/ReleaseNotes/1_7_27.md @@ -0,0 +1,10 @@ + +#### Playbooks + +##### New: Cortex ASM - Cortex Endpoint Enrichment + +- New: This playbook is used to pull information from Cortex Endpoint (XSIAM/XDR) systems for enrichment purposes. (Available from Cortex XSOAR 6.8.0). + +##### Cortex ASM - Enrichment + +Updated the playbook to include the new **Cortex ASM - Cortex Endpoint Enrichment** playbook. diff --git a/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Cortex_Endpoint_Enrichment.png b/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Cortex_Endpoint_Enrichment.png new file mode 100644 index 000000000000..a6503fb4928e Binary files /dev/null and b/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Cortex_Endpoint_Enrichment.png differ diff --git a/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Enrichment.png b/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Enrichment.png index 2444a846ae1c..c72d04f230fe 100644 Binary files a/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Enrichment.png and b/Packs/CortexAttackSurfaceManagement/doc_files/Cortex_ASM_-_Enrichment.png differ diff --git a/Packs/CortexAttackSurfaceManagement/pack_metadata.json b/Packs/CortexAttackSurfaceManagement/pack_metadata.json index 13486956b4a7..a0fd96a534ef 100644 --- a/Packs/CortexAttackSurfaceManagement/pack_metadata.json +++ b/Packs/CortexAttackSurfaceManagement/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cortex Attack Surface Management", "description": "Content for working with Attack Surface Management (ASM).", "support": "xsoar", - "currentVersion": "1.7.26", + "currentVersion": "1.7.27", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CortexXDR/Integrations/CortexXDRIR/README.md b/Packs/CortexXDR/Integrations/CortexXDRIR/README.md index bf5e7e6f228e..1232f5511178 100644 --- a/Packs/CortexXDR/Integrations/CortexXDRIR/README.md +++ b/Packs/CortexXDR/Integrations/CortexXDRIR/README.md @@ -157,6 +157,7 @@ To setup the mirroring follow these instructions: - The default playbook of the *Cortex XDR Incident* incident type is not *Cortex XDR Incident Sync*, change it to a different playbook that does not use `XDRSyncScript`. - The XDR integration instance incoming mapper is set to `Cortex XDR - Incoming Mapper` and the outgoing mapper is set to `Cortex XDR - Outgoing Mapper`. + - Mirroring impacts only incidents that were fetched after the mirroring was enabled for this instance. If incidents were fetched with the incorrect mapper, changing the mapper will not affect them. This can be resolved by resetting the last fetch run and re-fetching the incidents. New incidents will be created and the old ones will no longer be relevant. - The API includes a limit rate of 10 API requests per minute. Therefore, in a case of a limit rate exception, the sync loop will stop and will resume from the last incident. diff --git a/Packs/CortexXDR/Playbooks/Cortex_XDR_-_Retrieve_File_v2.yml b/Packs/CortexXDR/Playbooks/Cortex_XDR_-_Retrieve_File_v2.yml index 246a83f1aa40..184f91a92ab1 100644 --- a/Packs/CortexXDR/Playbooks/Cortex_XDR_-_Retrieve_File_v2.yml +++ b/Packs/CortexXDR/Playbooks/Cortex_XDR_-_Retrieve_File_v2.yml @@ -23,14 +23,14 @@ tasks: description: '' nexttasks: '#none#': - - "8" + - "9" separatecontext: false continueonerrortype: "" view: |- { "position": { "x": 265, - "y": 50 + "y": -130 } } note: false @@ -92,7 +92,7 @@ tasks: { "position": { "x": 265, - "y": 395 + "y": 425 } } note: false @@ -120,7 +120,7 @@ tasks: { "position": { "x": 265, - "y": 1095 + "y": 1120 } } note: false @@ -162,7 +162,7 @@ tasks: { "position": { "x": 265, - "y": 750 + "y": 770 } } note: false @@ -196,8 +196,8 @@ tasks: view: |- { "position": { - "x": 10, - "y": 920 + "x": -10, + "y": 940 } } note: false @@ -234,7 +234,7 @@ tasks: { "position": { "x": 265, - "y": 565 + "y": 595 } } note: false @@ -246,15 +246,15 @@ tasks: isautoswitchedtoquietmode: false "8": id: "8" - taskid: e5d73a46-72d1-4e69-854e-3e28963904ff + taskid: 7f5e247a-d7ab-4b77-8152-a951cfddbf7d type: condition task: - id: e5d73a46-72d1-4e69-854e-3e28963904ff + id: 7f5e247a-d7ab-4b77-8152-a951cfddbf7d version: -1 - name: Is there any file path to retrieve? + name: Is there an endpoint and a file path to retrieve? type: condition iscommand: false - description: '' + description: 'Checks whether there is at least one endpoint ID and one file path for the file to retrieve.' brand: "" nexttasks: '#default#': @@ -270,6 +270,8 @@ tasks: value: simple: inputs.file_path iscontext: true + right: + value: {} - operator: isNotEmpty left: value: @@ -285,6 +287,11 @@ tasks: value: simple: inputs.mac_file_paths iscontext: true + - - operator: isNotEmpty + left: + value: + simple: inputs.endpoint_ids + iscontext: true continueonerrortype: "" view: |- { @@ -300,24 +307,63 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false + "9": + id: "9" + taskid: ceaa2410-c99b-408a-85a4-2c5b7734eb95 + type: condition + task: + id: ceaa2410-c99b-408a-85a4-2c5b7734eb95 + version: -1 + name: Is Cortex XDR is enabled? + description: Returns 'yes' if integration brand is available. Otherwise returns 'no'. + scriptName: IsIntegrationAvailable + type: condition + iscommand: false + brand: "" + nexttasks: + "no": + - "4" + "yes": + - "8" + scriptarguments: + brandname: + simple: Cortex XDR - IR + separatecontext: false + continueonerrortype: "" + view: |- + { + "position": { + "x": 265, + "y": 15 + } + } + note: false + timertriggers: [] + ignoreworker: false + skipunavailable: false + quietmode: 0 + isoversize: false + isautoswitchedtoquietmode: false view: |- { "linkLabelsPosition": { - "5_6_#default#": 0.68 + "5_6_#default#": 0.68, + "8_4_#default#": 0.14, + "9_4_no": 0.15 }, "paper": { "dimensions": { - "height": 1110, - "width": 635, - "x": 10, - "y": 50 + "height": 1315, + "width": 655, + "x": -10, + "y": -130 } } } inputs: - key: endpoint_ids value: {} - required: true + required: false description: A comma-separated list of endpoint IDs. playbookInputQuery: - key: file_path @@ -377,5 +423,6 @@ outputs: description: The file type, as determined by libmagic (same as displayed in the file entries). type: String tests: -- No tests +- no tests fromversion: 6.10.0 +system: true diff --git a/Packs/CortexXDR/Playbooks/Cortex_XDR_-_Retrieve_File_v2_README.md b/Packs/CortexXDR/Playbooks/Cortex_XDR_-_Retrieve_File_v2_README.md index d5fb388438ee..8fe27277906b 100644 --- a/Packs/CortexXDR/Playbooks/Cortex_XDR_-_Retrieve_File_v2_README.md +++ b/Packs/CortexXDR/Playbooks/Cortex_XDR_-_Retrieve_File_v2_README.md @@ -1,7 +1,7 @@ This playbook retrieves files from selected endpoints. You can retrieve up to 20 files, from 10 endpoints. Inputs for this playbook are: - - A comma-separated list of endpoint IDs. - - A comma-separated list of file paths for your operating system, either Windows, Linux, or Mac. At least one file path is required. +- A comma-separated list of endpoint IDs. +- A comma-separated list of file paths for your operating system, either Windows, Linux, or Mac. At least one file path is required. ## Dependencies @@ -13,16 +13,17 @@ This playbook does not use any sub-playbooks. ### Integrations -CortexXDRIR +* CortexXDRIR ### Scripts -PrintErrorEntry +* PrintErrorEntry +* IsIntegrationAvailable ### Commands -* xdr-retrieve-file-details * xdr-file-retrieve +* xdr-retrieve-file-details ## Playbook Inputs @@ -30,7 +31,7 @@ PrintErrorEntry | **Name** | **Description** | **Default Value** | **Required** | | --- | --- | --- | --- | -| endpoint_ids | A comma-separated list of endpoint IDs. | | Required | +| endpoint_ids | A comma-separated list of endpoint IDs. | | Optional | | file_path | A comma-separated list of file paths in any platform. It can be used instead of the macOS/Windows/Linux file paths.
The order of the files path list must be parallel to the endpoints list order. Therefore, the first file path in the list is related to the first endpoint ID and so on. | | Optional | | windows_file_paths | A comma-separated list of Windows paths.
Enter at least one path for either Windows, Linux, or Mac. | | Optional | | linux_file_paths | A comma-separated list Linux paths.
Enter at least one path for either Windows, Linux, or Mac. | | Optional | diff --git a/Packs/CortexXDR/ReleaseNotes/6_1_10.md b/Packs/CortexXDR/ReleaseNotes/6_1_10.md new file mode 100644 index 000000000000..65956a959955 --- /dev/null +++ b/Packs/CortexXDR/ReleaseNotes/6_1_10.md @@ -0,0 +1,6 @@ + +#### Playbooks + +##### Cortex XDR - Retrieve File v2 + +Fixed an issue where the playbook failed if no endpoint ID was specified in the inputs. diff --git a/Packs/CortexXDR/ReleaseNotes/6_1_9.md b/Packs/CortexXDR/ReleaseNotes/6_1_9.md new file mode 100644 index 000000000000..dc7c21232594 --- /dev/null +++ b/Packs/CortexXDR/ReleaseNotes/6_1_9.md @@ -0,0 +1,6 @@ + +#### Playbooks + +##### Cortex XDR - Retrieve File v2 + +- Added a task to check if the "Cortex XDR - IR" integration is enabled. diff --git a/Packs/CortexXDR/doc_files/Cortex_XDR_-_Retrieve_File_v2.png b/Packs/CortexXDR/doc_files/Cortex_XDR_-_Retrieve_File_v2.png index 12235c4631a9..b13f3caad09d 100644 Binary files a/Packs/CortexXDR/doc_files/Cortex_XDR_-_Retrieve_File_v2.png and b/Packs/CortexXDR/doc_files/Cortex_XDR_-_Retrieve_File_v2.png differ diff --git a/Packs/CortexXDR/pack_metadata.json b/Packs/CortexXDR/pack_metadata.json index abfb2affbca7..2f1a38e912c0 100644 --- a/Packs/CortexXDR/pack_metadata.json +++ b/Packs/CortexXDR/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cortex XDR by Palo Alto Networks", "description": "Automates Cortex XDR incident response, and includes custom Cortex XDR incident views and layouts to aid analyst investigations.", "support": "xsoar", - "currentVersion": "6.1.8", + "currentVersion": "6.1.10", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CrowdStrikeFalconStreamingV2/Integrations/CrowdStrikeFalconStreamingV2/CrowdStrikeFalconStreamingV2.py b/Packs/CrowdStrikeFalconStreamingV2/Integrations/CrowdStrikeFalconStreamingV2/CrowdStrikeFalconStreamingV2.py index 505d6e2c046e..4e6d077c767e 100644 --- a/Packs/CrowdStrikeFalconStreamingV2/Integrations/CrowdStrikeFalconStreamingV2/CrowdStrikeFalconStreamingV2.py +++ b/Packs/CrowdStrikeFalconStreamingV2/Integrations/CrowdStrikeFalconStreamingV2/CrowdStrikeFalconStreamingV2.py @@ -1,3 +1,5 @@ +from datetime import datetime, timedelta + import demistomock as demisto from CommonServerPython import * # noqa: E402 lgtm [py/polluting-import] from CommonServerUserPython import * # noqa: E402 lgtm [py/polluting-import] @@ -6,9 +8,10 @@ from asyncio import create_task, sleep, run from contextlib import asynccontextmanager from aiohttp import ClientSession, TCPConnector, ClientTimeout -from typing import Dict, AsyncGenerator, AsyncIterator +from collections.abc import AsyncGenerator, AsyncIterator from collections import deque from random import uniform +import json import urllib3 urllib3.disable_warnings() @@ -112,7 +115,7 @@ async def _http_request(self, method, url_suffix, full_url=None, headers=None, a demisto.debug(str(e)) return {} - async def discover_stream(self, refresh_token: 'RefreshToken') -> Dict: + async def discover_stream(self, refresh_token: 'RefreshToken') -> dict: demisto.debug('Sending request to discover stream') return await self._http_request( method='GET', @@ -121,7 +124,7 @@ async def discover_stream(self, refresh_token: 'RefreshToken') -> Dict: refresh_token=refresh_token, ) - async def refresh_stream_session(self, refresh_token: 'RefreshToken') -> Dict: + async def refresh_stream_session(self, refresh_token: 'RefreshToken') -> dict: demisto.debug(f'Sending request to refresh stream to {self.refresh_stream_url}') return await self._http_request( method='POST', @@ -210,7 +213,7 @@ async def _refresh_stream(self) -> None: async def fetch_event( self, first_fetch_time: datetime, initial_offset: int = 0, event_type: str = '', sock_read: int = 120 - ) -> AsyncGenerator[Dict, None]: + ) -> AsyncGenerator[dict, None]: """Retrieves events from a CrowdStrike Falcon stream starting from given offset. Args: @@ -252,42 +255,54 @@ async def fetch_event( timeout=ClientTimeout(total=None, connect=60, sock_connect=60, sock_read=sock_read) ) as res: demisto.updateModuleHealth('') - demisto.debug(f'Fetched event: {res.content}') - async for line in res.content: - stripped_line = line.strip() - if stripped_line: - events_fetched += 1 - try: - streaming_event = json.loads(stripped_line) - event_metadata = streaming_event.get('metadata', {}) - event_creation_time = event_metadata.get('eventCreationTime', 0) - if not event_creation_time: - demisto.debug( - 'Could not extract "eventCreationTime" field, using 0 instead. ' - f'{streaming_event}') - else: - event_creation_time /= 1000 - event_creation_time_dt = datetime.fromtimestamp(event_creation_time) - if event_creation_time_dt < first_fetch_time: - demisto.debug(f'Event with offset {event_metadata.get("offset")} ' - f'and creation time {event_creation_time} was skipped.') - continue - yield streaming_event - except json.decoder.JSONDecodeError: - demisto.debug(f'Failed decoding event (skipping it) - {str(stripped_line)}') - else: - new_lines_fetched += 1 - if last_fetch_stats_print + timedelta(minutes=1) <= datetime.utcnow(): - demisto.info( - f'Fetched {events_fetched} events and' - f' {new_lines_fetched} new lines' - f' from the stream in the last minute.') - events_fetched = 0 - new_lines_fetched = 0 - last_fetch_stats_print = datetime.utcnow() - if last_refresh_stream + timedelta(minutes=25) <= datetime.utcnow(): - await self._refresh_stream() - last_refresh_stream = datetime.utcnow() + buffer = b'' + async for chunk in res.content.iter_any(): + buffer += chunk + lines = buffer.splitlines(True) + + for line in lines[:-1]: + stripped_line = line.decode().strip() + if stripped_line: + events_fetched += 1 + try: + streaming_event = json.loads(stripped_line) + event_metadata = streaming_event.get('metadata', {}) + event_creation_time = event_metadata.get('eventCreationTime', 0) + + if not event_creation_time: + demisto.debug('Could not extract "eventCreationTime" field, using 0 instead. ' + f'{streaming_event}') + else: + event_creation_time /= 1000 + event_creation_time_dt = datetime.fromtimestamp(event_creation_time) + + if event_creation_time_dt < first_fetch_time: + demisto.debug( + f'Event with offset {event_metadata.get("offset")} ' + f'and creation time {event_creation_time} was skipped ' + f'because {first_fetch_time=}') + continue + yield streaming_event + except json.decoder.JSONDecodeError: + demisto.debug(f'Failed decoding event (skipping it) - {str(stripped_line)}') + else: + new_lines_fetched += 1 + + if last_fetch_stats_print + timedelta(minutes=1) <= datetime.utcnow(): + demisto.info( + f'Fetched {events_fetched} events and' + f' {new_lines_fetched} new lines' + f' from the stream in the last minute.') + events_fetched = 0 + new_lines_fetched = 0 + last_fetch_stats_print = datetime.utcnow() + if last_refresh_stream + timedelta(minutes=25) <= datetime.utcnow(): + await self._refresh_stream() + last_refresh_stream = datetime.utcnow() + buffer = lines[-1] + if buffer: + stripped_line = buffer.decode().strip() + demisto.debug(f"MISSING LINE: {stripped_line}") except Exception as e: demisto.debug(f'An error occurred in the fetch event loop: {e} - {traceback.format_exc()}. ' f'Going to sleep for 10 seconds and then retry. ' @@ -568,7 +583,7 @@ def merge_integration_context() -> None: def main(): - params: Dict = demisto.params() + params: dict = demisto.params() base_url: str = params.get('base_url', '') client_id: str = params.get('credentials_client', {}).get('identifier') or params.get('client_id', '') client_secret: str = params.get('credentials_client', {}).get('password') or params.get('client_secret', '') diff --git a/Packs/CrowdStrikeFalconStreamingV2/Integrations/CrowdStrikeFalconStreamingV2/CrowdStrikeFalconStreamingV2.yml b/Packs/CrowdStrikeFalconStreamingV2/Integrations/CrowdStrikeFalconStreamingV2/CrowdStrikeFalconStreamingV2.yml index be0c5850bbb4..8e42913aac6a 100644 --- a/Packs/CrowdStrikeFalconStreamingV2/Integrations/CrowdStrikeFalconStreamingV2/CrowdStrikeFalconStreamingV2.yml +++ b/Packs/CrowdStrikeFalconStreamingV2/Integrations/CrowdStrikeFalconStreamingV2/CrowdStrikeFalconStreamingV2.yml @@ -88,7 +88,7 @@ script: commands: - description: Returns a list of sample events fetched from the stream. name: crowdstrike-falcon-streaming-get-sample-events - dockerimage: demisto/py3-tools:1.0.0.77497 + dockerimage: demisto/py3-tools:1.0.0.86553 isFetchSamples: true longRunning: true runonce: false diff --git a/Packs/CrowdStrikeFalconStreamingV2/ReleaseNotes/1_1_10.md b/Packs/CrowdStrikeFalconStreamingV2/ReleaseNotes/1_1_10.md new file mode 100644 index 000000000000..5198b0f67706 --- /dev/null +++ b/Packs/CrowdStrikeFalconStreamingV2/ReleaseNotes/1_1_10.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### CrowdStrike Falcon Streaming v2 + +- Updated the Docker image to: *demisto/py3-tools:1.0.0.86553*. +- Updated event processing to process bigger events from the API. diff --git a/Packs/CrowdStrikeFalconStreamingV2/pack_metadata.json b/Packs/CrowdStrikeFalconStreamingV2/pack_metadata.json index 61e59783d21c..d493a691e8b9 100644 --- a/Packs/CrowdStrikeFalconStreamingV2/pack_metadata.json +++ b/Packs/CrowdStrikeFalconStreamingV2/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CrowdStrike Falcon Streaming", "description": "Use the CrowdStrike Falcon Stream v2 integration to stream detections and audit security events.", "support": "xsoar", - "currentVersion": "1.1.9", + "currentVersion": "1.1.10", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CrowdStrikeMalquery/Integrations/CrowdStrikeMalquery/CrowdStrikeMalquery.yml b/Packs/CrowdStrikeMalquery/Integrations/CrowdStrikeMalquery/CrowdStrikeMalquery.yml index 15985107d246..9e335cf71535 100644 --- a/Packs/CrowdStrikeMalquery/Integrations/CrowdStrikeMalquery/CrowdStrikeMalquery.yml +++ b/Packs/CrowdStrikeMalquery/Integrations/CrowdStrikeMalquery/CrowdStrikeMalquery.yml @@ -369,7 +369,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.0.0 tests: - CrowdStrikeMalquery-Test diff --git a/Packs/CrowdStrikeMalquery/ReleaseNotes/1_0_27.md b/Packs/CrowdStrikeMalquery/ReleaseNotes/1_0_27.md new file mode 100644 index 000000000000..3ac6bb2fef1b --- /dev/null +++ b/Packs/CrowdStrikeMalquery/ReleaseNotes/1_0_27.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### CrowdStrike Malquery + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/CrowdStrikeMalquery/pack_metadata.json b/Packs/CrowdStrikeMalquery/pack_metadata.json index dba3399094d9..39c9512c3bc7 100644 --- a/Packs/CrowdStrikeMalquery/pack_metadata.json +++ b/Packs/CrowdStrikeMalquery/pack_metadata.json @@ -2,7 +2,7 @@ "name": "CrowdStrike Malquery", "description": "Use the MalQuery Pack to query the contents of over a half-billion binary files, both clean and malicious, that are part of Falcon MalQuery's corpus.", "support": "xsoar", - "currentVersion": "1.0.26", + "currentVersion": "1.0.27", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Cryptocurrency/Integrations/Cryptocurrency/Cryptocurrency.yml b/Packs/Cryptocurrency/Integrations/Cryptocurrency/Cryptocurrency.yml index bfa5848601f2..9dc01eafcb6a 100644 --- a/Packs/Cryptocurrency/Integrations/Cryptocurrency/Cryptocurrency.yml +++ b/Packs/Cryptocurrency/Integrations/Cryptocurrency/Cryptocurrency.yml @@ -70,7 +70,7 @@ script: description: The cryptocurrency type. e.g. 'bitcoin'. type: string description: Return Cryptocurrency reputation. - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/Cryptocurrency/ReleaseNotes/1_1_52.md b/Packs/Cryptocurrency/ReleaseNotes/1_1_52.md new file mode 100644 index 000000000000..c4375294b0fa --- /dev/null +++ b/Packs/Cryptocurrency/ReleaseNotes/1_1_52.md @@ -0,0 +1,3 @@ +#### Integrations +##### Cryptocurrency +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Cryptocurrency/pack_metadata.json b/Packs/Cryptocurrency/pack_metadata.json index c3b21b5916ab..306d1fd335cd 100644 --- a/Packs/Cryptocurrency/pack_metadata.json +++ b/Packs/Cryptocurrency/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cryptocurrency", "description": "This Content Pack enables you to add a reputation for cryptocurrency addresses.", "support": "xsoar", - "currentVersion": "1.1.51", + "currentVersion": "1.1.52", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Cybersixgill-ActionableAlerts/Integrations/CybersixgillActionableAlerts/CybersixgillActionableAlerts.yml b/Packs/Cybersixgill-ActionableAlerts/Integrations/CybersixgillActionableAlerts/CybersixgillActionableAlerts.yml index d0457c49e5dc..e9cd57829187 100644 --- a/Packs/Cybersixgill-ActionableAlerts/Integrations/CybersixgillActionableAlerts/CybersixgillActionableAlerts.yml +++ b/Packs/Cybersixgill-ActionableAlerts/Integrations/CybersixgillActionableAlerts/CybersixgillActionableAlerts.yml @@ -109,7 +109,7 @@ script: name: alert_status - description: The aggregate alert id. name: aggregate_alert_id - dockerimage: demisto/sixgill:1.0.0.84784 + dockerimage: demisto/sixgill:1.0.0.86489 isfetch: true runonce: false script: '-' diff --git a/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_14.md b/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_14.md new file mode 100644 index 000000000000..849ba6bfae9a --- /dev/null +++ b/Packs/Cybersixgill-ActionableAlerts/ReleaseNotes/1_2_14.md @@ -0,0 +1,3 @@ +#### Integrations +##### Cybersixgill Actionable Alerts +- Updated the Docker image to: *demisto/sixgill:1.0.0.86489*. diff --git a/Packs/Cybersixgill-ActionableAlerts/pack_metadata.json b/Packs/Cybersixgill-ActionableAlerts/pack_metadata.json index fe28d35f9c02..8ac25a9dd7d8 100644 --- a/Packs/Cybersixgill-ActionableAlerts/pack_metadata.json +++ b/Packs/Cybersixgill-ActionableAlerts/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cybersixgill Actionable Alerts", "description": "The integration allow retrieving Cybersixgill's actionable alerts based on organization assets", "support": "partner", - "currentVersion": "1.2.13", + "currentVersion": "1.2.14", "author": "Cybersixgill", "url": "https://www.cybersixgill.com/", "email": "getstarted@cybersixgill.com", diff --git a/Packs/Cylance_Protect/Integrations/Cylance_Protect_v2/Cylance_Protect_v2.yml b/Packs/Cylance_Protect/Integrations/Cylance_Protect_v2/Cylance_Protect_v2.yml index 4987f602d256..ee85709128b8 100644 --- a/Packs/Cylance_Protect/Integrations/Cylance_Protect_v2/Cylance_Protect_v2.yml +++ b/Packs/Cylance_Protect/Integrations/Cylance_Protect_v2/Cylance_Protect_v2.yml @@ -968,7 +968,7 @@ script: - contextPath: InstaQuery.List description: The list of InstaQuery. type: string - dockerimage: demisto/auth-utils:1.0.0.84760 + dockerimage: demisto/auth-utils:1.0.0.86556 isfetch: true script: '' subtype: python3 diff --git a/Packs/Cylance_Protect/ReleaseNotes/1_1_32.md b/Packs/Cylance_Protect/ReleaseNotes/1_1_32.md new file mode 100644 index 000000000000..d1c13e88440b --- /dev/null +++ b/Packs/Cylance_Protect/ReleaseNotes/1_1_32.md @@ -0,0 +1,3 @@ +#### Integrations +##### Cylance Protect v2 +- Updated the Docker image to: *demisto/auth-utils:1.0.0.86556*. diff --git a/Packs/Cylance_Protect/pack_metadata.json b/Packs/Cylance_Protect/pack_metadata.json index 25ea8959e7fc..b6a2cd699b72 100644 --- a/Packs/Cylance_Protect/pack_metadata.json +++ b/Packs/Cylance_Protect/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cylance Protect", "description": "Manage Endpoints using Cylance protect", "support": "xsoar", - "currentVersion": "1.1.31", + "currentVersion": "1.1.32", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Darktrace/Integrations/DarktraceAIA/DarktraceAIA.yml b/Packs/Darktrace/Integrations/DarktraceAIA/DarktraceAIA.yml index 933ee3b6206b..d74f5c3f6e00 100644 --- a/Packs/Darktrace/Integrations/DarktraceAIA/DarktraceAIA.yml +++ b/Packs/Darktrace/Integrations/DarktraceAIA/DarktraceAIA.yml @@ -205,7 +205,7 @@ script: - contextPath: Darktrace.AIAnalyst.groupCategory description: Group category. type: String - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/Darktrace/Integrations/DarktraceAdmin/DarktraceAdmin.yml b/Packs/Darktrace/Integrations/DarktraceAdmin/DarktraceAdmin.yml index e1c79a0e870a..ffc7e4515582 100644 --- a/Packs/Darktrace/Integrations/DarktraceAdmin/DarktraceAdmin.yml +++ b/Packs/Darktrace/Integrations/DarktraceAdmin/DarktraceAdmin.yml @@ -263,7 +263,7 @@ script: - contextPath: Darktrace.Device.response description: POST action message response. type: String - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/Darktrace/Integrations/DarktraceMBs/DarktraceMBs.yml b/Packs/Darktrace/Integrations/DarktraceMBs/DarktraceMBs.yml index 8f992c6ae8b9..d50eb00c82b0 100644 --- a/Packs/Darktrace/Integrations/DarktraceMBs/DarktraceMBs.yml +++ b/Packs/Darktrace/Integrations/DarktraceMBs/DarktraceMBs.yml @@ -238,7 +238,7 @@ script: - contextPath: Darktrace.Model.Component description: A dictionary of the details of the model. Each model might have different keys. It is recommended to run the command once to check the relevant outputs in context. type: Unknown - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/Darktrace/ReleaseNotes/3_0_9.md b/Packs/Darktrace/ReleaseNotes/3_0_9.md new file mode 100644 index 000000000000..f0ff12040201 --- /dev/null +++ b/Packs/Darktrace/ReleaseNotes/3_0_9.md @@ -0,0 +1,7 @@ +#### Integrations +##### Darktrace Admin +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### Darktrace Model Breaches +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### Darktrace AI Analyst +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Darktrace/pack_metadata.json b/Packs/Darktrace/pack_metadata.json index 9988d7060052..0c141a2b0095 100644 --- a/Packs/Darktrace/pack_metadata.json +++ b/Packs/Darktrace/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Darktrace", "description": "Populates Darktrace Model Breaches and AI Analyst Events in Cortex XSOAR, allowing for cross-platform automated investigation and response.", "support": "partner", - "currentVersion": "3.0.8", + "currentVersion": "3.0.9", "fromVersion": "5.0.0", "author": "Darktrace", "githubUser": "", diff --git a/Packs/DeHashed/Integrations/DeHashed/DeHashed.yml b/Packs/DeHashed/Integrations/DeHashed/DeHashed.yml index eabf79cc6308..675537c7f64d 100644 --- a/Packs/DeHashed/Integrations/DeHashed/DeHashed.yml +++ b/Packs/DeHashed/Integrations/DeHashed/DeHashed.yml @@ -179,7 +179,7 @@ script: - contextPath: DBotScore.Reliability description: Reliability of the source providing the intelligence data. type: String - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/DeHashed/ReleaseNotes/1_1_24.md b/Packs/DeHashed/ReleaseNotes/1_1_24.md new file mode 100644 index 000000000000..9bccd622fd52 --- /dev/null +++ b/Packs/DeHashed/ReleaseNotes/1_1_24.md @@ -0,0 +1,3 @@ +#### Integrations +##### DeHashed +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/DeHashed/pack_metadata.json b/Packs/DeHashed/pack_metadata.json index abd4e279ee14..872dd52e2c40 100644 --- a/Packs/DeHashed/pack_metadata.json +++ b/Packs/DeHashed/pack_metadata.json @@ -2,7 +2,7 @@ "name": "DeHashed", "description": "This integration allows you to check if your personal information such as your email, username, or password is being compromised.", "support": "xsoar", - "currentVersion": "1.1.23", + "currentVersion": "1.1.24", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/DelineaSS/Integrations/DelineaSS/DelineaSS.yml b/Packs/DelineaSS/Integrations/DelineaSS/DelineaSS.yml index 90d88484ac86..f17689ec12c2 100644 --- a/Packs/DelineaSS/Integrations/DelineaSS/DelineaSS.yml +++ b/Packs/DelineaSS/Integrations/DelineaSS/DelineaSS.yml @@ -615,7 +615,7 @@ script: - contextPath: Delinea.Secret.ChangePassword description: Secret summary. type: String - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/DelineaSS/ReleaseNotes/3_0_18.md b/Packs/DelineaSS/ReleaseNotes/3_0_18.md new file mode 100644 index 000000000000..6750c27986b3 --- /dev/null +++ b/Packs/DelineaSS/ReleaseNotes/3_0_18.md @@ -0,0 +1,3 @@ +#### Integrations +##### DelineaSS +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/DelineaSS/pack_metadata.json b/Packs/DelineaSS/pack_metadata.json index 08b74753bd12..fe9ffe330e6c 100644 --- a/Packs/DelineaSS/pack_metadata.json +++ b/Packs/DelineaSS/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Delinea Secret Server", "description": "Secure privileges for service, application, root and administrator accounts across your enterprise.", "support": "partner", - "currentVersion": "3.0.17", + "currentVersion": "3.0.18", "author": "Delinea, Inc", "url": "https://delinea.com/support", "email": "support@delinea.com", diff --git a/Packs/DemistoRESTAPI/ReleaseNotes/1_3_47.md b/Packs/DemistoRESTAPI/ReleaseNotes/1_3_47.md new file mode 100644 index 000000000000..6e7b8966396b --- /dev/null +++ b/Packs/DemistoRESTAPI/ReleaseNotes/1_3_47.md @@ -0,0 +1,7 @@ + +#### Scripts + +##### UploadFile + +- Added support for running on multiple entry IDs by using the *isArray: true* configuration. +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/DemistoRESTAPI/ReleaseNotes/1_3_48.md b/Packs/DemistoRESTAPI/ReleaseNotes/1_3_48.md new file mode 100644 index 000000000000..6e849184d1f6 --- /dev/null +++ b/Packs/DemistoRESTAPI/ReleaseNotes/1_3_48.md @@ -0,0 +1,11 @@ + +#### Scripts + +##### SetIRProceduresMarkdown +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + +##### GetTasksWithSections +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + diff --git a/Packs/DemistoRESTAPI/Scripts/GetTasksWithSections/GetTasksWithSections.yml b/Packs/DemistoRESTAPI/Scripts/GetTasksWithSections/GetTasksWithSections.yml index 1965b1ed0631..e15c175b9e7e 100644 --- a/Packs/DemistoRESTAPI/Scripts/GetTasksWithSections/GetTasksWithSections.yml +++ b/Packs/DemistoRESTAPI/Scripts/GetTasksWithSections/GetTasksWithSections.yml @@ -8,7 +8,7 @@ name: GetTasksWithSections script: '-' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tags: - Utility comment: Groups all tasks for a specific incident according to the task headers (titles). diff --git a/Packs/DemistoRESTAPI/Scripts/SetIRProceduresMarkdown/SetIRProceduresMarkdown.yml b/Packs/DemistoRESTAPI/Scripts/SetIRProceduresMarkdown/SetIRProceduresMarkdown.yml index e3d694064d56..86fc948af0fd 100644 --- a/Packs/DemistoRESTAPI/Scripts/SetIRProceduresMarkdown/SetIRProceduresMarkdown.yml +++ b/Packs/DemistoRESTAPI/Scripts/SetIRProceduresMarkdown/SetIRProceduresMarkdown.yml @@ -12,5 +12,5 @@ runas: DBotRole subtype: python3 tests: - GetTasksWithSections SetIRProcedures end to end test -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 6.0.0 diff --git a/Packs/DemistoRESTAPI/Scripts/UploadFile/UploadFile.py b/Packs/DemistoRESTAPI/Scripts/UploadFile/UploadFile.py index d5fab4c5d494..e766c474743c 100644 --- a/Packs/DemistoRESTAPI/Scripts/UploadFile/UploadFile.py +++ b/Packs/DemistoRESTAPI/Scripts/UploadFile/UploadFile.py @@ -8,30 +8,31 @@ def upload_file(incident_id: str, entry_id: str, body: str = '', as_incident_att {"uri": f'{service_name}/upload/{incident_id}', "entryID": entry_id, "body": body}) -def upload_file_command(args: dict) -> tuple[str, str]: +def upload_file_command(args: dict) -> list[CommandResults]: + command_results: list[CommandResults] = [] incident_id = args.get('incID', '') - entry_id = args.get('entryID', '') + entry_ids = argToList(args.get('entryID', '')) body = args.get('body', '') target = args.get('target', 'war room entry') - response = upload_file(incident_id, entry_id, body, target == 'incident attachment') - if is_error(response[0]): - raise Exception("There was an issue uploading the file. Check your API key and input arguments.") - - uploaded_entry_id = demisto.dt(response, 'Contents.response.entries.id') - readable = 'File uploaded successfully.' - # in case the file uploaded as war room entry - if uploaded_entry_id: - readable += f' Entry ID is {uploaded_entry_id}' - if body: - readable += f'. Comment is:{body}' - - return readable, response + for entry_id in entry_ids: + response = upload_file(incident_id, entry_id, body, target == 'incident attachment') + if is_error(response[0]): + raise DemistoException("There was an issue uploading the file. Check your API key and input arguments.") + + uploaded_entry_id = demisto.dt(response, 'Contents.response.entries.id') + readable = 'File uploaded successfully.' + # in case the file uploaded as war room entry + if uploaded_entry_id: + readable += f' Entry ID is {uploaded_entry_id}' + if body: + readable += f'. Comment is:{body}' + command_results.append(CommandResults(readable_output=readable, raw_response=response)) + return command_results def main(): try: - readable, response = upload_file_command(demisto.args()) - return_outputs(readable, {}, response) + return_results(upload_file_command(demisto.args())) except Exception as err: return_error(str(err)) diff --git a/Packs/DemistoRESTAPI/Scripts/UploadFile/UploadFile.yml b/Packs/DemistoRESTAPI/Scripts/UploadFile/UploadFile.yml index 926353575ef5..551b6296d311 100644 --- a/Packs/DemistoRESTAPI/Scripts/UploadFile/UploadFile.yml +++ b/Packs/DemistoRESTAPI/Scripts/UploadFile/UploadFile.yml @@ -11,6 +11,7 @@ args: predefined: - '' required: true + isArray: true - description: Incident ID to upload the file to. name: incID required: true @@ -30,7 +31,7 @@ args: - 'incident attachment' comment: Copies a file from this incident to the specified incident. The file is recorded as an entry in the specified incident’s War Room. subtype: python3 -dockerimage: demisto/python3:3.10.13.83255 +dockerimage: demisto/python3:3.10.13.86272 tags: - DemistoAPI timeout: '0' diff --git a/Packs/DemistoRESTAPI/Scripts/UploadFile/UploadFile_test.py b/Packs/DemistoRESTAPI/Scripts/UploadFile/UploadFile_test.py index 568fc7984ac2..abb68f1c3d55 100644 --- a/Packs/DemistoRESTAPI/Scripts/UploadFile/UploadFile_test.py +++ b/Packs/DemistoRESTAPI/Scripts/UploadFile/UploadFile_test.py @@ -194,8 +194,38 @@ def test_upload_file(mocker): Validate the content of the HumanReadable. """ mocker.patch('UploadFile.upload_file', return_value=RAW_RESPONSE) - readable, _ = upload_file_command({'incidentId': '1', 'entryID': '12@12', 'body': "test_bark"}) - assert "test_bark" in readable + command_results = upload_file_command({'incidentId': '1', 'entryID': '12@12', 'body': "test_bark"}) + assert "test_bark" in command_results[0].readable_output + + +def test_upload_file_multiple_entry_ids(mocker): + """Unit test + Given + - Command args with multiple entry IDs. + When + - Running the upload_file_command function. + Then + - Validate that the API request was called for each entry ID. + """ + execute_command_mocker = mocker.patch('UploadFile.demisto.executeCommand') + upload_file_command({'incidentId': '1', 'entryID': '1,2'}) + assert execute_command_mocker.call_args_list[0][0][1]['entryID'] == '1' + assert execute_command_mocker.call_args_list[1][0][1]['entryID'] == '2' + + +def test_upload_file_one_entry_id(mocker): + """Unit test + Given + - Command args with one entry ID. + When + - Running the upload_file_command function. + Then + - Validate that the API request was called only one entry ID. + """ + execute_command_mocker = mocker.patch('UploadFile.demisto.executeCommand') + upload_file_command({'incidentId': '1', 'entryID': '1'}) + assert len(execute_command_mocker.call_args_list) == 1 + assert execute_command_mocker.call_args_list[0][0][1]['entryID'] == '1' RAW_RESPONSE_ERROR = [ @@ -411,5 +441,5 @@ def test_demisto_upload_file_as_attachment(mocker, target, service): """ import UploadFile mocker.patch('UploadFile.demisto.executeCommand') - upload_file_command({'target': target}) + upload_file_command({'target': target, 'entryID': '1'}) assert f'{service}/upload/' in UploadFile.demisto.executeCommand.call_args[0][1]['uri'] diff --git a/Packs/DemistoRESTAPI/pack_metadata.json b/Packs/DemistoRESTAPI/pack_metadata.json index fffd02ac2280..589c9542db5e 100644 --- a/Packs/DemistoRESTAPI/pack_metadata.json +++ b/Packs/DemistoRESTAPI/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cortex REST API", "description": "Use Demisto REST APIs", "support": "xsoar", - "currentVersion": "1.3.46", + "currentVersion": "1.3.48", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml b/Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml index c684bcac3311..56bf50aa1566 100644 --- a/Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml +++ b/Packs/DeveloperTools/Integrations/CreateIncidents/CreateIncidents.yml @@ -65,7 +65,7 @@ script: name: attachment_paths description: Creates incidents from json file, and stores it in the instance context. name: create-test-incident-from-raw-json - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/DeveloperTools/ReleaseNotes/1_3_10.md b/Packs/DeveloperTools/ReleaseNotes/1_3_10.md new file mode 100644 index 000000000000..e480f8c8fca2 --- /dev/null +++ b/Packs/DeveloperTools/ReleaseNotes/1_3_10.md @@ -0,0 +1,3 @@ +#### Integrations +##### Create Test Incidents +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/DeveloperTools/pack_metadata.json b/Packs/DeveloperTools/pack_metadata.json index 9ba602dfbcb9..48fb3dfe4a89 100644 --- a/Packs/DeveloperTools/pack_metadata.json +++ b/Packs/DeveloperTools/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Developer Tools", "description": "Basic tools for content development.", "support": "community", - "currentVersion": "1.3.9", + "currentVersion": "1.3.10", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect.yml b/Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect.yml index 91b378537e85..215e25f84186 100644 --- a/Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect.yml +++ b/Packs/DomainToolsIrisDetect/Integrations/DomainToolsIrisDetect/DomainToolsIrisDetect.yml @@ -1044,7 +1044,7 @@ script: type: String - description: This command will reset your fetch history. name: domaintools-iris-detect-reset-fetch-indicators - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/DomainToolsIrisDetect/ReleaseNotes/1_0_10.md b/Packs/DomainToolsIrisDetect/ReleaseNotes/1_0_10.md new file mode 100644 index 000000000000..e24ace74f654 --- /dev/null +++ b/Packs/DomainToolsIrisDetect/ReleaseNotes/1_0_10.md @@ -0,0 +1,3 @@ +#### Integrations +##### DomainTools Iris Detect +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/DomainToolsIrisDetect/pack_metadata.json b/Packs/DomainToolsIrisDetect/pack_metadata.json index 6b4e2406d7a5..a056185b9366 100644 --- a/Packs/DomainToolsIrisDetect/pack_metadata.json +++ b/Packs/DomainToolsIrisDetect/pack_metadata.json @@ -2,7 +2,7 @@ "name": "DomainTools Iris Detect", "description": "Iris Detect protects against malicious domains impersonating your brands and supply chain.", "support": "partner", - "currentVersion": "1.0.9", + "currentVersion": "1.0.10", "author": "DomainTools Integrations", "url": "http://www.domaintools.com", "email": "enterprisesupport@domaintools.com", diff --git a/Packs/EmailCommunication/ReleaseNotes/2_0_22.md b/Packs/EmailCommunication/ReleaseNotes/2_0_22.md new file mode 100644 index 000000000000..f82472026a9f --- /dev/null +++ b/Packs/EmailCommunication/ReleaseNotes/2_0_22.md @@ -0,0 +1,7 @@ + +#### Scripts + +##### SummarizeEmailThreads +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + diff --git a/Packs/EmailCommunication/ReleaseNotes/2_0_23.md b/Packs/EmailCommunication/ReleaseNotes/2_0_23.md new file mode 100644 index 000000000000..e237c172fcac --- /dev/null +++ b/Packs/EmailCommunication/ReleaseNotes/2_0_23.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### DisplayEmailHtml + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/EmailCommunication/Scripts/DisplayEmailHtml/DisplayEmailHtml.yml b/Packs/EmailCommunication/Scripts/DisplayEmailHtml/DisplayEmailHtml.yml index 9b947e9145c2..e19b0f90a166 100644 --- a/Packs/EmailCommunication/Scripts/DisplayEmailHtml/DisplayEmailHtml.yml +++ b/Packs/EmailCommunication/Scripts/DisplayEmailHtml/DisplayEmailHtml.yml @@ -1,7 +1,7 @@ commonfields: id: DisplayEmailHtml version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 enabled: true name: DisplayEmailHtml runas: DBotWeakRole diff --git a/Packs/EmailCommunication/Scripts/SummarizeEmailThreads/SummarizeEmailThreads.yml b/Packs/EmailCommunication/Scripts/SummarizeEmailThreads/SummarizeEmailThreads.yml index a0692964dc96..29e5053d992e 100644 --- a/Packs/EmailCommunication/Scripts/SummarizeEmailThreads/SummarizeEmailThreads.yml +++ b/Packs/EmailCommunication/Scripts/SummarizeEmailThreads/SummarizeEmailThreads.yml @@ -12,7 +12,7 @@ comment: |- enabled: true scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole fromversion: 6.2.0 tests: diff --git a/Packs/EmailCommunication/pack_metadata.json b/Packs/EmailCommunication/pack_metadata.json index 603aa9c595f4..7a3d6a41e1c7 100644 --- a/Packs/EmailCommunication/pack_metadata.json +++ b/Packs/EmailCommunication/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Email Communication", "description": "Do you have to send multiple emails to end users? This content pack helps you streamline the process and automate updates, notifications and more.\n", "support": "xsoar", - "currentVersion": "2.0.21", + "currentVersion": "2.0.23", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "videos": [ diff --git a/Packs/EmailHippo/Integrations/EmailHippo/EmailHippo.yml b/Packs/EmailHippo/Integrations/EmailHippo/EmailHippo.yml index 19c2d42fcb9c..5a431cc6d44a 100644 --- a/Packs/EmailHippo/Integrations/EmailHippo/EmailHippo.yml +++ b/Packs/EmailHippo/Integrations/EmailHippo/EmailHippo.yml @@ -192,7 +192,7 @@ script: description: The expiration date of the domain. type: Date description: Returns domain information and reputation. - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false subtype: python3 fromversion: 6.9.0 diff --git a/Packs/EmailHippo/ReleaseNotes/1_0_2.md b/Packs/EmailHippo/ReleaseNotes/1_0_2.md new file mode 100644 index 000000000000..e9365395f05d --- /dev/null +++ b/Packs/EmailHippo/ReleaseNotes/1_0_2.md @@ -0,0 +1,3 @@ +#### Integrations +##### Email Hippo +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/EmailHippo/pack_metadata.json b/Packs/EmailHippo/pack_metadata.json index 0dcdaf5c557c..d19e0c0ba250 100644 --- a/Packs/EmailHippo/pack_metadata.json +++ b/Packs/EmailHippo/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Email Hippo", "description": "Use this tool to verify email sources as fake emails that were used as part of phishing attacks.", "support": "xsoar", - "currentVersion": "1.0.1", + "currentVersion": "1.0.2", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/ExceedLMS/Integrations/IAMExceedLMS/IAMExceedLMS.yml b/Packs/ExceedLMS/Integrations/IAMExceedLMS/IAMExceedLMS.yml index ab3d4fcc392c..a688d1368436 100644 --- a/Packs/ExceedLMS/Integrations/IAMExceedLMS/IAMExceedLMS.yml +++ b/Packs/ExceedLMS/Integrations/IAMExceedLMS/IAMExceedLMS.yml @@ -232,7 +232,7 @@ script: type: String - description: Retrieves a User Profile schema, which holds all of the user fields within the application. Used for outgoing-mapping through the Get Schema option. name: get-mapping-fields - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 ismappable: true isremotesyncout: true runonce: false diff --git a/Packs/ExceedLMS/ReleaseNotes/1_0_9.md b/Packs/ExceedLMS/ReleaseNotes/1_0_9.md new file mode 100644 index 000000000000..0d79964c0191 --- /dev/null +++ b/Packs/ExceedLMS/ReleaseNotes/1_0_9.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### ExceedLMS IAM + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/ExceedLMS/pack_metadata.json b/Packs/ExceedLMS/pack_metadata.json index d9424de75da7..8bc38ac06b51 100644 --- a/Packs/ExceedLMS/pack_metadata.json +++ b/Packs/ExceedLMS/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Exceed LMS", "description": "A specialized LMS and Phishing Simulator created to manage security awareness content for small, medium and large enterprise organizations.", "support": "xsoar", - "currentVersion": "1.0.8", + "currentVersion": "1.0.9", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Exterro/Integrations/Exterro/Exterro.yml b/Packs/Exterro/Integrations/Exterro/Exterro.yml index 8a1f5ed4780c..89bf96981a7d 100644 --- a/Packs/Exterro/Integrations/Exterro/Exterro.yml +++ b/Packs/Exterro/Integrations/Exterro/Exterro.yml @@ -58,7 +58,7 @@ script: description: The Status of the of workflow trigger. type: string description: Returns a boolean value. - dockerimage: demisto/accessdata:1.1.0.84636 + dockerimage: demisto/accessdata:1.1.0.86342 script: '-' type: python subtype: python3 diff --git a/Packs/Exterro/ReleaseNotes/1_0_7.md b/Packs/Exterro/ReleaseNotes/1_0_7.md new file mode 100644 index 000000000000..b0c196f0fc8e --- /dev/null +++ b/Packs/Exterro/ReleaseNotes/1_0_7.md @@ -0,0 +1,3 @@ +#### Integrations +##### Exterro FTK +- Updated the Docker image to: *demisto/accessdata:1.1.0.86342*. diff --git a/Packs/Exterro/pack_metadata.json b/Packs/Exterro/pack_metadata.json index 1f21a6be289e..10c9e4a77577 100644 --- a/Packs/Exterro/pack_metadata.json +++ b/Packs/Exterro/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Exterro/AccessData", "description": "Use the Exterro package to integrate with the Exterro FTK Suite, enabling the playbook automation of incident response workflows upon detection of a possible threat.", "support": "partner", - "currentVersion": "1.0.6", + "currentVersion": "1.0.7", "author": "Exterro", "url": "https://exterro.freshdesk.com/support/home", "email": "support@exterro.com", diff --git a/Packs/F5/Integrations/F5_ASM/F5_ASM.yml b/Packs/F5/Integrations/F5_ASM/F5_ASM.yml index 848065481dfe..fff15ae67b02 100644 --- a/Packs/F5/Integrations/F5_ASM/F5_ASM.yml +++ b/Packs/F5/Integrations/F5_ASM/F5_ASM.yml @@ -2635,7 +2635,7 @@ script: - contextPath: f5.Policy.md5 description: The MD5 hash of the policy. type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/F5/ReleaseNotes/1_2_22.md b/Packs/F5/ReleaseNotes/1_2_22.md new file mode 100644 index 000000000000..2205db564ea6 --- /dev/null +++ b/Packs/F5/ReleaseNotes/1_2_22.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### F5 Application Security Manager (WAF) + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/F5/pack_metadata.json b/Packs/F5/pack_metadata.json index 82ae53875fdb..0f889509c95c 100644 --- a/Packs/F5/pack_metadata.json +++ b/Packs/F5/pack_metadata.json @@ -2,7 +2,7 @@ "name": "F5 firewall", "description": "Manages F5 firewall rules", "support": "xsoar", - "currentVersion": "1.2.21", + "currentVersion": "1.2.22", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedAzure/Integrations/FeedAzure/FeedAzure.yml b/Packs/FeedAzure/Integrations/FeedAzure/FeedAzure.yml index 5062f1314dbc..5a470dfe52f1 100644 --- a/Packs/FeedAzure/Integrations/FeedAzure/FeedAzure.yml +++ b/Packs/FeedAzure/Integrations/FeedAzure/FeedAzure.yml @@ -224,7 +224,7 @@ script: name: limit description: Gets indicators from the feed. name: azure-get-indicators - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 feed: true runonce: false script: '-' diff --git a/Packs/FeedAzure/ReleaseNotes/1_0_27.md b/Packs/FeedAzure/ReleaseNotes/1_0_27.md new file mode 100644 index 000000000000..0245b0e64d5d --- /dev/null +++ b/Packs/FeedAzure/ReleaseNotes/1_0_27.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Azure Feed + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/FeedAzure/pack_metadata.json b/Packs/FeedAzure/pack_metadata.json index 6bb7404b750a..c2afb5b13217 100644 --- a/Packs/FeedAzure/pack_metadata.json +++ b/Packs/FeedAzure/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Azure Feed", "description": "Indicators feed from Azure", "support": "xsoar", - "currentVersion": "1.0.26", + "currentVersion": "1.0.27", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedDHS/Integrations/DHSFeedV2/DHSFeedV2.yml b/Packs/FeedDHS/Integrations/DHSFeedV2/DHSFeedV2.yml index 29424ebf9d52..1ce148df6592 100644 --- a/Packs/FeedDHS/Integrations/DHSFeedV2/DHSFeedV2.yml +++ b/Packs/FeedDHS/Integrations/DHSFeedV2/DHSFeedV2.yml @@ -210,7 +210,7 @@ script: - contextPath: DHS.Collections.Name description: Collection name. type: String - dockerimage: demisto/taxii2:1.0.0.84787 + dockerimage: demisto/taxii2:1.0.0.86437 feed: true runonce: false script: '-' diff --git a/Packs/FeedDHS/ReleaseNotes/2_0_30.md b/Packs/FeedDHS/ReleaseNotes/2_0_30.md new file mode 100644 index 000000000000..e82e3ad7b52b --- /dev/null +++ b/Packs/FeedDHS/ReleaseNotes/2_0_30.md @@ -0,0 +1,3 @@ +#### Integrations +##### DHS Feed v2 +- Updated the Docker image to: *demisto/taxii2:1.0.0.86437*. diff --git a/Packs/FeedDHS/pack_metadata.json b/Packs/FeedDHS/pack_metadata.json index a0e210b18df8..f18333be4b97 100644 --- a/Packs/FeedDHS/pack_metadata.json +++ b/Packs/FeedDHS/pack_metadata.json @@ -2,7 +2,7 @@ "name": "DHS Feed", "description": "Provides cyber threat indicators from the Cybersecurity and Infrastructure Security Agency’s (CISA’s) free Automated Indicator Sharing (AIS) by the Department of Homeland Security (DHS).", "support": "xsoar", - "currentVersion": "2.0.29", + "currentVersion": "2.0.30", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedGCPWhitelist/Integrations/FeedGoogleIPRanges/FeedGoogleIPRanges.yml b/Packs/FeedGCPWhitelist/Integrations/FeedGoogleIPRanges/FeedGoogleIPRanges.yml index 226eafd042b9..bb35c8131357 100644 --- a/Packs/FeedGCPWhitelist/Integrations/FeedGoogleIPRanges/FeedGoogleIPRanges.yml +++ b/Packs/FeedGCPWhitelist/Integrations/FeedGoogleIPRanges/FeedGoogleIPRanges.yml @@ -100,7 +100,7 @@ script: defaultValue: "10" description: Gets indicators from the feed. name: google-ip-ranges-get-indicators - dockerimage: demisto/py3-tools:1.0.0.84811 + dockerimage: demisto/py3-tools:1.0.0.86612 feed: true runonce: false script: '-' diff --git a/Packs/FeedGCPWhitelist/ReleaseNotes/2_0_37.md b/Packs/FeedGCPWhitelist/ReleaseNotes/2_0_37.md new file mode 100644 index 000000000000..d395118f5d24 --- /dev/null +++ b/Packs/FeedGCPWhitelist/ReleaseNotes/2_0_37.md @@ -0,0 +1,3 @@ +#### Integrations +##### Google IP Ranges Feed +- Updated the Docker image to: *demisto/py3-tools:1.0.0.86612*. diff --git a/Packs/FeedGCPWhitelist/pack_metadata.json b/Packs/FeedGCPWhitelist/pack_metadata.json index 233a59e178c0..dacbed875a8b 100644 --- a/Packs/FeedGCPWhitelist/pack_metadata.json +++ b/Packs/FeedGCPWhitelist/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Google IP Ranges Feed", "description": "Use the Google IP Ranges Feed integration to get GCP and Google global IP ranges.", "support": "xsoar", - "currentVersion": "2.0.36", + "currentVersion": "2.0.37", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedLOLBAS/Integrations/FeedLOLBAS/FeedLOLBAS.yml b/Packs/FeedLOLBAS/Integrations/FeedLOLBAS/FeedLOLBAS.yml index c6af611d84b9..09bc6930110b 100644 --- a/Packs/FeedLOLBAS/Integrations/FeedLOLBAS/FeedLOLBAS.yml +++ b/Packs/FeedLOLBAS/Integrations/FeedLOLBAS/FeedLOLBAS.yml @@ -169,7 +169,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 fromversion: 6.8.0 tests: - FeedLOLBas_test diff --git a/Packs/FeedLOLBAS/ReleaseNotes/1_0_15.md b/Packs/FeedLOLBAS/ReleaseNotes/1_0_15.md new file mode 100644 index 000000000000..de86244b5dce --- /dev/null +++ b/Packs/FeedLOLBAS/ReleaseNotes/1_0_15.md @@ -0,0 +1,3 @@ +#### Integrations +##### LOLBAS Feed +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/FeedLOLBAS/pack_metadata.json b/Packs/FeedLOLBAS/pack_metadata.json index ce93d4a8b557..290726247765 100644 --- a/Packs/FeedLOLBAS/pack_metadata.json +++ b/Packs/FeedLOLBAS/pack_metadata.json @@ -2,7 +2,7 @@ "name": "LOLBAS Feed", "description": "\"Living off the land binaries\" is a term used to describe malware or hacking techniques that take advantage of legitimate tools.", "support": "xsoar", - "currentVersion": "1.0.14", + "currentVersion": "1.0.15", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py index 97dd5a844663..e9ff6a435187 100644 --- a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py +++ b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.py @@ -166,7 +166,6 @@ def build_indicators_iterator(attributes: Dict[str, Any], url: Optional[str]) -> except KeyError as err: demisto.debug(str(err)) raise KeyError(f'Could not parse returned data as attributes list. \nError massage: {err}') - demisto.debug(f' Number of indicators: {len(indicators_iterator)}') return indicators_iterator @@ -211,7 +210,7 @@ def handle_file_type_fields(raw_type: str, indicator_obj: Dict[str, Any]) -> Non indicator_obj['fields'][raw_type.upper()] = hash_value -def build_params_dict(tags: List[str], attribute_type: List[str]) -> Dict[str, Any]: +def build_params_dict(tags: List[str], attribute_type: List[str], limit: int, page: int) -> Dict[str, Any]: """ Creates a dictionary in the format required by MISP to be used as a query. Args: @@ -227,6 +226,8 @@ def build_params_dict(tags: List[str], attribute_type: List[str]) -> Dict[str, A 'tags': { 'OR': tags if tags else [], }, + 'limit': limit, + 'page': page } return params @@ -307,82 +308,15 @@ def build_indicator(value_: str, type_: str, raw_data: Dict[str, Any], reputatio return indicator_obj -def update_indicators_iterator(indicators_iterator: List[Dict[str, Any]], - params_dict: Dict[str, Any], - is_fetch: bool) -> Optional[List[Dict[str, Any]]]: - """ - sorts the indicators by their timestamp and returns a list of only new indicators received from MISP - Args: - params_dict: user's params sent to misp - indicators_iterator: list of indicators - is_fetch: flag for wether funciton was called for fetching command or a get - Returns: Sorted list of new indicators - """ - last_run = demisto.getLastRun() - demisto.debug(f"last_run: {last_run}") - indicators_iterator.sort(key=lambda indicator: indicator['value']['timestamp']) - - if last_run is None: - return indicators_iterator - if params_dict != last_run.get('params'): - if is_fetch: - demisto.setLastRun(None) - return indicators_iterator - - last_timestamp = int(last_run.get('timestamp')) - - for index in range(len(indicators_iterator)): - if int(indicators_iterator[index]['value']['timestamp']) > last_timestamp: - return indicators_iterator[index:] - return [] - - -def search_query_indicators_pagination(client: Client, params_dict: Dict[str, Any]) -> Dict[str, Any]: - params_dict['page'] = 1 - response: Dict[str, Dict[str, List]] = {'response': {'Attribute': []}} - search_query_per_page = client.search_query(params_dict).get('response', {}).get('Attribute') - while len(search_query_per_page): - demisto.debug(f'search_query_per_page: {params_dict["page"]} number of indicators: {len(search_query_per_page)}') - response['response']['Attribute'].extend(search_query_per_page) - params_dict['page'] += 1 - search_query_per_page = client.search_query(params_dict).get('response', {}).get('Attribute') - return response - - -def fetch_indicators(client: Client, - tags: List[str], +def build_indicators(response: Dict[str, Any], attribute_type: List[str], - query: Optional[str], tlp_color: Optional[str], url: Optional[str], reputation: Optional[str], - feed_tags: Optional[List], - limit: int = -1, - is_fetch: bool = True) -> List[Dict]: - params_dict = clean_user_query(query) if query else build_params_dict(tags, attribute_type) - if limit and limit not in params_dict: - params_dict['limit'] = limit - response = search_query_indicators_pagination(client, params_dict) if is_fetch else client.search_query(params_dict) - if error_message := response.get('Error'): - raise DemistoException(error_message) + feed_tags: Optional[List]) -> List[Dict]: indicators_iterator = build_indicators_iterator(response, url) - added_indicators_iterator = update_indicators_iterator(indicators_iterator, params_dict, is_fetch) indicators = [] - - if not added_indicators_iterator: - return [] - - if limit > 0: - added_indicators_iterator = added_indicators_iterator[:limit] - - if is_fetch: - # fetching command, need to update last run dict - demisto.setLastRun({ - 'params': params_dict, - 'timestamp': added_indicators_iterator[len(added_indicators_iterator) - 1]['value']['timestamp'] - }) - - for indicator in added_indicators_iterator: + for indicator in indicators_iterator: value_ = indicator['value']['value'] type_ = indicator['type'] raw_type = indicator.pop('raw_type') @@ -522,7 +456,7 @@ def test_module(client: Client) -> str: def get_attributes_command(client: Client, args: Dict[str, str], params: Dict[str, str]) -> CommandResults: - """Wrapper for retrieving indicators from the feed to the war-room. + """ Wrapper for fetching indicators from the feed to the war-room. Args: client: Client object with request args: demisto.args() @@ -537,8 +471,13 @@ def get_attributes_command(client: Client, args: Dict[str, str], params: Dict[st feed_tags = argToList(params.get("feedTags", [])) query = args.get('query', None) attribute_type = argToList(args.get('attribute_type', '')) - indicators = fetch_indicators(client, tags, attribute_type, - query, tlp_color, params.get('url'), reputation, feed_tags, limit, False) + page = arg_to_number(args.get('page')) or 1 + params_dict = clean_user_query(query) if query else build_params_dict(tags=tags, attribute_type=attribute_type, limit=limit, + page=page) + response = client.search_query(params_dict) + if error_message := response.get('Error'): + raise DemistoException(error_message) + indicators = build_indicators(response, attribute_type, tlp_color, params.get('url'), reputation, feed_tags) hr_indicators = [] for indicator in indicators: hr_indicators.append({ @@ -558,13 +497,14 @@ def get_attributes_command(client: Client, args: Dict[str, str], params: Dict[st ) -def fetch_attributes_command(client: Client, params: Dict[str, str]) -> List[Dict]: +def fetch_attributes_command(client: Client, params: Dict[str, str]): """ - Wrapper for fetching indicators from the feed to the Indicators tab. + Fetching indicators from the feed to the Indicators tab. Args: client: Client object with request params: demisto.params() Returns: List of indicators. + """ tlp_color = params.get('tlp_color') reputation = params.get('feedReputation') @@ -572,9 +512,19 @@ def fetch_attributes_command(client: Client, params: Dict[str, str]) -> List[Dic feed_tags = argToList(params.get("feedTags", [])) attribute_types = argToList(params.get('attribute_types', '')) query = params.get('query', None) - indicators = fetch_indicators(client, tags, attribute_types, query, tlp_color, - params.get('url'), reputation, feed_tags) - return indicators + params_dict = clean_user_query(query) if query else build_params_dict(tags=tags, attribute_type=attribute_types, limit=2000, + page=1) + search_query_per_page = client.search_query(params_dict) + while len(search_query_per_page.get("response", {}).get("Attribute", [])): + demisto.debug(f'search_query_per_page number of attributes:\ + {len(search_query_per_page.get("response", {}).get("Attribute", []))}\ + page: {params_dict["page"]}') + indicators = build_indicators(search_query_per_page, attribute_types, tlp_color, params.get('url'), reputation, feed_tags) + demisto.createIndicators(indicators) + params_dict['page'] += 1 + search_query_per_page = client.search_query(params_dict) + if error_message := search_query_per_page.get('Error'): + raise DemistoException(f"Error in API call - check the input parameters and the API Key. Error: {error_message}") def main(): @@ -601,9 +551,8 @@ def main(): elif command == 'misp-feed-get-indicators': return_results(get_attributes_command(client, args, params)) elif command == 'fetch-indicators': - indicators = fetch_attributes_command(client, params) - for iter_ in batch(indicators, batch_size=2000): - demisto.createIndicators(iter_) + fetch_attributes_command(client, params) + else: raise NotImplementedError(f'Command {command} is not implemented.') diff --git a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml index c0ff627345b1..75eee6171477 100644 --- a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml +++ b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP.yml @@ -127,6 +127,9 @@ script: - name: limit defaultValue: '10' description: The maximum number of results to return. + - name: page + defaultValue: '1' + description: The page number of the results to retrieve. - name: tags description: Attributes having one of the tags, or being an attribute of an event having one of the tags, will be returned. You can enter a comma-separated list of tags, for example ,,. The list of MISP tags can be found in your MISP instance under 'Event Actions'>'List Tags'. - name: attribute_type @@ -139,7 +142,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.83255 + dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.5.0 tests: - MISPfeed Test diff --git a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP_test.py b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP_test.py index cbc62ae484f8..3c3592f51b0c 100644 --- a/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP_test.py +++ b/Packs/FeedMISP/Integrations/FeedMISP/FeedMISP_test.py @@ -4,8 +4,8 @@ from CommonServerPython import DemistoException, ThreatIntel, FeedIndicatorType from FeedMISP import clean_user_query, build_indicators_iterator, \ - handle_file_type_fields, get_galaxy_indicator_type, build_indicators_from_galaxies, update_indicators_iterator, \ - update_indicator_fields, get_ip_type, search_query_indicators_pagination, Client + handle_file_type_fields, get_galaxy_indicator_type, build_indicators_from_galaxies, \ + update_indicator_fields, get_ip_type, Client, fetch_attributes_command def test_build_indicators_iterator_success(): @@ -206,173 +206,6 @@ def test_build_indicators_from_galaxies(): assert galaxy_indicators[0]['type'] == ThreatIntel.ObjectsNames.ATTACK_PATTERN -def test_update_indicators_iterator_first_fetch(mocker): - """ - Given - - Indicators received - When - - First fetch, no last run parameters - Then - - return all indicators - """ - indicators_iterator = [ - { - 'value': {'timestamp': '5'}, - 'type': 'IP', - 'raw_type': 'ip-src', - }, - { - 'value': {'timestamp': '1'}, - 'type': 'IP', - 'raw_type': 'ip-src', - }, - { - 'value': {'timestamp': '3'}, - 'type': 'IP', - 'raw_type': 'ip-src', - }, - ] - query = {'key': 'val'} - mocker.patch.object(demisto, 'getLastRun', return_value=None) - added_indicators_iterator = update_indicators_iterator(indicators_iterator, query, True) - assert added_indicators_iterator == indicators_iterator - - -def test_update_indicators_iterator_timestamp_exists_all_new_indicators_same_query(mocker): - """ - Given - - Indicators received, lastrun has timestamp and query - When - - indicators updated after timestamp and same query as before - Then - - return all indicators - """ - indicators_iterator = [ - { - 'value': {'timestamp': '5'}, - 'type': 'IP', - 'raw_type': 'ip-src', - }, - { - 'value': {'timestamp': '1'}, - 'type': 'IP', - 'raw_type': 'ip-src', - }, - { - 'value': {'timestamp': '3'}, - 'type': 'IP', - 'raw_type': 'ip-src', - }, - ] - query = {'key': 'val'} - mocker.patch.object(demisto, 'getLastRun', return_value={'timestamp': '0', 'params': query}) - added_indicators_iterator = update_indicators_iterator(indicators_iterator, query, True) - assert added_indicators_iterator == indicators_iterator - - -def test_update_indicators_iterator_timestamp_exists_no_new_indicators_same_query(mocker): - """ - Given - - Indicators received, lastrun has the timestamp and query - When - - last run timestamp is bigger then the indicators timestamp and query is the same - Then - - return no indicators - """ - indicators_iterator = [ - { - 'value': {'timestamp': '1'}, - 'type': 'IP', - 'raw_type': 'ip-src', - }, - { - 'value': {'timestamp': '3'}, - 'type': 'IP', - 'raw_type': 'ip-src', - }, - ] - query = {'key': 'val'} - mocker.patch.object(demisto, 'getLastRun', return_value={'timestamp': '4', 'params': query}) - added_indicators_iterator = update_indicators_iterator(indicators_iterator, query, True) - assert not added_indicators_iterator - - -def test_update_indicators_iterator_timestamp_exists_some_new_indicators_same_query(mocker): - """ - Given - - Indicators received, lastrun has the timestamp and query - When - - some indicators has timestamp bigger then the lastrun timestamp - Then - - return indicators which have timestamp bigger then lastrun timestamp - """ - indicators_iterator = [ - { - 'value': {'timestamp': '5'}, - 'type': 'IP', - 'raw_type': 'ip-src', - }, - { - 'value': {'timestamp': '1'}, - 'type': 'IP', - 'raw_type': 'ip-src', - }, - { - 'value': {'timestamp': '3'}, - 'type': 'IP', - 'raw_type': 'ip-src', - }, - ] - query = {'key': 'val'} - mocker.patch.object(demisto, 'getLastRun', return_value={'timestamp': '4', 'params': query}) - added_indicators_iterator = update_indicators_iterator(indicators_iterator, query, True) - assert added_indicators_iterator[0]['value']['timestamp'] == '5' - - -def test_update_indicators_iterator_timestamp_exists_no_indicators_same_query(mocker): - """ - Given - - No indicators received - When - - lastrun has timestamp and query - Then - - return no indicators - """ - indicators_iterator = [] - query = {'key': 'val'} - mocker.patch.object(demisto, 'getLastRun', return_value={'timestamp': '4', 'params': query}) - added_indicators_iterator = update_indicators_iterator(indicators_iterator, query, True) - assert not added_indicators_iterator - - -def test_update_indicators_iterator_indicators_before_timestamp_different_query(mocker): - """ - Given - - Indicators received, lastrun has the timestamp and query - When - - all indicators have smaller timestamp then lastrun but query has changed - Then - - reset lastrun and return all indicators - """ - indicators_iterator = [ - { - 'value': {'timestamp': '1'}, - 'type': 'IP', - 'raw_type': 'ip-src', - }, - { - 'value': {'timestamp': '3'}, - 'type': 'IP', - 'raw_type': 'ip-src', - }, - ] - query = {'key': 'val'} - old_query = {'key': 'old'} - mocker.patch.object(demisto, 'getLastRun', return_value={'timestamp': '4', 'params': old_query}) - added_indicators_iterator = update_indicators_iterator(indicators_iterator, query, True) - assert added_indicators_iterator == indicators_iterator - - @pytest.mark.parametrize( "indicator, feed_tags, expected_calls", [ @@ -450,31 +283,69 @@ def test_get_ip_type(indicator, indicator_type): assert get_ip_type(indicator) == indicator_type -indicators_examples = [ - ({'response': {'Attribute': ['data1', 'data2']}}, ({'response': {'Attribute': []}}), - {'response': {'Attribute': ['data1', 'data2']}}), - ({'response': {'Attribute': []}}, ({'response': {'Attribute': []}}), - {'response': {'Attribute': []}}) - -] +def test_search_query_indicators_pagination(mocker): + """ + Given: + - All relevant arguments for the command + When: + - the fetch_attributes_command function runs + Then: + - Ensure the pagination mechanism return the expected result (good http response is returned) + """ + client = Client(base_url="example", + authorization="auth", + verify=False, + proxy=False, + timeout=60) + returned_result_1 = {'response': + {'Attribute': [{'id': '1', 'event_id': '1', 'object_id': '0', + 'object_relation': None, 'category': 'Payload delivery', + 'type': 'sha256', 'to_ids': True, 'uuid': '5fd0c620', + 'timestamp': '1607517728', 'distribution': '5', 'sharing_group_id': '0', + 'comment': 'malspam', 'deleted': False, 'disable_correlation': False, + 'first_seen': None, 'last_seen': None, + 'value': 'val1', 'Event': {}}, + {'id': '2', 'event_id': '2', 'object_id': '0', + 'object_relation': None, 'category': 'Payload delivery', + 'type': 'sha256', 'to_ids': True, 'uuid': '5fd0c620', + 'timestamp': '1607517728', 'distribution': '5', 'sharing_group_id': '0', + 'comment': 'malspam', 'deleted': False, 'disable_correlation': False, 'first_seen': None, + 'last_seen': None, 'value': 'val2', 'Event': {}}]}} + returned_result_2 = {'response': {'Attribute': []}} + mocker.patch.object(Client, '_http_request', side_effect=[returned_result_1, returned_result_2]) + params_dict = { + 'type': 'attribute', + 'filters': {'category': ['Payload delivery']}, + } + mocker.patch.object(demisto, 'setLastRun') + mocker.patch.object(demisto, 'createIndicators') + fetch_attributes_command(client, params_dict) + indicators = demisto.createIndicators.call_args[0][0] + assert len(indicators) == 2 -@pytest.mark.parametrize('returned_result_1, returned_result_2, expected_result', indicators_examples) -def test_search_query_indicators_pagination(mocker, returned_result_1, returned_result_2, expected_result): +def test_search_query_indicators_pagination_bad_case(mocker): """ Given: - All relevant arguments for the command When: - - the search_query_indicators_pagination function runs + - the fetch_attributes_command function runs Then: - - Ensure the pagination mechanism return the expected result + - Ensure the pagination mechanism raises an error (bad http response is returned) """ + from CommonServerPython import DemistoException client = Client(base_url="example", authorization="auth", verify=False, proxy=False, timeout=60) - mocker.patch.object(Client, '_http_request', side_effect=[returned_result_1, returned_result_2]) - params_dict = {'param1': 'value1'} - result = search_query_indicators_pagination(client, params_dict) - assert result == expected_result + returned_result = {'Error': 'failed api call'} + expected_result = "Error in API call - check the input parameters and the API Key. Error: failed api call" + mocker.patch.object(Client, '_http_request', return_value=returned_result) + params_dict = { + 'type': 'attribute', + 'filters': {'category': ['Payload delivery']} + } + with pytest.raises(DemistoException) as e: + fetch_attributes_command(client, params_dict) + assert str(e.value) == expected_result diff --git a/Packs/FeedMISP/ReleaseNotes/1_0_31.md b/Packs/FeedMISP/ReleaseNotes/1_0_31.md new file mode 100644 index 000000000000..07c240ff415a --- /dev/null +++ b/Packs/FeedMISP/ReleaseNotes/1_0_31.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### MISP Feed +- Added a **page** argument to the ***misp-feed-get-indicators*** command. +- Fixed an issue where ***fetch-indicators*** crushed due to memory overflow. +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/FeedMISP/pack_metadata.json b/Packs/FeedMISP/pack_metadata.json index 8648f96594e6..3b4056d8a51a 100644 --- a/Packs/FeedMISP/pack_metadata.json +++ b/Packs/FeedMISP/pack_metadata.json @@ -2,7 +2,7 @@ "name": "MISP Feed", "description": "Indicators feed from MISP", "support": "xsoar", - "currentVersion": "1.0.30", + "currentVersion": "1.0.31", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedMalwareBazaar/Integrations/MalwareBazaarFeed/MalwareBazaarFeed.yml b/Packs/FeedMalwareBazaar/Integrations/MalwareBazaarFeed/MalwareBazaarFeed.yml index 62bf29e71abe..954cc14c93b2 100644 --- a/Packs/FeedMalwareBazaar/Integrations/MalwareBazaarFeed/MalwareBazaarFeed.yml +++ b/Packs/FeedMalwareBazaar/Integrations/MalwareBazaarFeed/MalwareBazaarFeed.yml @@ -106,7 +106,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/py3-tools:1.0.0.84811 + dockerimage: demisto/py3-tools:1.0.0.86612 feed: true fromversion: 6.0.0 tests: diff --git a/Packs/FeedMalwareBazaar/ReleaseNotes/1_0_37.md b/Packs/FeedMalwareBazaar/ReleaseNotes/1_0_37.md new file mode 100644 index 000000000000..c418228baf63 --- /dev/null +++ b/Packs/FeedMalwareBazaar/ReleaseNotes/1_0_37.md @@ -0,0 +1,3 @@ +#### Integrations +##### MalwareBazaar Feed +- Updated the Docker image to: *demisto/py3-tools:1.0.0.86612*. diff --git a/Packs/FeedMalwareBazaar/pack_metadata.json b/Packs/FeedMalwareBazaar/pack_metadata.json index cd06942756a9..da2913c1d926 100644 --- a/Packs/FeedMalwareBazaar/pack_metadata.json +++ b/Packs/FeedMalwareBazaar/pack_metadata.json @@ -2,7 +2,7 @@ "name": "MalwareBazaar Feed", "description": "MalwareBazaar is a project from abuse.ch with the goal of sharing malware samples with the infosec community, AV vendors and threat intelligence providers.", "support": "xsoar", - "currentVersion": "1.0.36", + "currentVersion": "1.0.37", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedOpenCTI/Integrations/FeedOpenCTI_v4/FeedOpenCTI_v4.yml b/Packs/FeedOpenCTI/Integrations/FeedOpenCTI_v4/FeedOpenCTI_v4.yml index 9448f1b85385..857317debe6e 100644 --- a/Packs/FeedOpenCTI/Integrations/FeedOpenCTI_v4/FeedOpenCTI_v4.yml +++ b/Packs/FeedOpenCTI/Integrations/FeedOpenCTI_v4/FeedOpenCTI_v4.yml @@ -121,7 +121,7 @@ configuration: additionalinfo: 'Score maximum value to filter by. Values range is 1-100. ' type: 0 required: false -description: Ingest indicators from the OpenCTI feed. Compatible with OpenCTI 4.X API version. +description: Ingest indicators from the OpenCTI feed. Compatible with OpenCTI 5.12.17 and above. display: OpenCTI Feed 4.X name: OpenCTI Feed 4.X script: @@ -155,7 +155,7 @@ script: name: score_end description: Gets indicators from the feed. name: opencti-get-indicators - dockerimage: demisto/vendors-sdk:1.0.0.86010 + dockerimage: demisto/vendors-sdk:1.0.0.86440 feed: true runonce: false script: '-' diff --git a/Packs/FeedOpenCTI/ReleaseNotes/2_1_1.md b/Packs/FeedOpenCTI/ReleaseNotes/2_1_1.md new file mode 100644 index 000000000000..6e79912e1926 --- /dev/null +++ b/Packs/FeedOpenCTI/ReleaseNotes/2_1_1.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### OpenCTI Feed 4.X +- Updated the Docker image to: *demisto/vendors-sdk:1.0.0.86440*. +- Updated the description to align with the actual supported version. diff --git a/Packs/FeedOpenCTI/pack_metadata.json b/Packs/FeedOpenCTI/pack_metadata.json index 5fbe53d11c2f..505c10e8dda7 100644 --- a/Packs/FeedOpenCTI/pack_metadata.json +++ b/Packs/FeedOpenCTI/pack_metadata.json @@ -2,7 +2,7 @@ "name": "OpenCTI Feed", "description": "Ingest indicators from the OpenCTI feed.", "support": "xsoar", - "currentVersion": "2.1.0", + "currentVersion": "2.1.1", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture.py b/Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture.py index 75d0c7b7bdbb..08f8135fb58e 100644 --- a/Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture.py +++ b/Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture.py @@ -1,7 +1,9 @@ +import demistomock as demisto +from CommonServerPython import * import zlib import json -from CommonServerPython import * + # IMPORTS import urllib3 import csv @@ -47,7 +49,8 @@ class Client(BaseClient): def __init__(self, indicator_type: str, api_token: str, services: list, risk_rule: str = None, fusion_file_path: str = None, insecure: bool = False, - polling_timeout: int = 20, proxy: bool = False, threshold: int = 65, risk_score_threshold: int = 0, + polling_timeout: int = 20, proxy: bool = False, + malicious_threshold: int = 65, suspicious_threshold: int = 25, risk_score_threshold: int = 0, tags: list | None = None, tlp_color: str | None = None): """ Attributes: @@ -59,11 +62,12 @@ def __init__(self, indicator_type: str, api_token: str, services: list, risk_rul insecure: boolean, if *false* feed HTTPS server certificate is verified. Default: *false* polling_timeout: timeout of the polling request in seconds. Default: 20 proxy: Sets whether use proxy when sending requests - threshold: The minimum score from the feed in order to to determine whether the indicator is malicious. + malicious_threshold: The minimum score from the feed in order to to determine whether the indicator is malicious. + suspicious_threshold: The minimum score from the feed in order to to determine whether the indicator is suspicious. Ranges up to the malicious_threshold. risk_score_threshold: The minimum score to filter out the ingested indicators. tags: A list of tags to add to indicators :param tlp_color: Traffic Light Protocol color - """ + """ # noqa: E501 if tags is None: tags = [] try: @@ -76,10 +80,15 @@ def __init__(self, indicator_type: str, api_token: str, services: list, risk_rul self.api_token = self.headers['X-RFToken'] = api_token self.services = services self.indicator_type = indicator_type - self.threshold = int(threshold) if threshold else threshold + self.malicious_threshold = int(malicious_threshold) if malicious_threshold else malicious_threshold + self.suspicious_threshold = int(suspicious_threshold) if suspicious_threshold else suspicious_threshold self.risk_score_threshold = int(risk_score_threshold) if risk_score_threshold else risk_score_threshold self.tags = tags self.tlp_color = tlp_color + + if self.malicious_threshold <= self.suspicious_threshold: + raise DemistoException('The Suspicious Threshold must be less than the Malicious Threshold.') + super().__init__(self.BASE_URL, proxy=proxy, verify=not insecure) def _build_request(self, service, indicator_type, risk_rule: str | None = None) -> requests.PreparedRequest: @@ -231,7 +240,7 @@ def get_batches_from_file(self, limit): demisto.info('reading from file') # we do this try to make sure the file gets deleted at the end try: - file_stream = open("response.txt", 'rt') + file_stream = open("response.txt") columns = file_stream.readline() # get the headers from the csv file. columns = columns.replace("\"", "").strip().split(",") # type:ignore # '"a","b"\n' -> ["a", "b"] @@ -259,13 +268,15 @@ def calculate_indicator_score(self, risk_from_feed): Returns: int. The indicator's Dbot score """ - dbot_score = 0 risk_from_feed = int(risk_from_feed) - if risk_from_feed >= self.threshold or risk_from_feed >= 65: + if risk_from_feed >= self.malicious_threshold: dbot_score = 3 - elif risk_from_feed >= 5: + elif risk_from_feed >= self.suspicious_threshold: dbot_score = 2 - + elif risk_from_feed > 0: + dbot_score = 0 + else: # risk_from_feed == 0 + dbot_score = 1 return dbot_score def check_indicator_risk_score(self, risk_score): @@ -565,8 +576,9 @@ def main(): # pragma: no cover raise DemistoException('API Token must be provided.') client = Client(RF_INDICATOR_TYPES[params.get('indicator_type')], api_token, params.get('services'), params.get('risk_rule'), params.get('fusion_file_path'), params.get('insecure'), - params.get('polling_timeout'), params.get('proxy'), params.get('threshold'), - params.get('risk_score_threshold'), argToList(params.get('feedTags')), params.get('tlp_color')) + params.get('polling_timeout'), params.get('proxy'), params.get('malicious_threshold'), + params.get('suspicious_threshold'), params.get('risk_score_threshold'), + argToList(params.get('feedTags')), params.get('tlp_color')) command = demisto.command() demisto.info(f'Command being called is {command}') # Switch case diff --git a/Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture.yml b/Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture.yml index 57d1febf2a93..7e21fbd66336 100644 --- a/Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture.yml +++ b/Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture.yml @@ -97,6 +97,7 @@ configuration: hiddenusername: true type: 9 required: false + display: '' - defaultvalue: connectApi display: Services name: services @@ -136,18 +137,24 @@ configuration: required: true type: 0 - additionalinfo: |- - The minimum score from the feed in order to to determine whether the indicator is malicious. Default is "65". For more information about Recorded Future scoring go to integration details. + The minimum score from the feed in order to determine whether the indicator is malicious. Default is "65". For more information about Recorded Future scoring go to integration details. defaultvalue: '65' display: Malicious Threshold name: threshold type: 0 required: false -- additionalinfo: If selected, will be used to filter out the ingested indicators, and only indicators with equivalent and higher risk score will be ingested into XSOAR. +- additionalinfo: The minimum score from the feed in order to determine whether the indicator is Suspicious. Ranges up to the Malicious Threshold. Default is "25". For more information about Recorded Future scoring go to integration details. + defaultvalue: '25' + display: Suspicious Threshold + name: suspicious_threshold + type: 0 + required: false +- additionalinfo: If selected, will be used to filter out the ingested indicators, and only indicators with equivalent and higher risk score will be ingested into XSOAR. Scores greater than the IOC Risk Score Threshold and less than the Suspicious Threshold will have an unknown verdict. defaultvalue: '0' display: IOC Risk Score Threshold name: risk_score_threshold - type: 0 required: false + type: 0 description: Ingests indicators from Recorded Future feeds into Demisto. display: Recorded Future RiskList Feed name: Recorded Future Feed @@ -195,10 +202,10 @@ script: - contextPath: RecordedFutureFeed.RiskRule.Criticality description: The risk rule criticality. type: String - dockerimage: demisto/python3:3.10.13.83255 + dockerimage: demisto/python3:3.10.13.86272 feed: true runonce: false - script: '-' + script: '' subtype: python3 type: python tests: diff --git a/Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture_test.py b/Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture_test.py index b9e63f66358b..e23cd2f5dce5 100644 --- a/Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture_test.py +++ b/Packs/FeedRecordedFuture/Integrations/FeedRecordedFuture/FeedRecordedFuture_test.py @@ -244,17 +244,48 @@ def test_get_indicators_command_by_risk_rules(mocker, indicator_type, risk_rules CALCULATE_DBOT_SCORE_INPUTS = [ - ('97', '65', 3), - ('90', '91', 3), - ('50', '65', 2), - ('0', '65', 0), - ('0', '0', 3), + ('90', '65', '25', 3), + ('45', '65', '25', 2), + ('15', '65', '25', 0), + ('0', '65', '25', 1), + ('90', '95', '25', 2), + ('45', '30', '25', 3), + ('15', '26', '25', 0), + ('0', '0', '-1', 3), + ('90', '98', '91', 0), + ('45', '65', '40', 2), + ('15', '10', '5', 3), + ('0', '65', '0', 2), + ('65', '65', '25', 3), + ('25', '65', '25', 2), + ('50', '51', '50', 2), ] -@pytest.mark.parametrize('risk_from_feed, threshold, expected_score', CALCULATE_DBOT_SCORE_INPUTS) -def test_calculate_dbot_score(risk_from_feed, threshold, expected_score): - client = Client(indicator_type='ip', api_token='123', services=['fusion'], threshold=threshold) +@pytest.mark.parametrize('risk_from_feed, malicious_threshold, suspicious_threshold, expected_score', CALCULATE_DBOT_SCORE_INPUTS) +def test_calculate_dbot_score(risk_from_feed, malicious_threshold, suspicious_threshold, expected_score): + """ + Given: + - Values for calculating an indicator's verdict including: + 1. The Recorded Future Risk Score of the indicator (0 - 100) + 2. The minimum score to be malicious (0 - 100) + 3. The minimum score to be suspicious (-1 - 100, must be less than the malicious_threshold) + 4. What the expected D-Bot Score (verdict) is (0 - 3) + - Individually adjust values 1, 2 & 3 to capture the cases + - Score is greater than the malicious threshold + - Score is between the malicious threshold and suspicious threshold + - Score is less than the suspicious threshold + - Score is 0 + - Score equals a threshold + + When: + - Running the 'calculate_indicator_score' + + Then: + - Verify the indicator's dbot score is set correctly given the suspicious and malicious risk score range. + """ + client = Client(indicator_type='ip', api_token='123', services=[ + 'fusion'], malicious_threshold=malicious_threshold, suspicious_threshold=suspicious_threshold) score = client.calculate_indicator_score(risk_from_feed) assert score == expected_score diff --git a/Packs/FeedRecordedFuture/ReleaseNotes/1_1_0.json b/Packs/FeedRecordedFuture/ReleaseNotes/1_1_0.json new file mode 100644 index 000000000000..059114733adf --- /dev/null +++ b/Packs/FeedRecordedFuture/ReleaseNotes/1_1_0.json @@ -0,0 +1,4 @@ +{ + "breakingChanges": true, + "breakingChangesNotes": "The default range for Recorded Future Risk Scores mapped to a Suspicious Verdict has been changed. The previous range was risk scores 5-64 (inclusive). The new range will be risk scores 25-64 (inclusive). Indicators greater than 64 will still be given a Malicious verdict, and indicators less than 25 will now be set to an Unknown verdict. The IOC Threshold, Suspicious Threshold, and Malicious Threshold can all be adjusted in the integration settings." +} \ No newline at end of file diff --git a/Packs/FeedRecordedFuture/ReleaseNotes/1_1_0.md b/Packs/FeedRecordedFuture/ReleaseNotes/1_1_0.md new file mode 100644 index 000000000000..e73c0eed1b67 --- /dev/null +++ b/Packs/FeedRecordedFuture/ReleaseNotes/1_1_0.md @@ -0,0 +1,8 @@ + +#### Integrations + +##### Recorded Future RiskList Feed + +***Breaking Changes*** The default range for Recorded Future Risk Scores mapped to a Suspicious Verdict has been changed. The previous range was risk scores 5-64 (inclusive). The new range will be risk scores 25-64 (inclusive). Indicators greater than 64 will still be given a Malicious verdict, and indicators less than 25 will now be set to an Unknown verdict. The IOC Threshold, Suspicious Threshold, and Malicious Threshold can all be adjusted in the integration settings. +- Added a **suspicious_threshold** parameter that allows users to change the range of risk scores that set a Suspicious verdict. Indicators with a risk score between the IOC Risk Score threshold and the Suspicious Threshold will be given an unknown verdict +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/FeedRecordedFuture/pack_metadata.json b/Packs/FeedRecordedFuture/pack_metadata.json index 5170144c4b45..cd2bf4cd9ef9 100644 --- a/Packs/FeedRecordedFuture/pack_metadata.json +++ b/Packs/FeedRecordedFuture/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Recorded Future Feed", "description": "Ingests indicators from Recorded Future feeds into Demisto.", "support": "xsoar", - "currentVersion": "1.0.33", + "currentVersion": "1.1.0", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedTAXII/Integrations/FeedTAXII2/FeedTAXII2.yml b/Packs/FeedTAXII/Integrations/FeedTAXII2/FeedTAXII2.yml index 75146f1467cf..71bcb682af20 100644 --- a/Packs/FeedTAXII/Integrations/FeedTAXII2/FeedTAXII2.yml +++ b/Packs/FeedTAXII/Integrations/FeedTAXII2/FeedTAXII2.yml @@ -227,7 +227,7 @@ script: - deprecated: true description: 'WARNING: This command will reset your fetch history.' name: taxii2-reset-fetch-indicators - dockerimage: demisto/taxii2:1.0.0.84787 + dockerimage: demisto/taxii2:1.0.0.86437 feed: true runonce: false script: '-' diff --git a/Packs/FeedTAXII/ReleaseNotes/1_2_4.md b/Packs/FeedTAXII/ReleaseNotes/1_2_4.md new file mode 100644 index 000000000000..0d6542a8cb66 --- /dev/null +++ b/Packs/FeedTAXII/ReleaseNotes/1_2_4.md @@ -0,0 +1,3 @@ +#### Integrations +##### TAXII 2 Feed +- Updated the Docker image to: *demisto/taxii2:1.0.0.86437*. diff --git a/Packs/FeedTAXII/pack_metadata.json b/Packs/FeedTAXII/pack_metadata.json index a36bc5db73ce..c1df66247369 100644 --- a/Packs/FeedTAXII/pack_metadata.json +++ b/Packs/FeedTAXII/pack_metadata.json @@ -2,7 +2,7 @@ "name": "TAXII Feed", "description": "Ingest indicator feeds from TAXII 1 and TAXII 2 servers.", "support": "xsoar", - "currentVersion": "1.2.3", + "currentVersion": "1.2.4", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml b/Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml index 70c7d6373ce7..ff78ab9bbd3f 100644 --- a/Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml +++ b/Packs/FeedUnit42v2/Integrations/FeedUnit42v2/FeedUnit42v2.yml @@ -111,7 +111,7 @@ script: - attack-pattern description: Retrieves a limited number of the indicators. name: unit42-get-indicators - dockerimage: demisto/taxii2:1.0.0.84787 + dockerimage: demisto/taxii2:1.0.0.86437 feed: true runonce: false script: '-' diff --git a/Packs/FeedUnit42v2/ReleaseNotes/1_0_46.md b/Packs/FeedUnit42v2/ReleaseNotes/1_0_46.md new file mode 100644 index 000000000000..8166523e5a5c --- /dev/null +++ b/Packs/FeedUnit42v2/ReleaseNotes/1_0_46.md @@ -0,0 +1,3 @@ +#### Integrations +##### Unit 42 ATOMs Feed +- Updated the Docker image to: *demisto/taxii2:1.0.0.86437*. diff --git a/Packs/FeedUnit42v2/pack_metadata.json b/Packs/FeedUnit42v2/pack_metadata.json index 81ff1513dcb8..47ccba401747 100644 --- a/Packs/FeedUnit42v2/pack_metadata.json +++ b/Packs/FeedUnit42v2/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Unit 42 ATOMs Feed", "description": "Unit 42 feed of published IOCs which contains malicious indicators.", "support": "xsoar", - "currentVersion": "1.0.45", + "currentVersion": "1.0.46", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FidelisElevateNetwork/Integrations/FidelisElevateNetwork/FidelisElevateNetwork.yml b/Packs/FidelisElevateNetwork/Integrations/FidelisElevateNetwork/FidelisElevateNetwork.yml index 98da8c46d4b1..156ba47a89f7 100644 --- a/Packs/FidelisElevateNetwork/Integrations/FidelisElevateNetwork/FidelisElevateNetwork.yml +++ b/Packs/FidelisElevateNetwork/Integrations/FidelisElevateNetwork/FidelisElevateNetwork.yml @@ -898,7 +898,7 @@ script: runonce: false script: '-' subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 type: python tests: - Fidelis-Test diff --git a/Packs/FidelisElevateNetwork/ReleaseNotes/1_0_9.md b/Packs/FidelisElevateNetwork/ReleaseNotes/1_0_9.md new file mode 100644 index 000000000000..38cff1223400 --- /dev/null +++ b/Packs/FidelisElevateNetwork/ReleaseNotes/1_0_9.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Fidelis Elevate Network + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/FidelisElevateNetwork/pack_metadata.json b/Packs/FidelisElevateNetwork/pack_metadata.json index fbc028d40d21..10012f14038a 100644 --- a/Packs/FidelisElevateNetwork/pack_metadata.json +++ b/Packs/FidelisElevateNetwork/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Fidelis Elevate Network", "description": "Automate Detection and Response to Network Threats and data leakage in your organization with Fidelis Elevate Network Integration.", "support": "xsoar", - "currentVersion": "1.0.8", + "currentVersion": "1.0.9", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FiltersAndTransformers/ReleaseNotes/1_2_57.md b/Packs/FiltersAndTransformers/ReleaseNotes/1_2_57.md new file mode 100644 index 000000000000..47669e3b0cca --- /dev/null +++ b/Packs/FiltersAndTransformers/ReleaseNotes/1_2_57.md @@ -0,0 +1,47 @@ + +#### Scripts + +##### GetRange +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + +##### AfterRelativeDate +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + +##### RegexReplace +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + +##### ConvertAllExcept +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + +##### Cut +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + +##### SumList +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + +##### InRange +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + +##### CheckIfSubdomain +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + +##### FormatTemplate +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + +##### RegexExtractAll +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + +##### ExtractInbetween +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + diff --git a/Packs/FiltersAndTransformers/Scripts/AfterRelativeDate/AfterRelativeDate.yml b/Packs/FiltersAndTransformers/Scripts/AfterRelativeDate/AfterRelativeDate.yml index c51e43385d27..899a32d91038 100644 --- a/Packs/FiltersAndTransformers/Scripts/AfterRelativeDate/AfterRelativeDate.yml +++ b/Packs/FiltersAndTransformers/Scripts/AfterRelativeDate/AfterRelativeDate.yml @@ -19,7 +19,7 @@ tags: - Condition timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole fromversion: 5.0.0 tests: diff --git a/Packs/FiltersAndTransformers/Scripts/CheckIfSubdomain/CheckIfSubdomain.yml b/Packs/FiltersAndTransformers/Scripts/CheckIfSubdomain/CheckIfSubdomain.yml index 8a736a645bd5..5c95fea413b7 100644 --- a/Packs/FiltersAndTransformers/Scripts/CheckIfSubdomain/CheckIfSubdomain.yml +++ b/Packs/FiltersAndTransformers/Scripts/CheckIfSubdomain/CheckIfSubdomain.yml @@ -19,7 +19,7 @@ args: description: A list of internal assets (for example, mycompany.com) scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole fromversion: 5.5.0 tests: diff --git a/Packs/FiltersAndTransformers/Scripts/ConvertAllExcept/ConvertAllExcept.yml b/Packs/FiltersAndTransformers/Scripts/ConvertAllExcept/ConvertAllExcept.yml index 98208fcb1049..9d0a63b50576 100644 --- a/Packs/FiltersAndTransformers/Scripts/ConvertAllExcept/ConvertAllExcept.yml +++ b/Packs/FiltersAndTransformers/Scripts/ConvertAllExcept/ConvertAllExcept.yml @@ -21,7 +21,7 @@ args: isArray: true scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole tests: - No test - used in Prisma Cloud classifier. diff --git a/Packs/FiltersAndTransformers/Scripts/Cut/Cut.yml b/Packs/FiltersAndTransformers/Scripts/Cut/Cut.yml index 324248a0cabc..6c4010f7f8c9 100644 --- a/Packs/FiltersAndTransformers/Scripts/Cut/Cut.yml +++ b/Packs/FiltersAndTransformers/Scripts/Cut/Cut.yml @@ -34,4 +34,4 @@ runas: DBotWeakRole tests: - CutTransformerTest fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 diff --git a/Packs/FiltersAndTransformers/Scripts/ExtractInbetween/ExtractInbetween.yml b/Packs/FiltersAndTransformers/Scripts/ExtractInbetween/ExtractInbetween.yml index 56a8e8bc178c..5c4657433a9a 100644 --- a/Packs/FiltersAndTransformers/Scripts/ExtractInbetween/ExtractInbetween.yml +++ b/Packs/FiltersAndTransformers/Scripts/ExtractInbetween/ExtractInbetween.yml @@ -22,7 +22,7 @@ args: required: true scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole fromversion: 5.5.0 tests: diff --git a/Packs/FiltersAndTransformers/Scripts/FormatTemplate/FormatTemplate.yml b/Packs/FiltersAndTransformers/Scripts/FormatTemplate/FormatTemplate.yml index f08c2a648104..cc5469168d8b 100644 --- a/Packs/FiltersAndTransformers/Scripts/FormatTemplate/FormatTemplate.yml +++ b/Packs/FiltersAndTransformers/Scripts/FormatTemplate/FormatTemplate.yml @@ -39,7 +39,7 @@ args: defaultValue: "false" scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole fromversion: 6.5.0 tests: diff --git a/Packs/FiltersAndTransformers/Scripts/GetRange/GetRange.yml b/Packs/FiltersAndTransformers/Scripts/GetRange/GetRange.yml index 661176de57fa..6d7bc7d50186 100644 --- a/Packs/FiltersAndTransformers/Scripts/GetRange/GetRange.yml +++ b/Packs/FiltersAndTransformers/Scripts/GetRange/GetRange.yml @@ -23,7 +23,7 @@ tags: - entirelist timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.5.0 tests: - No tests (auto formatted) diff --git a/Packs/FiltersAndTransformers/Scripts/InRange/InRange.yml b/Packs/FiltersAndTransformers/Scripts/InRange/InRange.yml index 1501232e7d1d..7ae8986b0825 100644 --- a/Packs/FiltersAndTransformers/Scripts/InRange/InRange.yml +++ b/Packs/FiltersAndTransformers/Scripts/InRange/InRange.yml @@ -23,4 +23,4 @@ scripttarget: 0 fromversion: 5.0.0 tests: - No tests (auto formatted) -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 diff --git a/Packs/FiltersAndTransformers/Scripts/RegexExtractAll/RegexExtractAll.yml b/Packs/FiltersAndTransformers/Scripts/RegexExtractAll/RegexExtractAll.yml index db2e4fe8a69e..6cb6b936d3c2 100644 --- a/Packs/FiltersAndTransformers/Scripts/RegexExtractAll/RegexExtractAll.yml +++ b/Packs/FiltersAndTransformers/Scripts/RegexExtractAll/RegexExtractAll.yml @@ -62,7 +62,7 @@ args: defaultValue: "false" scripttarget: 0 subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotWeakRole tests: - No test - unit test diff --git a/Packs/FiltersAndTransformers/Scripts/RegexReplace/RegexReplace.yml b/Packs/FiltersAndTransformers/Scripts/RegexReplace/RegexReplace.yml index eee8f94adf49..2bec3fb2eb2d 100644 --- a/Packs/FiltersAndTransformers/Scripts/RegexReplace/RegexReplace.yml +++ b/Packs/FiltersAndTransformers/Scripts/RegexReplace/RegexReplace.yml @@ -47,7 +47,7 @@ comment: |- commonfields: id: RegexReplace version: -1 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 enabled: true name: RegexReplace runas: DBotWeakRole diff --git a/Packs/FiltersAndTransformers/Scripts/SumList/SumList.yml b/Packs/FiltersAndTransformers/Scripts/SumList/SumList.yml index 38c1a1ef918f..ef63a5f62a40 100644 --- a/Packs/FiltersAndTransformers/Scripts/SumList/SumList.yml +++ b/Packs/FiltersAndTransformers/Scripts/SumList/SumList.yml @@ -19,7 +19,7 @@ timeout: '0' type: python runas: DBotWeakRole subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - sumList - Test fromversion: 5.0.0 diff --git a/Packs/FiltersAndTransformers/pack_metadata.json b/Packs/FiltersAndTransformers/pack_metadata.json index d0955b8b2481..4d94a55739c4 100644 --- a/Packs/FiltersAndTransformers/pack_metadata.json +++ b/Packs/FiltersAndTransformers/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Filters And Transformers", "description": "Frequently used filters and transformers pack.", "support": "xsoar", - "currentVersion": "1.2.56", + "currentVersion": "1.2.57", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FireEyeETP/Integrations/FireEyeETP/FireEyeETP.yml b/Packs/FireEyeETP/Integrations/FireEyeETP/FireEyeETP.yml index 16752e571b89..c00696cea248 100644 --- a/Packs/FireEyeETP/Integrations/FireEyeETP/FireEyeETP.yml +++ b/Packs/FireEyeETP/Integrations/FireEyeETP/FireEyeETP.yml @@ -302,7 +302,7 @@ script: description: Detailed information from any particular alert. Alerts more than 90 days old are not available. isfetch: true subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 tests: - No Test diff --git a/Packs/FireEyeETP/ReleaseNotes/1_4_3.md b/Packs/FireEyeETP/ReleaseNotes/1_4_3.md new file mode 100644 index 000000000000..8038eeb1eab7 --- /dev/null +++ b/Packs/FireEyeETP/ReleaseNotes/1_4_3.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### FireEye ETP + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/FireEyeETP/pack_metadata.json b/Packs/FireEyeETP/pack_metadata.json index a1d28da79939..eb9fc8775242 100644 --- a/Packs/FireEyeETP/pack_metadata.json +++ b/Packs/FireEyeETP/pack_metadata.json @@ -2,7 +2,7 @@ "name": "FireEye ETP", "description": "FireEye Email Threat Prevention (ETP Cloud) is a cloud-based platform that protects against advanced email attacks.", "support": "xsoar", - "currentVersion": "1.4.2", + "currentVersion": "1.4.3", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FireEyeHX/Integrations/FireEyeHXEventCollector/FireEyeHXEventCollector.yml b/Packs/FireEyeHX/Integrations/FireEyeHXEventCollector/FireEyeHXEventCollector.yml index 60c73d60cdd0..7b616ea16695 100644 --- a/Packs/FireEyeHX/Integrations/FireEyeHXEventCollector/FireEyeHXEventCollector.yml +++ b/Packs/FireEyeHX/Integrations/FireEyeHXEventCollector/FireEyeHXEventCollector.yml @@ -54,7 +54,7 @@ script: - 'true' - 'false' required: true - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 isfetchevents: true script: '-' subtype: python3 diff --git a/Packs/FireEyeHX/Integrations/FireEyeHXv2/FireEyeHXv2.yml b/Packs/FireEyeHX/Integrations/FireEyeHXv2/FireEyeHXv2.yml index 7db9ff3e8503..8c7422084c97 100644 --- a/Packs/FireEyeHX/Integrations/FireEyeHXv2/FireEyeHXv2.yml +++ b/Packs/FireEyeHX/Integrations/FireEyeHXv2/FireEyeHXv2.yml @@ -1795,7 +1795,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 fromversion: 6.0.0 tests: - FireEyeHX_v2 diff --git a/Packs/FireEyeHX/ReleaseNotes/2_3_12.md b/Packs/FireEyeHX/ReleaseNotes/2_3_12.md new file mode 100644 index 000000000000..8b395a0e04db --- /dev/null +++ b/Packs/FireEyeHX/ReleaseNotes/2_3_12.md @@ -0,0 +1,11 @@ + +#### Integrations + +##### FireEye HX Event Collector +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + +##### FireEye Endpoint Security (HX) v2 +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + diff --git a/Packs/FireEyeHX/pack_metadata.json b/Packs/FireEyeHX/pack_metadata.json index 40dcdf0f35b6..dc262a702cff 100644 --- a/Packs/FireEyeHX/pack_metadata.json +++ b/Packs/FireEyeHX/pack_metadata.json @@ -2,7 +2,7 @@ "name": "FireEye HX", "description": "FireEye Endpoint Security is an integrated solution that detects and protects endpoints against known and unknown threats. The FireEye HX Cortex XSOAR integration provides access to information about endpoints, acquisitions, alerts, indicators, and containment. Customers can extract critical data and effectively operate the security operations automated playbooks.", "support": "xsoar", - "currentVersion": "2.3.11", + "currentVersion": "2.3.12", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FireEyeHelix/Integrations/FireEyeHelix/FireEyeHelix.yml b/Packs/FireEyeHelix/Integrations/FireEyeHelix/FireEyeHelix.yml index a6a764f94271..352e22511320 100644 --- a/Packs/FireEyeHelix/Integrations/FireEyeHelix/FireEyeHelix.yml +++ b/Packs/FireEyeHelix/Integrations/FireEyeHelix/FireEyeHelix.yml @@ -1661,7 +1661,7 @@ script: - contextPath: FireEyeHelixSearch.State description: State of the search. type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/FireEyeHelix/ReleaseNotes/1_0_9.md b/Packs/FireEyeHelix/ReleaseNotes/1_0_9.md new file mode 100644 index 000000000000..7959c9f5feb6 --- /dev/null +++ b/Packs/FireEyeHelix/ReleaseNotes/1_0_9.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### FireEye Helix +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + diff --git a/Packs/FireEyeHelix/pack_metadata.json b/Packs/FireEyeHelix/pack_metadata.json index 43d533c10216..052c65aca639 100644 --- a/Packs/FireEyeHelix/pack_metadata.json +++ b/Packs/FireEyeHelix/pack_metadata.json @@ -2,7 +2,7 @@ "name": "FireEye Helix", "description": "FireEye Helix is a security operations platform. FireEye Helix integrates security tools and augments them with next-generation SIEM, orchestration and threat intelligence tools such as alert management, search, analysis, investigations and reporting.", "support": "xsoar", - "currentVersion": "1.0.8", + "currentVersion": "1.0.9", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FireMonSecurityManager/Integrations/FireMonSecurityManager/FireMonSecurityManager.yml b/Packs/FireMonSecurityManager/Integrations/FireMonSecurityManager/FireMonSecurityManager.yml index e85d5177e806..120ade807ed3 100644 --- a/Packs/FireMonSecurityManager/Integrations/FireMonSecurityManager/FireMonSecurityManager.yml +++ b/Packs/FireMonSecurityManager/Integrations/FireMonSecurityManager/FireMonSecurityManager.yml @@ -117,7 +117,7 @@ script: - contextPath: FireMonSecurityManager.SIQL.matchId description: Resposne for the SIQL query. type: Unknown - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true script: '' subtype: python3 diff --git a/Packs/FireMonSecurityManager/ReleaseNotes/1_1_22.md b/Packs/FireMonSecurityManager/ReleaseNotes/1_1_22.md new file mode 100644 index 000000000000..64eac095d183 --- /dev/null +++ b/Packs/FireMonSecurityManager/ReleaseNotes/1_1_22.md @@ -0,0 +1,3 @@ +#### Integrations +##### FireMon Security Manager +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/FireMonSecurityManager/pack_metadata.json b/Packs/FireMonSecurityManager/pack_metadata.json index 1665765e4cbe..b236c3d56d1c 100644 --- a/Packs/FireMonSecurityManager/pack_metadata.json +++ b/Packs/FireMonSecurityManager/pack_metadata.json @@ -2,7 +2,7 @@ "name": "FireMon Security Manager", "description": "Creates a Policy Planner Ticket in Policy Planner Application and Validates Pre Changes assessments for new requirement.", "support": "partner", - "currentVersion": "1.1.21", + "currentVersion": "1.1.22", "author": "FireMon", "url": "https://www.firemon.com/services-support-services/", "email": "support@firemon.com", diff --git a/Packs/FlashpointFeed/Integrations/FlashpointFeed/FlashpointFeed.yml b/Packs/FlashpointFeed/Integrations/FlashpointFeed/FlashpointFeed.yml index c2e86bcda6ec..268636710842 100644 --- a/Packs/FlashpointFeed/Integrations/FlashpointFeed/FlashpointFeed.yml +++ b/Packs/FlashpointFeed/Integrations/FlashpointFeed/FlashpointFeed.yml @@ -135,7 +135,7 @@ script: name: types description: Retrieves indicators from the Flashpoint API. It displays the content of the fetch-indicators command. name: flashpoint-get-indicators - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 feed: true runonce: false script: '-' diff --git a/Packs/FlashpointFeed/ReleaseNotes/1_0_24.md b/Packs/FlashpointFeed/ReleaseNotes/1_0_24.md new file mode 100644 index 000000000000..384f9ab4ead3 --- /dev/null +++ b/Packs/FlashpointFeed/ReleaseNotes/1_0_24.md @@ -0,0 +1,3 @@ +#### Integrations +##### Flashpoint Feed +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/FlashpointFeed/pack_metadata.json b/Packs/FlashpointFeed/pack_metadata.json index f4500fb022f5..e3ad77523cc6 100644 --- a/Packs/FlashpointFeed/pack_metadata.json +++ b/Packs/FlashpointFeed/pack_metadata.json @@ -2,7 +2,7 @@ "name": "FlashpointFeed", "description": "Ingest indicator feeds from Flashpoint.", "support": "partner", - "currentVersion": "1.0.23", + "currentVersion": "1.0.24", "author": "Flashpoint", "url": "https://www.flashpoint-intel.com/", "email": "demisto_support@flashpoint-intel.com", diff --git a/Packs/ForcepointDLP/Integrations/ForcepointEventCollector/ForcepointEventCollector.yml b/Packs/ForcepointDLP/Integrations/ForcepointEventCollector/ForcepointEventCollector.yml index 74630b792652..1eb4fa4364c5 100644 --- a/Packs/ForcepointDLP/Integrations/ForcepointEventCollector/ForcepointEventCollector.yml +++ b/Packs/ForcepointDLP/Integrations/ForcepointEventCollector/ForcepointEventCollector.yml @@ -72,7 +72,7 @@ script: required: true description: Gets security events from Forcepoint DLP. name: forcepoint-dlp-get-events - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetchevents: true runonce: false script: '' diff --git a/Packs/ForcepointDLP/ReleaseNotes/1_0_4.md b/Packs/ForcepointDLP/ReleaseNotes/1_0_4.md new file mode 100644 index 000000000000..545825d8fca3 --- /dev/null +++ b/Packs/ForcepointDLP/ReleaseNotes/1_0_4.md @@ -0,0 +1,3 @@ +#### Integrations +##### Forcepoint DLP (Beta) Event Collector +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/ForcepointDLP/pack_metadata.json b/Packs/ForcepointDLP/pack_metadata.json index 3b34122de781..f4f25134a6ae 100644 --- a/Packs/ForcepointDLP/pack_metadata.json +++ b/Packs/ForcepointDLP/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Forcepoint DLP", "description": "Forcepoint DLP event collector", "support": "xsoar", - "currentVersion": "1.0.3", + "currentVersion": "1.0.4", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FortiManager/Integrations/FortiManager/FortiManager.yml b/Packs/FortiManager/Integrations/FortiManager/FortiManager.yml index b5c43cca4e95..59428db8059b 100644 --- a/Packs/FortiManager/Integrations/FortiManager/FortiManager.yml +++ b/Packs/FortiManager/Integrations/FortiManager/FortiManager.yml @@ -1985,7 +1985,7 @@ script: - contextPath: FortiManager.Installation.user description: The installation task user. type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/FortiManager/ReleaseNotes/1_0_8.md b/Packs/FortiManager/ReleaseNotes/1_0_8.md new file mode 100644 index 000000000000..0a8704f21222 --- /dev/null +++ b/Packs/FortiManager/ReleaseNotes/1_0_8.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### FortiManager + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/FortiManager/pack_metadata.json b/Packs/FortiManager/pack_metadata.json index 44fcc93221ac..11153af96822 100644 --- a/Packs/FortiManager/pack_metadata.json +++ b/Packs/FortiManager/pack_metadata.json @@ -2,7 +2,7 @@ "name": "FortiManager", "description": "Manage your FortiNet firewall", "support": "xsoar", - "currentVersion": "1.0.7", + "currentVersion": "1.0.8", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FortiSIEM/Integrations/FortiSIEMV2/FortiSIEMV2.yml b/Packs/FortiSIEM/Integrations/FortiSIEMV2/FortiSIEMV2.yml index fc9812ec567c..143c4c5dc1aa 100644 --- a/Packs/FortiSIEM/Integrations/FortiSIEMV2/FortiSIEMV2.yml +++ b/Packs/FortiSIEM/Integrations/FortiSIEMV2/FortiSIEMV2.yml @@ -701,7 +701,7 @@ script: - contextPath: FortiSIEM.WatchlistEntry.ageOut description: Expiration date of the entry. type: String - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/FortiSIEM/ReleaseNotes/2_0_31.md b/Packs/FortiSIEM/ReleaseNotes/2_0_31.md new file mode 100644 index 000000000000..256646b34243 --- /dev/null +++ b/Packs/FortiSIEM/ReleaseNotes/2_0_31.md @@ -0,0 +1,3 @@ +#### Integrations +##### FortiSIEM v2 +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/FortiSIEM/pack_metadata.json b/Packs/FortiSIEM/pack_metadata.json index c1a4c9e4c6f7..035558a68ac2 100644 --- a/Packs/FortiSIEM/pack_metadata.json +++ b/Packs/FortiSIEM/pack_metadata.json @@ -2,7 +2,7 @@ "name": "FortiSIEM", "description": "Search and update events of FortiSIEM and manage resource lists.", "support": "xsoar", - "currentVersion": "2.0.30", + "currentVersion": "2.0.31", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Fortimail/Integrations/Fortimail/Fortimail.yml b/Packs/Fortimail/Integrations/Fortimail/Fortimail.yml index 822bb5f1cdc2..cffd9862869b 100644 --- a/Packs/Fortimail/Integrations/Fortimail/Fortimail.yml +++ b/Packs/Fortimail/Integrations/Fortimail/Fortimail.yml @@ -2206,7 +2206,7 @@ script: type: String type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: false script: '' fromversion: 6.10.0 diff --git a/Packs/Fortimail/ReleaseNotes/1_0_3.md b/Packs/Fortimail/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..f818da1f45da --- /dev/null +++ b/Packs/Fortimail/ReleaseNotes/1_0_3.md @@ -0,0 +1,3 @@ +#### Integrations +##### FortiMail +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Fortimail/pack_metadata.json b/Packs/Fortimail/pack_metadata.json index cb4350b79d5e..ac9d3d9d0823 100644 --- a/Packs/Fortimail/pack_metadata.json +++ b/Packs/Fortimail/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Fortimail", "description": "FortiMail is a comprehensive email security solution by Fortinet, offering advanced threat protection, data loss prevention, encryption, and email authentication to safeguard organizations against email-based cyber threats and protect sensitive information.", "support": "xsoar", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FreshDesk/Integrations/FreshDesk/FreshDesk.yml b/Packs/FreshDesk/Integrations/FreshDesk/FreshDesk.yml index 458251c6ff9d..828ab0a4c482 100644 --- a/Packs/FreshDesk/Integrations/FreshDesk/FreshDesk.yml +++ b/Packs/FreshDesk/Integrations/FreshDesk/FreshDesk.yml @@ -1011,7 +1011,7 @@ script: runonce: false script: '-' subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 type: python tests: - Freshdesk-Test diff --git a/Packs/FreshDesk/ReleaseNotes/1_0_14.md b/Packs/FreshDesk/ReleaseNotes/1_0_14.md new file mode 100644 index 000000000000..27054e838590 --- /dev/null +++ b/Packs/FreshDesk/ReleaseNotes/1_0_14.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Freshdesk + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/FreshDesk/pack_metadata.json b/Packs/FreshDesk/pack_metadata.json index 31598aab6f28..b0b700fb68d3 100644 --- a/Packs/FreshDesk/pack_metadata.json +++ b/Packs/FreshDesk/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Freshdesk", "description": "The Freshdesk integration allows you to create, update, and delete tickets; reply to and create notes for tickets as well as view Groups, Agents and Contacts.", "support": "xsoar", - "currentVersion": "1.0.13", + "currentVersion": "1.0.14", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/FreshworksFreshservice/Integrations/FreshworksFreshservice/FreshworksFreshservice.yml b/Packs/FreshworksFreshservice/Integrations/FreshworksFreshservice/FreshworksFreshservice.yml index a7094dd90409..f5d7a787bf62 100644 --- a/Packs/FreshworksFreshservice/Integrations/FreshworksFreshservice/FreshworksFreshservice.yml +++ b/Packs/FreshworksFreshservice/Integrations/FreshworksFreshservice/FreshworksFreshservice.yml @@ -3448,7 +3448,7 @@ script: name: lastUpdate description: Gets the list of incidents that were modified since the last update time. Note that this method is here for debugging purposes. The get-modified-remote-data command is used as part of a Mirroring feature, which is available in Cortex XSOAR from version 6.1. name: get-modified-remote-data - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true ismappable: true isremotesyncin: true diff --git a/Packs/FreshworksFreshservice/ReleaseNotes/1_0_21.md b/Packs/FreshworksFreshservice/ReleaseNotes/1_0_21.md new file mode 100644 index 000000000000..2068a9888320 --- /dev/null +++ b/Packs/FreshworksFreshservice/ReleaseNotes/1_0_21.md @@ -0,0 +1,3 @@ +#### Integrations +##### Freshworks Freshservice +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/FreshworksFreshservice/pack_metadata.json b/Packs/FreshworksFreshservice/pack_metadata.json index 817e91433ef2..f2072924e83c 100644 --- a/Packs/FreshworksFreshservice/pack_metadata.json +++ b/Packs/FreshworksFreshservice/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Freshworks Freshservice", "description": "Freshservice is a service management solution that allows customers to manage service requests, incidents, change requests tasks, and problem investigation.", "support": "xsoar", - "currentVersion": "1.0.20", + "currentVersion": "1.0.21", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/GSuiteAdmin/Integrations/GSuiteAdmin/GSuiteAdmin.yml b/Packs/GSuiteAdmin/Integrations/GSuiteAdmin/GSuiteAdmin.yml index 0f41bba0bc64..2bd3d2727ec0 100644 --- a/Packs/GSuiteAdmin/Integrations/GSuiteAdmin/GSuiteAdmin.yml +++ b/Packs/GSuiteAdmin/Integrations/GSuiteAdmin/GSuiteAdmin.yml @@ -2229,7 +2229,7 @@ script: - contextPath: GSuite.Group.nonEditableAliases description: List of the group's non-editable alias email addresses that are outside of the account's primary domain or subdomains. type: String - dockerimage: demisto/googleapi-python3:1.0.0.84439 + dockerimage: demisto/googleapi-python3:1.0.0.86179 runonce: false script: '-' subtype: python3 diff --git a/Packs/GSuiteAdmin/ReleaseNotes/1_1_34.md b/Packs/GSuiteAdmin/ReleaseNotes/1_1_34.md new file mode 100644 index 000000000000..5141d18816a0 --- /dev/null +++ b/Packs/GSuiteAdmin/ReleaseNotes/1_1_34.md @@ -0,0 +1,3 @@ +#### Integrations +##### Google Workspace Admin +- Updated the Docker image to: *demisto/googleapi-python3:1.0.0.86179*. diff --git a/Packs/GSuiteAdmin/pack_metadata.json b/Packs/GSuiteAdmin/pack_metadata.json index f0fd38ca6182..e967158ba738 100644 --- a/Packs/GSuiteAdmin/pack_metadata.json +++ b/Packs/GSuiteAdmin/pack_metadata.json @@ -2,7 +2,7 @@ "name": "G Suite Admin", "description": "G Suite Admin integration with Cortex XSOAR. G Suite or Google Workspace Admin is an integration to perform an action on IT infrastructure, create users, update settings, and more administrative tasks.", "support": "xsoar", - "currentVersion": "1.1.33", + "currentVersion": "1.1.34", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/GSuiteSecurityAlertCenter/Integrations/GSuiteSecurityAlertCenter/GSuiteSecurityAlertCenter.yml b/Packs/GSuiteSecurityAlertCenter/Integrations/GSuiteSecurityAlertCenter/GSuiteSecurityAlertCenter.yml index 8b0cb2ef258a..560568651fcb 100644 --- a/Packs/GSuiteSecurityAlertCenter/Integrations/GSuiteSecurityAlertCenter/GSuiteSecurityAlertCenter.yml +++ b/Packs/GSuiteSecurityAlertCenter/Integrations/GSuiteSecurityAlertCenter/GSuiteSecurityAlertCenter.yml @@ -767,7 +767,7 @@ script: - contextPath: GSuiteSecurityAlert.Recover.failedAlerts.status description: Status of the failed alert recovery. type: String - dockerimage: demisto/googleapi-python3:1.0.0.84439 + dockerimage: demisto/googleapi-python3:1.0.0.86179 isfetch: true runonce: false script: '-' diff --git a/Packs/GSuiteSecurityAlertCenter/ReleaseNotes/1_1_41.md b/Packs/GSuiteSecurityAlertCenter/ReleaseNotes/1_1_41.md new file mode 100644 index 000000000000..ed587ead9190 --- /dev/null +++ b/Packs/GSuiteSecurityAlertCenter/ReleaseNotes/1_1_41.md @@ -0,0 +1,3 @@ +#### Integrations +##### G Suite Security Alert Center +- Updated the Docker image to: *demisto/googleapi-python3:1.0.0.86179*. diff --git a/Packs/GSuiteSecurityAlertCenter/pack_metadata.json b/Packs/GSuiteSecurityAlertCenter/pack_metadata.json index 0de091499c46..4ed5316d9829 100644 --- a/Packs/GSuiteSecurityAlertCenter/pack_metadata.json +++ b/Packs/GSuiteSecurityAlertCenter/pack_metadata.json @@ -2,7 +2,7 @@ "name": "G Suite Security Alert Center", "description": "Fetch alert types, delete or recover alerts, retrieve an alert's metadata, and create or view alert feedback.", "support": "xsoar", - "currentVersion": "1.1.40", + "currentVersion": "1.1.41", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Gatewatcher-AionIQ/Integrations/GCenter/GCenter.yml b/Packs/Gatewatcher-AionIQ/Integrations/GCenter/GCenter.yml index 0473956342ef..ee80881eabb3 100644 --- a/Packs/Gatewatcher-AionIQ/Integrations/GCenter/GCenter.yml +++ b/Packs/Gatewatcher-AionIQ/Integrations/GCenter/GCenter.yml @@ -1312,7 +1312,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 fromversion: 6.2.0 tests: - Gcenter Test Playbook diff --git a/Packs/Gatewatcher-AionIQ/ReleaseNotes/1_1_19.md b/Packs/Gatewatcher-AionIQ/ReleaseNotes/1_1_19.md new file mode 100644 index 000000000000..6748599131d4 --- /dev/null +++ b/Packs/Gatewatcher-AionIQ/ReleaseNotes/1_1_19.md @@ -0,0 +1,3 @@ +#### Integrations +##### GCenter +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Gatewatcher-AionIQ/pack_metadata.json b/Packs/Gatewatcher-AionIQ/pack_metadata.json index fecc1718cea5..36a921d2e03b 100644 --- a/Packs/Gatewatcher-AionIQ/pack_metadata.json +++ b/Packs/Gatewatcher-AionIQ/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Gatewatcher AionIQ", "description": "This pack provide integration with Gatewatcher NDR solution : AIonIQ", "support": "partner", - "currentVersion": "1.1.18", + "currentVersion": "1.1.19", "author": "Gatewatcher", "url": "https://www.gatewatcher.com/", "email": "integration@gatewatcher.com", diff --git a/Packs/GoogleCalendar/Integrations/GoogleCalendar/GoogleCalendar.yml b/Packs/GoogleCalendar/Integrations/GoogleCalendar/GoogleCalendar.yml index 05eeb5d96527..6d4e31395ae8 100644 --- a/Packs/GoogleCalendar/Integrations/GoogleCalendar/GoogleCalendar.yml +++ b/Packs/GoogleCalendar/Integrations/GoogleCalendar/GoogleCalendar.yml @@ -173,7 +173,7 @@ script: - contextPath: GoogleCalendar.PageToken.Acl.nextSyncToken description: Token used at a later point in time to retrieve only the entries that have changed since this result was returned. type: String - dockerimage: demisto/googleapi-python3:1.0.0.84439 + dockerimage: demisto/googleapi-python3:1.0.0.86179 runonce: false script: '-' subtype: python3 diff --git a/Packs/GoogleCalendar/ReleaseNotes/1_1_43.md b/Packs/GoogleCalendar/ReleaseNotes/1_1_43.md new file mode 100644 index 000000000000..b3febd3bbdd0 --- /dev/null +++ b/Packs/GoogleCalendar/ReleaseNotes/1_1_43.md @@ -0,0 +1,3 @@ +#### Integrations +##### Google Calendar +- Updated the Docker image to: *demisto/googleapi-python3:1.0.0.86179*. diff --git a/Packs/GoogleCalendar/pack_metadata.json b/Packs/GoogleCalendar/pack_metadata.json index f6a33e423d0e..bb6ecdddeeaf 100644 --- a/Packs/GoogleCalendar/pack_metadata.json +++ b/Packs/GoogleCalendar/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Google Calendar", "description": "Google Calendar integration with Cortex XSOAR.", "support": "xsoar", - "currentVersion": "1.1.42", + "currentVersion": "1.1.43", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/GoogleChronicleBackstory/Integrations/GoogleChronicleBackstory/GoogleChronicleBackstory.yml b/Packs/GoogleChronicleBackstory/Integrations/GoogleChronicleBackstory/GoogleChronicleBackstory.yml index a4559314dc7d..e3e2efe5480b 100644 --- a/Packs/GoogleChronicleBackstory/Integrations/GoogleChronicleBackstory/GoogleChronicleBackstory.yml +++ b/Packs/GoogleChronicleBackstory/Integrations/GoogleChronicleBackstory/GoogleChronicleBackstory.yml @@ -6698,7 +6698,7 @@ script: - contextPath: GoogleChronicleBackstory.Events.securityResult.urlBackToProduct description: URL to direct you to the source product console for this security event. type: String - dockerimage: demisto/googleapi-python3:1.0.0.85147 + dockerimage: demisto/googleapi-python3:1.0.0.86179 isfetch: true runonce: false script: '-' diff --git a/Packs/GoogleChronicleBackstory/ReleaseNotes/3_1_1.md b/Packs/GoogleChronicleBackstory/ReleaseNotes/3_1_1.md new file mode 100644 index 000000000000..88468eca256d --- /dev/null +++ b/Packs/GoogleChronicleBackstory/ReleaseNotes/3_1_1.md @@ -0,0 +1,3 @@ +#### Integrations +##### Chronicle +- Updated the Docker image to: *demisto/googleapi-python3:1.0.0.86179*. diff --git a/Packs/GoogleChronicleBackstory/pack_metadata.json b/Packs/GoogleChronicleBackstory/pack_metadata.json index 6c3f0e5c6875..6cbd6cbfacc7 100644 --- a/Packs/GoogleChronicleBackstory/pack_metadata.json +++ b/Packs/GoogleChronicleBackstory/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Chronicle", "description": "Retrieve Chronicle detections, impacted assets, IOC matches, and 3P alerts to enrich your XSOAR workflows.", "support": "partner", - "currentVersion": "3.1.0", + "currentVersion": "3.1.1", "certification": "certified", "author": "Chronicle", "url": "https://go.chronicle.security/contact", diff --git a/Packs/GoogleDrive/Integrations/GoogleDrive/GoogleDrive.yml b/Packs/GoogleDrive/Integrations/GoogleDrive/GoogleDrive.yml index 00f15adc6f82..f140d1a75350 100644 --- a/Packs/GoogleDrive/Integrations/GoogleDrive/GoogleDrive.yml +++ b/Packs/GoogleDrive/Integrations/GoogleDrive/GoogleDrive.yml @@ -3103,7 +3103,7 @@ script: - contextPath: GoogleDrive.File.Parents description: The IDs of the parent folders which contain the file. type: String - dockerimage: demisto/googleapi-python3:1.0.0.85008 + dockerimage: demisto/googleapi-python3:1.0.0.86179 isfetch: true runonce: false script: "-" diff --git a/Packs/GoogleDrive/ReleaseNotes/1_3_2.md b/Packs/GoogleDrive/ReleaseNotes/1_3_2.md new file mode 100644 index 000000000000..03749e7098e5 --- /dev/null +++ b/Packs/GoogleDrive/ReleaseNotes/1_3_2.md @@ -0,0 +1,3 @@ +#### Integrations +##### Google Drive +- Updated the Docker image to: *demisto/googleapi-python3:1.0.0.86179*. diff --git a/Packs/GoogleDrive/pack_metadata.json b/Packs/GoogleDrive/pack_metadata.json index 0c6214e51eec..59b0efe67385 100644 --- a/Packs/GoogleDrive/pack_metadata.json +++ b/Packs/GoogleDrive/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Google Drive", "description": "Google Drive allows users to store files on their servers, synchronize files across devices, and share files. This integration helps you to create a new drive, query past activity and view change logs performed by the users, as well as list drives and files, and manage their permissions.", "support": "xsoar", - "currentVersion": "1.3.1", + "currentVersion": "1.3.2", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/GoogleMaps/Integrations/GoogleMaps/GoogleMaps.yml b/Packs/GoogleMaps/Integrations/GoogleMaps/GoogleMaps.yml index c69b856fd007..472de8a4198b 100644 --- a/Packs/GoogleMaps/Integrations/GoogleMaps/GoogleMaps.yml +++ b/Packs/GoogleMaps/Integrations/GoogleMaps/GoogleMaps.yml @@ -55,7 +55,7 @@ script: - contextPath: GoogleMaps.Country description: The country or region where the provided location is, according to Google Maps. type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/GoogleMaps/ReleaseNotes/1_0_15.md b/Packs/GoogleMaps/ReleaseNotes/1_0_15.md new file mode 100644 index 000000000000..11a47d6521f5 --- /dev/null +++ b/Packs/GoogleMaps/ReleaseNotes/1_0_15.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Google Maps + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/GoogleMaps/pack_metadata.json b/Packs/GoogleMaps/pack_metadata.json index 6718e1b288f6..94fceba41421 100644 --- a/Packs/GoogleMaps/pack_metadata.json +++ b/Packs/GoogleMaps/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Google Maps", "description": "Use the Google Maps Geocoding API", "support": "xsoar", - "currentVersion": "1.0.14", + "currentVersion": "1.0.15", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/GoogleSafeBrowsing/Integrations/GoogleSafeBrowsingV2/GoogleSafeBrowsingV2.yml b/Packs/GoogleSafeBrowsing/Integrations/GoogleSafeBrowsingV2/GoogleSafeBrowsingV2.yml index de1c4aeebf54..dfd660cfde92 100644 --- a/Packs/GoogleSafeBrowsing/Integrations/GoogleSafeBrowsingV2/GoogleSafeBrowsingV2.yml +++ b/Packs/GoogleSafeBrowsing/Integrations/GoogleSafeBrowsingV2/GoogleSafeBrowsingV2.yml @@ -102,7 +102,7 @@ script: - contextPath: GoogleSafeBrowsing.URL.threatEntryType description: The URL threat entry type. type: string - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/GoogleSafeBrowsing/ReleaseNotes/2_0_21.md b/Packs/GoogleSafeBrowsing/ReleaseNotes/2_0_21.md new file mode 100644 index 000000000000..c63bb0d020b4 --- /dev/null +++ b/Packs/GoogleSafeBrowsing/ReleaseNotes/2_0_21.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Google Safe Browsing v2 + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/GoogleSafeBrowsing/pack_metadata.json b/Packs/GoogleSafeBrowsing/pack_metadata.json index ab961d5aa15c..fb269dd3b2e8 100644 --- a/Packs/GoogleSafeBrowsing/pack_metadata.json +++ b/Packs/GoogleSafeBrowsing/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Google Safe Browsing", "description": "Search Safe Browsing", "support": "xsoar", - "currentVersion": "2.0.20", + "currentVersion": "2.0.21", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/GoogleSheets/Integrations/GoogleSheets/GoogleSheets.yml b/Packs/GoogleSheets/Integrations/GoogleSheets/GoogleSheets.yml index 0aeb065d462f..599dff95d47c 100644 --- a/Packs/GoogleSheets/Integrations/GoogleSheets/GoogleSheets.yml +++ b/Packs/GoogleSheets/Integrations/GoogleSheets/GoogleSheets.yml @@ -665,7 +665,7 @@ script: - contextPath: GoogleSheets.Spreadsheet.updatedSpreadsheet.sheets.title description: Sheet title. type: String - dockerimage: demisto/googleapi-python3:1.0.0.85008 + dockerimage: demisto/googleapi-python3:1.0.0.86179 runonce: false script: "-" subtype: python3 diff --git a/Packs/GoogleSheets/ReleaseNotes/1_0_41.md b/Packs/GoogleSheets/ReleaseNotes/1_0_41.md new file mode 100644 index 000000000000..fb38d1c9e95e --- /dev/null +++ b/Packs/GoogleSheets/ReleaseNotes/1_0_41.md @@ -0,0 +1,3 @@ +#### Integrations +##### Google Sheets +- Updated the Docker image to: *demisto/googleapi-python3:1.0.0.86179*. diff --git a/Packs/GoogleSheets/pack_metadata.json b/Packs/GoogleSheets/pack_metadata.json index 5698fef1df73..5df81408c64f 100644 --- a/Packs/GoogleSheets/pack_metadata.json +++ b/Packs/GoogleSheets/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Google Sheets", "description": "The Google Sheets API is a RESTful interface that lets you read and modify a spreadsheet's data. The most common uses of this API include the following tasks- create spreadsheets, read and write spreadsheets cells, update spreadsheet formatting", "support": "xsoar", - "currentVersion": "1.0.40", + "currentVersion": "1.0.41", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Grafana/Integrations/Grafana/Grafana.yml b/Packs/Grafana/Integrations/Grafana/Grafana.yml index fd33abef3000..86bba5e0118d 100644 --- a/Packs/Grafana/Integrations/Grafana/Grafana.yml +++ b/Packs/Grafana/Integrations/Grafana/Grafana.yml @@ -654,7 +654,7 @@ script: - contextPath: Grafana.Organization.address description: Organization address. type: Unknown - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/Grafana/ReleaseNotes/1_0_30.md b/Packs/Grafana/ReleaseNotes/1_0_30.md new file mode 100644 index 000000000000..9f6fc44aceb3 --- /dev/null +++ b/Packs/Grafana/ReleaseNotes/1_0_30.md @@ -0,0 +1,3 @@ +#### Integrations +##### Grafana +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Grafana/pack_metadata.json b/Packs/Grafana/pack_metadata.json index a0979bb2c59a..cd0f41a6ccb3 100644 --- a/Packs/Grafana/pack_metadata.json +++ b/Packs/Grafana/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Grafana", "description": "Grafana client to interact with Grafana server API.", "support": "xsoar", - "currentVersion": "1.0.29", + "currentVersion": "1.0.30", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/HYASProtect/Integrations/HYASProtect/HYASProtect.yml b/Packs/HYASProtect/Integrations/HYASProtect/HYASProtect.yml index 191d1a9bdee3..d3ea651b119e 100755 --- a/Packs/HYASProtect/Integrations/HYASProtect/HYASProtect.yml +++ b/Packs/HYASProtect/Integrations/HYASProtect/HYASProtect.yml @@ -120,7 +120,7 @@ script: - contextPath: HYAS.NameserverVerdict.reasons description: Verdict Reasons for the provided Nameserver. type: Unknown - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/HYASProtect/ReleaseNotes/1_0_12.md b/Packs/HYASProtect/ReleaseNotes/1_0_12.md new file mode 100644 index 000000000000..8ee7ddda601e --- /dev/null +++ b/Packs/HYASProtect/ReleaseNotes/1_0_12.md @@ -0,0 +1,3 @@ +#### Integrations +##### HYAS Protect +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/HYASProtect/pack_metadata.json b/Packs/HYASProtect/pack_metadata.json index 249bf413c8fb..cbaae349f5c6 100644 --- a/Packs/HYASProtect/pack_metadata.json +++ b/Packs/HYASProtect/pack_metadata.json @@ -2,7 +2,7 @@ "name": "HYAS Protect", "description": "Use the HYAS Protect integration to get the verdict information for FQDN, IP Address and NameServer.", "support": "partner", - "currentVersion": "1.0.11", + "currentVersion": "1.0.12", "author": "HYAS", "url": "https://support.hyas.com", "email": "support@hyas.com", diff --git a/Packs/Hackuity/Integrations/Hackuity/Hackuity.yml b/Packs/Hackuity/Integrations/Hackuity/Hackuity.yml index 8fa672426432..26d522b4c33e 100644 --- a/Packs/Hackuity/Integrations/Hackuity/Hackuity.yml +++ b/Packs/Hackuity/Integrations/Hackuity/Hackuity.yml @@ -192,7 +192,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 fromversion: 6.0.0 tests: - No tests (auto formatted) diff --git a/Packs/Hackuity/ReleaseNotes/1_0_20.md b/Packs/Hackuity/ReleaseNotes/1_0_20.md new file mode 100644 index 000000000000..397dbfb0e8b3 --- /dev/null +++ b/Packs/Hackuity/ReleaseNotes/1_0_20.md @@ -0,0 +1,3 @@ +#### Integrations +##### Hackuity +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Hackuity/pack_metadata.json b/Packs/Hackuity/pack_metadata.json index ddd8aec85f21..25c130314c7b 100644 --- a/Packs/Hackuity/pack_metadata.json +++ b/Packs/Hackuity/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Hackuity", "description": "From a war-room, query your Hackuity cockpit in order to seamlessly retrieve information related to your vulnerability stock.", "support": "partner", - "currentVersion": "1.0.19", + "currentVersion": "1.0.20", "author": "Hackuity", "url": "https://www.hackuity.io/support", "email": "", diff --git a/Packs/HelloIAMWorld/Integrations/HelloIAMWorld/HelloIAMWorld.yml b/Packs/HelloIAMWorld/Integrations/HelloIAMWorld/HelloIAMWorld.yml index 2799770e1d7d..74dfcb2114f3 100644 --- a/Packs/HelloIAMWorld/Integrations/HelloIAMWorld/HelloIAMWorld.yml +++ b/Packs/HelloIAMWorld/Integrations/HelloIAMWorld/HelloIAMWorld.yml @@ -226,7 +226,7 @@ script: type: String - description: Retrieves a User Profile schema, which holds all of the user fields within the application. Used for outgoing-mapping through the Get Schema option. name: get-mapping-fields - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/HelloIAMWorld/ReleaseNotes/1_1_8.md b/Packs/HelloIAMWorld/ReleaseNotes/1_1_8.md new file mode 100644 index 000000000000..37c4890ea465 --- /dev/null +++ b/Packs/HelloIAMWorld/ReleaseNotes/1_1_8.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Hello World IAM + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/HelloIAMWorld/pack_metadata.json b/Packs/HelloIAMWorld/pack_metadata.json index da6212f27962..96511d429d0b 100644 --- a/Packs/HelloIAMWorld/pack_metadata.json +++ b/Packs/HelloIAMWorld/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Hello World IAM", "description": "An Identity and Access Management integration template.", "support": "xsoar", - "currentVersion": "1.1.7", + "currentVersion": "1.1.8", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/HelloWorld/Integrations/HelloWorldEventCollector/command_examples b/Packs/HelloWorld/Integrations/HelloWorldEventCollector/command_examples new file mode 100644 index 000000000000..cf2b76f46aa3 --- /dev/null +++ b/Packs/HelloWorld/Integrations/HelloWorldEventCollector/command_examples @@ -0,0 +1 @@ +hello-world-get-events \ No newline at end of file diff --git a/Packs/HuaweiNetworkDevices/.pack-ignore b/Packs/HuaweiNetworkDevices/.pack-ignore new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/Packs/HuaweiNetworkDevices/.secrets-ignore b/Packs/HuaweiNetworkDevices/.secrets-ignore new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/Packs/HuaweiNetworkDevices/ModelingRules/HuaweiNetworkDevices/HuaweiNetworkDevices.xif b/Packs/HuaweiNetworkDevices/ModelingRules/HuaweiNetworkDevices/HuaweiNetworkDevices.xif new file mode 100644 index 000000000000..a1c12a85757d --- /dev/null +++ b/Packs/HuaweiNetworkDevices/ModelingRules/HuaweiNetworkDevices/HuaweiNetworkDevices.xif @@ -0,0 +1,379 @@ +[RULE: huawei_network_devices_header_fields] +alter + hostname = arrayindex(regextract(_raw_log, "\<\d+\>\S{3}\s\d{2}\s\d{4}\s\d{2}\:\d{2}\:\d{2}\s(\S+)"),0), + module_name = arrayindex(regextract(_raw_log,"\<\d+\>\S{3}\s\d{2}\s\d{4}\s\d{2}\:\d{2}\:\d{2}\s\S+\s+\%*\d*(\w+)"),0), + log_level = arrayindex(regextract(_raw_log,"\<\d+\>\S{3}\s\d{2}\s\d{4}\s\d{2}\:\d{2}\:\d{2}\s\S+\s+\%*\d*\w+\/(\d)"),0), + log_des = arrayindex(regextract(_raw_log,"\<\d+\>\S{3}\s\d{2}\s\d{4}\s\d{2}\:\d{2}\:\d{2}\s\S+\s+\%*\d*\w+\/\d\/(\w+)"),0), + log = arrayindex(regextract(_raw_log,"\<\d+\>\S{3}\s\d{2}\s\d{4}\s\d{2}\:\d{2}\:\d{2}\s\S+\s+\%*\d*\w+\/\d\/\w+.*?\:(.+)"),0) +| alter + xdm.intermediate.host.hostname = hostname, + xdm.observer.type = module_name, + xdm.event.log_level = if(log_level = "0", XDM_CONST.LOG_LEVEL_EMERGENCY, log_level = "1", XDM_CONST.LOG_LEVEL_ALERT, log_level = "2", XDM_CONST.LOG_LEVEL_CRITICAL, log_level = "3", XDM_CONST.LOG_LEVEL_ERROR, log_level = "4", XDM_CONST.LOG_LEVEL_WARNING, log_level = "5", XDM_CONST.LOG_LEVEL_NOTICE, log_level = "6", XDM_CONST.LOG_LEVEL_INFORMATIONAL, log_level = "7", XDM_CONST.LOG_LEVEL_DEBUG, log_level), + xdm.event.original_event_type = log_ref, + xdm.event.type = log_des, + xdm.event.description = log; + +//***** SHELL/5/CMDRECORD & SHELL/5/USERCONFIRM & SHELL/6/CMDCONFIRM_UNIFORMRECORD & SHELL/6/DISPLAY_CMDRECORD ***** +[MODEL: dataset="huawei_network_devices_raw"] +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in ("SHELL/5/CMDRECORD","SHELL/5/USERCONFIRM","SHELL/6/CMDCONFIRM_UNIFORMRECORD", "SHELL/6/DISPLAY_CMDRECORD") +| call huawei_network_devices_header_fields +| alter + des = arrayindex(regextract(_raw_log,"\[\d+\]\:(.+?)\."),0), + task = arrayindex(regextract(_raw_log,"Task\=(\w+)"),0), + ipv4 = arrayindex(regextract(_raw_log,"I[pP]\=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"),0), + ipv6 = arrayindex(regextract(_raw_log,"I[pP]\=([a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5})"),0), + user = arrayindex(regextract(_raw_log,"User[Name]*\=(\w+)"),0), + auth_protocol = arrayindex(regextract(_raw_log,"AuthenticationMethod\=\"(\w+)"),0), //Relevant for SHELL/5/CMDRECORD events + command = arrayindex(regextract(_raw_log,"Command\=\"([^\"]+)"),0), //Relevant for SHELL/5/CMDRECORD, SHELL/6/CMDCONFIRM_UNIFORMRECORD + result = arrayindex(regextract(_raw_log,"Result\=(\w+)"),0), //Relevant for SHELL/5/CMDRECORD + more_info = arrayindex(if( log_ref="SHELL/5/USERCONFIRM", regextract(_raw_log,"(Warning\:.+)"), log_ref="SHELL/6/CMDCONFIRM_UNIFORMRECORD", regextract(_raw_log,"(PromptInfo.+)\)")),0) + +| alter //xdm mapping + xdm.alert.description = if(log_ref="SHELL/5/USERCONFIRM", concat(des,", ",more_info), log_ref="SHELL/6/CMDCONFIRM_UNIFORMRECORD", concat(des,", ", more_info), des), + xdm.source.interface = task, + xdm.source.ipv4 = ipv4, + xdm.source.ipv6 = ipv6, + xdm.source.user.username = user, + xdm.auth.service = auth_protocol, + xdm.source.process.command_line = command, + xdm.event.outcome = if(result="Success", XDM_CONST.OUTCOME_SUCCESS, result~="[Ff]ail.*", XDM_CONST.OUTCOME_FAILED,to_string(result)); + +//***** CM/5/USER_OFFLINERESULT & CM/5/USER_ACCESSRESULT ***** +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in ("CM/5/USER_OFFLINERESULT","CM/5/USER_ACCESSRESULT") +| call huawei_network_devices_header_fields +| alter + device_mac = regextract(_raw_log,"DEVICEMAC\:(\S+?)\;"), + user = arrayindex(regextract(_raw_log,"USER\:(\S+?)\;"),0), + mac_user = regextract(_raw_log,"\;MAC\:(\S+?)\;"), + ipv4 = arrayindex(regextract(_raw_log,"IPADDRESS\:(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"),0), + ipv6 = arrayindex(regextract(_raw_log,"IPADDRESS\:([a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5})"),0), + result = arrayindex(regextract(_raw_log,"RESULT\:(.+?)\;"),0), + interface = arrayindex(regextract(_raw_log,"INTERFACE\:(\S+)\;"),0), + access_type = arrayindex(regextract(_raw_log,"ACCESS\sTYPE\:(\S+)\;"),0), + id = arrayindex(regextract(_raw_log,"CIB\sID\:(\d+)"),0), + vpn = arrayindex(regextract(_raw_log,"VPNNAME\:(.+?)\;"),0), + auth_protocol = arrayindex(regextract(_raw_log,"AUTHPROTOCOL\:(.+?)\;"),0) +| alter //xdm mapping + xdm.intermediate.host.mac_addresses = device_mac, + xdm.source.user.username = user, + xdm.source.host.mac_addresses = mac_user, + xdm.source.ipv4 = if(ipv4 != "-" and ipv4 != null, ipv4), + xdm.source.ipv6 = if(ipv6 != "-" and ipv6 != null, ipv6), + xdm.event.outcome = if(result~="[Ss]uccess" or result~="Idle\scut",XDM_CONST.OUTCOME_SUCCESS, result~="[Ff]ail.*", XDM_CONST.OUTCOME_FAILED,result="User request to offline",XDM_CONST.OUTCOME_PARTIAL), + xdm.event.outcome_reason = result, + xdm.source.interface = interface, + xdm.network.application_protocol = access_type, + xdm.event.id = id, + xdm.source.application.name = if(vpn!= null, concat("VPN Name: ", vpn)), + xdm.auth.auth_method = auth_protocol; + +//****** LINE/4/USERLOGOUT & LINE/4/USERLOGIN & LINE/5/VTYUSERLOGIN & LINE/5/VTYUSERLOGOUT ****** +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in ("LINE/4/USERLOGOUT", "LINE/4/USERLOGIN", "LINE/5/VTYUSERLOGIN","LINE/5/VTYUSERLOGOUT") +| call huawei_network_devices_header_fields +| alter + id = arrayindex(regextract(_raw_log,"OID\s(1\.3\.6\.1\.4\.1\.2011\.5\.25\.207\.2\.\d)"),0), + description = arrayindex(regextract(_raw_log,"(A\suser\s\w+)"),0), + username = arrayindex(regextract(_raw_log,"UserName\=(\S+)\,"),0), + ipv4 = arrayindex(regextract(_raw_log,"UserIP\=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"),0), + ipv6 = arrayindex(regextract(_raw_log,"UserIP\=([a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5})"),0), + channel = arrayindex(regextract(_raw_log,"UserChannel\=(\w+)"),0) +| alter //xdm mapping + xdm.event.id = id, + xdm.event.operation_sub_type = description, + xdm.source.user.username = username, + xdm.source.ipv4 = ipv4, + xdm.source.ipv6 = ipv6, + xdm.source.interface = channel; + +// ***** SSMPADP/4/AUTHENTICAL_FAIL & SNMP/4/AUTHFAIL ***** +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in("SSMPADP/4/AUTHENTICAL_FAIL","SNMP/4/AUTHFAIL") +| call huawei_network_devices_header_fields +| alter + oid = arrayindex(regextract(_raw_log,"OID\s(1.3.6.1.6.3.1.1.5.5)"),0), + ipv4 = arrayindex(regextract(_raw_log,"RemoteIpAddress\=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"),0), + ipv6 = arrayindex(regextract(_raw_log,"RemoteIpAddress\=([a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5})"),0), + outcome_reason = arrayindex(regextract(_raw_log,"\.\d\s(.+?)\."),0) +| alter //xdm mapping + xdm.event.id = oid, + xdm.source.ipv4 = ipv4, + xdm.source.ipv6 = ipv6, + xdm.event.outcome_reason = outcome_reason, + xdm.event.outcome = XDM_CONST.OUTCOME_FAILED; + +// ***** SNMP/5/SNMP_IP_LOCK & SNMP/5/SNMP_LOG_IP_UNLOCK & SNMP/4/SNMP_IPLOCK & SNMP/4/SNMP_IPUNLOCK ***** +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in ("SNMP/5/SNMP_IP_LOCK","SNMP/5/SNMP_LOG_IP_UNLOCK","SNMP/4/SNMP_IPLOCK","SNMP/4/SNMP_IPUNLOCK") +| call huawei_network_devices_header_fields +| alter + des = arrayindex(regextract(_raw_log,"\[\d+\]\:(.+?)\."),0), + ipv4 = arrayindex(regextract(_raw_log,"SourceIP\=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"),0), + ipv6 = arrayindex(regextract(_raw_log,"SourceIP\=([a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5})"),0) +| alter //xdm mapping + xdm.alert.description = des, + xdm.source.ipv4 = ipv4, + xdm.source.ipv6 = ipv6, + xdm.event.outcome = XDM_CONST.OUTCOME_SUCCESS; + +// ***** LLDP/4/BAD_PACKET ***** +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in ("LLDP/4/BAD_PACKET") +| call huawei_network_devices_header_fields +| alter src_interface = arrayindex(regextract(_raw_log,"interface\s(\S+)\."),0) +| alter xdm.source.interface = src_interface; //xdm mapping + +// ***** INFO/4/SUPPRESS_LOG ***** +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in ("INFO/4/SUPPRESS_LOG") +| call huawei_network_devices_header_fields +| alter + des = arrayindex(regextract(_raw_log,"\[\d+\]\:(.+\.)"),0), + id = arrayindex(regextract(_raw_log,"InfoID\=(\d+)"),0), + alias = arrayindex(regextract(_raw_log,"InfoAlias\=(\w+)"),0) +| alter //xdm mapping + xdm.alert.description = des, + xdm.event.outcome_reason = alias, + xdm.event.id = id; + +// ***** ARP/4/ARP_DUPLICATE_IPADDR ***** +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in ("ARP/4/ARP_DUPLICATE_IPADDR") +| call huawei_network_devices_header_fields +| alter + des = arrayindex(regextract(_raw_log,"\[\d+\]\:(.+interface\.)"),0), + ipv4 = arrayindex(regextract(_raw_log,"IpAddress\=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"),0), + ipv6 = arrayindex(regextract(_raw_log,"IpAddress\=([a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5})"),0), + interface = arrayindex(regextract(_raw_log,"InterfaceName\=(\S+)\,"),0), + mac = regextract(_raw_log,"MacAddress\=(.+)[\)\,]"), + pe_vlan = to_number(arrayindex(regextract(_raw_log,"PE-VLAN\=(.+)[\)\,]"),0)), + ce_vlan = to_number(arrayindex(regextract(_raw_log,"CE-VLAN\=(.+)[\)\,]"),0)) +| alter //xdm mapping + xdm.alert.description = des, + xdm.source.ipv4 = if(ipv4 != null, ipv4), + xdm.source.ipv6 = if(ipv6 != null, ipv6), + xdm.source.interface = interface, + xdm.source.host.mac_addresses = mac, + xdm.source.vlan = coalesce(ce_vlan, pe_vlan); + +// ***** HWCM/4/CFGCHANGE && HWCM/5/TRAPLOG ***** +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in ("HWCM/4/CFGCHANGE", "HWCM/5/TRAPLOG") +| call huawei_network_devices_header_fields +| alter + oid = arrayindex(regextract(_raw_log,"OID\s(\S+)"),0), + des = arrayindex(regextract(_raw_log,"([Cc]onfigure.+\.)"),0), + event_id = arrayindex(regextract(_raw_log,"EventIndex\=(\d+)"),0), + more_info = arrayindex(regextract(_raw_log,"(Command.+)\)"),0) +| alter + xdm.event.id = oid, + xdm.alert.original_alert_id = event_id, + xdm.alert.description = concat(des, " ", more_info); + +//***** IFPDT/4/PKT_OUTDISCARD_ABNL & IFPDT/4/PKT_OUTDISCARD_NL ***** +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in ("IFPDT/4/PKT_OUTDISCARD_ABNL","IFPDT/4/PKT_OUTDISCARD_NL") +| call huawei_network_devices_header_fields +| alter + interface = arrayindex(regextract(_raw_log,"Interface\=(\S+)\,"),0), + des = arrayindex(regextract(_raw_log,"\:(Interface.+\.)"),0) +| alter + xdm.source.interface = interface, + xdm.alert.description = des; + +//***** SECE/4/ARPMISS & SECE/4/ARPMISS_SIP_SPEEDLIMIT_ALARM ***** +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in ("SECE/4/ARPMISS","SECE/4/ARPMISS_SIP_SPEEDLIMIT_ALARM") +| call huawei_network_devices_header_fields +| alter + attack_type = arrayindex(regextract(_raw_log,"AttackType\=(.+?)\,"),0), + interface = arrayindex(regextract(_raw_log,"SourceInterface\=(\S+)\,"),0), //Relevant for SECE/4/ARPMISS + ipv4_1 = arrayindex(regextract(_raw_log,"SourceIP\=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"),0), //Relevant for SECE/4/ARPMISS + ipv6_1 = arrayindex(regextract(_raw_log,"SourceIP\=([a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5})"),0), //Relevant for SECE/4/ARPMISS + des1 = arrayindex(regextract(_raw_log,"\[\d+\]\:(.+\.)\("),0), //Relevant for SECE/4/ARPMISS + oid = arrayindex(regextract(_raw_log,"OID\s(\S+)"),0), + des2 = arrayindex(regextract(_raw_log,"The.+"),0), //Relevant for SECE/4/ARPMISS_SIP_SPEEDLIMIT_ALARM + ipv4_2 = arrayindex(regextract(_raw_log,"ip\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"),0), //Relevant for SECE/4/ARPMISS_SIP_SPEEDLIMIT_ALARM + ipv6_2 = arrayindex(regextract(_raw_log,"ip\s([a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5})"),0) //Relevant for SECE/4/ARPMISS_SIP_SPEEDLIMIT_ALARM +| alter + xdm.alert.original_threat_name = if( attack_type != null, attack_type), + xdm.source.interface = if(interface != null, interface), + xdm.event.id = if(oid != null, oid), + xdm.source.ipv4 = coalesce(ipv4_1,ipv4_2), + xdm.source.ipv6 = coalesce(ipv6_1,ipv6_2), + xdm.alert.description = if(des1 != null, des1, des2 != null, des2); + +// ***** SHELL/5/TIMEOUT ***** +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in ("SHELL/5/TIMEOUT") +| call huawei_network_devices_header_fields +| alter + user = arrayindex(regextract(_raw_log,"\[\d+\]\:(\w+)"),0), + ipv4 = arrayindex(regextract(_raw_log,"from\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"),0), + ipv6 = arrayindex(regextract(_raw_log,"from\s([a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5})"),0), + des = arrayindex(regextract(_raw_log,"\[\d+\]\:(.+)"),0), + from = arrayindex(regextract(_raw_log,"from\s([^\d]\w+)"),0) +| alter //xdm mapping + xdm.source.user.username = user, + xdm.source.ipv4 = ipv4, + xdm.source.ipv6 = ipv6, + xdm.network.application_protocol = if(from!= null, from), + xdm.alert.description = des; + +//***** SSH/4/SSH_FAIL & SNMP/4/SNMP_FAIL & SHELL/5/LOGIN & SHELL/5/LOGOUT & SSH/5/SSH_CONNECT_CLOSED ***** +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in ("SSH/4/SSH_FAIL","SNMP/4/SNMP_FAIL", "SHELL/5/LOGIN","SHELL/5/LOGOUT", "SSH/5/SSH_CONNECT_CLOSED") +| call huawei_network_devices_header_fields +| alter + des = arrayindex(regextract(_raw_log,"\[\d+\]\:(.+?)\."),0), + ipv4 = arrayindex(regextract(_raw_log,"I[Pp]\=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"),0), + ipv6 = arrayindex(regextract(_raw_log,"I[Pp]\=([a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5})"),0), + user = arrayindex(regextract(_raw_log,"UserName\=(.+?)[\,\)]"),0), + times = arrayindex(regextract(_raw_log,"Times\=(\d+)"),0), //Relevant for SSH/4/SSH_FAIL,SNMP/4/SNMP_FAIL events + reason = arrayindex(regextract(_raw_log,"Reason\=(.+?)[\)\,]"),0), //Relevant for SSH/4/SSH_FAIL,SNMP/4/SNMP_FAIL events + auth_protocol = arrayindex(regextract(_raw_log,"Type\=(\w+)"),0), //Relevant for SHELL/5/LOGIN, SHELL/5/LOGOUT events + auth_method = arrayindex(regextract(_raw_log,"Method\=\"(\w+)"),0), //Relevant for SHELL/5/LOGIN + interface = arrayindex(regextract(_raw_log,"(\w+)\.\s\(U"),0) //Relevant for SHELL/5/LOGIN, SHELL/5/LOGOUT events +| alter // xdm mapping + xdm.alert.description = if(times!= null,concat(des," ", times," times"), des), + xdm.source.ipv4 = ipv4, + xdm.source.ipv6 = ipv6, + xdm.source.user.username = user, + xdm.event.outcome = if(log_ref="SSH/4/SSH_FAIL" or log_ref="SNMP/4/SNMP_FAIL",XDM_CONST.OUTCOME_FAILED, XDM_CONST.OUTCOME_SUCCESS), + xdm.event.outcome_reason = reason, + xdm.network.application_protocol = auth_protocol, + xdm.auth.service = auth_method, + xdm.source.interface = interface; + +// ***** ARP/4/ARP_IPCONFLICT_TRAP events ***** +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in ("ARP/4/ARP_IPCONFLICT_TRAP") +| call huawei_network_devices_header_fields +| alter + oid = arrayindex(regextract(_raw_log,"OID\s(.+?)\s"),0), + des = arrayindex(regextract(_raw_log,"\.\d\s(.+?)\."),0), + ipv4 = arrayindex(regextract(_raw_log,"IP\saddress\=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"),0), + ipv6 = arrayindex(regextract(_raw_log,"IP\saddress\=([a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5})"),0), + interfaces = regextract(_raw_log,"interface\=(\w+)\,"), + macs = regextract(_raw_log,"MAC\=(\S+)\,"), + conflict_des = arrayindex(regextract(_raw_log,"type\=(.+?)\)"),0) +| alter //xdm mapping + xdm.event.id = oid, + xdm.alert.description = des, + xdm.source.ipv4 = ipv4, + xdm.source.ipv6 = ipv6, + xdm.source.interface = concat(arrayindex(interfaces,0), ", ", arrayindex(interfaces,1)), + xdm.source.host.mac_addresses = macs, + xdm.alert.name = "IP conflict", + xdm.event.outcome_reason = conflict_des; + +// ***** L2IFPPI/4/MFLPVLANALARM ***** +alter + log_ref = arrayindex(regextract(_raw_log,"\w+\/\w+\/\w+"),0) +| filter log_ref contains "L2IFPPI/4/MFLPVLANALARM" +| call huawei_network_devices_header_fields +| alter + oid = arrayindex(regextract(_raw_log,"OID\s(.+?)\s"),0), + des1 = arrayindex(regextract(_raw_log,"\.\d\s(.+?\,)"),0), + des2 = arrayindex(regextract(_raw_log,"\.\s(.+)"),0), + vlan_id = arrayindex(regextract(_raw_log,"VLANID\s\=\s(\d+)"),0), + mac = regextract(_raw_log,"MacAddress\s\=\s(.+?)\,"), + og_port = arrayindex(regextract(_raw_log,"Port\s\=\s(.+)\,"),0) +| alter //xdm mapping + xdm.event.id = oid, + xdm.source.vlan = to_number(vlan_id), + xdm.source.host.mac_addresses = mac, + xdm.source.interface = og_port, + xdm.alert.description = concat(des1," ",des2); + +// ***** SECE/4/SPECIFY_SIP_ATTACK events ***** +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in ("SECE/4/SPECIFY_SIP_ATTACK") +| call huawei_network_devices_header_fields +| alter + des = arrayindex(regextract(_raw_log,"\[\d+\]\:(.+?\.)"),0), + ipv4 = arrayindex(regextract(_raw_log,"IP\=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"),0), + ipv6 = arrayindex(regextract(_raw_log,"IP\=([a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5})"),0), + protocol = arrayindex(regextract(_raw_log,"AttackProtocol\=(\w+)"),0) +| alter //xdm mapping + xdm.alert.description = des, + xdm.network.ip_protocol = if(protocol~="AH",XDM_CONST.IP_PROTOCOL_AH,protocol~="AN", XDM_CONST.IP_PROTOCOL_AN,protocol~="ARGUS" ,XDM_CONST.IP_PROTOCOL_ARGUS,protocol~="ARIS", XDM_CONST.IP_PROTOCOL_ARIS ,protocol~="AX25" ,XDM_CONST.IP_PROTOCOL_AX25 ,protocol~="BBN[\s\_]RCC[\s\_]MON" ,XDM_CONST.IP_PROTOCOL_BBN_RCC_MON , protocol~="BNA",XDM_CONST.IP_PROTOCOL_BNA , protocol~="BR[\_\s]SAT[\s\_]MON",XDM_CONST.IP_PROTOCOL_BR_SAT_MON , protocol~="CBT",XDM_CONST.IP_PROTOCOL_CBT , protocol~="CFTP",XDM_CONST.IP_PROTOCOL_CFTP , protocol~="CHAOS",XDM_CONST.IP_PROTOCOL_CHAOS,protocol~="COMPAQ[\s\_]PEER",XDM_CONST.IP_PROTOCOL_COMPAQ_PEER, protocol~="CPHB", XDM_CONST.IP_PROTOCOL_CPHB , protocol~="CPNX",XDM_CONST.IP_PROTOCOL_CPNX , protocol~="CRTP",XDM_CONST.IP_PROTOCOL_CRTP , protocol~="CRUDP",XDM_CONST.IP_PROTOCOL_CRUDP , protocol~="DCCP",XDM_CONST.IP_PROTOCOL_DCCP , protocol~="DCN[\s\_]MEAS",XDM_CONST.IP_PROTOCOL_DCN_MEAS , protocol~="DDP",XDM_CONST.IP_PROTOCOL_DDP , protocol~="DDX",XDM_CONST.IP_PROTOCOL_DDX , protocol~="DGP",XDM_CONST.IP_PROTOCOL_DGP , protocol~="DSR",XDM_CONST.IP_PROTOCOL_DSR , protocol~="EGP",XDM_CONST.IP_PROTOCOL_EGP , protocol~="EIGRP",XDM_CONST.IP_PROTOCOL_EIGRP , protocol~="EMCON", XDM_CONST.IP_PROTOCOL_EMCON , protocol~="ENCAP",XDM_CONST.IP_PROTOCOL_ENCAP , protocol~="ESP",XDM_CONST.IP_PROTOCOL_ESP , protocol~="ETHERIP",XDM_CONST.IP_PROTOCOL_ETHERIP , protocol~="FC",XDM_CONST.IP_PROTOCOL_FC , protocol~="FIRE",XDM_CONST.IP_PROTOCOL_FIRE , protocol~="GGP",XDM_CONST.IP_PROTOCOL_GGP , protocol~="GMTP",XDM_CONST.IP_PROTOCOL_GMTP , protocol~="GRE",XDM_CONST.IP_PROTOCOL_GRE , protocol~="HIP",XDM_CONST.IP_PROTOCOL_HIP , protocol~="HMP",XDM_CONST.IP_PROTOCOL_HMP , protocol~="HOPOPT", XDM_CONST.IP_PROTOCOL_HOPOPT , protocol~="IATP",XDM_CONST.IP_PROTOCOL_IATP , protocol~="ICMP",XDM_CONST.IP_PROTOCOL_ICMP , protocol~="IDPR",XDM_CONST.IP_PROTOCOL_IDPR , protocol~="IDPR[\s\_]CMTP",XDM_CONST.IP_PROTOCOL_IDPR_CMTP , protocol~="IDRP",XDM_CONST.IP_PROTOCOL_IDRP , protocol~="IFMP",XDM_CONST.IP_PROTOCOL_IFMP , protocol~="IGMP",XDM_CONST.IP_PROTOCOL_IGMP , protocol~="IGP",XDM_CONST.IP_PROTOCOL_IGP , protocol~="IL",XDM_CONST.IP_PROTOCOL_IL , protocol~="IP",XDM_CONST.IP_PROTOCOL_IP , protocol~="IPCOMP",XDM_CONST.IP_PROTOCOL_IPCOMP , protocol~="IPCV",XDM_CONST.IP_PROTOCOL_IPCV , protocol~="IPIP",XDM_CONST.IP_PROTOCOL_IPIP, protocol~="IPLT",XDM_CONST.IP_PROTOCOL_IPLT , protocol~="IPPC",XDM_CONST.IP_PROTOCOL_IPPC , protocol~="IPV6",XDM_CONST.IP_PROTOCOL_IPV6 , protocol~="IPV6[\s\_]FRAG",XDM_CONST.IP_PROTOCOL_IPV6_FRAG , protocol~="IPV6[\s\_]ICMP",XDM_CONST.IP_PROTOCOL_IPV6_ICMP , protocol~="IPV6[\s\_]NONXT", XDM_CONST.IP_PROTOCOL_IPV6_NONXT , protocol~="IPV6[\s\_]OPTS",XDM_CONST.IP_PROTOCOL_IPV6_OPTS , protocol~="IPV6[\s\_]ROUTE",XDM_CONST.IP_PROTOCOL_IPV6_ROUTE , protocol~="IPX[\s\_]IN[\s\_]IP",XDM_CONST.IP_PROTOCOL_IPX_IN_IP , protocol~="IRTP",XDM_CONST.IP_PROTOCOL_IRTP , protocol~="ISIS", XDM_CONST.IP_PROTOCOL_ISIS , protocol~="ISO[\s\_]IP",XDM_CONST.IP_PROTOCOL_ISO_IP , protocol~="ISO[\s\_]TP4",XDM_CONST.IP_PROTOCOL_ISO_TP4 , protocol~="I[\s\_]NLSP",XDM_CONST.IP_PROTOCOL_I_NLSP , protocol~="KRYPTOLAN",XDM_CONST.IP_PROTOCOL_KRYPTOLAN , protocol~="L2TP",XDM_CONST.IP_PROTOCOL_L2TP , protocol~="LARP",XDM_CONST.IP_PROTOCOL_LARP , protocol~="LEAF[\s\_]1",XDM_CONST.IP_PROTOCOL_LEAF_1 , protocol~="LEAF[\s\_]2",XDM_CONST.IP_PROTOCOL_LEAF_2 , protocol~="MANET",XDM_CONST.IP_PROTOCOL_MANET , protocol~="MERIT[\s\_]INP",XDM_CONST.IP_PROTOCOL_MERIT_INP , protocol~="MFE[\s\_]NSP",XDM_CONST.IP_PROTOCOL_MFE_NSP , protocol~="MICP",XDM_CONST.IP_PROTOCOL_MICP , protocol~="MOBILE",XDM_CONST.IP_PROTOCOL_MOBILE , protocol~="MOBILITY",XDM_CONST.IP_PROTOCOL_MOBILITY , protocol~="MPLS[\s\_]IN[\s\_]IP",XDM_CONST.IP_PROTOCOL_MPLS_IN_IP , protocol~="MTP",XDM_CONST.IP_PROTOCOL_MTP , protocol~="MUX",XDM_CONST.IP_PROTOCOL_MUX , protocol~="NARP",XDM_CONST.IP_PROTOCOL_NARP , protocol~="NETBLT",XDM_CONST.IP_PROTOCOL_NETBLT , protocol~="NSFNET[\s\_]IGP",XDM_CONST.IP_PROTOCOL_NSFNET_IGP , protocol~="NVP[\s\_]II",XDM_CONST.IP_PROTOCOL_NVP_II , protocol~="OSPFIGP",XDM_CONST.IP_PROTOCOL_OSPFIGP , protocol~="PGM",XDM_CONST.IP_PROTOCOL_PGM , protocol~="PIM",XDM_CONST.IP_PROTOCOL_PIM , protocol~="PIPE",XDM_CONST.IP_PROTOCOL_PIPE , protocol~="PNNI",XDM_CONST.IP_PROTOCOL_PNNI , protocol~="PRM",XDM_CONST.IP_PROTOCOL_PRM , protocol~="PTP",XDM_CONST.IP_PROTOCOL_PTP , protocol~="PUP",XDM_CONST.IP_PROTOCOL_PUP , protocol~="PVP",XDM_CONST.IP_PROTOCOL_PVP , protocol~="QNX",XDM_CONST.IP_PROTOCOL_QNX , protocol~="RDP",XDM_CONST.IP_PROTOCOL_RDP , protocol~="RESERVED",XDM_CONST.IP_PROTOCOL_RESERVED , protocol~="ROHC",XDM_CONST.IP_PROTOCOL_ROHC , protocol~="RSVP",XDM_CONST.IP_PROTOCOL_RSVP , protocol~="RSVP[\s\_]E2E[\s\_]IGNORE",XDM_CONST.IP_PROTOCOL_RSVP_E2E_IGNORE , protocol~="RVD",XDM_CONST.IP_PROTOCOL_RVD , protocol~="SAT[\s\_]EXPAK",XDM_CONST.IP_PROTOCOL_SAT_EXPAK , protocol~="SAT[\s\_]MON",XDM_CONST.IP_PROTOCOL_SAT_MON , protocol~="SCC[\s\_]SP",XDM_CONST.IP_PROTOCOL_SCC_SP , protocol~="SCPS",XDM_CONST.IP_PROTOCOL_SCPS , protocol~="SDRP",XDM_CONST.IP_PROTOCOL_SDRP , protocol~="SECURE[\s\_]VMTP",XDM_CONST.IP_PROTOCOL_SECURE_VMTP , protocol~="SHIM6",XDM_CONST.IP_PROTOCOL_SHIM6 , protocol~="SKIP",XDM_CONST.IP_PROTOCOL_SKIP , protocol~="SM",XDM_CONST.IP_PROTOCOL_SM , protocol~="SMP",XDM_CONST.IP_PROTOCOL_SMP , protocol~="SNP",XDM_CONST.IP_PROTOCOL_SNP , protocol~="SPRITE[\s\_]RPC",XDM_CONST.IP_PROTOCOL_SPRITE_RPC , protocol~="SPS",XDM_CONST.IP_PROTOCOL_SPS , protocol~="SRP",XDM_CONST.IP_PROTOCOL_SRP , protocol~="SSCOPMCE",XDM_CONST.IP_PROTOCOL_SSCOPMCE , protocol~="ST",XDM_CONST.IP_PROTOCOL_ST , protocol~="STP",XDM_CONST.IP_PROTOCOL_STP , protocol~="SUN[\s\_]ND",XDM_CONST.IP_PROTOCOL_SUN_ND , protocol~="SWIPE",XDM_CONST.IP_PROTOCOL_SWIPE , protocol~="TCF",XDM_CONST.IP_PROTOCOL_TCF , protocol~="TCP",XDM_CONST.IP_PROTOCOL_TCP , protocol~="TLSP",XDM_CONST.IP_PROTOCOL_TLSP , protocol~="TP",XDM_CONST.IP_PROTOCOL_TP , protocol~="TRUNK[\s\_]1",XDM_CONST.IP_PROTOCOL_TRUNK_1 , protocol~="TRUNK[\s\_]1",XDM_CONST.IP_PROTOCOL_TRUNK_1 , protocol~="TRUNK[\s\_]2",XDM_CONST.IP_PROTOCOL_TRUNK_2 , protocol~="TTP",XDM_CONST.IP_PROTOCOL_TTP , protocol~="UDP",XDM_CONST.IP_PROTOCOL_UDP , protocol~="UDPLITE", XDM_CONST.IP_PROTOCOL_UDPLITE , protocol~="UTI",XDM_CONST.IP_PROTOCOL_UTI , protocol~="VINES",XDM_CONST.IP_PROTOCOL_VINES , protocol~="VISA",XDM_CONST.IP_PROTOCOL_VISA , protocol~="VMTP",XDM_CONST.IP_PROTOCOL_VMTP , protocol~="VRRP",XDM_CONST.IP_PROTOCOL_VRRP , protocol~="WB[\s\_]EXPAK",XDM_CONST.IP_PROTOCOL_WB_EXPAK , protocol~="WB[\s\_]MON",XDM_CONST.IP_PROTOCOL_WB_MON, protocol~="WESP",XDM_CONST.IP_PROTOCOL_WESP , protocol~="WSN",XDM_CONST.IP_PROTOCOL_WSN , protocol~="XNET",XDM_CONST.IP_PROTOCOL_XNET , protocol~="XNS[\s\_]IDP",XDM_CONST.IP_PROTOCOL_XNS_IDP , protocol~="XTP",XDM_CONST.IP_PROTOCOL_XTP, protocol ), + xdm.source.ipv4 = ipv4, + xdm.source.ipv6 = ipv6; + +// ***** INFO/4/IC_LOGFILE_AGING & INFO/6/LOGFILE_DELETED events ***** +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in ("INFO/4/IC_LOGFILE_AGING","INFO/6/LOGFILE_DELETED") +| call huawei_network_devices_header_fields +| alter + oid = arrayindex(regextract(_raw_log,"OID\s(.+?)\s"),0), //Relevant for INFO/4/IC_LOGFILE_AGING events + des1 = arrayindex(regextract(_raw_log,"\.\d\s(.+?)\."),0), //Relevant for INFO/4/IC_LOGFILE_AGING events + des2 = arrayindex(regextract(_raw_log,"\sis.+"),0), //Relevant for INFO/6/LOGFILE_DELETED events + filename1 = arrayindex(regextract(_raw_log,"LogFileName\=(.+)\)"),0), //Relevant for INFO/4/IC_LOGFILE_AGING events + filename2 = arrayindex(regextract(_raw_log,"file\s(.+?)\s"),0) //Relevant for INFO/6/LOGFILE_DELETED events +| alter //xdm mapping + xdm.event.id = if(log_ref = "INFO/4/IC_LOGFILE_AGING",oid), + xdm.event.outcome = if(log_ref = "INFO/6/LOGFILE_DELETED",XDM_CONST.OUTCOME_SUCCESS), + xdm.alert.description = coalesce(des1,concat("The log file",des2)), + xdm.target.file.filename = coalesce(filename1,filename2); + +// ***** SRM/3/SFP_EXCEPTION events ***** +alter + log_ref = arrayindex(regextract(_raw_log,"[^\d\s]+\/\w+\/\w+"),0) +| filter log_ref in ("SRM/3/SFP_EXCEPTION") +| call huawei_network_devices_header_fields +| alter + oid = arrayindex(regextract(_raw_log,"OID\s(.+?)\s"),0), + des = arrayindex(regextract(_raw_log,"\.\d\s(.+?\.)\s"),0), + alarm_sev = arrayindex(regextract(_raw_log,"BaseTrapSeverity\=(\d+)"),0), + alarm_error_code = arrayindex(regextract(_raw_log,"BaseTrapProbableCause\=(\d+)"),0), + entity_index_p = arrayindex(regextract(_raw_log,"EntityPhysicalIndex\=(\d+)"),0), + entity_index = arrayindex(regextract(_raw_log,"EntPhysicalContainedIn\=(\d+)"),0), + entity_name = arrayindex(regextract(_raw_log,"EntPhysicalName\=(.+?)\,"),0), + reason = arrayindex(regextract(_raw_log,"ReasonDescription\=(.+\.)"),0) +| alter //xdm mapping + xdm.event.id = oid, + xdm.alert.description = des, + xdm.alert.severity = alarm_sev, + xdm.alert.original_alert_id = concat("Alarm error code: ", alarm_error_code), + xdm.target.resource.parent_id = entity_index_p, + xdm.target.resource.id = entity_index, + xdm.target.resource.name = entity_name, + xdm.target.resource.type = "Interface", + xdm.event.outcome_reason = reason; + +//Genreal mapping +alter + log_ref = arrayindex(regextract(_raw_log,"\d{2}\:\d{2}\:\d{2}\s\S+\s[\%]*[\d]*(\w+\/\w+\/\w+)"),0) +| filter log_ref not in ("SHELL/5/CMDRECORD","CM/5/USER_OFFLINERESULT","LINE/4/USERLOGOUT","CM/5/USER_ACCESSRESULT","LINE/4/USERLOGIN","SHELL/5/USERCONFIRM","SSH/4/SSH_FAIL","INFO/4/SUPPRESS_LOG","SSMPADP/4/AUTHENTICAL_FAIL","SNMP/5/SNMP_IP_LOCK","SNMP/5/SNMP_LOG_IP_UNLOCK","LLDP/4/BAD_PACKET","ARP/4/ARP_DUPLICATE_IPADDR","ARP/4/ARP_IPCONFLICT_TRAP","HWCM/4/CFGCHANGE","HWCM/5/TRAPLOG","IFPDT/4/PKT_OUTDISCARD_ABNL","IFPDT/4/PKT_OUTDISCARD_NL","L2IFPPI/4/MFLPVLANALARM","LINE/5/VTYUSERLOGIN","LINE/5/VTYUSERLOGOUT","SECE/4/ARPMISS","SECE/4/ARPMISS_SIP_SPEEDLIMIT_ALARM","SECE/4/SPECIFY_SIP_ATTACK","SHELL/5/LOGIN","SHELL/5/LOGOUT","SHELL/5/TIMEOUT","SHELL/6/CMDCONFIRM_UNIFORMRECORD","SHELL/6/DISPLAY_CMDRECORD","SNMP/4/AUTHFAIL","SNMP/4/SNMP_FAIL","SNMP/4/SNMP_IPLOCK","SNMP/4/SNMP_IPUNLOCK","SSH/5/SSH_CONNECT_CLOSED","SRM/3/SFP_EXCEPTION","INFO/4/IC_LOGFILE_AGING","INFO/6/LOGFILE_DELETED") +| call huawei_network_devices_header_fields +| alter + ipv4 = arrayindex(regextract(_raw_log,"I[Pp]\=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})"),0), + ipv6 = arrayindex(regextract(_raw_log,"I[Pp]\=([a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5})"),0), + user = arrayindex(regextract(_raw_log,"[Uu]ser[Nn]ame\=(\w+)"),0), + des = arrayindex(regextract(_raw_log,"\[\d+\]\:(.+?)\."),0), + oid = arrayindex(regextract(_raw_log,"OID\s(.+?)\s"),0) +| alter + xdm.source.ipv4 = ipv4, + xdm.source.ipv6 = ipv6, + xdm.source.user.username = user, + xdm.event.id = oid, + xdm.alert.description = des; \ No newline at end of file diff --git a/Packs/HuaweiNetworkDevices/ModelingRules/HuaweiNetworkDevices/HuaweiNetworkDevices.yml b/Packs/HuaweiNetworkDevices/ModelingRules/HuaweiNetworkDevices/HuaweiNetworkDevices.yml new file mode 100644 index 000000000000..886d1c73cc4e --- /dev/null +++ b/Packs/HuaweiNetworkDevices/ModelingRules/HuaweiNetworkDevices/HuaweiNetworkDevices.yml @@ -0,0 +1,7 @@ + +fromversion: 8.4.0 # Will be updated with XSIAM version updates +id: Huawei_Network_Devices_ModelingRule +name: Huawei Network Devices Modeling Rule +rules: '' +schema: '' +tags: '' \ No newline at end of file diff --git a/Packs/HuaweiNetworkDevices/ModelingRules/HuaweiNetworkDevices/HuaweiNetworkDevices_schema.json b/Packs/HuaweiNetworkDevices/ModelingRules/HuaweiNetworkDevices/HuaweiNetworkDevices_schema.json new file mode 100644 index 000000000000..fdd7e21386be --- /dev/null +++ b/Packs/HuaweiNetworkDevices/ModelingRules/HuaweiNetworkDevices/HuaweiNetworkDevices_schema.json @@ -0,0 +1,8 @@ +{ + "huawei_network_devices_raw": { + "_raw_log": { + "type": "string", + "is_array": false + } + } + } \ No newline at end of file diff --git a/Packs/HuaweiNetworkDevices/ParsingRules/HuaweiNetworkDevices/HuaweiNetworkDevices.xif b/Packs/HuaweiNetworkDevices/ParsingRules/HuaweiNetworkDevices/HuaweiNetworkDevices.xif new file mode 100644 index 000000000000..acd9a130e244 --- /dev/null +++ b/Packs/HuaweiNetworkDevices/ParsingRules/HuaweiNetworkDevices/HuaweiNetworkDevices.xif @@ -0,0 +1,8 @@ +[INGEST:vendor="huawei", product="network_devices", target_dataset="huawei_network_devices_raw", no_hit=keep] +//This parsing rule is configured for default settings on Huawei Switches and Routers. The time zone is UTC +00:00, and it is not visible in the syslog. +filter _raw_log ~= "\w{3}\s+\d{1,2}\s\d{4}\s\d{2}\:\d{2}\:\d{2}" +| alter + tmp_time = arrayindex(regextract(_raw_log,"\w{3}\s+\d{1,2}\s\d{4}\s\d{2}\:\d{2}\:\d{2}"),0) +| alter + _time = parse_timestamp("%h %e %G %T",tmp_time) +| fields -tmp_time; \ No newline at end of file diff --git a/Packs/HuaweiNetworkDevices/ParsingRules/HuaweiNetworkDevices/HuaweiNetworkDevices.yml b/Packs/HuaweiNetworkDevices/ParsingRules/HuaweiNetworkDevices/HuaweiNetworkDevices.yml new file mode 100644 index 000000000000..b406f6ba3070 --- /dev/null +++ b/Packs/HuaweiNetworkDevices/ParsingRules/HuaweiNetworkDevices/HuaweiNetworkDevices.yml @@ -0,0 +1,6 @@ +id: Huawei_Network_Devices_ParsingRule +name: Huawei Network Devices Parsing Rule +fromversion: 8.4.0 # Will be updated with XSIAM version updates +tags: [] +rules: '' +samples: '' \ No newline at end of file diff --git a/Packs/HuaweiNetworkDevices/README.md b/Packs/HuaweiNetworkDevices/README.md new file mode 100644 index 000000000000..2eee436bfedc --- /dev/null +++ b/Packs/HuaweiNetworkDevices/README.md @@ -0,0 +1,59 @@ +# Huawei Network Devices +<~XSIAM> +This pack includes Cortex XSIAM content. + +## Important Notes +* This pack is supported for Huawei S Series Switches and Huawei AR Series Routers. +* Timestamp parsing support is under the assumption that a UTC +0000 format is being used. + +## Configuration on Server Side +This section describes the configuration that needs to be done on a Huawei S Series Switch or AR Series Router, in order to forward its event logs to Cortex XSIAM Broker VM via syslog. + +1. Log in to your Huawei S Series Switch/AR Series Router command line Interface (CLI). +2. Type the following command to access the system view: + ```bash + system-view + ``` +3. Type the following command to enable the information center: + ```bash + info-center enable + ``` +4. Type the following command to send informational level log messages to the default channel: +```bash + info-center source default channel loghost log level informational debug state off trap state off +``` +5. **Optional:** To verify your Huawei S Series Switch/AR Series Router source configuration, type the command: + ```bash + display channel loghost + ``` +6. Type the following command to configure the IP address for ***Broker-VM*** as the log host: + ```bash + info-center loghost facility + ``` + *\* is the IP address of the Broker-VM. + + *\* is the syslog facility, for example, local0. +
+7. Type the following command to exit the configuration: + ```bash + quit + ``` +## Collect Events from Vendor +In order to use the collector, use the [Broker VM](#broker-vm) option. + + +### Broker VM +To create or configure the Broker VM, use the information described [here](https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Configure-the-Broker-VM). + +You can configure the specific vendor and product for this instance. + +1. Navigate to **Settings** > **Configuration** > **Data Broker** > **Broker VMs**. +2. Go to the apps tab and add the **Syslog** app. If it already exists, click the **Syslog** app and then click **Configure**. +3. Click **Add New**. +4. When configuring the Syslog Collector, set the following values: + | Parameter | Value + | :--- | :--- + | `Vendor` | Enter **Huawei**. + | `Product` | Enter **Network Devices**. + + \ No newline at end of file diff --git a/Packs/HuaweiNetworkDevices/pack_metadata.json b/Packs/HuaweiNetworkDevices/pack_metadata.json new file mode 100644 index 000000000000..f438a1c139e2 --- /dev/null +++ b/Packs/HuaweiNetworkDevices/pack_metadata.json @@ -0,0 +1,18 @@ +{ + "name": "Huawei Network Devices", + "description": "Modeling rule for Huawei Network Devices such as S Series Switches and AR Series Access Routers.", + "support": "xsoar", + "currentVersion": "1.0.0", + "author": "Cortex XSOAR", + "url": "https://www.paloaltonetworks.com/cortex", + "email": "", + "categories": [ + "Analytics & SIEM" + ], + "tags": [], + "useCases": [], + "keywords": [], + "marketplaces": [ + "marketplacev2" + ] +} \ No newline at end of file diff --git a/Packs/IRISDFIR/.pack-ignore b/Packs/IRISDFIR/.pack-ignore new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/Packs/IRISDFIR/.secrets-ignore b/Packs/IRISDFIR/.secrets-ignore new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/Packs/IRISDFIR/CONTRIBUTORS.json b/Packs/IRISDFIR/CONTRIBUTORS.json new file mode 100644 index 000000000000..ce9d08a30890 --- /dev/null +++ b/Packs/IRISDFIR/CONTRIBUTORS.json @@ -0,0 +1,3 @@ +[ + "Fabio Dias" +] diff --git a/Packs/IRISDFIR/Integrations/IRISDFIR/IRISDFIR.py b/Packs/IRISDFIR/Integrations/IRISDFIR/IRISDFIR.py new file mode 100644 index 000000000000..5556c9f2b375 --- /dev/null +++ b/Packs/IRISDFIR/Integrations/IRISDFIR/IRISDFIR.py @@ -0,0 +1,460 @@ +import demistomock as demisto # noqa: F401 +from CommonServerPython import * # noqa: F401 + +import traceback +import requests +import urllib3 + +# disable insecure warnings +urllib3.disable_warnings() + +''' GLOBALS ''' + +verify_cert = not demisto.params().get('insecure', False) +proxies = handle_proxy() + + +state_phases = {'In progress': 2, + 'Opened': 3, + 'Containement': 4, + 'Eradication': 5, + 'Recovery': 6, + 'Post-Incident': 7, + 'Reporting': 8, + 'Closed': 9 + } + + +class DFIRIrisAPI: + def __init__(self, api_endpoint, api_key): + self.api_endpoint = api_endpoint + self.api_key = api_key + self.headers = {'Authorization': f'Bearer {self.api_key}', + 'User-Agent': 'Defined' + } + + def get_last_case_id(self): + + response = requests.get(f'{self.api_endpoint}/manage/cases/list', headers=self.headers, + verify=verify_cert, proxies=proxies + ) + + if response.status_code == 200: + cases = response.json() + if cases: + list = [] + counter = 0 + for last_case in cases['data']: + list.append(last_case['case_id']) + counter += 1 + + return cases['data'][list.index(max(list))] + else: + return "No cases found." + else: + raise DemistoException(f"Request failed with status code {response.status_code}.") + + def get_all_cases(self): + + response = requests.get(f'{self.api_endpoint}/manage/cases/list', headers=self.headers, + verify=verify_cert, proxies=proxies + ) + + if response.status_code == 200: + cases = response.json() + if cases: + return sorted(cases['data'], key=lambda k: k['case_id'], reverse=True) + else: + return "No cases found." + else: + raise DemistoException(f"Request failed with status code {response.status_code}.") + + def close_case(self, case_id): + + response = requests.post(f'{self.api_endpoint}/manage/cases/close/{case_id}', headers=self.headers, + verify=verify_cert, proxies=proxies + ) + + if response.status_code == 200: + cases = response.json() + if cases: + return cases['data'] + else: + return "No case found." + else: + raise DemistoException(f"Request failed with status code {response.status_code}.") + + def reopen_case(self, case_id): + + response = requests.post(f'{self.api_endpoint}/manage/cases/reopen/{case_id}', headers=self.headers, + verify=verify_cert, proxies=proxies + ) + + if response.status_code == 200: + cases = response.json() + if cases: + return cases['data'] + else: + return "No case found." + else: + raise DemistoException(f"Request failed with status code {response.status_code}.") + + def update_case_state(self, case_id, case_name, case_state): + + body = { + "case_name": case_name, + "state_id": state_phases[case_state] + } + + response = requests.post(f'{self.api_endpoint}/manage/cases/update/{case_id}', headers=self.headers, + verify=verify_cert, proxies=proxies, json=body + ) + + if response.status_code == 200: + cases = response.json() + if cases: + return cases['data'] + else: + return cases['message'] + else: + raise DemistoException(f"Request failed with status code {response.status_code}.") + + def create_notes_group(self, case_id, group_title): + + body = { + "group_title": group_title, + "cid": case_id + } + + response = requests.post(f'{self.api_endpoint}/case/notes/groups/add', headers=self.headers, + verify=verify_cert, proxies=proxies, json=body + ) + + if response.status_code == 200: + cases = response.json() + if cases: + return cases['data'] + else: + raise DemistoException(f"Request failed with status code {response.status_code}.") + + def add_new_note_to_group(self, case_id, note_title, note_content, group_id): + + body = { + "note_title": note_title, + "cid": case_id, + "note_content": note_content, + "group_id": group_id + } + + response = requests.post(f'{self.api_endpoint}/case/notes/add', headers=self.headers, + verify=verify_cert, proxies=proxies, json=body + ) + + if response.status_code == 200: + cases = response.json() + if cases: + return cases['data'] + else: + raise DemistoException(f"Request failed with status code {response.status_code}.") + + def get_list_of_groups_and_notes(self, case_id): + + response = requests.get(f'{self.api_endpoint}/case/notes/groups/list?cid={case_id}', headers=self.headers, + verify=verify_cert, proxies=proxies + ) + + if response.status_code == 200: + cases = response.json() + if cases: + return cases['data'] + else: + raise DemistoException(f"Request failed with status code {response.status_code}.") + + def get_list_of_iocs(self, case_id): + + response = requests.get(f'{self.api_endpoint}/case/ioc/list?cid={case_id}', headers=self.headers, + verify=verify_cert, proxies=proxies + ) + + if response.status_code == 200: + cases = response.json() + if cases: + return cases['data'] + else: + raise DemistoException(f"Request failed with status code {response.status_code}.") + + def get_ioc_content(self, case_id, ioc_id): + + response = requests.get(f'{self.api_endpoint}/case/ioc/{ioc_id}?cid={case_id}', headers=self.headers, + verify=verify_cert, proxies=proxies + ) + + if response.status_code == 200: + cases = response.json() + if cases: + return cases['data'] + else: + return cases['message'] + else: + raise DemistoException(f"Request failed with status code {response.status_code}.") + + +''' COMMAND FUNCTIONS ''' + + +def fetch_incidents(dfir_iris, params): + context = demisto.getLastRun() + cases = dfir_iris.get_all_cases() + + incidentLastCaseID = int(params.get('incidentLastCaseID', 0)) + LastCaseId = context.get('lastCaseId', incidentLastCaseID) + + incidents = [] + for case in cases: + if case['case_id'] == LastCaseId: + demisto.info('The case number is the same, do not continue the process') + break + elif case['case_id'] < LastCaseId: + demisto.info('The previous case was deleted, do not continue the process') + break + else: + incident = { + 'name': case['case_name'], + 'rawJSON': json.dumps(case) + } + + incidents.append(incident) + + return incidents, cases[0]['case_id'] + + +def test_module(dfir_iris): + try: + + headers = {'Authorization': f'Bearer {dfir_iris.api_key}', 'User-Agent': 'Defined'} + + response = requests.get(f'{dfir_iris.api_endpoint}/manage/cases/list', headers=headers, + verify=verify_cert, proxies=proxies + ) + + if response.status_code == 200: + return 'ok' + else: + if response.status_code == 401: + raise DemistoException('Authorization Error: make sure API Key is correctly set') + else: + raise DemistoException(f'Not able to connect to {dfir_iris.api_endpoint}') + + except DemistoException as e: + if 'Forbidden' in str(e): + raise DemistoException('Authorization Error: make sure API Key is correctly set') + else: + raise e + + +def process_iris_get_last_case_id(dfir_iris, args: Dict[str, Any]) -> CommandResults: + + results = dfir_iris.get_last_case_id() + + readable_output = tableToMarkdown('Command successfully sent to IRIS DFIR"', results, removeNull=True) + + return CommandResults( + outputs_prefix='IRIS', + outputs_key_field='', + readable_output=readable_output, + outputs=results, + ) + + +def process_get_all_cases(dfir_iris, args: Dict[str, Any]) -> CommandResults: + + results = dfir_iris.get_all_cases() + + readable_output = tableToMarkdown('Command successfully sent to IRIS DFIR"', results, removeNull=True) + + return CommandResults( + outputs_prefix='IRIS', + outputs_key_field='', + readable_output=readable_output, + outputs=results, + ) + + +def process_close_case(dfir_iris, args: Dict[str, Any]) -> CommandResults: + case_id = args.get("case_id") + results = dfir_iris.close_case(case_id) + + readable_output = tableToMarkdown('Command successfully sent to IRIS DFIR"', results, removeNull=True) + + return CommandResults( + outputs_prefix='IRIS', + outputs_key_field='', + readable_output=readable_output, + outputs=results, + ) + + +def process_reopen_case(dfir_iris, args: Dict[str, Any]) -> CommandResults: + case_id = args.get("case_id") + results = dfir_iris.reopen_case(case_id) + readable_output = tableToMarkdown('Command successfully sent to IRIS DFIR"', results, removeNull=True) + + return CommandResults( + outputs_prefix='IRIS', + outputs_key_field='', + readable_output=readable_output, + outputs=results, + ) + + +def process_update_case_state(dfir_iris, args: Dict[str, Any]) -> CommandResults: + case_id = args.get("case_id") + case_name = args.get("case_name") + case_state = args.get("case_state") + + results = dfir_iris.update_case_state(case_id, case_name, case_state) + + readable_output = tableToMarkdown('Command successfully sent to IRIS DFIR"', results, removeNull=True) + + return CommandResults( + outputs_prefix='IRIS', + outputs_key_field='', + readable_output=readable_output, + outputs=results, + ) + + +def process_create_notes_group(dfir_iris, args: Dict[str, Any]) -> CommandResults: + case_id = args.get("case_id") + group_title = args.get("group_title") + + results = dfir_iris.create_notes_group(case_id, group_title) + readable_output = tableToMarkdown('Command successfully sent to IRIS DFIR"', results, removeNull=True) + + return CommandResults( + outputs_prefix='IRIS', + outputs_key_field='', + readable_output=readable_output, + outputs=results, + ) + + +def process_add_new_note_to_group(dfir_iris, args: Dict[str, Any]) -> CommandResults: + case_id = args.get("case_id") + note_title = args.get("note_title") + note_content = args.get("note_content") + group_id = args.get("group_id") + + results = dfir_iris.add_new_note_to_group(case_id, note_title, note_content, group_id) + readable_output = tableToMarkdown('Command successfully sent to IRIS DFIR"', results, removeNull=True) + + return CommandResults( + outputs_prefix='IRIS', + outputs_key_field='', + readable_output=readable_output, + outputs=results, + ) + + +def process_get_list_of_groups_and_notes(dfir_iris, args: Dict[str, Any]) -> CommandResults: + case_id = args.get("case_id") + + results = dfir_iris.get_list_of_groups_and_notes(case_id) + readable_output = tableToMarkdown('Command successfully sent to IRIS DFIR"', results, removeNull=True) + + return CommandResults( + outputs_prefix='IRIS', + outputs_key_field='', + readable_output=readable_output, + outputs=results, + ) + + +def process_get_list_of_iocs(dfir_iris, args: Dict[str, Any]) -> CommandResults: + case_id = args.get("case_id") + results = dfir_iris.get_list_of_iocs(case_id) + + readable_output = tableToMarkdown('Command successfully sent to IRIS DFIR"', results, removeNull=True) + + return CommandResults( + outputs_prefix='IRIS', + outputs_key_field='', + readable_output=readable_output, + outputs=results, + ) + + +def process_get_ioc_content(dfir_iris, args: Dict[str, Any]) -> CommandResults: + case_id = args.get("case_id") + ioc_id = args.get("ioc_id") + + results = dfir_iris.get_ioc_content(case_id, ioc_id) + readable_output = tableToMarkdown('Command successfully sent to IRIS DFIR"', results, removeNull=True) + + return CommandResults( + outputs_prefix='IRIS', + outputs_key_field='', + readable_output=readable_output, + outputs=results, + ) + + +''' MAIN FUNCTION ''' + + +def main(): + """ COMMANDS MANAGER / SWITCH PANEL """ + params = demisto.params() + command = demisto.command() + + demisto.info(f'Command being called is {command}') + try: + # initialized Authentication client + api_key = params.get('api_key', {}).get('password', '') + api_endpoint = params.get('host') + dfir_iris = DFIRIrisAPI(api_endpoint, api_key) + + if command == 'test-module': + # This is the call made when pressing the integration Test button. + result = test_module(dfir_iris) + return_results(result) + + elif command == 'fetch-incidents': + incidents, lastCaseId = fetch_incidents(dfir_iris, demisto.params()) + demisto.incidents(incidents) + + demisto.setLastRun({'lastCaseId': lastCaseId}) + + elif command == 'iris-get-last-case-id': + return_results(process_iris_get_last_case_id(dfir_iris, demisto.args())) + elif command == 'iris-get-all-cases': + return_results(process_get_all_cases(dfir_iris, demisto.args())) + elif command == 'iris-close-case-id': + return_results(process_close_case(dfir_iris, demisto.args())) + elif command == 'iris-reopen-case-id': + return_results(process_reopen_case(dfir_iris, demisto.args())) + elif command == 'iris-change-case-state': + return_results(process_update_case_state(dfir_iris, demisto.args())) + elif command == 'iris-create-notes-group': + return_results(process_create_notes_group(dfir_iris, demisto.args())) + elif command == 'iris-add-new-note-to-group': + return_results(process_add_new_note_to_group(dfir_iris, demisto.args())) + elif command == 'iris-get-list-of-groups-and-notes': + return_results(process_get_list_of_groups_and_notes(dfir_iris, demisto.args())) + elif command == 'iris-get-list-of-iocs': + return_results(process_get_list_of_iocs(dfir_iris, demisto.args())) + elif command == 'iris-get-ioc-content': + return_results(process_get_ioc_content(dfir_iris, demisto.args())) + else: + raise NotImplementedError(f'Command {command} is not implemented') + + except Exception as ex: + demisto.error(traceback.format_exc()) # print the traceback + return_error(f'Failed to process incidents. Error: {str(ex)}') + + +''' ENTRY POINT ''' + + +if __name__ in ('__main__', '__builtin__', 'builtins'): + main() diff --git a/Packs/IRISDFIR/Integrations/IRISDFIR/IRISDFIR.yml b/Packs/IRISDFIR/Integrations/IRISDFIR/IRISDFIR.yml new file mode 100644 index 000000000000..1af61611eb4b --- /dev/null +++ b/Packs/IRISDFIR/Integrations/IRISDFIR/IRISDFIR.yml @@ -0,0 +1,274 @@ +category: Case Management +commonfields: + id: IRIS DFIR + version: -1 +configuration: +- display: Server IP or Host Name (e.g., https://192.168.0.1) + name: host + required: true + section: Connect + type: 0 +- display: "" + displaypassword: API Key for authentication + hiddenusername: true + name: api_key + required: true + section: Connect + type: 9 +- advanced: true + display: Trust any certificate (not secure) + name: insecure + required: false + section: Connect + type: 8 +- advanced: true + display: Use system proxy settings + name: proxy + required: false + section: Connect + type: 8 +- display: Fetch incidents + name: isFetch + required: false + type: 8 +- defaultvalue: "1" + display: Incidents Fetch Interval + name: incidentFetchInterval + required: false + type: 19 +- display: Incident type + name: incidentType + required: false + type: 13 +- additionalinfo: Fetch all the cases starting from this value, not including it. + defaultvalue: "0" + display: Incident Last Case ID + name: incidentLastCaseID + required: false + type: 0 +description: IRIS is a collaborative platform aiming to help incident responders to share technical details during investigations. It's free and open-source. +display: IRIS DFIR +name: IRIS DFIR +script: + commands: + - arguments: [] + description: IRIS Command to get the last case information. + name: iris-get-last-case-id + outputs: + - contextPath: IRIS.case_soc_id + description: SOC ID ticket case. + type: string + - contextPath: IRIS.case_id + description: case ID ticket number. + type: number + - contextPath: IRIS.case_description + description: case description. + type: string + - contextPath: IRIS.opened_by + description: case opened by. + - contextPath: IRIS.owner + description: case owner. + - contextPath: IRIS.classification_id + description: case classification ID. + type: number + - contextPath: IRIS.state_name + description: case state name. + type: string + - contextPath: IRIS.case_open_date + description: case open date. + - contextPath: IRIS.case_name + description: case name. + type: string + - contextPath: IRIS.client_name + description: case client name. + type: string + - contextPath: IRIS.classification + description: case classification. + type: string + - contextPath: IRIS.case_uuid + description: case uuid. + type: string + - contextPath: IRIS.state_id + description: case state ID. + type: string + - contextPath: IRIS.access_level + description: case access level. + type: string + - arguments: [] + description: Return a list of all IRIS DFIR cases. + name: iris-get-all-cases + outputs: + - contextPath: IRIS.case_soc_id + description: SOC ID ticket case. + - contextPath: IRIS.case_id + description: case ID ticket number. + type: number + - contextPath: IRIS.case_description + description: case description. + - contextPath: IRIS.opened_by + description: case opened by. + - contextPath: IRIS.owner + description: case owner. + - contextPath: IRIS.classification_id + description: case classification ID. + type: number + - contextPath: IRIS.state_name + description: case state name. + - contextPath: IRIS.case_open_date + description: case open date. + - contextPath: IRIS.case_name + description: case name. + - contextPath: IRIS.client_name + description: case client name. + - contextPath: IRIS.classification + description: case classification. + - contextPath: IRIS.case_uuid + description: case uuid. + - contextPath: IRIS.state_id + description: case state ID. + - contextPath: IRIS.access_level + description: case access level. + - arguments: + - description: Provide Case ID. + name: case_id + required: true + type: unknown + description: Close a specific case by ID. + name: iris-close-case-id + outputs: + - contextPath: IRIS.case_name + description: case name. + - contextPath: IRIS.case_soc_id + description: case soc ID. + - contextPath: IRIS.open_date + description: case open date. + - contextPath: IRIS.close_date + description: case close date. + - arguments: + - description: case ID. + name: case_id + description: Reopen a specific case by ID. + name: iris-reopen-case-id + outputs: + - contextPath: IRIS.case_soc_id + description: case soc ID. + - contextPath: IRIS.case_id + description: case ID. + - contextPath: IRIS.close_date + description: case close date. + - contextPath: IRIS.open_date + description: case open date. + - contextPath: IRIS.case_name + description: case name. + - contextPath: IRIS.closing_note + description: case closing note. + - arguments: + - description: Case ID. + name: case_id + required: true + - description: Case name. + name: case_name + required: true + - auto: PREDEFINED + description: Case state. + name: case_state + predefined: + - In progress + - Opened + - Containement + - Eradication + - Recovery + - Post-Incident + - Reporting + - Closed + required: true + description: Change case state status. + name: iris-change-case-state + outputs: + - contextPath: IRIS.case_id + description: Case ID. + type: number + - contextPath: IRIS.case_name + description: Case name. + type: string + - contextPath: IRIS.case_state + description: Case state. + type: string + - arguments: + - description: Case ID. + name: case_id + required: true + - description: Notes group tittle. + name: group_title + required: true + description: Creates notes group. + name: iris-create-notes-group + - arguments: + - description: Case ID. + name: case_id + required: true + - description: Note tittle. + name: note_title + required: true + - description: Note content. + name: note_content + required: true + - description: Group ID. + name: group_id + required: true + description: Add a new note to an existing group. + name: iris-add-new-note-to-group + - arguments: + - description: Case ID. + name: case_id + required: true + description: Get a list of the notes and groups. + name: iris-get-list-of-groups-and-notes + - arguments: + - description: Case ID. + name: case_id + required: true + description: Returns a list of IOCs as well as any existing linked with other cases. + name: iris-get-list-of-iocs + outputs: + - contextPath: IRIS.case_id + description: Case ID. + type: number + - contextPath: IRIS.case_name + description: Case Name. + type: string + - arguments: + - description: Case ID. + name: case_id + required: true + - description: IoC ID. + name: ioc_id + required: true + description: Fetch the content of an ioc. + name: iris-get-ioc-content + outputs: + - contextPath: IRIS.case_id + description: Case ID. + type: number + - contextPath: IRIS.ioc_description + description: IoC Description. + type: string + - contextPath: IRIS.ioc_id + description: IoC ID. + type: number + - contextPath: IRIS.ioc_value + description: IoC Value. + type: string + - contextPath: IRIS.ioc_type + description: IoC Type. + type: string + dockerimage: demisto/python3:3.10.13.86272 + isFetchSamples: true + isfetch: true + runonce: false + script: '' + subtype: python3 + type: python +fromversion: 6.10.0 +tests: +- No tests (auto formatted) diff --git a/Packs/IRISDFIR/Integrations/IRISDFIR/IRISDFIR_description.md b/Packs/IRISDFIR/Integrations/IRISDFIR/IRISDFIR_description.md new file mode 100644 index 000000000000..d933e632ad39 --- /dev/null +++ b/Packs/IRISDFIR/Integrations/IRISDFIR/IRISDFIR_description.md @@ -0,0 +1,10 @@ +## IRIS +How to set up API Keys in IRIS web console. + + +**Creating an API Key** +1. Go to your IRIS web console, on left side panel, click Advanced > Access Control and Add User. +2. Recomended to create the user as service account, for that when creating the user click on "Use as service account". +3. Click save. +4. Click on the created user and note the API key. +5. Use the API to configure the IRIS integration. diff --git a/Packs/IRISDFIR/Integrations/IRISDFIR/IRISDFIR_image.png b/Packs/IRISDFIR/Integrations/IRISDFIR/IRISDFIR_image.png new file mode 100644 index 000000000000..8adb7ad903ee Binary files /dev/null and b/Packs/IRISDFIR/Integrations/IRISDFIR/IRISDFIR_image.png differ diff --git a/Packs/IRISDFIR/Integrations/IRISDFIR/README.md b/Packs/IRISDFIR/Integrations/IRISDFIR/README.md new file mode 100644 index 000000000000..b7381c0796c8 --- /dev/null +++ b/Packs/IRISDFIR/Integrations/IRISDFIR/README.md @@ -0,0 +1,1394 @@ +IRIS is a collaborative platform aiming to help incident responders to share technical details during investigations. It's free and open-source. +This integration was integrated and tested with version v2.3.6 of IRIS DFIR + +## Configure IRIS DFIR on Cortex XSOAR + +1. Navigate to **Settings** > **Integrations** > **Servers & Services**. +2. Search for IRIS DFIR. +3. Click **Add instance** to create and configure a new integration instance. + + | **Parameter** | **Description** | **Required** | + | --- | --- | --- | + | Server IP or Host Name (e.g., https://192.168.0.1) | | True | + | API Key for authentication | | True | + | Trust any certificate (not secure) | | False | + | Use system proxy settings | | False | + | Fetch incidents | | False | + | Incidents Fetch Interval | | False | + | Incident type | | False | + | Incident Last Case ID | Fetch all the cases starting from this value, not including it. | False | + +4. Click **Test** to validate the URLs, token, and connection. + +## Commands + +You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. +After you successfully execute a command, a DBot message appears in the War Room with the command details. + +### iris-get-last-case-id + +*** +IRIS Command to get the last case information + +#### Base Command + +`iris-get-last-case-id` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| IRIS.case_soc_id | string | SOC ID ticket case | +| IRIS.case_id | number | case ID ticket number | +| IRIS.case_description | string | case description | +| IRIS.opened_by | unknown | case opened by | +| IRIS.owner | unknown | case owner | +| IRIS.classification_id | number | case classification ID | +| IRIS.state_name | string | case state name | +| IRIS.case_open_date | unknown | case open date | +| IRIS.case_name | string | case name | +| IRIS.client_name | string | case client name | +| IRIS.classification | string | case classification | +| IRIS.case_uuid | string | case uuid | +| IRIS.state_id | string | case state ID | +| IRIS.access_level | string | case access level | + +#### Command example +```!iris-get-last-case-id``` +#### Context Example +```json +{ + "IRIS": { + "access_level": 4, + "case_close_date": "", + "case_description": "TEST 7", + "case_id": 32, + "case_name": "#32 - TEST 7", + "case_open_date": "12/18/2023", + "case_soc_id": "", + "case_uuid": "47ae5435-4c25-4408-bf86-98277807b2fa", + "classification": "malicious-code:dialer", + "classification_id": 9, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + } +} +``` + +#### Human Readable Output + +>### Command successfully sent to IRIS DFIR" +>|access_level|case_description|case_id|case_name|case_open_date|case_uuid|classification|classification_id|client_name|opened_by|opened_by_user_id|owner|owner_id|state_id|state_name| +>|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---| +>| 4 | TEST 7 | 32 | #32 - TEST 7 | 12/18/2023 | 47ae5435-4c25-4408-bf86-98277807b2fa | malicious-code:dialer | 9 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | + + +### iris-get-all-cases + +*** +Return a list of all IRIS DFIR cases + +#### Base Command + +`iris-get-all-cases` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| IRIS.case_soc_id | unknown | SOC ID ticket case | +| IRIS.case_id | number | case ID ticket number | +| IRIS.case_description | unknown | case description | +| IRIS.opened_by | unknown | case opened by | +| IRIS.owner | unknown | case owner | +| IRIS.classification_id | number | case classification ID | +| IRIS.state_name | unknown | case state name | +| IRIS.case_open_date | unknown | case open date | +| IRIS.case_name | unknown | case name | +| IRIS.client_name | unknown | case client name | +| IRIS.classification | unknown | case classification | +| IRIS.case_uuid | unknown | case uuid | +| IRIS.state_id | unknown | case state ID | +| IRIS.access_level | unknown | case access level | + +#### Command example +```!iris-get-all-cases``` +#### Context Example +```json +{ + "IRIS": [ + { + "access_level": 4, + "case_close_date": "", + "case_description": "TEST 7", + "case_id": 32, + "case_name": "#32 - TEST 7", + "case_open_date": "12/18/2023", + "case_soc_id": "", + "case_uuid": "47ae5435-4c25-4408-bf86-98277807b2fa", + "classification": "malicious-code:dialer", + "classification_id": 9, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "TEST 5", + "case_id": 31, + "case_name": "#31 - TEST 5", + "case_open_date": "12/18/2023", + "case_soc_id": "", + "case_uuid": "5d5e6bc6-2c83-4c77-9f87-fb12d82e1e35", + "classification": "malicious-code:ransomware", + "classification_id": 6, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "case null 0000f\n\n### dsdsdsd", + "case_id": 29, + "case_name": "#29 - case null 0000f", + "case_open_date": "12/14/2023", + "case_soc_id": "", + "case_uuid": "e7ed6439-799a-4eaf-b16c-cde8f7a10ffc", + "classification": "malicious-code:dialer", + "classification_id": 9, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "malware byte you\n\ntest22222", + "case_id": 28, + "case_name": "#28 - malware byte you", + "case_open_date": "12/14/2023", + "case_soc_id": "test-eu-111", + "case_uuid": "2aeb9026-7b1d-4caa-a22d-b95e7507eec8", + "classification": "abusive-content:harmful-speech", + "classification_id": 2, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 4, + "state_name": "Containment" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "test jira fields\n\n### 12244434", + "case_id": 27, + "case_name": "#27 - test jira fields", + "case_open_date": "11/30/2023", + "case_soc_id": "", + "case_uuid": "6b8d5e9a-e27b-4a6a-b27d-059b235f0814", + "classification": "malicious-code:spyware-rat", + "classification_id": 8, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "Evil rootkit\n## \nmachine evil\n\n", + "case_id": 26, + "case_name": "#26 - Evil rootkit", + "case_open_date": "11/22/2023", + "case_soc_id": "CERT-EU-846327", + "case_uuid": "dec1a169-37cf-44b0-8e9d-78b51efebbc0", + "classification": "malicious-code:rootkit", + "classification_id": 10, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 5, + "state_name": "Eradication" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "mail spam \n\nspam 1234444", + "case_id": 25, + "case_name": "#25 - mail spam", + "case_open_date": "11/22/2023", + "case_soc_id": "CERT-EU-8213423", + "case_uuid": "83317f2e-72df-4934-a283-500fecd0e758", + "classification": "abusive-content:spam", + "classification_id": 1, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 4, + "state_name": "Containment" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "Evil spyware\n\ndark 123 machine local", + "case_id": 24, + "case_name": "#24 - Evil spyware", + "case_open_date": "11/22/2023", + "case_soc_id": "CERT-EU-896492", + "case_uuid": "c63dc059-b8a7-4595-bc2b-833e4798e3ac", + "classification": "malicious-code:spyware-rat", + "classification_id": 8, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "Scanning VIP\n\n\nfdsfdsfsdfsdfsdfsdf", + "case_id": 23, + "case_name": "#23 - Scanning VIP", + "case_open_date": "11/22/2023", + "case_soc_id": "CERT-EU-2316346", + "case_uuid": "cd85ed04-fa5a-4f47-8a3f-0280297a3d53", + "classification": "information-gathering:scanner", + "classification_id": 11, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "virus id 2244\n\ntesting 123\n\nmachine 10.0.0.1", + "case_id": 20, + "case_name": "#20 - virus id 2244", + "case_open_date": "11/22/2023", + "case_soc_id": "CERT-EU-55", + "case_uuid": "6e71ba63-ad61-4c7e-8b4e-10f16a65cb36", + "classification": "malicious-code:virus", + "classification_id": 4, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "rootkit blabla\n\nmachine.dark.local malware baisfldasnfadsf", + "case_id": 19, + "case_name": "#19 - rootkit blabla", + "case_open_date": "09/29/2023", + "case_soc_id": "CERT--EU-444", + "case_uuid": "a48eed36-cc03-4a42-a13b-3af41a76dccb", + "classification": "malicious-code:rootkit", + "classification_id": 10, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + }, + { + "access_level": 4, + "case_close_date": "09/28/2023", + "case_description": "Phishing EU member\n\nblabla", + "case_id": 18, + "case_name": "#18 - Phishing EU member", + "case_open_date": "09/28/2023", + "case_soc_id": "CERT-EU-77", + "case_uuid": "a9803459-461b-4442-a11e-b6440a91cd85", + "classification": "fraud:phishing", + "classification_id": 30, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 9, + "state_name": "Closed" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "Phishing EU official\n\ntest ticket !!!", + "case_id": 17, + "case_name": "#17 - #17 case custom attrib test", + "case_open_date": "08/09/2023", + "case_soc_id": "soc_id_demo", + "case_uuid": "c034f0fa-d19c-480a-8b1d-045b558915d0", + "classification": "abusive-content:harmful-speech", + "classification_id": 2, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "Natasha Carl", + "owner_id": 2, + "state_id": 4, + "state_name": "Containment" + }, + { + "access_level": 4, + "case_close_date": "09/25/2023", + "case_description": "spam test ticket\n\nblah", + "case_id": 16, + "case_name": "#16 - spam test ticket", + "case_open_date": "07/13/2023", + "case_soc_id": "CERT-EU-21", + "case_uuid": "71636b85-ef58-4d45-a5bf-faa2ac00031a", + "classification": "abusive-content:spam", + "classification_id": 1, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 9, + "state_name": "Closed" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "dark.local\n\ntesting notes", + "case_id": 15, + "case_name": "#15 - Virus detected on VM dark.local", + "case_open_date": "07/13/2023", + "case_soc_id": "CERT-EU-20", + "case_uuid": "94e4a63a-3c8b-4a4e-ae02-b32c0c1b6386", + "classification": "malicious-code:virus", + "classification_id": 4, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 2, + "state_name": "In progress" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "ROOTKIT TEST\n\nTHIS IS A TEST FORM", + "case_id": 13, + "case_name": "#13 - ROOTKIT TEST", + "case_open_date": "06/08/2023", + "case_soc_id": "CERT-EU-19", + "case_uuid": "6f8a72b5-2c82-4654-b84a-e8e10e9299de", + "classification": "malicious-code:rootkit", + "classification_id": 10, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + }, + { + "access_level": 4, + "case_close_date": "09/26/2023", + "case_description": "Scanning ports machine X\n\n\n- 1\n- 2\n- 3\n- \n**## EDITED**", + "case_id": 12, + "case_name": "#12 - Scanning ports machine X", + "case_open_date": "06/08/2023", + "case_soc_id": "CERT-EU-18", + "case_uuid": "3662a525-d572-495c-9d25-45920c3ad1ce", + "classification": "information-gathering:scanner", + "classification_id": 11, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 9, + "state_name": "Closed" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "Code Dialer\n\n### TEST CODE CODE ", + "case_id": 11, + "case_name": "#11 - Code Dialer", + "case_open_date": "06/08/2023", + "case_soc_id": "CERT-EU-17", + "case_uuid": "f0b3b128-88f3-4a37-a908-58ecb5fc7c89", + "classification": "malicious-code:dialer", + "classification_id": 9, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "spyware test 1", + "case_id": 10, + "case_name": "#10 - spyware test 1", + "case_open_date": "06/08/2023", + "case_soc_id": "CERT-EU-16", + "case_uuid": "38ba94bf-978f-4073-99af-291f79889b0b", + "classification": "malicious-code:spyware-rat", + "classification_id": 8, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "Social Eng", + "case_id": 9, + "case_name": "#9 - Social Eng", + "case_open_date": "06/07/2023", + "case_soc_id": "CERT-EU-15", + "case_uuid": "35070554-73c1-421a-bdbb-b840f09411b4", + "classification": "information-gathering:social-engineering", + "classification_id": 13, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "WAF invaded", + "case_id": 8, + "case_name": "#8 - WAF invaded", + "case_open_date": "06/07/2023", + "case_soc_id": "CERT-EU-15", + "case_uuid": "9bab6e73-be89-497c-bfc1-25e213f933eb", + "classification": null, + "classification_id": null, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "A virus has been detected on machine **machine.darkside.in** \n\nDDOS\n\n| Port | Protocol |Hostname|\n|--|--|--|\n| 443 | TCP |machine.darkside.in|\n\n\n```echo Please investigate !```\n\n### HELP !", + "case_id": 7, + "case_name": "#7 - test command 1", + "case_open_date": "06/07/2023", + "case_soc_id": "CERT-EU-14", + "case_uuid": "e88efdc4-6811-4c59-aca6-7eeefab72a81", + "classification": "availability:ddos", + "classification_id": 23, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 6, + "state_name": "Recovery" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "A virus has been detected on machine **machine.darkside.in** \n\n| Port | Protocol |Hostname|\n|--|--|--|\n| 443 | TCP |machine.darkside.in|\n\n\n```echo Please investigate !```\n\n### HELP !", + "case_id": 6, + "case_name": "#6 - Malware detected on machine.darkside.in", + "case_open_date": "06/07/2023", + "case_soc_id": "CERT-EU-13", + "case_uuid": "4f7d583d-7724-4be3-9137-7ca248630bc0", + "classification": null, + "classification_id": null, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "Ransomware test", + "case_id": 3, + "case_name": "#3 - CERT-EU Ransomware test", + "case_open_date": "06/05/2023", + "case_soc_id": "CERT-EU-82", + "case_uuid": "7b9ec75f-f194-4d73-a98a-b657b40b2cc4", + "classification": "malicious-code:ransomware", + "classification_id": 6, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + }, + { + "access_level": 4, + "case_close_date": "", + "case_description": "A virus has been detected on machine **darkpace.evil** \n\n| Port | Protocol |Hostname|\n|--|--|--|\n| 443 | TCP |darkplace.evil|\n\n\n```echo Please investigate !```\n\n### HELP !", + "case_id": 2, + "case_name": "#2 - virus-windows-11", + "case_open_date": "06/05/2023", + "case_soc_id": "CERT-EU-12", + "case_uuid": "1a5e6534-571f-4788-b4f5-47cc6b0c18bc", + "classification": "malicious-code:virus", + "classification_id": 4, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 3, + "state_name": "Opened" + }, + { + "access_level": 4, + "case_close_date": "06/05/2023", + "case_description": "This is a demonstration.", + "case_id": 1, + "case_name": "#1 - Initial Demo", + "case_open_date": "06/05/2023", + "case_soc_id": "soc_id_demo", + "case_uuid": "46480e7c-5b78-42c5-8b2e-678991a8a495", + "classification": null, + "classification_id": null, + "client_name": "CERT-EU", + "opened_by": "nouser2", + "opened_by_user_id": 1, + "owner": "nouser2", + "owner_id": 1, + "state_id": 2, + "state_name": "In progress" + } + ] +} +``` + +#### Human Readable Output + +>### Command successfully sent to IRIS DFIR" +>|access_level|case_close_date|case_description|case_id|case_name|case_open_date|case_soc_id|case_uuid|classification|classification_id|client_name|opened_by|opened_by_user_id|owner|owner_id|state_id|state_name| +>|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---| +>| 4 | | TEST 7 | 32 | #32 - TEST 7 | 12/18/2023 | | 47ae5435-4c25-4408-bf86-98277807b2fa | malicious-code:dialer | 9 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | +>| 4 | | TEST 5 | 31 | #31 - TEST 5 | 12/18/2023 | | 5d5e6bc6-2c83-4c77-9f87-fb12d82e1e35 | malicious-code:ransomware | 6 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | +>| 4 | | case null 0000f

### dsdsdsd | 29 | #29 - case null 0000f | 12/14/2023 | | e7ed6439-799a-4eaf-b16c-cde8f7a10ffc | malicious-code:dialer | 9 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | +>| 4 | | malware byte you

test22222 | 28 | #28 - malware byte you | 12/14/2023 | test-eu-111 | 2aeb9026-7b1d-4caa-a22d-b95e7507eec8 | abusive-content:harmful-speech | 2 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 4 | Containment | +>| 4 | | test jira fields

### 12244434 | 27 | #27 - test jira fields | 11/30/2023 | | 6b8d5e9a-e27b-4a6a-b27d-059b235f0814 | malicious-code:spyware-rat | 8 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | +>| 4 | | Evil rootkit
##
machine evil

| 26 | #26 - Evil rootkit | 11/22/2023 | CERT-EU-846327 | dec1a169-37cf-44b0-8e9d-78b51efebbc0 | malicious-code:rootkit | 10 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 5 | Eradication | +>| 4 | | mail spam

spam 1234444 | 25 | #25 - mail spam | 11/22/2023 | CERT-EU-8213423 | 83317f2e-72df-4934-a283-500fecd0e758 | abusive-content:spam | 1 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 4 | Containment | +>| 4 | | Evil spyware

dark 123 machine local | 24 | #24 - Evil spyware | 11/22/2023 | CERT-EU-896492 | c63dc059-b8a7-4595-bc2b-833e4798e3ac | malicious-code:spyware-rat | 8 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | +>| 4 | | Scanning VIP


fdsfdsfsdfsdfsdfsdf | 23 | #23 - Scanning VIP | 11/22/2023 | CERT-EU-2316346 | cd85ed04-fa5a-4f47-8a3f-0280297a3d53 | information-gathering:scanner | 11 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | +>| 4 | | virus id 2244

testing 123

machine 10.0.0.1 | 20 | #20 - virus id 2244 | 11/22/2023 | CERT-EU-55 | 6e71ba63-ad61-4c7e-8b4e-10f16a65cb36 | malicious-code:virus | 4 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | +>| 4 | | rootkit blabla

machine.dark.local malware baisfldasnfadsf | 19 | #19 - rootkit blabla | 09/29/2023 | CERT--EU-444 | a48eed36-cc03-4a42-a13b-3af41a76dccb | malicious-code:rootkit | 10 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | +>| 4 | 09/28/2023 | Phishing EU member

blabla | 18 | #18 - Phishing EU member | 09/28/2023 | CERT-EU-77 | a9803459-461b-4442-a11e-b6440a91cd85 | fraud:phishing | 30 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 9 | Closed | +>| 4 | | Phishing EU official

test ticket !!! | 17 | #17 - #17 case custom attrib test | 08/09/2023 | soc_id_demo | c034f0fa-d19c-480a-8b1d-045b558915d0 | abusive-content:harmful-speech | 2 | CERT-EU | nouser2 | 1 | Natasha Carl | 2 | 4 | Containment | +>| 4 | 09/25/2023 | spam test ticket

blah | 16 | #16 - spam test ticket | 07/13/2023 | CERT-EU-21 | 71636b85-ef58-4d45-a5bf-faa2ac00031a | abusive-content:spam | 1 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 9 | Closed | +>| 4 | | dark.local

testing notes | 15 | #15 - Virus detected on VM dark.local | 07/13/2023 | CERT-EU-20 | 94e4a63a-3c8b-4a4e-ae02-b32c0c1b6386 | malicious-code:virus | 4 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 2 | In progress | +>| 4 | | ROOTKIT TEST

THIS IS A TEST FORM | 13 | #13 - ROOTKIT TEST | 06/08/2023 | CERT-EU-19 | 6f8a72b5-2c82-4654-b84a-e8e10e9299de | malicious-code:rootkit | 10 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | +>| 4 | 09/26/2023 | Scanning ports machine X


- 1
- 2
- 3
-
**## EDITED** | 12 | #12 - Scanning ports machine X | 06/08/2023 | CERT-EU-18 | 3662a525-d572-495c-9d25-45920c3ad1ce | information-gathering:scanner | 11 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 9 | Closed | +>| 4 | | Code Dialer

### TEST CODE CODE | 11 | #11 - Code Dialer | 06/08/2023 | CERT-EU-17 | f0b3b128-88f3-4a37-a908-58ecb5fc7c89 | malicious-code:dialer | 9 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | +>| 4 | | spyware test 1 | 10 | #10 - spyware test 1 | 06/08/2023 | CERT-EU-16 | 38ba94bf-978f-4073-99af-291f79889b0b | malicious-code:spyware-rat | 8 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | +>| 4 | | Social Eng | 9 | #9 - Social Eng | 06/07/2023 | CERT-EU-15 | 35070554-73c1-421a-bdbb-b840f09411b4 | information-gathering:social-engineering | 13 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | +>| 4 | | WAF invaded | 8 | #8 - WAF invaded | 06/07/2023 | CERT-EU-15 | 9bab6e73-be89-497c-bfc1-25e213f933eb | | | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | +>| 4 | | A virus has been detected on machine **machine.darkside.in**

DDOS

\| Port \| Protocol \|Hostname\|
\|--\|--\|--\|
\| 443 \| TCP \|machine.darkside.in\|


\`\`\`echo Please investigate !\`\`\`

### HELP ! | 7 | #7 - test command 1 | 06/07/2023 | CERT-EU-14 | e88efdc4-6811-4c59-aca6-7eeefab72a81 | availability:ddos | 23 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 6 | Recovery | +>| 4 | | A virus has been detected on machine **machine.darkside.in**

\| Port \| Protocol \|Hostname\|
\|--\|--\|--\|
\| 443 \| TCP \|machine.darkside.in\|


\`\`\`echo Please investigate !\`\`\`

### HELP ! | 6 | #6 - Malware detected on machine.darkside.in | 06/07/2023 | CERT-EU-13 | 4f7d583d-7724-4be3-9137-7ca248630bc0 | | | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | +>| 4 | | Ransomware test | 3 | #3 - CERT-EU Ransomware test | 06/05/2023 | CERT-EU-82 | 7b9ec75f-f194-4d73-a98a-b657b40b2cc4 | malicious-code:ransomware | 6 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | +>| 4 | | A virus has been detected on machine **darkpace.evil**

\| Port \| Protocol \|Hostname\|
\|--\|--\|--\|
\| 443 \| TCP \|darkplace.evil\|


\`\`\`echo Please investigate !\`\`\`

### HELP ! | 2 | #2 - virus-windows-11 | 06/05/2023 | CERT-EU-12 | 1a5e6534-571f-4788-b4f5-47cc6b0c18bc | malicious-code:virus | 4 | CERT-EU | nouser2 | 1 | nouser2 | 1 | 3 | Opened | +>| 4 | 06/05/2023 | This is a demonstration. | 1 | #1 - Initial Demo | 06/05/2023 | soc_id_demo | 46480e7c-5b78-42c5-8b2e-678991a8a495 | | | CERT-EU | nouser2 | 1 | nouser2 | 1 | 2 | In progress | + + +### iris-close-case-id + +*** +Close a specific case by ID. + +#### Base Command + +`iris-close-case-id` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| case_id | Provide Case ID. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| IRIS.case_name | unknown | case name | +| IRIS.case_soc_id | unknown | case soc ID | +| IRIS.open_date | unknown | case open date | +| IRIS.close_date | unknown | case close date | + +#### Command example +```!iris-close-case-id case_id=9``` +#### Context Example +```json +{ + "IRIS": { + "case_customer": 1, + "case_description": "Social Eng", + "case_id": 9, + "case_name": "#9 - Social Eng", + "case_soc_id": "CERT-EU-15", + "case_uuid": "35070554-73c1-421a-bdbb-b840f09411b4", + "classification_id": 13, + "close_date": "2024-01-22", + "closing_note": null, + "custom_attributes": {}, + "modification_history": { + "1686161424.82484": { + "action": "created", + "user": "nouser2", + "user_id": 1 + }, + "1694445948.238388": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694446268.42952": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694446597.253438": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694446626.551442": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694447102.368478": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694447187.785556": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694447233.805542": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694447256.462593": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694447324.542543": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694447772.724512": { + "action": "case reopened", + "user": "nouser2", + "user_id": 1 + }, + "1694448681.95518": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694449204.048061": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694449647.332296": { + "action": "case reopened", + "user": "nouser2", + "user_id": 1 + }, + "1694449754.493539": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694450199.853172": { + "action": "case reopened", + "user": "nouser2", + "user_id": 1 + }, + "1694452250.114495": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694452672.978887": { + "action": "case reopened", + "user": "nouser2", + "user_id": 1 + }, + "1704711697.835427": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1704711700.739643": { + "action": "case reopened", + "user": "nouser2", + "user_id": 1 + }, + "1704711947.950361": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1704711950.774661": { + "action": "case reopened", + "user": "nouser2", + "user_id": 1 + }, + "1705935117.44055": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + } + }, + "open_date": "2023-06-07", + "owner_id": 1, + "state_id": 9, + "status_id": 0, + "user_id": 1 + } +} +``` + +#### Human Readable Output + +>### Command successfully sent to IRIS DFIR" +>|case_customer|case_description|case_id|case_name|case_soc_id|case_uuid|classification_id|close_date|modification_history|open_date|owner_id|state_id|status_id|user_id| +>|---|---|---|---|---|---|---|---|---|---|---|---|---|---| +>| 1 | Social Eng | 9 | #9 - Social Eng | CERT-EU-15 | 35070554-73c1-421a-bdbb-b840f09411b4 | 13 | 2024-01-22 | 1686161424.82484: {"user": "nouser2", "user_id": 1, "action": "created"}
1694445948.238388: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694446268.42952: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694446597.253438: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694446626.551442: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694447102.368478: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694447187.785556: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694447233.805542: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694447256.462593: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694447324.542543: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694447772.724512: {"user": "nouser2", "user_id": 1, "action": "case reopened"}
1694448681.95518: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694449204.048061: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694449647.332296: {"user": "nouser2", "user_id": 1, "action": "case reopened"}
1694449754.493539: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694450199.853172: {"user": "nouser2", "user_id": 1, "action": "case reopened"}
1694452250.114495: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694452672.978887: {"user": "nouser2", "user_id": 1, "action": "case reopened"}
1704711697.835427: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1704711700.739643: {"user": "nouser2", "user_id": 1, "action": "case reopened"}
1704711947.950361: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1704711950.774661: {"user": "nouser2", "user_id": 1, "action": "case reopened"}
1705935117.44055: {"user": "nouser2", "user_id": 1, "action": "case closed"} | 2023-06-07 | 1 | 9 | 0 | 1 | + + +### iris-reopen-case-id + +*** +Reopen a specific case by ID. + +#### Base Command + +`iris-reopen-case-id` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| case_id | case ID. | Optional | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| IRIS.case_soc_id | unknown | case soc ID | +| IRIS.case_id | unknown | case ID | +| IRIS.close_date | unknown | case close date | +| IRIS.open_date | unknown | case open date | +| IRIS.case_name | unknown | case name | +| IRIS.closing_note | unknown | case closing note | + +#### Command example +```!iris-reopen-case-id case_id=9``` +#### Context Example +```json +{ + "IRIS": { + "case_customer": 1, + "case_description": "Social Eng", + "case_id": 9, + "case_name": "#9 - Social Eng", + "case_soc_id": "CERT-EU-15", + "case_uuid": "35070554-73c1-421a-bdbb-b840f09411b4", + "classification_id": 13, + "close_date": null, + "closing_note": null, + "custom_attributes": {}, + "modification_history": { + "1686161424.82484": { + "action": "created", + "user": "nouser2", + "user_id": 1 + }, + "1694445948.238388": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694446268.42952": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694446597.253438": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694446626.551442": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694447102.368478": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694447187.785556": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694447233.805542": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694447256.462593": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694447324.542543": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694447772.724512": { + "action": "case reopened", + "user": "nouser2", + "user_id": 1 + }, + "1694448681.95518": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694449204.048061": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694449647.332296": { + "action": "case reopened", + "user": "nouser2", + "user_id": 1 + }, + "1694449754.493539": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694450199.853172": { + "action": "case reopened", + "user": "nouser2", + "user_id": 1 + }, + "1694452250.114495": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1694452672.978887": { + "action": "case reopened", + "user": "nouser2", + "user_id": 1 + }, + "1704711697.835427": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1704711700.739643": { + "action": "case reopened", + "user": "nouser2", + "user_id": 1 + }, + "1704711947.950361": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1704711950.774661": { + "action": "case reopened", + "user": "nouser2", + "user_id": 1 + }, + "1705935117.44055": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1705935120.30414": { + "action": "case reopened", + "user": "nouser2", + "user_id": 1 + } + }, + "open_date": "2023-06-07", + "owner_id": 1, + "state_id": 3, + "status_id": 0, + "user_id": 1 + } +} +``` + +#### Human Readable Output + +>### Command successfully sent to IRIS DFIR" +>|case_customer|case_description|case_id|case_name|case_soc_id|case_uuid|classification_id|modification_history|open_date|owner_id|state_id|status_id|user_id| +>|---|---|---|---|---|---|---|---|---|---|---|---|---| +>| 1 | Social Eng | 9 | #9 - Social Eng | CERT-EU-15 | 35070554-73c1-421a-bdbb-b840f09411b4 | 13 | 1686161424.82484: {"user": "nouser2", "user_id": 1, "action": "created"}
1694445948.238388: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694446268.42952: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694446597.253438: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694446626.551442: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694447102.368478: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694447187.785556: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694447233.805542: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694447256.462593: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694447324.542543: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694447772.724512: {"user": "nouser2", "user_id": 1, "action": "case reopened"}
1694448681.95518: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694449204.048061: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694449647.332296: {"user": "nouser2", "user_id": 1, "action": "case reopened"}
1694449754.493539: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694450199.853172: {"user": "nouser2", "user_id": 1, "action": "case reopened"}
1694452250.114495: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1694452672.978887: {"user": "nouser2", "user_id": 1, "action": "case reopened"}
1704711697.835427: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1704711700.739643: {"user": "nouser2", "user_id": 1, "action": "case reopened"}
1704711947.950361: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1704711950.774661: {"user": "nouser2", "user_id": 1, "action": "case reopened"}
1705935117.44055: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1705935120.30414: {"user": "nouser2", "user_id": 1, "action": "case reopened"} | 2023-06-07 | 1 | 3 | 0 | 1 | + + +### iris-change-case-state + +*** +Change case state status + +#### Base Command + +`iris-change-case-state` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| case_id | Case ID. | Required | +| case_name | Case name. | Required | +| case_state | Case state. Possible values are: In progress, Opened, Containement, Eradication, Recovery, Post-Incident, Reporting, Closed. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| IRIS.case_id | number | Case ID | +| IRIS.case_name | string | Case name | +| IRIS.case_state | string | Case state | + +#### Command example +```!iris-change-case-state case_id=1 case_state="In progress" case_name="#1 - Initial Demo"``` +#### Context Example +```json +{ + "IRIS": { + "case_customer": 1, + "case_description": "This is a demonstration.", + "case_id": 1, + "case_name": "#1 - Initial Demo", + "case_soc_id": "soc_id_demo", + "case_uuid": "46480e7c-5b78-42c5-8b2e-678991a8a495", + "classification_id": null, + "close_date": "2023-06-05", + "closing_note": null, + "custom_attributes": null, + "modification_history": { + "1685985574.367342": { + "action": "case closed", + "user": "nouser2", + "user_id": 1 + }, + "1704711960.320669": { + "action": "case info updated", + "user": "nouser2", + "user_id": 1 + }, + "1705935129.662093": { + "action": "case info updated", + "user": "nouser2", + "user_id": 1 + } + }, + "open_date": "2023-06-05", + "owner_id": 1, + "state_id": 2, + "status_id": 0, + "user_id": 1 + } +} +``` + +#### Human Readable Output + +>### Command successfully sent to IRIS DFIR" +>|case_customer|case_description|case_id|case_name|case_soc_id|case_uuid|close_date|modification_history|open_date|owner_id|state_id|status_id|user_id| +>|---|---|---|---|---|---|---|---|---|---|---|---|---| +>| 1 | This is a demonstration. | 1 | #1 - Initial Demo | soc_id_demo | 46480e7c-5b78-42c5-8b2e-678991a8a495 | 2023-06-05 | 1685985574.367342: {"user": "nouser2", "user_id": 1, "action": "case closed"}
1704711960.320669: {"user": "nouser2", "user_id": 1, "action": "case info updated"}
1705935129.662093: {"user": "nouser2", "user_id": 1, "action": "case info updated"} | 2023-06-05 | 1 | 2 | 0 | 1 | + + +### iris-create-notes-group + +*** +Creates notes group + +#### Base Command + +`iris-create-notes-group` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| case_id | Case ID. | Required | +| group_title | Notes group tittle. | Required | + +#### Context Output + +There is no context output for this command. +#### Command example +```!iris-create-notes-group case_id=1 group_title="test group"``` +#### Context Example +```json +{ + "IRIS": { + "group_creationdate": "2024-01-22T14:52:12.540571", + "group_id": 57, + "group_lastupdate": "2024-01-22T14:52:12.540571", + "group_title": "test group", + "group_uuid": "62742497-8cf6-4cea-bac4-5ff50e4bb4e5" + } +} +``` + +#### Human Readable Output + +>### Command successfully sent to IRIS DFIR" +>|group_creationdate|group_id|group_lastupdate|group_title|group_uuid| +>|---|---|---|---|---| +>| 2024-01-22T14:52:12.540571 | 57 | 2024-01-22T14:52:12.540571 | test group | 62742497-8cf6-4cea-bac4-5ff50e4bb4e5 | + + +### iris-add-new-note-to-group + +*** +Add a new note to an existing group. + +#### Base Command + +`iris-add-new-note-to-group` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| case_id | Case ID. | Required | +| note_title | Note tittle. | Required | +| note_content | Note content. | Required | +| group_id | Group ID. | Required | + +#### Context Output + +There is no context output for this command. +#### Command example +```!iris-add-new-note-to-group case_id=1 group_id=55 note_content="test content" note_title="test tittle"``` +#### Context Example +```json +{ + "IRIS": { + "custom_attributes": {}, + "note_content": "test content", + "note_creationdate": "2024-01-22T14:52:15.366100", + "note_id": 63, + "note_lastupdate": "2024-01-22T14:52:15.366100", + "note_title": "test tittle", + "note_uuid": "a2cf6b17-d8be-4ca0-814d-12910aefa2f2" + } +} +``` + +#### Human Readable Output + +>### Command successfully sent to IRIS DFIR" +>|note_content|note_creationdate|note_id|note_lastupdate|note_title|note_uuid| +>|---|---|---|---|---|---| +>| test content | 2024-01-22T14:52:15.366100 | 63 | 2024-01-22T14:52:15.366100 | test tittle | a2cf6b17-d8be-4ca0-814d-12910aefa2f2 | + + +### iris-get-list-of-groups-and-notes + +*** +Get a list of the notes and groups. + +#### Base Command + +`iris-get-list-of-groups-and-notes` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| case_id | Case ID. | Required | + +#### Context Output + +There is no context output for this command. +#### Command example +```!iris-get-list-of-groups-and-notes case_id=1``` +#### Context Example +```json +{ + "IRIS": { + "groups": [ + { + "group_id": 1, + "group_title": "test group", + "group_uuid": "98a49bf1-66a3-4014-94a3-b84f7465129e", + "notes": [] + }, + { + "group_id": 55, + "group_title": "test group", + "group_uuid": "89085dde-aa63-467b-a17a-d78d20bdc794", + "notes": [ + { + "note_id": 61, + "note_lastupdate": "2024-01-08T11:04:41.529018", + "note_title": "test tittle", + "note_uuid": "1e7cfa4e-6ce0-4261-ae5d-a70eba2b1462", + "user": "nouser2" + }, + { + "note_id": 62, + "note_lastupdate": "2024-01-08T11:06:05.840447", + "note_title": "test tittle", + "note_uuid": "c1ceef5b-0020-48d7-ac0f-c0c4c40ef396", + "user": "nouser2" + }, + { + "note_id": 63, + "note_lastupdate": "2024-01-22T14:52:15.366100", + "note_title": "test tittle", + "note_uuid": "a2cf6b17-d8be-4ca0-814d-12910aefa2f2", + "user": "nouser2" + } + ] + }, + { + "group_id": 56, + "group_title": "test group", + "group_uuid": "36da7617-6eca-49d9-bbb6-64737db54aab", + "notes": [] + }, + { + "group_id": 57, + "group_title": "test group", + "group_uuid": "62742497-8cf6-4cea-bac4-5ff50e4bb4e5", + "notes": [] + } + ], + "state": { + "object_last_update": "2024-01-22T14:52:15.373121", + "object_state": 8 + } + } +} +``` + +#### Human Readable Output + +>### Command successfully sent to IRIS DFIR" +>|groups|state| +>|---|---| +>| {'group_id': 1, 'group_uuid': '98a49bf1-66a3-4014-94a3-b84f7465129e', 'group_title': 'test group', 'notes': []},
{'group_id': 55, 'group_uuid': '89085dde-aa63-467b-a17a-d78d20bdc794', 'group_title': 'test group', 'notes': [{'note_id': 61, 'note_uuid': '1e7cfa4e-6ce0-4261-ae5d-a70eba2b1462', 'note_title': 'test tittle', 'user': 'nouser2', 'note_lastupdate': '2024-01-08T11:04:41.529018'}, {'note_id': 62, 'note_uuid': 'c1ceef5b-0020-48d7-ac0f-c0c4c40ef396', 'note_title': 'test tittle', 'user': 'nouser2', 'note_lastupdate': '2024-01-08T11:06:05.840447'}, {'note_id': 63, 'note_uuid': 'a2cf6b17-d8be-4ca0-814d-12910aefa2f2', 'note_title': 'test tittle', 'user': 'nouser2', 'note_lastupdate': '2024-01-22T14:52:15.366100'}]},
{'group_id': 56, 'group_uuid': '36da7617-6eca-49d9-bbb6-64737db54aab', 'group_title': 'test group', 'notes': []},
{'group_id': 57, 'group_uuid': '62742497-8cf6-4cea-bac4-5ff50e4bb4e5', 'group_title': 'test group', 'notes': []} | object_state: 8
object_last_update: 2024-01-22T14:52:15.373121 | + + +### iris-get-list-of-iocs + +*** +Returns a list of IOCs as well as any existing linked with other cases. + +#### Base Command + +`iris-get-list-of-iocs` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| case_id | Case ID. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| IRIS.case_id | number | Case ID. | +| IRIS.case_name | string | Case Name. | + +#### Command example +```!iris-get-list-of-iocs case_id=1``` +#### Context Example +```json +{ + "IRIS": { + "ioc": [ + { + "ioc_description": "This is an example", + "ioc_id": 5, + "ioc_misp": null, + "ioc_tags": "", + "ioc_tlp_id": 2, + "ioc_type": "github-username", + "ioc_type_id": 65, + "ioc_uuid": "93ca5e50-13a5-4d59-8b92-b99bf4bb70fd", + "ioc_value": "github-username-example", + "link": [], + "misp_link": null, + "tlp_bscolor": "warning", + "tlp_name": "amber" + } + ], + "state": { + "object_last_update": "2024-01-08T10:45:20.129696", + "object_state": 1 + } + } +} +``` + +#### Human Readable Output + +>### Command successfully sent to IRIS DFIR" +>|ioc|state| +>|---|---| +>| {'ioc_id': 5, 'ioc_uuid': '93ca5e50-13a5-4d59-8b92-b99bf4bb70fd', 'ioc_value': 'github-username-example', 'ioc_type_id': 65, 'ioc_type': 'github-username', 'ioc_description': 'This is an example', 'ioc_tags': '', 'ioc_misp': None, 'tlp_name': 'amber', 'tlp_bscolor': 'warning', 'ioc_tlp_id': 2, 'link': [], 'misp_link': None} | object_state: 1
object_last_update: 2024-01-08T10:45:20.129696 | + + +### iris-get-ioc-content + +*** +Fetch the content of an ioc. + +#### Base Command + +`iris-get-ioc-content` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| case_id | Case ID. | Required | +| ioc_id | IoC ID. | Required | + +#### Context Output + +| **Path** | **Type** | **Description** | +| --- | --- | --- | +| IRIS.case_id | number | Case ID. | +| IRIS.ioc_description | string | IoC Description. | +| IRIS.ioc_id | number | IoC ID. | +| IRIS.ioc_value | string | IoC Value. | +| IRIS.ioc_type | string | IoC Type. | + +#### Command example +```!iris-get-ioc-content case_id=1 ioc_id=5``` +#### Context Example +```json +{ + "IRIS": { + "custom_attributes": {}, + "ioc_description": "This is an example", + "ioc_enrichment": null, + "ioc_id": 5, + "ioc_misp": null, + "ioc_tags": "", + "ioc_tlp_id": 2, + "ioc_type": { + "type_description": "A github user name", + "type_id": 65, + "type_name": "github-username", + "type_taxonomy": null, + "type_validation_expect": null, + "type_validation_regex": null + }, + "ioc_type_id": 65, + "ioc_uuid": "93ca5e50-13a5-4d59-8b92-b99bf4bb70fd", + "ioc_value": "github-username-example", + "user_id": 1 + } +} +``` + +#### Human Readable Output + +>### Command successfully sent to IRIS DFIR" +>|ioc_description|ioc_id|ioc_tlp_id|ioc_type|ioc_type_id|ioc_uuid|ioc_value|user_id| +>|---|---|---|---|---|---|---|---| +>| This is an example | 5 | 2 | type_description: A github user name
type_taxonomy: null
type_id: 65
type_name: github-username
type_validation_regex: null
type_validation_expect: null | 65 | 93ca5e50-13a5-4d59-8b92-b99bf4bb70fd | github-username-example | 1 | + diff --git a/Packs/IRISDFIR/Integrations/IRISDFIR/command_examples.txt b/Packs/IRISDFIR/Integrations/IRISDFIR/command_examples.txt new file mode 100644 index 000000000000..0b10711f31ec --- /dev/null +++ b/Packs/IRISDFIR/Integrations/IRISDFIR/command_examples.txt @@ -0,0 +1,10 @@ +!iris-get-all-cases +!iris-get-last-case-id +!iris-close-case-id case_id=9 +!iris-reopen-case-id case_id=9 +!iris-get-list-of-iocs case_id=1 +!iris-get-ioc-content case_id=1 ioc_id=5 +!iris-change-case-state case_id=1 case_state="In progress" case_name="#1 - Initial Demo" +!iris-create-notes-group case_id=1 group_title="test group" +!iris-add-new-note-to-group case_id=1 group_id=55 note_content="test content" note_title="test tittle" +!iris-get-list-of-groups-and-notes case_id=1 diff --git a/Packs/IRISDFIR/README.md b/Packs/IRISDFIR/README.md new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/Packs/IRISDFIR/pack_metadata.json b/Packs/IRISDFIR/pack_metadata.json new file mode 100644 index 000000000000..2d4885ae4568 --- /dev/null +++ b/Packs/IRISDFIR/pack_metadata.json @@ -0,0 +1,21 @@ +{ + "name": "IRIS DFIR", + "description": "IRIS is a collaborative platform aiming to help incident responders to share technical details during investigations.", + "support": "community", + "currentVersion": "1.0.0", + "author": "Fabio Dias", + "url": "", + "email": "fabio.dias@ext.ec.europa.eu", + "created": "2023-07-20T12:59:36Z", + "categories": ["Case Management"], + "tags": [], + "useCases": [], + "keywords": [], + "marketplaces": [ + "xsoar", + "marketplacev2" + ], + "githubUser": [ + "Enigmatyk" + ] +} diff --git a/Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml b/Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml index 6a7e10fa562b..012fee13a928 100644 --- a/Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml +++ b/Packs/Intezer/Integrations/IntezerV2/IntezerV2.yml @@ -594,7 +594,7 @@ script: - contextPath: Endpoint.Metadata description: Metadata returned from Intezer analysis (endpoint analysis id, endpoint analysis url, families, verdict, host_name). type: Unknown - dockerimage: demisto/py3-tools:1.0.0.84811 + dockerimage: demisto/py3-tools:1.0.0.86612 runonce: false script: '-' type: python diff --git a/Packs/Intezer/ReleaseNotes/1_6_15.md b/Packs/Intezer/ReleaseNotes/1_6_15.md new file mode 100644 index 000000000000..353bcc46df7b --- /dev/null +++ b/Packs/Intezer/ReleaseNotes/1_6_15.md @@ -0,0 +1,3 @@ +#### Integrations +##### Intezer v2 +- Updated the Docker image to: *demisto/py3-tools:1.0.0.86612*. diff --git a/Packs/Intezer/pack_metadata.json b/Packs/Intezer/pack_metadata.json index ca8117861f5e..a831d39bb307 100644 --- a/Packs/Intezer/pack_metadata.json +++ b/Packs/Intezer/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Intezer", "description": "Malware detection and analysis based on code reuse", "support": "partner", - "currentVersion": "1.6.14", + "currentVersion": "1.6.15", "author": "Intezer", "url": "intezer.com", "email": "support@intezer.com", diff --git a/Packs/IronPort/Integrations/CiscoEmailSecurityApplianceIronPortV2/CiscoEmailSecurityApplianceIronPortV2.yml b/Packs/IronPort/Integrations/CiscoEmailSecurityApplianceIronPortV2/CiscoEmailSecurityApplianceIronPortV2.yml index aaf1df4839f2..40fa73591afa 100755 --- a/Packs/IronPort/Integrations/CiscoEmailSecurityApplianceIronPortV2/CiscoEmailSecurityApplianceIronPortV2.yml +++ b/Packs/IronPort/Integrations/CiscoEmailSecurityApplianceIronPortV2/CiscoEmailSecurityApplianceIronPortV2.yml @@ -101,7 +101,7 @@ script: script: "" type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true commands: - name: cisco-esa-spam-quarantine-message-search diff --git a/Packs/IronPort/ReleaseNotes/2_0_21.md b/Packs/IronPort/ReleaseNotes/2_0_21.md new file mode 100644 index 000000000000..9befea945bb3 --- /dev/null +++ b/Packs/IronPort/ReleaseNotes/2_0_21.md @@ -0,0 +1,3 @@ +#### Integrations +##### Cisco ESA +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/IronPort/pack_metadata.json b/Packs/IronPort/pack_metadata.json index 205ad48919a0..8907918c5d6c 100644 --- a/Packs/IronPort/pack_metadata.json +++ b/Packs/IronPort/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cisco Email Security Appliance (IronPort)", "description": "Cisco Email Security protects against ransomware, business email compromise, spoofing, and phishing", "support": "xsoar", - "currentVersion": "2.0.20", + "currentVersion": "2.0.21", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/JsonWhoIs/Integrations/JsonWhoIs/JsonWhoIs.yml b/Packs/JsonWhoIs/Integrations/JsonWhoIs/JsonWhoIs.yml index 8908060a8bbe..8bb030d41c9c 100644 --- a/Packs/JsonWhoIs/Integrations/JsonWhoIs/JsonWhoIs.yml +++ b/Packs/JsonWhoIs/Integrations/JsonWhoIs/JsonWhoIs.yml @@ -89,7 +89,7 @@ script: - contextPath: Domain.WHOIS.Admin.Phone description: Admin phone number. type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' type: python diff --git a/Packs/JsonWhoIs/ReleaseNotes/1_0_22.md b/Packs/JsonWhoIs/ReleaseNotes/1_0_22.md new file mode 100644 index 000000000000..58aabaa35c9d --- /dev/null +++ b/Packs/JsonWhoIs/ReleaseNotes/1_0_22.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### JsonWhoIs + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/JsonWhoIs/pack_metadata.json b/Packs/JsonWhoIs/pack_metadata.json index bc9f620faf0c..fbb395d6194b 100644 --- a/Packs/JsonWhoIs/pack_metadata.json +++ b/Packs/JsonWhoIs/pack_metadata.json @@ -2,7 +2,7 @@ "name": "JsonWhoIs", "description": "Provides data enrichment for domains and IP addresses.", "support": "xsoar", - "currentVersion": "1.0.21", + "currentVersion": "1.0.22", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/KasperskySecurityCenter/Integrations/KasperskySecurityCenter/KasperskySecurityCenter.yml b/Packs/KasperskySecurityCenter/Integrations/KasperskySecurityCenter/KasperskySecurityCenter.yml index 59a2fcaf9df9..b04f7a1a67ba 100644 --- a/Packs/KasperskySecurityCenter/Integrations/KasperskySecurityCenter/KasperskySecurityCenter.yml +++ b/Packs/KasperskySecurityCenter/Integrations/KasperskySecurityCenter/KasperskySecurityCenter.yml @@ -361,7 +361,7 @@ script: - contextPath: KasperskySecurityCenter.Policy.KLPOL_ID description: Policy ID. type: Number - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/KasperskySecurityCenter/ReleaseNotes/1_0_9.md b/Packs/KasperskySecurityCenter/ReleaseNotes/1_0_9.md new file mode 100644 index 000000000000..c3fdb73f012a --- /dev/null +++ b/Packs/KasperskySecurityCenter/ReleaseNotes/1_0_9.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Kaspersky Security Center (Beta) +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + diff --git a/Packs/KasperskySecurityCenter/pack_metadata.json b/Packs/KasperskySecurityCenter/pack_metadata.json index 66ce582bb908..8b0faab06662 100644 --- a/Packs/KasperskySecurityCenter/pack_metadata.json +++ b/Packs/KasperskySecurityCenter/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Kaspersky Security Center", "description": "Manage endpoints and groups through the Kaspersky Security Center.", "support": "xsoar", - "currentVersion": "1.0.8", + "currentVersion": "1.0.9", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSAT/KnowBe4KMSAT.yml b/Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSAT/KnowBe4KMSAT.yml index 77cec692280a..9f5818dd8802 100644 --- a/Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSAT/KnowBe4KMSAT.yml +++ b/Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSAT/KnowBe4KMSAT.yml @@ -1021,7 +1021,7 @@ script: script: "-" type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 fromversion: 6.5.0 tests: - No tests (auto formatted) diff --git a/Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSATEventCollector/KnowBe4KMSATEventCollector.yml b/Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSATEventCollector/KnowBe4KMSATEventCollector.yml index 9e98a1bf88af..e96d5daea041 100644 --- a/Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSATEventCollector/KnowBe4KMSATEventCollector.yml +++ b/Packs/KnowBe4_KMSAT/Integrations/KnowBe4KMSATEventCollector/KnowBe4KMSATEventCollector.yml @@ -121,7 +121,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetchevents: true fromversion: 6.8.0 tests: diff --git a/Packs/KnowBe4_KMSAT/ReleaseNotes/1_0_30.md b/Packs/KnowBe4_KMSAT/ReleaseNotes/1_0_30.md new file mode 100644 index 000000000000..07ee720ddb8b --- /dev/null +++ b/Packs/KnowBe4_KMSAT/ReleaseNotes/1_0_30.md @@ -0,0 +1,5 @@ +#### Integrations +##### KnowBe4 KMSAT Event Collector +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### KnowBe4KMSAT +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/KnowBe4_KMSAT/pack_metadata.json b/Packs/KnowBe4_KMSAT/pack_metadata.json index 8e7c0afb039c..d975ba9151b6 100644 --- a/Packs/KnowBe4_KMSAT/pack_metadata.json +++ b/Packs/KnowBe4_KMSAT/pack_metadata.json @@ -2,7 +2,7 @@ "name": "KMSAT", "description": "KnowBe4 KMSAT Integration", "support": "partner", - "currentVersion": "1.0.29", + "currentVersion": "1.0.30", "author": "KnowBe4", "url": "https://www.knowbe4.com/products/kevin-mitnick-security-awareness-training", "email": "support@knowbe4.com", diff --git a/Packs/Lastline/Integrations/Lastline_v2/Lastline_v2.yml b/Packs/Lastline/Integrations/Lastline_v2/Lastline_v2.yml index e093db1acabc..5eb486565cb0 100644 --- a/Packs/Lastline/Integrations/Lastline_v2/Lastline_v2.yml +++ b/Packs/Lastline/Integrations/Lastline_v2/Lastline_v2.yml @@ -565,7 +565,7 @@ script: - contextPath: Lastline.Submission.Process.process_id description: The process ID. type: string - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' type: python diff --git a/Packs/Lastline/ReleaseNotes/1_0_18.md b/Packs/Lastline/ReleaseNotes/1_0_18.md new file mode 100644 index 000000000000..a2d07b53f111 --- /dev/null +++ b/Packs/Lastline/ReleaseNotes/1_0_18.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Lastline v2 + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Lastline/pack_metadata.json b/Packs/Lastline/pack_metadata.json index ccd9154ac084..af87388982ba 100644 --- a/Packs/Lastline/pack_metadata.json +++ b/Packs/Lastline/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Lastline", "description": "Use the Lastline v2 integration to provide threat analysts and incident response teams with the advanced malware isolation and inspection environment needed to safely execute advanced malware samples, and understand their behavior.", "support": "xsoar", - "currentVersion": "1.0.17", + "currentVersion": "1.0.18", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/LogRhythmRest/Integrations/LogRhythmRestV2/LogRhythmRestV2.yml b/Packs/LogRhythmRest/Integrations/LogRhythmRestV2/LogRhythmRestV2.yml index 7c4059daf353..9a8f4121c0d1 100644 --- a/Packs/LogRhythmRest/Integrations/LogRhythmRestV2/LogRhythmRestV2.yml +++ b/Packs/LogRhythmRest/Integrations/LogRhythmRestV2/LogRhythmRestV2.yml @@ -114,7 +114,7 @@ script: script: '' type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true commands: - name: lr-alarms-list diff --git a/Packs/LogRhythmRest/ReleaseNotes/2_0_21.md b/Packs/LogRhythmRest/ReleaseNotes/2_0_21.md new file mode 100644 index 000000000000..02dfb2f525dc --- /dev/null +++ b/Packs/LogRhythmRest/ReleaseNotes/2_0_21.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### LogRhythmRest v2 +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + diff --git a/Packs/LogRhythmRest/pack_metadata.json b/Packs/LogRhythmRest/pack_metadata.json index 1938e4c69da6..221ce977df7e 100644 --- a/Packs/LogRhythmRest/pack_metadata.json +++ b/Packs/LogRhythmRest/pack_metadata.json @@ -2,7 +2,7 @@ "name": "LogRhythm", "description": "LogRhythm security intelligence.", "support": "xsoar", - "currentVersion": "2.0.20", + "currentVersion": "2.0.21", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Looker/Integrations/Looker/Looker.yml b/Packs/Looker/Integrations/Looker/Looker.yml index 6231a0aa1b45..3ae96e20a6af 100644 --- a/Packs/Looker/Integrations/Looker/Looker.yml +++ b/Packs/Looker/Integrations/Looker/Looker.yml @@ -176,7 +176,7 @@ script: - contextPath: Looker.Look.LastUpdated description: The time that the look was last updated. type: Date - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' type: python diff --git a/Packs/Looker/ReleaseNotes/1_0_7.md b/Packs/Looker/ReleaseNotes/1_0_7.md new file mode 100644 index 000000000000..f497fdea7472 --- /dev/null +++ b/Packs/Looker/ReleaseNotes/1_0_7.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Looker + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Looker/pack_metadata.json b/Packs/Looker/pack_metadata.json index 7c8d8e0e986e..50f97333b05b 100644 --- a/Packs/Looker/pack_metadata.json +++ b/Packs/Looker/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Looker", "description": "Use the Looker integration to query an explore, save queries as looks, run looks, and fetch look results as incidents.", "support": "xsoar", - "currentVersion": "1.0.6", + "currentVersion": "1.0.7", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Lumu/Integrations/Lumu/Lumu.yml b/Packs/Lumu/Integrations/Lumu/Lumu.yml index e373f8e89c61..3f33479c7beb 100644 --- a/Packs/Lumu/Integrations/Lumu/Lumu.yml +++ b/Packs/Lumu/Integrations/Lumu/Lumu.yml @@ -1081,7 +1081,7 @@ script: - contextPath: Lumu.GetCache.lumu_incidentsId type: string description: "Lumu incident ids processed." - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true subtype: python3 ismappable: true diff --git a/Packs/Lumu/ReleaseNotes/1_0_17.md b/Packs/Lumu/ReleaseNotes/1_0_17.md new file mode 100644 index 000000000000..36c8d2040a0f --- /dev/null +++ b/Packs/Lumu/ReleaseNotes/1_0_17.md @@ -0,0 +1,3 @@ +#### Integrations +##### Lumu +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Lumu/pack_metadata.json b/Packs/Lumu/pack_metadata.json index a5d732bb2407..298647da9f22 100644 --- a/Packs/Lumu/pack_metadata.json +++ b/Packs/Lumu/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Lumu", "description": "SecOps operation, reflect and manage the Lumu Incidents either from XSOAR Cortex or viceversa using the mirroring integration flow", "support": "partner", - "currentVersion": "1.0.16", + "currentVersion": "1.0.17", "author": "Lumu", "url": "https://lumu.io", "email": "support@lumu.io", diff --git a/Packs/MailListener_-_POP3/Integrations/MailListener_POP3/MailListener_POP3.yml b/Packs/MailListener_-_POP3/Integrations/MailListener_POP3/MailListener_POP3.yml index 5d7d9614c8ad..e9bcbe7b5964 100644 --- a/Packs/MailListener_-_POP3/Integrations/MailListener_POP3/MailListener_POP3.yml +++ b/Packs/MailListener_-_POP3/Integrations/MailListener_POP3/MailListener_POP3.yml @@ -52,7 +52,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 tests: - MailListener-POP3 - Test fromversion: 5.0.0 diff --git a/Packs/MailListener_-_POP3/ReleaseNotes/2_0_5.md b/Packs/MailListener_-_POP3/ReleaseNotes/2_0_5.md new file mode 100644 index 000000000000..cc09f5674501 --- /dev/null +++ b/Packs/MailListener_-_POP3/ReleaseNotes/2_0_5.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### MailListener - POP3 + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/MailListener_-_POP3/pack_metadata.json b/Packs/MailListener_-_POP3/pack_metadata.json index 4d8aebb827da..f46945a3a5c7 100644 --- a/Packs/MailListener_-_POP3/pack_metadata.json +++ b/Packs/MailListener_-_POP3/pack_metadata.json @@ -2,7 +2,7 @@ "name": "MailListener - POP3", "description": "Listen to a mailbox, enable incident triggering via e-mail", "support": "xsoar", - "currentVersion": "2.0.4", + "currentVersion": "2.0.5", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", @@ -17,4 +17,4 @@ "xsoar", "marketplacev2" ] -} +} \ No newline at end of file diff --git a/Packs/McAfeeNSM/Integrations/McAfeeNSMv2/McAfeeNSMv2.yml b/Packs/McAfeeNSM/Integrations/McAfeeNSMv2/McAfeeNSMv2.yml index 24fd9deb504f..0f469cbee0a0 100644 --- a/Packs/McAfeeNSM/Integrations/McAfeeNSMv2/McAfeeNSMv2.yml +++ b/Packs/McAfeeNSM/Integrations/McAfeeNSMv2/McAfeeNSMv2.yml @@ -2045,7 +2045,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 fromversion: 6.5.0 tests: - Test_McAfeeNSMv2_using_v9 diff --git a/Packs/McAfeeNSM/ReleaseNotes/1_2_15.md b/Packs/McAfeeNSM/ReleaseNotes/1_2_15.md new file mode 100644 index 000000000000..fe668e1227cd --- /dev/null +++ b/Packs/McAfeeNSM/ReleaseNotes/1_2_15.md @@ -0,0 +1,3 @@ +#### Integrations +##### McAfee NSM v2 +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/McAfeeNSM/pack_metadata.json b/Packs/McAfeeNSM/pack_metadata.json index e6ee244184c1..368918588d24 100644 --- a/Packs/McAfeeNSM/pack_metadata.json +++ b/Packs/McAfeeNSM/pack_metadata.json @@ -2,7 +2,7 @@ "name": "McAfee NSM", "description": "McAfee Network Security Manager", "support": "xsoar", - "currentVersion": "1.2.14", + "currentVersion": "1.2.15", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/McAfee_Advanced_Threat_Defense/Integrations/McAfee_Advanced_Threat_Defense/McAfee_Advanced_Threat_Defense.yml b/Packs/McAfee_Advanced_Threat_Defense/Integrations/McAfee_Advanced_Threat_Defense/McAfee_Advanced_Threat_Defense.yml index b9bfe2202d34..d0d8515b8d4f 100644 --- a/Packs/McAfee_Advanced_Threat_Defense/Integrations/McAfee_Advanced_Threat_Defense/McAfee_Advanced_Threat_Defense.yml +++ b/Packs/McAfee_Advanced_Threat_Defense/Integrations/McAfee_Advanced_Threat_Defense/McAfee_Advanced_Threat_Defense.yml @@ -525,7 +525,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 tests: - Test Playbook McAfee ATD - Detonate Remote File From URL -McAfee-ATD - Test diff --git a/Packs/McAfee_Advanced_Threat_Defense/ReleaseNotes/1_0_27.md b/Packs/McAfee_Advanced_Threat_Defense/ReleaseNotes/1_0_27.md new file mode 100644 index 000000000000..3dd9b9cb493b --- /dev/null +++ b/Packs/McAfee_Advanced_Threat_Defense/ReleaseNotes/1_0_27.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### McAfee Advanced Threat Defense + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/McAfee_Advanced_Threat_Defense/pack_metadata.json b/Packs/McAfee_Advanced_Threat_Defense/pack_metadata.json index 9e16d139200e..fd4ba8ffea95 100644 --- a/Packs/McAfee_Advanced_Threat_Defense/pack_metadata.json +++ b/Packs/McAfee_Advanced_Threat_Defense/pack_metadata.json @@ -2,7 +2,7 @@ "name": "McAfee Advanced Threat Defense", "description": "Integrated advanced threat detection: Enhancing protection from network edge to endpoint", "support": "xsoar", - "currentVersion": "1.0.26", + "currentVersion": "1.0.27", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftCloudAppSecurity/MicrosoftCloudAppSecurity.yml b/Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftCloudAppSecurity/MicrosoftCloudAppSecurity.yml index d04f12816796..812c90f0987a 100644 --- a/Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftCloudAppSecurity/MicrosoftCloudAppSecurity.yml +++ b/Packs/MicrosoftCloudAppSecurity/Integrations/MicrosoftCloudAppSecurity/MicrosoftCloudAppSecurity.yml @@ -888,7 +888,7 @@ script: - contextPath: MicrosoftCloudAppSecurity.UsersAccounts.userGroups.usersCount description: The number of users in the user group. type: Number - dockerimage: demisto/crypto:1.0.0.84658 + dockerimage: demisto/crypto:1.0.0.86361 isfetch: true runonce: false script: '-' diff --git a/Packs/MicrosoftCloudAppSecurity/ReleaseNotes/2_1_55.md b/Packs/MicrosoftCloudAppSecurity/ReleaseNotes/2_1_55.md new file mode 100644 index 000000000000..e61dd6dc1c37 --- /dev/null +++ b/Packs/MicrosoftCloudAppSecurity/ReleaseNotes/2_1_55.md @@ -0,0 +1,3 @@ +#### Integrations +##### Microsoft Defender for Cloud Apps +- Updated the Docker image to: *demisto/crypto:1.0.0.86361*. diff --git a/Packs/MicrosoftCloudAppSecurity/pack_metadata.json b/Packs/MicrosoftCloudAppSecurity/pack_metadata.json index b04fb9d9b4b0..50fe82c31258 100644 --- a/Packs/MicrosoftCloudAppSecurity/pack_metadata.json +++ b/Packs/MicrosoftCloudAppSecurity/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Defender for Cloud Apps", "description": "Microsoft Cloud App Security Integration, a Cloud Access Security Broker that supports various deployment modes", "support": "xsoar", - "currentVersion": "2.1.54", + "currentVersion": "2.1.55", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/MicrosoftExchangeOnline/ReleaseNotes/1_2_38.md b/Packs/MicrosoftExchangeOnline/ReleaseNotes/1_2_38.md new file mode 100644 index 000000000000..d757e1dd1d41 --- /dev/null +++ b/Packs/MicrosoftExchangeOnline/ReleaseNotes/1_2_38.md @@ -0,0 +1,7 @@ + +#### Scripts + +##### GetEWSFolder +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + diff --git a/Packs/MicrosoftExchangeOnline/Scripts/GetEWSFolder/GetEWSFolder.yml b/Packs/MicrosoftExchangeOnline/Scripts/GetEWSFolder/GetEWSFolder.yml index d3d11b361c9c..3db82ac50df1 100644 --- a/Packs/MicrosoftExchangeOnline/Scripts/GetEWSFolder/GetEWSFolder.yml +++ b/Packs/MicrosoftExchangeOnline/Scripts/GetEWSFolder/GetEWSFolder.yml @@ -30,7 +30,7 @@ tags: timeout: 6µs type: python runas: DBotWeakRole -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - Get EWS Folder Test fromversion: 5.0.0 diff --git a/Packs/MicrosoftExchangeOnline/pack_metadata.json b/Packs/MicrosoftExchangeOnline/pack_metadata.json index 6bb34adf223d..e859faa48f18 100644 --- a/Packs/MicrosoftExchangeOnline/pack_metadata.json +++ b/Packs/MicrosoftExchangeOnline/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Exchange Online", "description": "Exchange Online and Office 365 (mail)", "support": "xsoar", - "currentVersion": "1.2.37", + "currentVersion": "1.2.38", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/MicrosoftGraphAPI/Integrations/MicrosoftGraphAPI/MicrosoftGraphAPI.yml b/Packs/MicrosoftGraphAPI/Integrations/MicrosoftGraphAPI/MicrosoftGraphAPI.yml index 629a9bfbd0a1..4e6f90fed94d 100644 --- a/Packs/MicrosoftGraphAPI/Integrations/MicrosoftGraphAPI/MicrosoftGraphAPI.yml +++ b/Packs/MicrosoftGraphAPI/Integrations/MicrosoftGraphAPI/MicrosoftGraphAPI.yml @@ -182,7 +182,7 @@ script: - description: Generate the login URL used for Authorization code flow. name: msgraph-api-generate-login-url arguments: [] - dockerimage: demisto/crypto:1.0.0.85869 + dockerimage: demisto/crypto:1.0.0.86361 runonce: false script: '-' subtype: python3 diff --git a/Packs/MicrosoftGraphAPI/ReleaseNotes/1_1_41.md b/Packs/MicrosoftGraphAPI/ReleaseNotes/1_1_41.md new file mode 100644 index 000000000000..b189882ce0bc --- /dev/null +++ b/Packs/MicrosoftGraphAPI/ReleaseNotes/1_1_41.md @@ -0,0 +1,3 @@ +#### Integrations +##### Microsoft Graph API +- Updated the Docker image to: *demisto/crypto:1.0.0.86361*. diff --git a/Packs/MicrosoftGraphAPI/pack_metadata.json b/Packs/MicrosoftGraphAPI/pack_metadata.json index d097cfcf37e0..fefd0f3a2343 100644 --- a/Packs/MicrosoftGraphAPI/pack_metadata.json +++ b/Packs/MicrosoftGraphAPI/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Graph API", "description": "Use the Microsoft Graph API integration to interact with Microsoft APIs that do not have dedicated integrations in Cortex XSOAR, for example, Mail Single-User, etc.", "support": "xsoar", - "currentVersion": "1.1.40", + "currentVersion": "1.1.41", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/MicrosoftGraphApplications/Integrations/MicrosoftGraphApplications/MicrosoftGraphApplications.yml b/Packs/MicrosoftGraphApplications/Integrations/MicrosoftGraphApplications/MicrosoftGraphApplications.yml index 257e222b9a8d..704d3d6cb86f 100644 --- a/Packs/MicrosoftGraphApplications/Integrations/MicrosoftGraphApplications/MicrosoftGraphApplications.yml +++ b/Packs/MicrosoftGraphApplications/Integrations/MicrosoftGraphApplications/MicrosoftGraphApplications.yml @@ -523,7 +523,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/crypto:1.0.0.84658 + dockerimage: demisto/crypto:1.0.0.86361 fromversion: 5.0.0 tests: - MSGraph Applications Test diff --git a/Packs/MicrosoftGraphApplications/ReleaseNotes/1_2_38.md b/Packs/MicrosoftGraphApplications/ReleaseNotes/1_2_38.md new file mode 100644 index 000000000000..3bf1c53d36b6 --- /dev/null +++ b/Packs/MicrosoftGraphApplications/ReleaseNotes/1_2_38.md @@ -0,0 +1,3 @@ +#### Integrations +##### Azure Active Directory Applications +- Updated the Docker image to: *demisto/crypto:1.0.0.86361*. diff --git a/Packs/MicrosoftGraphApplications/pack_metadata.json b/Packs/MicrosoftGraphApplications/pack_metadata.json index a2d242b12242..729a39db3fde 100644 --- a/Packs/MicrosoftGraphApplications/pack_metadata.json +++ b/Packs/MicrosoftGraphApplications/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Graph Applications", "description": "Use this pack to manage connected applications and services", "support": "xsoar", - "currentVersion": "1.2.37", + "currentVersion": "1.2.38", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/MicrosoftGraphGroups/Integrations/MicrosoftGraphGroups/MicrosoftGraphGroups.yml b/Packs/MicrosoftGraphGroups/Integrations/MicrosoftGraphGroups/MicrosoftGraphGroups.yml index b083d6f6c78a..a701e0469f84 100644 --- a/Packs/MicrosoftGraphGroups/Integrations/MicrosoftGraphGroups/MicrosoftGraphGroups.yml +++ b/Packs/MicrosoftGraphGroups/Integrations/MicrosoftGraphGroups/MicrosoftGraphGroups.yml @@ -430,7 +430,7 @@ script: execution: false name: msgraph-groups-auth-reset arguments: [] - dockerimage: demisto/crypto:1.0.0.84658 + dockerimage: demisto/crypto:1.0.0.86361 runonce: false script: '-' subtype: python3 diff --git a/Packs/MicrosoftGraphGroups/ReleaseNotes/1_1_41.md b/Packs/MicrosoftGraphGroups/ReleaseNotes/1_1_41.md new file mode 100644 index 000000000000..19760bd93450 --- /dev/null +++ b/Packs/MicrosoftGraphGroups/ReleaseNotes/1_1_41.md @@ -0,0 +1,3 @@ +#### Integrations +##### Azure Active Directory Groups +- Updated the Docker image to: *demisto/crypto:1.0.0.86361*. diff --git a/Packs/MicrosoftGraphGroups/pack_metadata.json b/Packs/MicrosoftGraphGroups/pack_metadata.json index fbddbd48ce9e..998dc599c7e6 100644 --- a/Packs/MicrosoftGraphGroups/pack_metadata.json +++ b/Packs/MicrosoftGraphGroups/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Graph Groups", "description": "Microsoft Graph Groups enables you to create and manage different types of groups and group functionality according to your requirements.", "support": "xsoar", - "currentVersion": "1.1.40", + "currentVersion": "1.1.41", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/MicrosoftGraphIdentityandAccess/Integrations/MicrosoftGraphIdentityandAccess/MicrosoftGraphIdentityandAccess.yml b/Packs/MicrosoftGraphIdentityandAccess/Integrations/MicrosoftGraphIdentityandAccess/MicrosoftGraphIdentityandAccess.yml index 6aa6392b8bf7..84dc865f0122 100644 --- a/Packs/MicrosoftGraphIdentityandAccess/Integrations/MicrosoftGraphIdentityandAccess/MicrosoftGraphIdentityandAccess.yml +++ b/Packs/MicrosoftGraphIdentityandAccess/Integrations/MicrosoftGraphIdentityandAccess/MicrosoftGraphIdentityandAccess.yml @@ -455,7 +455,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/crypto:1.0.0.84658 + dockerimage: demisto/crypto:1.0.0.86361 fromversion: 5.0.0 defaultmapperin: Microsoft Graph Identity and Access Incoming Mapper defaultclassifier: Microsoft Graph Identity and Access Classifier diff --git a/Packs/MicrosoftGraphIdentityandAccess/ReleaseNotes/1_2_42.md b/Packs/MicrosoftGraphIdentityandAccess/ReleaseNotes/1_2_42.md new file mode 100644 index 000000000000..89e9ab9d1b91 --- /dev/null +++ b/Packs/MicrosoftGraphIdentityandAccess/ReleaseNotes/1_2_42.md @@ -0,0 +1,3 @@ +#### Integrations +##### Azure Active Directory Identity And Access +- Updated the Docker image to: *demisto/crypto:1.0.0.86361*. diff --git a/Packs/MicrosoftGraphIdentityandAccess/pack_metadata.json b/Packs/MicrosoftGraphIdentityandAccess/pack_metadata.json index 743db1562ed4..eaae80038dee 100644 --- a/Packs/MicrosoftGraphIdentityandAccess/pack_metadata.json +++ b/Packs/MicrosoftGraphIdentityandAccess/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Graph Identity and Access", "description": "Use this pack to manage roles and members in Microsoft.", "support": "xsoar", - "currentVersion": "1.2.41", + "currentVersion": "1.2.42", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml b/Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml index 36b2bc95575a..b6bbc4bffcfc 100644 --- a/Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml +++ b/Packs/MicrosoftManagementActivity/Integrations/MicrosoftManagementActivity/MicrosoftManagementActivity.yml @@ -290,7 +290,7 @@ script: - description: Run this command if for some reason you need to rerun the authentication process. name: ms-management-activity arguments: [] - dockerimage: demisto/auth-utils:1.0.0.84760 + dockerimage: demisto/auth-utils:1.0.0.86556 isfetch: true runonce: false script: '-' diff --git a/Packs/MicrosoftManagementActivity/ReleaseNotes/1_3_37.md b/Packs/MicrosoftManagementActivity/ReleaseNotes/1_3_37.md new file mode 100644 index 000000000000..c9c1225b8423 --- /dev/null +++ b/Packs/MicrosoftManagementActivity/ReleaseNotes/1_3_37.md @@ -0,0 +1,3 @@ +#### Integrations +##### Microsoft Management Activity API (O365 Azure Events) +- Updated the Docker image to: *demisto/auth-utils:1.0.0.86556*. diff --git a/Packs/MicrosoftManagementActivity/pack_metadata.json b/Packs/MicrosoftManagementActivity/pack_metadata.json index cd951f244443..b6baf6084910 100644 --- a/Packs/MicrosoftManagementActivity/pack_metadata.json +++ b/Packs/MicrosoftManagementActivity/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Management Activity API (O365/Azure Events)", "description": "An integration for Microsoft's management activity API, which enables you to fetch content records and manage your subscriptions.", "support": "xsoar", - "currentVersion": "1.3.36", + "currentVersion": "1.3.37", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/MicrosoftTeams/Integrations/MicrosoftTeams/MicrosoftTeams_description.md b/Packs/MicrosoftTeams/Integrations/MicrosoftTeams/MicrosoftTeams_description.md index 930dd6a24faf..5170310217b0 100644 --- a/Packs/MicrosoftTeams/Integrations/MicrosoftTeams/MicrosoftTeams_description.md +++ b/Packs/MicrosoftTeams/Integrations/MicrosoftTeams/MicrosoftTeams_description.md @@ -1,5 +1,5 @@ Use the Microsoft Teams integration to send messages and notifications to your team members and create meetings. -Note: Currently, this integration does not work with Cortex XSOAR 8.2 and up without using an engine. +Note: the integration is supported in Cortex XSOAR 8 without using an engine. To create an instance of the Microsoft Teams integration in Cortex XSOAR, complete the following: diff --git a/Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md b/Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md index 3b2d5f3fdd75..f097d239802c 100644 --- a/Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md +++ b/Packs/MicrosoftTeams/Integrations/MicrosoftTeams/README.md @@ -2,7 +2,7 @@ Use the Microsoft Teams integration to send messages and notifications to your t This integration was integrated and tested with version 1.0 of Microsoft Teams. **Note:** -- Currently, this integration is supported in Cortex XSOAR 8 and up without using an engine. +- This integration is supported in Cortex XSOAR 8 and up without using an engine. - The integration has the ability to run built-in Cortex XSOAR commands, through a mirrored channel. Make sure to pass the command in the chat exactly as typed in the CORTEX XSOAR CLI. For example: `!DeleteContext all=yes`. Use the command `mirror-investigation` to mirror/create a mirrored channel. - For use cases where it is only needed to send messages to a specific channel, we recommend checking the [Microsoft Teams via Webhook Integration](https://xsoar.pan.dev/docs/reference/integrations/microsoft-teams-via-webhook), which has a simpler setup. diff --git a/Packs/MicrosoftTeams/ReleaseNotes/1_4_49.md b/Packs/MicrosoftTeams/ReleaseNotes/1_4_49.md new file mode 100644 index 000000000000..e185f3293c16 --- /dev/null +++ b/Packs/MicrosoftTeams/ReleaseNotes/1_4_49.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Microsoft Teams + +- Documentation and metadata improvements. diff --git a/Packs/MicrosoftTeams/pack_metadata.json b/Packs/MicrosoftTeams/pack_metadata.json index 84cd61cc00b4..fe87a795e677 100644 --- a/Packs/MicrosoftTeams/pack_metadata.json +++ b/Packs/MicrosoftTeams/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Microsoft Teams", "description": "Send messages and notifications to your team members.", "support": "xsoar", - "currentVersion": "1.4.48", + "currentVersion": "1.4.49", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/NetBox/Integrations/NetBoxEventCollector/NetBoxEventCollector.yml b/Packs/NetBox/Integrations/NetBoxEventCollector/NetBoxEventCollector.yml index 7675037fe183..f12869e45cfc 100644 --- a/Packs/NetBox/Integrations/NetBoxEventCollector/NetBoxEventCollector.yml +++ b/Packs/NetBox/Integrations/NetBoxEventCollector/NetBoxEventCollector.yml @@ -58,7 +58,7 @@ script: name: limit description: Gets events from NetBox. name: netbox-get-events - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetchevents: true script: '-' subtype: python3 diff --git a/Packs/NetBox/ReleaseNotes/1_0_16.md b/Packs/NetBox/ReleaseNotes/1_0_16.md new file mode 100644 index 000000000000..a8a4c1633697 --- /dev/null +++ b/Packs/NetBox/ReleaseNotes/1_0_16.md @@ -0,0 +1,3 @@ +#### Integrations +##### NetBox Event Collector +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/NetBox/pack_metadata.json b/Packs/NetBox/pack_metadata.json index ad18f461c005..ca8d7f51a653 100644 --- a/Packs/NetBox/pack_metadata.json +++ b/Packs/NetBox/pack_metadata.json @@ -2,7 +2,7 @@ "name": "NetBox", "description": "This is the NetBox event collector integration for XSIAM", "support": "xsoar", - "currentVersion": "1.0.15", + "currentVersion": "1.0.16", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/NetscoutArborSightline/Integrations/NetscoutArborSightline/NetscoutArborSightline.yml b/Packs/NetscoutArborSightline/Integrations/NetscoutArborSightline/NetscoutArborSightline.yml index 75efad2ff565..06080aa36ed8 100644 --- a/Packs/NetscoutArborSightline/Integrations/NetscoutArborSightline/NetscoutArborSightline.yml +++ b/Packs/NetscoutArborSightline/Integrations/NetscoutArborSightline/NetscoutArborSightline.yml @@ -777,7 +777,7 @@ script: type: String description: Get a list of available TMS groups. name: na-sightline-tms-group-list - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/NetscoutArborSightline/ReleaseNotes/1_0_17.md b/Packs/NetscoutArborSightline/ReleaseNotes/1_0_17.md new file mode 100644 index 000000000000..0f32d317ff5a --- /dev/null +++ b/Packs/NetscoutArborSightline/ReleaseNotes/1_0_17.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Netscout Arbor Sightline (Peakflow) +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + diff --git a/Packs/NetscoutArborSightline/pack_metadata.json b/Packs/NetscoutArborSightline/pack_metadata.json index 0e14bd4baf68..f5f8750b2a14 100644 --- a/Packs/NetscoutArborSightline/pack_metadata.json +++ b/Packs/NetscoutArborSightline/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Netscout Arbor Sightline", "description": "Identify Potential Network Outages & Gain Business Insights to Solve Your Problems", "support": "xsoar", - "currentVersion": "1.0.16", + "currentVersion": "1.0.17", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/OPNSense/Integrations/OPNSense/OPNSense.yml b/Packs/OPNSense/Integrations/OPNSense/OPNSense.yml index 1706b0500739..732a18a8a706 100644 --- a/Packs/OPNSense/Integrations/OPNSense/OPNSense.yml +++ b/Packs/OPNSense/Integrations/OPNSense/OPNSense.yml @@ -958,7 +958,7 @@ script: description: Rollback revision. description: Revert config to given savepoint. outputs: [] - dockerimage: demisto/opnsense:1.0.0.84694 + dockerimage: demisto/opnsense:1.0.0.86400 subtype: python3 fromversion: 6.0.0 tests: diff --git a/Packs/OPNSense/ReleaseNotes/1_0_22.md b/Packs/OPNSense/ReleaseNotes/1_0_22.md new file mode 100644 index 000000000000..51e1b159aba2 --- /dev/null +++ b/Packs/OPNSense/ReleaseNotes/1_0_22.md @@ -0,0 +1,3 @@ +#### Integrations +##### OPNSense +- Updated the Docker image to: *demisto/opnsense:1.0.0.86400*. diff --git a/Packs/OPNSense/pack_metadata.json b/Packs/OPNSense/pack_metadata.json index 2709de7390e5..d6d121b4959a 100644 --- a/Packs/OPNSense/pack_metadata.json +++ b/Packs/OPNSense/pack_metadata.json @@ -2,7 +2,7 @@ "name": "OPNSense", "description": "Manage OPNsense Firewall", "support": "partner", - "currentVersion": "1.0.21", + "currentVersion": "1.0.22", "author": "SecInfra", "url": "http://secinfra.fr", "email": "support@secinfra.fr", diff --git a/Packs/Okta/Integrations/Okta_IAM/Okta_IAM.yml b/Packs/Okta/Integrations/Okta_IAM/Okta_IAM.yml index 2c7b7493dec1..dce87724ee31 100644 --- a/Packs/Okta/Integrations/Okta_IAM/Okta_IAM.yml +++ b/Packs/Okta/Integrations/Okta_IAM/Okta_IAM.yml @@ -532,7 +532,7 @@ script: - contextPath: Okta.Logs.Events.target.displayName description: Display name of a target. type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/Okta/ReleaseNotes/3_2_9.md b/Packs/Okta/ReleaseNotes/3_2_9.md new file mode 100644 index 000000000000..9f0db0cf0154 --- /dev/null +++ b/Packs/Okta/ReleaseNotes/3_2_9.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Okta IAM + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Okta/pack_metadata.json b/Packs/Okta/pack_metadata.json index 6296ac21c022..6bf5ee938a4e 100644 --- a/Packs/Okta/pack_metadata.json +++ b/Packs/Okta/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Okta", "description": "Integration with Okta's cloud-based identity management service.", "support": "xsoar", - "currentVersion": "3.2.8", + "currentVersion": "3.2.9", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/OktaAuth0/Integrations/OktaAuth0EventCollector/OktaAuth0EventCollector.yml b/Packs/OktaAuth0/Integrations/OktaAuth0EventCollector/OktaAuth0EventCollector.yml index 710066369bc3..34cd8fd3152f 100644 --- a/Packs/OktaAuth0/Integrations/OktaAuth0EventCollector/OktaAuth0EventCollector.yml +++ b/Packs/OktaAuth0/Integrations/OktaAuth0EventCollector/OktaAuth0EventCollector.yml @@ -61,7 +61,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 marketplaces: - marketplacev2 fromversion: 8.2.0 diff --git a/Packs/OktaAuth0/ReleaseNotes/1_0_1.md b/Packs/OktaAuth0/ReleaseNotes/1_0_1.md new file mode 100644 index 000000000000..a5e6aaef515b --- /dev/null +++ b/Packs/OktaAuth0/ReleaseNotes/1_0_1.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Okta Auth0 Event Collector +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + diff --git a/Packs/OktaAuth0/pack_metadata.json b/Packs/OktaAuth0/pack_metadata.json index c8977e09ac24..d677c9ef1b2d 100644 --- a/Packs/OktaAuth0/pack_metadata.json +++ b/Packs/OktaAuth0/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Okta Auth0", "description": "Identity platform to manage access to your applications.", "support": "xsoar", - "currentVersion": "1.0.0", + "currentVersion": "1.0.1", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/OracleCloudInfrastructure/ReleaseNotes/1_0_22.md b/Packs/OracleCloudInfrastructure/ReleaseNotes/1_0_22.md new file mode 100644 index 000000000000..93dabffcfea8 --- /dev/null +++ b/Packs/OracleCloudInfrastructure/ReleaseNotes/1_0_22.md @@ -0,0 +1,3 @@ +#### Integrations +##### Oracle Cloud Infrastructure Event Collector +- Updated the Docker image to: *demisto/oci:1.0.0.85142*. diff --git a/Packs/OracleCloudInfrastructure/pack_metadata.json b/Packs/OracleCloudInfrastructure/pack_metadata.json index 63735062e551..ff50ac4d0435 100644 --- a/Packs/OracleCloudInfrastructure/pack_metadata.json +++ b/Packs/OracleCloudInfrastructure/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Oracle Cloud Infrastructure (OCI)", "description": "Oracle Cloud Infrastructure (OCI)", "support": "xsoar", - "currentVersion": "1.0.21", + "currentVersion": "1.0.22", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Oracle_IAM/Integrations/OracleIAM/OracleIAM.yml b/Packs/Oracle_IAM/Integrations/OracleIAM/OracleIAM.yml index ef95bf255492..9777d4b9c8cc 100644 --- a/Packs/Oracle_IAM/Integrations/OracleIAM/OracleIAM.yml +++ b/Packs/Oracle_IAM/Integrations/OracleIAM/OracleIAM.yml @@ -337,7 +337,7 @@ script: type: Unknown - description: Retrieves a User Profile schema, which holds all of the user fields within the application. Used for outgoing-mapping through the Get Schema option. name: get-mapping-fields - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/Oracle_IAM/ReleaseNotes/1_0_21.md b/Packs/Oracle_IAM/ReleaseNotes/1_0_21.md new file mode 100644 index 000000000000..ccd9f0ee78d8 --- /dev/null +++ b/Packs/Oracle_IAM/ReleaseNotes/1_0_21.md @@ -0,0 +1,3 @@ +#### Integrations +##### Oracle IAM +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Oracle_IAM/pack_metadata.json b/Packs/Oracle_IAM/pack_metadata.json index c02fc628a1c5..04cca309d831 100644 --- a/Packs/Oracle_IAM/pack_metadata.json +++ b/Packs/Oracle_IAM/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Oracle IAM", "description": "Oracle IAM", "support": "xsoar", - "currentVersion": "1.0.20", + "currentVersion": "1.0.21", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml b/Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml index 6109ff50bba8..a36d896193dc 100644 --- a/Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml +++ b/Packs/PANOSPolicyOptimizer/Integrations/PANOSPolicyOptimizer/PANOSPolicyOptimizer.yml @@ -167,7 +167,7 @@ script: required: true description: Gets a specific dynamic address group. name: pan-os-get-dag - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/PANOSPolicyOptimizer/ReleaseNotes/1_1_22.md b/Packs/PANOSPolicyOptimizer/ReleaseNotes/1_1_22.md new file mode 100644 index 000000000000..729d71d1a93d --- /dev/null +++ b/Packs/PANOSPolicyOptimizer/ReleaseNotes/1_1_22.md @@ -0,0 +1,3 @@ +#### Integrations +##### PAN-OS Policy Optimizer (Beta) +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/PANOSPolicyOptimizer/pack_metadata.json b/Packs/PANOSPolicyOptimizer/pack_metadata.json index a3021557cede..76225a70196f 100644 --- a/Packs/PANOSPolicyOptimizer/pack_metadata.json +++ b/Packs/PANOSPolicyOptimizer/pack_metadata.json @@ -2,7 +2,7 @@ "name": "PAN-OS Policy Optimizer (beta)", "description": "This integration introduces Policy Optimizer and DAG features that are not available through the regular PAN API", "support": "community", - "currentVersion": "1.1.21", + "currentVersion": "1.1.22", "author": "Maciej Drobniuch and Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Packetsled/Integrations/Packetsled/Packetsled.yml b/Packs/Packetsled/Integrations/Packetsled/Packetsled.yml index 1edc6413391a..53d7d8e94e70 100644 --- a/Packs/Packetsled/Integrations/Packetsled/Packetsled.yml +++ b/Packs/Packetsled/Integrations/Packetsled/Packetsled.yml @@ -563,7 +563,7 @@ script: description: The respondant of the Events description: Get all of the events for a given uid isfetch: true - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 tests: - No test fromversion: 5.0.0 diff --git a/Packs/Packetsled/ReleaseNotes/1_0_8.md b/Packs/Packetsled/ReleaseNotes/1_0_8.md new file mode 100644 index 000000000000..840332c89c5f --- /dev/null +++ b/Packs/Packetsled/ReleaseNotes/1_0_8.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Packetsled + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Packetsled/pack_metadata.json b/Packs/Packetsled/pack_metadata.json index eb0990fee0d0..cc70d0bee5f5 100644 --- a/Packs/Packetsled/pack_metadata.json +++ b/Packs/Packetsled/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Packetsled", "description": "Packetsled Network Security API commands", "support": "xsoar", - "currentVersion": "1.0.7", + "currentVersion": "1.0.8", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/PaloAltoNetworks_IoT/ReleaseNotes/1_0_32.md b/Packs/PaloAltoNetworks_IoT/ReleaseNotes/1_0_32.md new file mode 100644 index 000000000000..8ba5eb17c6b3 --- /dev/null +++ b/Packs/PaloAltoNetworks_IoT/ReleaseNotes/1_0_32.md @@ -0,0 +1,9 @@ + +#### Scripts + +##### iot-security-alert-post-processing + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### iot-security-check-servicenow + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/PaloAltoNetworks_IoT/ReleaseNotes/1_0_33.md b/Packs/PaloAltoNetworks_IoT/ReleaseNotes/1_0_33.md new file mode 100644 index 000000000000..e877d1834aa9 --- /dev/null +++ b/Packs/PaloAltoNetworks_IoT/ReleaseNotes/1_0_33.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### iot-security-vuln-post-processing + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/PaloAltoNetworks_IoT/Scripts/iot_alert_post_processing/iot_alert_post_processing.yml b/Packs/PaloAltoNetworks_IoT/Scripts/iot_alert_post_processing/iot_alert_post_processing.yml index 5b5d5919f75e..ea5e4774dd3d 100644 --- a/Packs/PaloAltoNetworks_IoT/Scripts/iot_alert_post_processing/iot_alert_post_processing.yml +++ b/Packs/PaloAltoNetworks_IoT/Scripts/iot_alert_post_processing/iot_alert_post_processing.yml @@ -16,5 +16,5 @@ tags: timeout: '0' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.0.0 diff --git a/Packs/PaloAltoNetworks_IoT/Scripts/iot_check_servicenow/iot_check_servicenow.yml b/Packs/PaloAltoNetworks_IoT/Scripts/iot_check_servicenow/iot_check_servicenow.yml index 699a36c573d3..f85a4d92805c 100644 --- a/Packs/PaloAltoNetworks_IoT/Scripts/iot_check_servicenow/iot_check_servicenow.yml +++ b/Packs/PaloAltoNetworks_IoT/Scripts/iot_check_servicenow/iot_check_servicenow.yml @@ -9,6 +9,6 @@ tags: timeout: '0' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 runas: DBotRole fromversion: 5.0.0 diff --git a/Packs/PaloAltoNetworks_IoT/Scripts/iot_vuln_post_processing/iot_vuln_post_processing.yml b/Packs/PaloAltoNetworks_IoT/Scripts/iot_vuln_post_processing/iot_vuln_post_processing.yml index 6fba43065460..d8f088e387cb 100644 --- a/Packs/PaloAltoNetworks_IoT/Scripts/iot_vuln_post_processing/iot_vuln_post_processing.yml +++ b/Packs/PaloAltoNetworks_IoT/Scripts/iot_vuln_post_processing/iot_vuln_post_processing.yml @@ -11,5 +11,5 @@ tags: timeout: '0' type: python subtype: python3 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.0.0 diff --git a/Packs/PaloAltoNetworks_IoT/pack_metadata.json b/Packs/PaloAltoNetworks_IoT/pack_metadata.json index ce69da2b2a92..9131fd45453f 100644 --- a/Packs/PaloAltoNetworks_IoT/pack_metadata.json +++ b/Packs/PaloAltoNetworks_IoT/pack_metadata.json @@ -2,7 +2,7 @@ "name": "IoT by Palo Alto Networks", "description": "Palo Alto Networks IoT", "support": "xsoar", - "currentVersion": "1.0.31", + "currentVersion": "1.0.33", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Perch/Integrations/Perch/Perch.yml b/Packs/Perch/Integrations/Perch/Perch.yml index 81b5770e4563..42ec656f3d56 100644 --- a/Packs/Perch/Integrations/Perch/Perch.yml +++ b/Packs/Perch/Integrations/Perch/Perch.yml @@ -285,7 +285,7 @@ script: - contextPath: Perch.Indicator.CreatedBy description: ID of user that created the incident. type: Number - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/Perch/ReleaseNotes/1_0_18.md b/Packs/Perch/ReleaseNotes/1_0_18.md new file mode 100644 index 000000000000..3b183b22792f --- /dev/null +++ b/Packs/Perch/ReleaseNotes/1_0_18.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Perch + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Perch/pack_metadata.json b/Packs/Perch/pack_metadata.json index 02ea62702ee2..a8e8d321ecce 100644 --- a/Packs/Perch/pack_metadata.json +++ b/Packs/Perch/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Perch", "description": "Perch is a co-managed threat detection and response platform.", "support": "xsoar", - "currentVersion": "1.0.17", + "currentVersion": "1.0.18", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/PhishLabs/Integrations/PhishLabsIOC/PhishLabsIOC.yml b/Packs/PhishLabs/Integrations/PhishLabsIOC/PhishLabsIOC.yml index 46c88176c3ac..9ee195827931 100644 --- a/Packs/PhishLabs/Integrations/PhishLabsIOC/PhishLabsIOC.yml +++ b/Packs/PhishLabs/Integrations/PhishLabsIOC/PhishLabsIOC.yml @@ -406,7 +406,7 @@ script: - contextPath: DBotScore.Score description: The actual score. type: number - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/PhishLabs/ReleaseNotes/1_1_19.md b/Packs/PhishLabs/ReleaseNotes/1_1_19.md new file mode 100644 index 000000000000..8c997b43c186 --- /dev/null +++ b/Packs/PhishLabs/ReleaseNotes/1_1_19.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### PhishLabs IOC + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/PhishLabs/pack_metadata.json b/Packs/PhishLabs/pack_metadata.json index 425c313591f3..b708e821a6b8 100644 --- a/Packs/PhishLabs/pack_metadata.json +++ b/Packs/PhishLabs/pack_metadata.json @@ -2,7 +2,7 @@ "name": "PhishLabs", "description": "IOC information from PhishLabs.", "support": "xsoar", - "currentVersion": "1.1.18", + "currentVersion": "1.1.19", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Phishing/Playbooks/Process_Email_-_Generic_v2.yml b/Packs/Phishing/Playbooks/Process_Email_-_Generic_v2.yml index a97457900dde..86ce610f8d09 100644 --- a/Packs/Phishing/Playbooks/Process_Email_-_Generic_v2.yml +++ b/Packs/Phishing/Playbooks/Process_Email_-_Generic_v2.yml @@ -2789,10 +2789,11 @@ tasks: id: 754742b3-8a98-45b3-8d02-a850f90d83fd version: -1 name: Upload email attachments to layout - description: Uploads file attachments of the email to the incident layout. - script: '|||core-api-multipart' + description: Copies a file from this incident to the specified incident. The + file is recorded as an entry in the specified incident’s War Room. + scriptName: UploadFile type: regular - iscommand: true + iscommand: false brand: "" nexttasks: '#none#': @@ -2819,8 +2820,10 @@ tasks: accessor: EntryID transformers: - operator: uniq - uri: - simple: incident/upload/${incident.id} + incID: + simple: ${incident.id} + target: + simple: incident attachment separatecontext: false continueonerrortype: "" view: |- diff --git a/Packs/Phishing/ReleaseNotes/3_6_8.md b/Packs/Phishing/ReleaseNotes/3_6_8.md new file mode 100644 index 000000000000..533a47b4b801 --- /dev/null +++ b/Packs/Phishing/ReleaseNotes/3_6_8.md @@ -0,0 +1,6 @@ + +#### Playbooks + +##### Process Email - Generic v2 + +- Fixed an issue where the playbook would return an error when trying to upload multiple entries to an incident. diff --git a/Packs/Phishing/pack_metadata.json b/Packs/Phishing/pack_metadata.json index 003a661b66e7..18cb8bfb9213 100644 --- a/Packs/Phishing/pack_metadata.json +++ b/Packs/Phishing/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Phishing", "description": "Phishing emails still hooking your end users? This Content Pack can drastically reduce the time your security team spends on phishing alerts.", "support": "xsoar", - "currentVersion": "3.6.7", + "currentVersion": "3.6.8", "serverMinVersion": "6.0.0", "videos": [ "https://www.youtube.com/watch?v=SY-3L348PoY" diff --git a/Packs/Pipl/ReleaseNotes/1_0_10.md b/Packs/Pipl/ReleaseNotes/1_0_10.md new file mode 100644 index 000000000000..cbd06d16484a --- /dev/null +++ b/Packs/Pipl/ReleaseNotes/1_0_10.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### CheckSender + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Pipl/Scripts/CheckSender/CheckSender.yml b/Packs/Pipl/Scripts/CheckSender/CheckSender.yml index f7e75192e2b2..7d49c3e184d2 100644 --- a/Packs/Pipl/Scripts/CheckSender/CheckSender.yml +++ b/Packs/Pipl/Scripts/CheckSender/CheckSender.yml @@ -22,6 +22,6 @@ dependson: - pipl-search timeout: 0s fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 tests: - No tests (auto formatted) diff --git a/Packs/Pipl/pack_metadata.json b/Packs/Pipl/pack_metadata.json index 04f2b8052c8a..219ab5651d66 100644 --- a/Packs/Pipl/pack_metadata.json +++ b/Packs/Pipl/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Pipl", "description": "Get contact, social, and professional information about people", "support": "xsoar", - "currentVersion": "1.0.9", + "currentVersion": "1.0.10", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/PrismaCloud/Integrations/PrismaCloudIAM/PrismaCloudIAM.yml b/Packs/PrismaCloud/Integrations/PrismaCloudIAM/PrismaCloudIAM.yml index 273a3bdd1bd2..4ece135e390d 100644 --- a/Packs/PrismaCloud/Integrations/PrismaCloudIAM/PrismaCloudIAM.yml +++ b/Packs/PrismaCloud/Integrations/PrismaCloudIAM/PrismaCloudIAM.yml @@ -254,7 +254,7 @@ script: type: String - description: Retrieves a User Profile schema, which holds all of the user fields within the application. Used for outgoing-mapping through the Get Schema option. name: get-mapping-fields - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/PrismaCloud/ReleaseNotes/4_2_21.md b/Packs/PrismaCloud/ReleaseNotes/4_2_21.md new file mode 100644 index 000000000000..995d4df70a2b --- /dev/null +++ b/Packs/PrismaCloud/ReleaseNotes/4_2_21.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### PrismaCloud IAM + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/PrismaCloud/pack_metadata.json b/Packs/PrismaCloud/pack_metadata.json index 4a09ad7c20d4..4aba07c597b4 100644 --- a/Packs/PrismaCloud/pack_metadata.json +++ b/Packs/PrismaCloud/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Prisma Cloud by Palo Alto Networks", "description": "Automate and unify security incident response across your cloud environments, while still giving a degree of control to dedicated cloud teams.", "support": "xsoar", - "currentVersion": "4.2.20", + "currentVersion": "4.2.21", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/ProofpointThreatResponse/Integrations/ProofpointThreatResponseEventCollector/ProofpointThreatResponseEventCollector.yml b/Packs/ProofpointThreatResponse/Integrations/ProofpointThreatResponseEventCollector/ProofpointThreatResponseEventCollector.yml index ca084566abe7..ecd6acebab59 100644 --- a/Packs/ProofpointThreatResponse/Integrations/ProofpointThreatResponseEventCollector/ProofpointThreatResponseEventCollector.yml +++ b/Packs/ProofpointThreatResponse/Integrations/ProofpointThreatResponseEventCollector/ProofpointThreatResponseEventCollector.yml @@ -132,7 +132,7 @@ script: subtype: python3 type: python isfetchevents: true - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 marketplaces: - marketplacev2 fromversion: 6.8.0 diff --git a/Packs/ProofpointThreatResponse/ReleaseNotes/2_0_16.md b/Packs/ProofpointThreatResponse/ReleaseNotes/2_0_16.md new file mode 100644 index 000000000000..55f1097b2d08 --- /dev/null +++ b/Packs/ProofpointThreatResponse/ReleaseNotes/2_0_16.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Proofpoint Threat Response Event Collector +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + diff --git a/Packs/ProofpointThreatResponse/pack_metadata.json b/Packs/ProofpointThreatResponse/pack_metadata.json index c10fd01cc908..925f63d368bc 100644 --- a/Packs/ProofpointThreatResponse/pack_metadata.json +++ b/Packs/ProofpointThreatResponse/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Proofpoint Threat Response", "description": "Use the Proofpoint Threat Response integration to orchestrate and automate incident response.", "support": "xsoar", - "currentVersion": "2.0.15", + "currentVersion": "2.0.16", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/QualysFIM/Integrations/QualysFIM/QualysFIM.yml b/Packs/QualysFIM/Integrations/QualysFIM/QualysFIM.yml index 6e8e5c0ee91b..7bb8367704c6 100644 --- a/Packs/QualysFIM/Integrations/QualysFIM/QualysFIM.yml +++ b/Packs/QualysFIM/Integrations/QualysFIM/QualysFIM.yml @@ -399,7 +399,7 @@ script: - contextPath: QualysFIM.Assets.created description: Date the asset was created. type: String - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/QualysFIM/ReleaseNotes/1_0_30.md b/Packs/QualysFIM/ReleaseNotes/1_0_30.md new file mode 100644 index 000000000000..459d6a7aa8dd --- /dev/null +++ b/Packs/QualysFIM/ReleaseNotes/1_0_30.md @@ -0,0 +1,3 @@ +#### Integrations +##### Qualys FIM +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/QualysFIM/pack_metadata.json b/Packs/QualysFIM/pack_metadata.json index b4acec27946d..2ef8faee2de8 100644 --- a/Packs/QualysFIM/pack_metadata.json +++ b/Packs/QualysFIM/pack_metadata.json @@ -2,7 +2,7 @@ "name": "QualysFIM", "description": "Cloud solution for detecting and identifying critical changes, incidents, and risks resulting from normal and malicious events", "support": "xsoar", - "currentVersion": "1.0.29", + "currentVersion": "1.0.30", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/QuestKace/Integrations/QuestKace/QuestKace.yml b/Packs/QuestKace/Integrations/QuestKace/QuestKace.yml index cad340739ace..c175849bff51 100644 --- a/Packs/QuestKace/Integrations/QuestKace/QuestKace.yml +++ b/Packs/QuestKace/Integrations/QuestKace/QuestKace.yml @@ -457,7 +457,7 @@ script: required: true description: Deletes the specified ticket. name: kace-ticket-delete - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/QuestKace/ReleaseNotes/1_0_16.md b/Packs/QuestKace/ReleaseNotes/1_0_16.md new file mode 100644 index 000000000000..b77fe57cd134 --- /dev/null +++ b/Packs/QuestKace/ReleaseNotes/1_0_16.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Quest KACE Systems Management Appliance (Beta) + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/QuestKace/pack_metadata.json b/Packs/QuestKace/pack_metadata.json index b6d19ef58f97..99e35aafc540 100644 --- a/Packs/QuestKace/pack_metadata.json +++ b/Packs/QuestKace/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Quest Kace", "description": "Use the Comprehensive Quest KACE solution to Provision, manage, secure, and service all network-connected devices.", "support": "xsoar", - "currentVersion": "1.0.15", + "currentVersion": "1.0.16", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/QutteraWebsiteMalwareScanner/Integrations/QutteraWebsiteMalwareScanner/QutteraWebsiteMalwareScanner.yml b/Packs/QutteraWebsiteMalwareScanner/Integrations/QutteraWebsiteMalwareScanner/QutteraWebsiteMalwareScanner.yml index 454f8d36b4ed..cfe2163c5cad 100644 --- a/Packs/QutteraWebsiteMalwareScanner/Integrations/QutteraWebsiteMalwareScanner/QutteraWebsiteMalwareScanner.yml +++ b/Packs/QutteraWebsiteMalwareScanner/Integrations/QutteraWebsiteMalwareScanner/QutteraWebsiteMalwareScanner.yml @@ -23,7 +23,7 @@ configuration: script: type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 script: '' commands: - name: quttera-scan-start diff --git a/Packs/QutteraWebsiteMalwareScanner/ReleaseNotes/1_0_15.md b/Packs/QutteraWebsiteMalwareScanner/ReleaseNotes/1_0_15.md new file mode 100644 index 000000000000..1d016062a450 --- /dev/null +++ b/Packs/QutteraWebsiteMalwareScanner/ReleaseNotes/1_0_15.md @@ -0,0 +1,3 @@ +#### Integrations +##### QutteraWebsiteMalwareScanner +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/QutteraWebsiteMalwareScanner/pack_metadata.json b/Packs/QutteraWebsiteMalwareScanner/pack_metadata.json index 50c85c79a79b..e0058cd27813 100644 --- a/Packs/QutteraWebsiteMalwareScanner/pack_metadata.json +++ b/Packs/QutteraWebsiteMalwareScanner/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Quttera Website Malware Scanner", "description": "Detect suspicious/malicious/blocklisted content on domains/URLs. Run real-time normal/heuristic scan and database queries.", "support": "partner", - "currentVersion": "1.0.14", + "currentVersion": "1.0.15", "author": "Quttera LTD", "url": "https://scannerapi.quttera.com/api/v3", "email": "support@quttera.com", diff --git a/Packs/RecordedFuture/Integrations/RecordedFuture/RecordedFuture.yml b/Packs/RecordedFuture/Integrations/RecordedFuture/RecordedFuture.yml index 1e6ebb781fb6..a00d46b3181f 100644 --- a/Packs/RecordedFuture/Integrations/RecordedFuture/RecordedFuture.yml +++ b/Packs/RecordedFuture/Integrations/RecordedFuture/RecordedFuture.yml @@ -154,7 +154,7 @@ script: script: '' type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 commands: - name: domain description: Gets a quick indicator of the risk associated with a domain. diff --git a/Packs/RecordedFuture/Integrations/RecordedFutureEventCollector/RecordedFutureEventCollector.yml b/Packs/RecordedFuture/Integrations/RecordedFutureEventCollector/RecordedFutureEventCollector.yml index f30e6ffe28a6..8c1e71fcb005 100644 --- a/Packs/RecordedFuture/Integrations/RecordedFutureEventCollector/RecordedFutureEventCollector.yml +++ b/Packs/RecordedFuture/Integrations/RecordedFutureEventCollector/RecordedFutureEventCollector.yml @@ -55,7 +55,7 @@ script: name: limit description: Gets events from Recorded Future. name: recorded-future-get-events - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetchevents: true script: '-' subtype: python3 diff --git a/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists.yml b/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists.yml index d52b8e815cf2..b6870c456953 100644 --- a/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists.yml +++ b/Packs/RecordedFuture/Integrations/RecordedFutureLists/RecordedFutureLists.yml @@ -31,7 +31,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 commands: - name: recordedfuture-lists-search description: Search for lists in Recorded Future. diff --git a/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/RecordedFuturePlaybookAlerts.yml b/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/RecordedFuturePlaybookAlerts.yml index ec607b081db1..ca2222702735 100644 --- a/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/RecordedFuturePlaybookAlerts.yml +++ b/Packs/RecordedFuture/Integrations/RecordedFuturePlaybookAlerts/RecordedFuturePlaybookAlerts.yml @@ -83,7 +83,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 commands: - name: recordedfuture-playbook-alerts-details description: Get Playbook alert details by id. diff --git a/Packs/RecordedFuture/ReleaseNotes/1_7_9.md b/Packs/RecordedFuture/ReleaseNotes/1_7_9.md new file mode 100644 index 000000000000..b1372bb4e9a7 --- /dev/null +++ b/Packs/RecordedFuture/ReleaseNotes/1_7_9.md @@ -0,0 +1,9 @@ +#### Integrations +##### Recorded Future v2 +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### Recorded Future - Lists +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### Recorded Future Event Collector +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. +##### Recorded Future - Playbook Alerts +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/RecordedFuture/pack_metadata.json b/Packs/RecordedFuture/pack_metadata.json index b911902bcddf..a6b8300e9bb1 100644 --- a/Packs/RecordedFuture/pack_metadata.json +++ b/Packs/RecordedFuture/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Recorded Future Intelligence", "description": "Recorded Future App, this pack is previously known as 'RecordedFuture v2'", "support": "partner", - "currentVersion": "1.7.8", + "currentVersion": "1.7.9", "author": "Recorded Future", "url": "https://www.recordedfuture.com/support/demisto-integration/", "email": "support@recordedfuture.com", diff --git a/Packs/RecordedFutureASI/Integrations/RecordedFutureASI/RecordedFutureASI.yml b/Packs/RecordedFutureASI/Integrations/RecordedFutureASI/RecordedFutureASI.yml index 768370a32c37..4b623189ef4d 100644 --- a/Packs/RecordedFutureASI/Integrations/RecordedFutureASI/RecordedFutureASI.yml +++ b/Packs/RecordedFutureASI/Integrations/RecordedFutureASI/RecordedFutureASI.yml @@ -77,7 +77,7 @@ script: - name: expand_issues description: true/false to make an incident per host & per new issue. description: Gets the issues for a project from a particular snapshot (defaults to recent). - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true subtype: python3 fromversion: 6.5.0 diff --git a/Packs/RecordedFutureASI/ReleaseNotes/2_0_13.md b/Packs/RecordedFutureASI/ReleaseNotes/2_0_13.md new file mode 100644 index 000000000000..9a401fdd8c2d --- /dev/null +++ b/Packs/RecordedFutureASI/ReleaseNotes/2_0_13.md @@ -0,0 +1,3 @@ +#### Integrations +##### Recorded Future Attack Surface Intelligence +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/RecordedFutureASI/pack_metadata.json b/Packs/RecordedFutureASI/pack_metadata.json index 79cdc2ad08ec..6bb72621ec73 100644 --- a/Packs/RecordedFutureASI/pack_metadata.json +++ b/Packs/RecordedFutureASI/pack_metadata.json @@ -3,7 +3,7 @@ "prevName": "Recorded Future ASI", "description": "Helps you take risk prioritization to the next level by helping you identify the biggest weaknesses within your attack surface.", "support": "partner", - "currentVersion": "2.0.12", + "currentVersion": "2.0.13", "author": "Recorded Future", "url": "", "email": "support@recordedfuture.com", diff --git a/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2_image.png b/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2_image.png index 9260b7079709..37de3692453e 100644 Binary files a/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2_image.png and b/Packs/ReversingLabs_A1000/Integrations/ReversingLabsA1000v2/ReversingLabsA1000v2_image.png differ diff --git a/Packs/ReversingLabs_Titanium_Cloud/.secrets-ignore b/Packs/ReversingLabs_Titanium_Cloud/.secrets-ignore index 6aaa6ec076d8..6f8747eb038f 100644 --- a/Packs/ReversingLabs_Titanium_Cloud/.secrets-ignore +++ b/Packs/ReversingLabs_Titanium_Cloud/.secrets-ignore @@ -83,4 +83,23 @@ https://eclipse.org 142.250.186.110 142.250.186.131 34.104.35.123 -142.250.181.227 \ No newline at end of file +142.250.181.227 +https://images-na.ssl-images-amazon.com +52.204.132.63 +https://slyb.app.link +142.250.179.206 +216.58.214.3 +http://www.imdb.com +142.250.179.142 +http://ogp.me +54.192.87.100 +67.220.240.31 +142.251.39.106 +142.250.179.131 +142.251.36.36 +108.156.69.18 +65.9.86.10 +18.239.24.188 +13.227.211.55 +52.94.225.248 +18.239.38.222 \ No newline at end of file diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsA1000v2_image.png b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsA1000v2_image.png deleted file mode 100644 index 9260b7079709..000000000000 Binary files a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsA1000v2_image.png and /dev/null differ diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py index 89aa1b111f1d..be1ea0f712cd 100644 --- a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py +++ b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2.py @@ -926,7 +926,7 @@ def detonate_sample_command(): response = da.detonate_sample(sample_sha1=sha1, platform=platform) except Exception as e: if hasattr(e, "response_object"): - return_error(f"status code: {e.response_object.status_code}, " + return_error(f"status code: {e.response_object.status_code}, " # type: ignore[attr-defined] f"message: {e.response_object.text}") # type: ignore[attr-defined] return_error(str(e)) @@ -968,7 +968,7 @@ def sample_dynamic_analysis_results_command(): ) except Exception as e: if hasattr(e, "response_object"): - return_error(f"status code: {e.response_object.status_code}, " + return_error(f"status code: {e.response_object.status_code}, " # type: ignore[attr-defined] f"message: {e.response_object.text}") # type: ignore[attr-defined] return_error(str(e)) @@ -1036,7 +1036,7 @@ def detonate_url_command(): response = da.detonate_url(url_string=url, platform=platform) except Exception as e: if hasattr(e, "response_object"): - return_error(f"status code: {e.response_object.status_code}, " + return_error(f"status code: {e.response_object.status_code}, " # type: ignore[attr-defined] f"message: {e.response_object.text}") # type: ignore[attr-defined] return_error(str(e)) @@ -1084,7 +1084,7 @@ def url_dynamic_analysis_results_command(): except Exception as e: if hasattr(e, "response_object"): - return_error(f"status code: {e.response_object.status_code}, " + return_error(f"status code: {e.response_object.status_code}, " # type: ignore[attr-defined] f"message: {e.response_object.text}") # type: ignore[attr-defined] return_error(str(e)) @@ -1100,21 +1100,46 @@ def url_dynamic_analysis_results_command(): def url_dynamic_analysis_results_output(response_json, passed_url=None, passed_sha1=None): - url = response_json.get("rl", {}).get("report", {}).get("url", passed_url) - sha1 = response_json.get("rl", {}).get("report", {}).get("sha1", passed_sha1) - classification = response_json.get("rl", {}).get("report", {}).get("classification") - last_analysis = response_json.get("rl", {}).get("report", {}).get("last_analysis") + report = response_json.get("rl", {}).get("report", {}) + is_merged = report.get("history_analysis") + classification = report.get("classification") + url = report.get("url", passed_url) + + markdown = f"""## ReversingLabs URL Dynamic Analysis output for URL\n **URL**: {url} + **Classification**: {classification} + **URL SHA1**: {report.get("sha1", passed_sha1)} + **URL BASE64**: {report.get("url_base64")} + **Risk score**: {report.get("risk_score")} + """ + + if is_merged: + markdown = markdown + f"**Last analysis**: {report.get('last_analysis')}\n" + + else: + markdown = markdown + f"""**Analysis ID**: {report.get("analysis_id")}\n **Analysis time**: {report.get("analysis_time")} + **Analysis duration**: {report.get("analysis_duration")} + **Platform**: {report.get("platform")} + **Configuration**: {report.get("configuration")} + **PCAP link**: {report.get("pcap")} + **Memory strings link**: {report.get("memory_strings")} + **Screenshots lin**: {report.get("screenshots")} + **Dropped files link**: {report.get("dropped_files_url")} + """ - markdown = f"## ReversingLabs URL Dynamic Analysis output for URL\n **Classification**: {classification}\n" + network = report.get("network", {}) + if network: + markdown = markdown + "\n### Network" - if last_analysis: - markdown = markdown + f"**Last analysis**: {last_analysis}\n" + for key in network: + table = tableToMarkdown(key, network.get(key)) + markdown = markdown + "\n" + table - if url: - markdown = markdown + f"**Requested URL**: {url}\n" + signatures_table = tableToMarkdown("Signatures", report.get("signatures")) + markdown = f"{markdown}\n {signatures_table}\n" - if sha1: - markdown = markdown + f"**URL SHA1**: {sha1}" + if not is_merged: + dropped_files_table = tableToMarkdown("Dropped files", report.get("dropped_files")) + markdown = f"{markdown}\n {dropped_files_table}" d_bot_score = classification_to_score(classification.upper()) diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2_image.png b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2_image.png new file mode 100644 index 000000000000..37de3692453e Binary files /dev/null and b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2_image.png differ diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2_test.py b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2_test.py index 4c19d8e8580a..6ac56bd03682 100644 --- a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2_test.py +++ b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/ReversingLabsTitaniumCloudv2_test.py @@ -7,7 +7,7 @@ url_latest_analyses_feed_output, url_analyses_feed_from_date_output, yara_ruleset_output, yara_retro_actions_output, \ format_proxy, domain_report_output, domain_downloaded_files_output, domain_urls_output, domain_to_ip_output, \ domain_related_domains_output, ip_report_output, ip_downloaded_files_output, ip_urls_output, ip_to_domain_output, \ - network_reputation_output, detonate_url_output + network_reputation_output, detonate_url_output, url_dynamic_analysis_results_output import demistomock as demisto import pytest @@ -349,8 +349,20 @@ def test_sample_dynamic_analysis_results_output(): def test_detonate_url_output(): test_report = load_json("test_data/detonate_url.json") - text_context = load_json("test_data/detonate_url_context.json") + test_context = load_json("test_data/detonate_url_context.json") result = detonate_url_output(response_json=test_report, url=url2) - assert result.to_context() == text_context + assert result.to_context() == test_context + + +def test_url_dynamic_analysis_results_output(): + test_report = load_json("test_data/url_dynamic_response.json") + test_context = load_json("test_data/url_dynamic_context.json") + + result, _ = url_dynamic_analysis_results_output( + response_json=test_report, + passed_url="https://www.imdb.com/title/tt7740510/reviews?ref_=tt_urv" + ) + + assert result.to_context() == test_context diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/detonate_url.json b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/detonate_url.json index 230dda5d5ce8..f08166cccd07 100644 --- a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/detonate_url.json +++ b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/detonate_url.json @@ -1 +1 @@ -{"rl": {"url": "https://imdb.com/title/tt7740510/reviews?ref_=tt_urv", "status": "started", "sha1": "13659fe16d68b277526d3bb25acb2731b235bdf4", "url_base64": "aHR0cHM6Ly9pbWRiLmNvbS90aXRsZS90dDc3NDA1MTAvcmV2aWV3cz9yZWZfPXR0X3Vydg", "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5"}} \ No newline at end of file +{"rl": {"url": "https://imdb.com/title/tt7740510/reviews?ref_=tt_urv", "status": "started", "sha1": "13659fe16d68b277526d3bb25acb2731b235bdf4", "url_base64": "aHR0cHM6Ly9pbWRiLmNvbS90aXRsZS90dDc3NDA1MTAvcmV2aWV3cz9yZWZfPXR0X3Vydg", "analysis_id": "59a736ad-1b0f-4926-8efc-68739d71f935"}} \ No newline at end of file diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/detonate_url_context.json b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/detonate_url_context.json index 2b7e70482d4e..0a5830cba6d5 100644 --- a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/detonate_url_context.json +++ b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/detonate_url_context.json @@ -1 +1 @@ -{"Type": 1, "ContentsFormat": "json", "Contents": {"detonate_url_dynamic": {"rl": {"url": "https://imdb.com/title/tt7740510/reviews?ref_=tt_urv", "status": "started", "sha1": "13659fe16d68b277526d3bb25acb2731b235bdf4", "url_base64": "aHR0cHM6Ly9pbWRiLmNvbS90aXRsZS90dDc3NDA1MTAvcmV2aWV3cz9yZWZfPXR0X3Vydg", "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5"}}}, "HumanReadable": "## ReversingLabs submit URL https://www.imdb.com/title/tt7740510/reviews?ref_=tt_urv for Dynamic Analysis\n **Status**: started\n **Requested UR**: https://imdb.com/title/tt7740510/reviews?ref_=tt_urv\n **URL SHA1**: 13659fe16d68b277526d3bb25acb2731b235bdf4\n **URL BASE64**: aHR0cHM6Ly9pbWRiLmNvbS90aXRsZS90dDc3NDA1MTAvcmV2aWV3cz9yZWZfPXR0X3Vydg\n **Analysis ID**: b549dd89-5bc8-47ea-92a2-018e8d9c36e5\n ", "EntryContext": {"ReversingLabs": {"detonate_url_dynamic": {"rl": {"url": "https://imdb.com/title/tt7740510/reviews?ref_=tt_urv", "status": "started", "sha1": "13659fe16d68b277526d3bb25acb2731b235bdf4", "url_base64": "aHR0cHM6Ly9pbWRiLmNvbS90aXRsZS90dDc3NDA1MTAvcmV2aWV3cz9yZWZfPXR0X3Vydg", "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5"}}}}, "IndicatorTimeline": [], "IgnoreAutoExtract": false, "Note": false, "Relationships": []} \ No newline at end of file +{"Type": 1, "ContentsFormat": "json", "Contents": {"detonate_url_dynamic": {"rl": {"url": "https://imdb.com/title/tt7740510/reviews?ref_=tt_urv", "status": "started", "sha1": "13659fe16d68b277526d3bb25acb2731b235bdf4", "url_base64": "aHR0cHM6Ly9pbWRiLmNvbS90aXRsZS90dDc3NDA1MTAvcmV2aWV3cz9yZWZfPXR0X3Vydg", "analysis_id": "59a736ad-1b0f-4926-8efc-68739d71f935"}}}, "HumanReadable": "## ReversingLabs submit URL https://www.imdb.com/title/tt7740510/reviews?ref_=tt_urv for Dynamic Analysis\n **Status**: started\n **Requested URL**: https://imdb.com/title/tt7740510/reviews?ref_=tt_urv\n **URL SHA1**: 13659fe16d68b277526d3bb25acb2731b235bdf4\n **URL BASE64**: aHR0cHM6Ly9pbWRiLmNvbS90aXRsZS90dDc3NDA1MTAvcmV2aWV3cz9yZWZfPXR0X3Vydg\n **Analysis ID**: 59a736ad-1b0f-4926-8efc-68739d71f935\n ", "EntryContext": {"ReversingLabs": {"detonate_url_dynamic": {"rl": {"url": "https://imdb.com/title/tt7740510/reviews?ref_=tt_urv", "status": "started", "sha1": "13659fe16d68b277526d3bb25acb2731b235bdf4", "url_base64": "aHR0cHM6Ly9pbWRiLmNvbS90aXRsZS90dDc3NDA1MTAvcmV2aWV3cz9yZWZfPXR0X3Vydg", "analysis_id": "59a736ad-1b0f-4926-8efc-68739d71f935"}}}}, "IndicatorTimeline": [], "IgnoreAutoExtract": false, "Note": false, "Relationships": []} \ No newline at end of file diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/url_dynamic_context.json b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/url_dynamic_context.json new file mode 100644 index 000000000000..c872e70dc775 --- /dev/null +++ b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/url_dynamic_context.json @@ -0,0 +1 @@ +{"Type": 1, "ContentsFormat": "json", "Contents": {"url_dynamic_analysis_results": {"rl": {"report": {"mitre_attack": {"matrix_list": [{"tactics": {"tactic_list": [{"techniques": {"technique_list": [{"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "id": "T1055", "name": "Process Injection"}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "id": "T1036", "name": "Masquerading"}]}, "id": "TA0005", "name": "Defense Evasion"}, {"techniques": {"technique_list": [{"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "id": "T1046", "name": "Network Service Scanning"}]}, "id": "TA0007", "name": "Discovery"}, {"techniques": {"technique_list": [{"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "id": "T1071", "name": "Application Layer Protocol"}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "id": "T1095", "name": "Non-Application Layer Protocol"}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "id": "T1573", "name": "Encrypted Channel"}]}, "id": "TA0011", "name": "Command and Control"}]}, "name": "Enterprise"}]}, "signatures": [{"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Uses secure TLS version", "risk_factor": 0, "sig_id": 508}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Found graphical window changes (likely an installer)", "risk_factor": 0, "sig_id": 1649}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "URLs found in memory or binary data", "risk_factor": 5, "sig_id": 357}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Uses HTTPS", "risk_factor": 5, "sig_id": 392}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Classification label", "risk_factor": 5, "sig_id": 420}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Performs DNS lookups", "risk_factor": 5, "sig_id": 353}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Found strings which match known social media urls", "risk_factor": 5, "sig_id": 355}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Creates a directory in C:\\Program Files", "risk_factor": 0, "sig_id": 1665}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Uses HTTPS for network communication", "risk_factor": 5, "sig_id": 1549}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Creates files inside the program directory", "risk_factor": 5, "sig_id": 1143}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Performs connections to IPs without corresponding DNS lookups", "risk_factor": 5, "sig_id": 472}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Spawns processes", "risk_factor": 5, "sig_id": 1271}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Sends SSDP (simple service discovery protocol) broadcast queries", "risk_factor": 5, "sig_id": 447}], "classification": "NO_THREATS_FOUND", "history_analysis": [{"analysis_duration": 198, "classification_version": 2, "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "NO_THREATS_FOUND", "warnings": ["Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe", "Excluded IPs from analysis (whitelisted): 216.58.214.3, 34.104.35.123, 142.251.39.106, 142.250.179.131, 142.250.179.206", "Excluded domains from analysis (whitelisted): r2---sn-5hne6ns6.gvt1.com, edgedl.me.gvt1.com, redirector.gvt1.com, content-autofill.googleapis.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com", "Not all processes where analyzed, report is missing behavior information"], "risk_score": 0, "platform": "windows10", "configuration": "MS Office 2007;Java 8;Adobe Reader 2020;Firefox 62;Google Chrome 69;Microsoft Edge 42;Internet Explorer 11", "analysis_time": "2024-01-19T12:53:59"}], "url_base64": "aHR0cHM6Ly9pbWRiLmNvbS90aXRsZS90dDc3NDA1MTAvcmV2aWV3cz9yZWZfPXR0X3Vydg", "risk_score": 0, "threat_names": [{"threat_name": "Unknown", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "sha256": "", "last_analysis": "2024-01-19T12:53:59", "dropped_files": [{"sha1": "88a82523260a982a5dbfd3f4e19c3db4969a701b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 93", "sample_type": "Image/None/JPEG", "sample_size": 4214, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "26ea9b916a48c6d54fb36ad5db111bbfa13ad8922198008554c852486d805e08", "file_path": "", "md5": "a4ba5615d593e59bfcd485fcf897d050"}, {"sha1": "1d76baf7cdbd01a51ccfe7658610aa0869c68a3b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 115", "sample_type": "Binary/Archive/GZIP", "sample_size": 29339, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "4125211e25f0a2bf3c5ae18523fb3a5d979ef0e1e6f9a412a0a400e119702b47", "file_path": "", "md5": "8e3efb277e465527a5bcf32e07f7b1a2"}, {"sha1": "8302f515431afe4a30b548d820540d3ac5627667", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 113", "sample_type": "Image/None/JPEG", "sample_size": 30902, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "cd4684c0e1c41256f4ccae016e1b247238c6b8e041c54aded18e7d7af86fcd63", "file_path": "", "md5": "e2ba49b3b70491d21334041090b955bd"}, {"sha1": "01deaf1141d909139c3c179515d7cbf00198a4cb", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 212", "sample_type": "Image/None/JPEG", "sample_size": 6675, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "9279b6cd2ec09ec44ce40257b6f6c99de814cf0959f9463654428b020b417f19", "file_path": "", "md5": "bcfbd15ceca7999cd3026cdba9b94a90"}, {"sha1": "2676e16aa78ce1196e0273592617c96346a29d31", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 136", "sample_type": "Image/None/JPEG", "sample_size": 4374, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "684ad7325e8120a2a587832663f55f56f1c6f59e8924e6873bc17148a464a848", "file_path": "", "md5": "bd391154dac88cefb07abd86f4edb1da"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 102", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "2d8648a1115093dc43e8d7834ba4587e41c3f806", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 195", "sample_type": "Text/HTML", "sample_size": 371317, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "54bb56afaca0128ff3a37e184e3d2811cb8be9b25c4369a8ec4ccded55806ff9", "file_path": "", "md5": "91666c554ce4423d9d43b6dccdd481e3"}, {"sha1": "8f987f895be240334e6d617b169b824b25f8e45f", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 134", "sample_type": "Image/None/JPEG", "sample_size": 6557, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "36b032acb6b879eec36ce95da3ace57a7e537584c7a8a4f87cc187fd03b1951a", "file_path": "", "md5": "40bd9f4fb6ab4ca640887f218e939e85"}, {"sha1": "470a529e517cdb74716116e7b29552419e86babb", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 111", "sample_type": "Image/None/JPEG", "sample_size": 3597, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "18c81654266eca777b1b4c2e00b439c3ce342e6edff47bccf375197cd95edb10", "file_path": "", "md5": "f80030bc60f2cce5dedd2174b507246e"}, {"sha1": "f5cef917635c0ddf9c67bb7ef8b37b1725b53152", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 154", "sample_type": "Image/None/PNG", "sample_size": 497, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "83aed9a68ee856ae88cb99fe562493ce627010c0b05d919cd7dc311414425c10", "file_path": "", "md5": "a00f507810e886fe683c705a0582cdb2"}, {"sha1": "9c11794d0cebe579c7b0275847e2ab1bfd2114d2", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 190", "sample_type": "Image/None/JPEG", "sample_size": 5048, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "3fa7e13b8caf75b7f215149e88d62e80ea4a9ac649ee10ad3939b1d498e3030e", "file_path": "", "md5": "ad97055f043b3260fda52f90ab04930e"}, {"sha1": "682dc0a46519564a72cdc6b9d15fb4e260793123", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 202", "sample_type": "Binary/None", "sample_size": 555529, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "4293e8d2214c0fb45babcf26483e4c1d86ae28e67b05a86f93dbeb7eceec0864", "file_path": "", "md5": "64789e2fe8c581ed0d5315276eb4502d"}, {"sha1": "6ee41aacd863d1c710ed189fce9fa4b5a6fed61b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 229", "sample_type": "Image/None/JPEG", "sample_size": 46739, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "17608d551f17c933466d5b5733f28f9ad92852e4d792e415a368f69f435d1e01", "file_path": "", "md5": "e83f967c1c5f4ee79db3d53dd9af5e73"}, {"sha1": "5789e81a66958aabc7590c1ddd41058335636027", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 165", "sample_type": "Image/None/WOFF", "sample_size": 11020, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e", "file_path": "", "md5": "a59072f933169d3f2db497f44ca4cbbe"}, {"sha1": "79a903b5bc8bafdc78651d58a098b7f8b2d7fc30", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 185", "sample_type": "Image/None/JPEG", "sample_size": 2635, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "73a03e22aee1c13064d8e30ea80fc3b8a0a4cd9c128bb01a5036daa3b8ae0979", "file_path": "", "md5": "81e626d3efd077f4b121bc12aef2a4dd"}, {"sha1": "9a212137e27fe221fe21b4332776d9a8885efaae", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 150", "sample_type": "Image/None/JPEG", "sample_size": 35506, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "ad51bf609054ced1220bd8fc7c8fcf601e9633ac5333dc91e5d4f567667147e8", "file_path": "", "md5": "1e6b6ad72d35a61bf0467466ff7e2af4"}, {"sha1": "15cd0cfb5cef05c87a65822eb100a02754d5c04f", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 147", "sample_type": "Image/None/JPEG", "sample_size": 3977, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "6fbb5d59ee9b27aa7539b6487eb5c5cd4ce6431b1e20f699da42e8d08a837585", "file_path": "", "md5": "80f226c6be828bdd5d0f42ffafc8896d"}, {"sha1": "9a212137e27fe221fe21b4332776d9a8885efaae", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 133", "sample_type": "Image/None/JPEG", "sample_size": 35506, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "ad51bf609054ced1220bd8fc7c8fcf601e9633ac5333dc91e5d4f567667147e8", "file_path": "", "md5": "1e6b6ad72d35a61bf0467466ff7e2af4"}, {"sha1": "6ff06a34f68ad0324ddec1bbe4d453c959178b36", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 162", "sample_type": "Image/None/WOFF", "sample_size": 11016, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479", "file_path": "", "md5": "15fa3062f8929bd3b05fdca5259db412"}, {"sha1": "08d84905ec59ef0dd96cc94ea81fbb4c2448e009", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 204", "sample_type": "Image/None/JPEG", "sample_size": 3559, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "249c151940cfee86eea272b3e86ba9a735b6901739f9f3cf489260e8183cb20c", "file_path": "", "md5": "b9d39a4b37255a7bfa6cbfdc94219077"}, {"sha1": "397b288df8abf27a0cd24350593e0a3814f7ef42", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 137", "sample_type": "Image/None/JPEG", "sample_size": 5209, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "ada4871e8f92d50a977253467f4fff3fac17ec43dacc78f1713e51365459032f", "file_path": "", "md5": "139043909e518c544e6e9aa497a8ddcd"}, {"sha1": "5dbdaab7213b5c606f0c8b1b153e1ea284bb737c", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 215", "sample_type": "Image/None/JPEG", "sample_size": 54660, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "05d4923449bdc5b7de702698eda368f1287ca59d7a788c70f1a662d264dc2e27", "file_path": "", "md5": "58f7fe65d7b019d7cfa4c3ba7ceb1e4c"}, {"sha1": "68d5ab3244b936d1e2ec364706faffd2d5d7f21f", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 142", "sample_type": "Binary/None", "sample_size": 760, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "e38f21ffde5eea825d4e4a9b52efaa7c9f7aaf67a25347a671dfe8894c80d28a", "file_path": "", "md5": "25581c9a34165352a9c1badfd8a2aeb7"}, {"sha1": "b009ca00be40ce7d8e53d054d39be62ce790d6ab", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 98", "sample_type": "Binary/Archive/GZIP", "sample_size": 35408, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "d0db52fe774424b284a5b5e91e2732a6b774aeff28ddfa5bd7f592054a8d3c7a", "file_path": "", "md5": "84a49a20c089bc0d7ef3323e8b5952d2"}, {"sha1": "bba1550dd8ebab7b55fcbd092655db0dbe968a21", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 91", "sample_type": "Image/None/JPEG", "sample_size": 5830, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a5f0bc6dfdc752dcf13030e40f14ee9ed09efc89b764933fcd315e0f74d2f3cd", "file_path": "", "md5": "1255f3b3cc93fa699309ad714badf745"}, {"sha1": "e522e8835a88f24552d04ec1af3c1681cb7269c8", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 171", "sample_type": "Image/None/JPEG", "sample_size": 5855, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "73cbed49f585d48d88b732d0c1b6a930d556fd9ec5f0fe0577bb065ed90ce11e", "file_path": "", "md5": "0d6bed942437e0bc4c41deae53165408"}, {"sha1": "a7c9e37910ac122a97f52ebc1aa6e2fe51e54179", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 191", "sample_type": "Image/None/JPEG", "sample_size": 55245, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "c20d10dc49be9aabe754bab3e7d913aa625a6f73211d857a045f5e6e722d518b", "file_path": "", "md5": "d818205b1d270eb3251cac107fb00996"}, {"sha1": "7fa5aa4ec7865f39fc86cf50b2074b30e8fd0c58", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 90", "sample_type": "Image/None/JPEG", "sample_size": 3046, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1194c245a24572f82844885e9935f90719c52dd6577e880909e3a8cb1e6b51c3", "file_path": "", "md5": "768af40c8c0d570c7dcf81f599cdbe64"}, {"sha1": "72eb3960f3d8ae6724252fcafe86fb5eeac18f8b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 138", "sample_type": "Binary/None", "sample_size": 2887, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "bd30110622ae294a3a41f834c8f058e457b36a9916704946864df0fa4dd291f3", "file_path": "", "md5": "1ac618b0f127a0aa7de3651070fad47a"}, {"sha1": "93de4b55ad29e7406bfec901aad5c06725780c23", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 192", "sample_type": "Binary/None", "sample_size": 28367, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "f251f019b6c7f6b8fe01bb09feb95348ca4c3966964d6a9f37f8216d243cb153", "file_path": "", "md5": "0e4d86149b4f6e3e6af3bed202a54d7b"}, {"sha1": "4eedb4aad798fa1c2bdb72f984c34a24c56c2476", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 121", "sample_type": "Image/None/PNG", "sample_size": 2372, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "257b2e6cbab280d2019687435863539a52473275f8132884c0538efd14899507", "file_path": "", "md5": "4505a569689e1df76eba896d26533b8f"}, {"sha1": "b03e31a2df43c881a1bf38723e14d0488e53bd9a", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 101", "sample_type": "Image/None/JPEG", "sample_size": 2703, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "039dc85892810b989186a889299ada5e9ddadf43a8f771041b9b5d89d92dc868", "file_path": "", "md5": "e196fe4f70544d277d99efcb4e59d959"}, {"sha1": "2ca1a236d41b5e816fe7af3048d33e85abae1f3d", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 104", "sample_type": "Image/None/JPEG", "sample_size": 17804, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "e96090e3831f528706487bf3fa86e72565dbe157dbc9cdc9b7b48da0d190df86", "file_path": "", "md5": "07f674c8ec0980963043881158c82f65"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 110", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "2676e16aa78ce1196e0273592617c96346a29d31", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 194", "sample_type": "Image/None/JPEG", "sample_size": 4374, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "684ad7325e8120a2a587832663f55f56f1c6f59e8924e6873bc17148a464a848", "file_path": "", "md5": "bd391154dac88cefb07abd86f4edb1da"}, {"sha1": "0b188f7c91a79519727a25ce3cb4e997f187be43", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 105", "sample_type": "Binary/None", "sample_size": 28, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "f245f3dbd4291746d1e44363529f7cb3851a2780c01d8bcdd3c5e080a0009494", "file_path": "", "md5": "6d355197591570cee568ab636183c16e"}, {"sha1": "bf7033d18d8409478666fe9eeee6131bd8e983d5", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 168", "sample_type": "Binary/Archive/GZIP", "sample_size": 30388, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "33409bb4e77f16dd9dcc540f2047d8d2ac302cfbdeb8e3e44261961c448f9289", "file_path": "", "md5": "25e2a55b6daeb5a259ff1459515381db"}, {"sha1": "62a4d9d0d5f8c83c3a17cdc1e488a4a84f3d0460", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 188", "sample_type": "Image/None/JPEG", "sample_size": 58204, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "6138cfe70296302a26b60e53dc138305ca9450c97fb4da052b5e40567c6fe779", "file_path": "", "md5": "6fa72b7421663295b6d593d8790aa9b1"}, {"sha1": "5789e81a66958aabc7590c1ddd41058335636027", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 244", "sample_type": "Image/None/WOFF", "sample_size": 11020, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e", "file_path": "", "md5": "a59072f933169d3f2db497f44ca4cbbe"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 214", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "f153256cab6ede3bc605b639e73db9822013354c", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 119", "sample_type": "Binary/None", "sample_size": 15928, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "4786a2783bd58159839fe90f5170d78d22d33ea01806152d63936a433e169894", "file_path": "", "md5": "ec26bfd025f77c88976cbd9e74420d4d"}, {"sha1": "5bffbffabb780253d1d1cbb899c4de2b66760862", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 205", "sample_type": "Image/None/JPEG", "sample_size": 2696, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "eeb31b1cebc8babbfab219a4c52132b507047f88237055219468c27ded4b3b5f", "file_path": "", "md5": "896952a8672c231b9435927b70adbdeb"}, {"sha1": "7fe31344fa723425d6be0a264ab084bbfb6a0112", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 196", "sample_type": "Image/None/JPEG", "sample_size": 7015, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "42dfca7f071dd80526a7c8a8166f82f712f3813c1be59894e9c0d531ee6aac63", "file_path": "", "md5": "3bad41b67d7a8e891a6d4395ae67c277"}, {"sha1": "fd157eaf1a8b3ec97c718798dc375570e6ef9bd0", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 166", "sample_type": "Image/None/JPEG", "sample_size": 4816, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "8d4a37c150dcd3b706cb5362ca985858bf24fefe9b47caab3f62d1bc300c1820", "file_path": "", "md5": "b177ef0d6b70187a87f55a55fe699cbc"}, {"sha1": "b8612689330620c98d6295e3f7a5f6a7959f02c6", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 149", "sample_type": "Image/None/JPEG", "sample_size": 26660, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1a8799b75e2b918b470c8e04c30a1554246cfe43cb7e9d7527dc83919406addb", "file_path": "", "md5": "b0ec92057bc346ca7c83de6a41cdf367"}, {"sha1": "15ace8e9e042913ba263820f7be6214913676e22", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 141", "sample_type": "Binary/None", "sample_size": 1862, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "722ef3edbb5a107e1f914b1e400d8f92e0810a10f9a86d6e89220c3f9fcad7fd", "file_path": "", "md5": "2ba5b2ffebc6be6401c274544cec45b0"}, {"sha1": "4f102c807204de6449d5a2ae2aba99d249aa3f82", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 127", "sample_type": "Image/None/JPEG", "sample_size": 81139, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "cd12947a0f5da04f0581a44438efa3123d51ba80814958f423d6ae15492d80e6", "file_path": "", "md5": "534c731b854172d8115d11c88db0dc46"}, {"sha1": "930193b840dd3298e7001a4fc3d7dde80f5ae8e4", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 89", "sample_type": "Image/None/JPEG", "sample_size": 4245, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1ffa387734b3f6961ed9f443b6062601166b427415fd78faf2fde842a3ea4d1e", "file_path": "", "md5": "e37ae5f3d0786c75d5aaa9920edacc05"}, {"sha1": "8f987f895be240334e6d617b169b824b25f8e45f", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 225", "sample_type": "Image/None/JPEG", "sample_size": 6557, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "36b032acb6b879eec36ce95da3ace57a7e537584c7a8a4f87cc187fd03b1951a", "file_path": "", "md5": "40bd9f4fb6ab4ca640887f218e939e85"}, {"sha1": "e522e8835a88f24552d04ec1af3c1681cb7269c8", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 97", "sample_type": "Image/None/JPEG", "sample_size": 5855, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "73cbed49f585d48d88b732d0c1b6a930d556fd9ec5f0fe0577bb065ed90ce11e", "file_path": "", "md5": "0d6bed942437e0bc4c41deae53165408"}, {"sha1": "6b1c1235e4fb42159a8d88ddc1456935ac36236a", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 157", "sample_type": "Binary/Archive/GZIP", "sample_size": 46816, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "3503cb3b14811575b4070fbf410c4faa148b118db6b21ad9a47a582f8cef5856", "file_path": "", "md5": "a7bb71c6e0827791da0b46491a6dd388"}, {"sha1": "5a50b8e7e227531ebecba74a8ec3f7752c038e45", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 99", "sample_type": "Image/None/JPEG", "sample_size": 6238, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1653b9d1b6fdbf987dad791297e4fcd6eb4f054c3975d97672ffd829c27795bc", "file_path": "", "md5": "5c79334ed4b28046f38de19aecbffe6b"}, {"sha1": "152f312d82ea7f909efab9cfbc513922c5c68451", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 112", "sample_type": "Image/None/JPEG", "sample_size": 3484, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "5f71ef9cc75b0885c4d7a565db2dc8f2b159470b9f87f47523af73ca08b3f2fa", "file_path": "", "md5": "e58166197873c671d947f32ad004507f"}, {"sha1": "45a8c4980dae29b1eefafdfd94fb4970ddf3e3e3", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 120", "sample_type": "Image/None/PNG", "sample_size": 100353, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "25e630efa0f85c1310aafd02b164600a790d2a8872acad58368a558d4ee2848e", "file_path": "", "md5": "03ea3b0ffac42298b8dcc9f879bb30cd"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 100", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "6eb83738fbe5dd557a573a873d0ab0b50b3aab18", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 230", "sample_type": "Image/None/JPEG", "sample_size": 10576, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "802c38614a4c3afb10a73fc16e2ee06103e5b3c17aba14dce68b4fb37679863e", "file_path": "", "md5": "34cb56bf1ee13123ea28819d78ef6d3a"}, {"sha1": "4f102c807204de6449d5a2ae2aba99d249aa3f82", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 176", "sample_type": "Image/None/JPEG", "sample_size": 81139, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "cd12947a0f5da04f0581a44438efa3123d51ba80814958f423d6ae15492d80e6", "file_path": "", "md5": "534c731b854172d8115d11c88db0dc46"}, {"sha1": "e0ed377bd8278fbea11264788eb59a6fe59c14ea", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 160", "sample_type": "Image/None/JPEG", "sample_size": 1614, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "54503cea106dc82deb940dc049e4f01f7a03a399e07f3e3403df390d08b086fe", "file_path": "", "md5": "643bfd45a1a5af69cea2b510927832a7"}, {"sha1": "f5cef917635c0ddf9c67bb7ef8b37b1725b53152", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 131", "sample_type": "Image/None/PNG", "sample_size": 497, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "83aed9a68ee856ae88cb99fe562493ce627010c0b05d919cd7dc311414425c10", "file_path": "", "md5": "a00f507810e886fe683c705a0582cdb2"}, {"sha1": "62a4d9d0d5f8c83c3a17cdc1e488a4a84f3d0460", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 189", "sample_type": "Image/None/JPEG", "sample_size": 58204, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "6138cfe70296302a26b60e53dc138305ca9450c97fb4da052b5e40567c6fe779", "file_path": "", "md5": "6fa72b7421663295b6d593d8790aa9b1"}, {"sha1": "c17d49f81185e16d7c0b5a3c1a096285b11101ed", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 156", "sample_type": "Image/None/JPEG", "sample_size": 3928, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "8f1341c8b1c3613c6008e884b83c24a267c51b6a0fd766e54207ff064a6cbad1", "file_path": "", "md5": "14e628e330b1b37afb6267fc118d2305"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 235", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "08d84905ec59ef0dd96cc94ea81fbb4c2448e009", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 124", "sample_type": "Image/None/JPEG", "sample_size": 3559, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "249c151940cfee86eea272b3e86ba9a735b6901739f9f3cf489260e8183cb20c", "file_path": "", "md5": "b9d39a4b37255a7bfa6cbfdc94219077"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 233", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "2578d7531085fea59a21e3a51039bdd4202e334b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 132", "sample_type": "Image/None/JPEG", "sample_size": 4455, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a9b7fe1efcd58b29cd498e3ca1ddcc840d3f0084f611ce5b0d1b84c973dcd357", "file_path": "", "md5": "9f006ab0ecb111a454dbce86c29f9f57"}, {"sha1": "489a7c76c076e6b95e168f97a293d2c7fa880165", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 167", "sample_type": "Image/None/JPEG", "sample_size": 3741, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "01bf2af64dd7a156e5838536dde22bf0b67073192b7c05fe38bf1f67b223b905", "file_path": "", "md5": "ba1090c3728e03f6ef4a575e6d8d1a5e"}, {"sha1": "0d31448b24ecf17ce885d1068089ec1b8cc7dc04", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 197", "sample_type": "Image/None/JPEG", "sample_size": 6680, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "3e33511b7b4767198e9f07467bce1a893b5ea75a535373cc906d98425d82c8af", "file_path": "", "md5": "e0ff5f849f86eae053a1207429ac7ab4"}, {"sha1": "7fa5aa4ec7865f39fc86cf50b2074b30e8fd0c58", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 140", "sample_type": "Image/None/JPEG", "sample_size": 3046, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1194c245a24572f82844885e9935f90719c52dd6577e880909e3a8cb1e6b51c3", "file_path": "", "md5": "768af40c8c0d570c7dcf81f599cdbe64"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 216", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "03a9d879efeb95c7c2745b2275426016e9d229ab", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 175", "sample_type": "Image/None/JPEG", "sample_size": 5415, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1c9ebc07b2c555951b26562b2c911906024a05ca72422ffc08c90c77221a44ec", "file_path": "", "md5": "190108c5c10e694fae0f0490b3357c01"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 236", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "5bffbffabb780253d1d1cbb899c4de2b66760862", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 193", "sample_type": "Image/None/JPEG", "sample_size": 2696, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "eeb31b1cebc8babbfab219a4c52132b507047f88237055219468c27ded4b3b5f", "file_path": "", "md5": "896952a8672c231b9435927b70adbdeb"}, {"sha1": "3a6a668c00c9a04e94611b34d4b5f2482b556e0b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 180", "sample_type": "Image/None/PNG", "sample_size": 12056, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "756188e73429bcd78f5d6a7d14d6fba5ff636a41d715df4b5c40b29f7e3df965", "file_path": "", "md5": "1dd2a51e639e476432926c1b26c42bbd"}, {"sha1": "930193b840dd3298e7001a4fc3d7dde80f5ae8e4", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 152", "sample_type": "Image/None/JPEG", "sample_size": 4245, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1ffa387734b3f6961ed9f443b6062601166b427415fd78faf2fde842a3ea4d1e", "file_path": "", "md5": "e37ae5f3d0786c75d5aaa9920edacc05"}, {"sha1": "470a529e517cdb74716116e7b29552419e86babb", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 227", "sample_type": "Image/None/JPEG", "sample_size": 3597, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "18c81654266eca777b1b4c2e00b439c3ce342e6edff47bccf375197cd95edb10", "file_path": "", "md5": "f80030bc60f2cce5dedd2174b507246e"}, {"sha1": "28b5e16b014a40addfa0b59122301b8527c87f34", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 201", "sample_type": "Image/None/PNG", "sample_size": 3318, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "b5c35ead310d445abf5475f4f1d644000125b3e9a53b5f297531f8760dac26e8", "file_path": "", "md5": "3425122b41b55222d336992b13a00114"}, {"sha1": "a7c9e37910ac122a97f52ebc1aa6e2fe51e54179", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 122", "sample_type": "Image/None/JPEG", "sample_size": 55245, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "c20d10dc49be9aabe754bab3e7d913aa625a6f73211d857a045f5e6e722d518b", "file_path": "", "md5": "d818205b1d270eb3251cac107fb00996"}, {"sha1": "30b076e0e60bd4589052e6a51f6d2dad4b202f99", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 178", "sample_type": "Binary/None", "sample_size": 174929, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "9cc32dc9c4cb8d38afd2c97dc127563a18e585d756a44ff783829a1b3bd86aab", "file_path": "", "md5": "f25ec68306de555b2fd9de9df5fc68fa"}, {"sha1": "9c11794d0cebe579c7b0275847e2ab1bfd2114d2", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 240", "sample_type": "Image/None/JPEG", "sample_size": 5048, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "3fa7e13b8caf75b7f215149e88d62e80ea4a9ac649ee10ad3939b1d498e3030e", "file_path": "", "md5": "ad97055f043b3260fda52f90ab04930e"}, {"sha1": "8302f515431afe4a30b548d820540d3ac5627667", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 135", "sample_type": "Image/None/JPEG", "sample_size": 30902, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "cd4684c0e1c41256f4ccae016e1b247238c6b8e041c54aded18e7d7af86fcd63", "file_path": "", "md5": "e2ba49b3b70491d21334041090b955bd"}, {"sha1": "9767ea61066ef394d4962bde6b4e1d055001d28d", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 206", "sample_type": "Image/None/JPEG", "sample_size": 5231, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1ed1eee6fc7dcf13312a3e7e20cf9869ac0a517034e07428e33059917005093c", "file_path": "", "md5": "9a38f9f0ecd7e2d63a08676f18810cfb"}, {"sha1": "489a7c76c076e6b95e168f97a293d2c7fa880165", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 198", "sample_type": "Image/None/JPEG", "sample_size": 3741, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "01bf2af64dd7a156e5838536dde22bf0b67073192b7c05fe38bf1f67b223b905", "file_path": "", "md5": "ba1090c3728e03f6ef4a575e6d8d1a5e"}, {"sha1": "6ddd5099e3cde9460a9d52f26421d8018c606680", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 224", "sample_type": "Binary/Archive/GZIP", "sample_size": 4343, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "d21ada6b1008ec75f03c1acbca30a19ad2a0910f49790c79b6676e8945f0bca9", "file_path": "", "md5": "bd5ddb7c1e0e700a24870a933e19eda0"}, {"sha1": "7b6bf48baf2de7bf3614051f650d0de3ccfae4e7", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 169", "sample_type": "Image/None/JPEG", "sample_size": 9509, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "531e960b289db27a7b9a406779e90666e31eb0cd5c714f9d6a02b1677e82dee5", "file_path": "", "md5": "48fad77575b7ef908cbe8f2620fab43e"}, {"sha1": "6ff06a34f68ad0324ddec1bbe4d453c959178b36", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 184", "sample_type": "Image/None/WOFF", "sample_size": 11016, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479", "file_path": "", "md5": "15fa3062f8929bd3b05fdca5259db412"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 183", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "5789e81a66958aabc7590c1ddd41058335636027", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 158", "sample_type": "Image/None/WOFF", "sample_size": 11020, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e", "file_path": "", "md5": "a59072f933169d3f2db497f44ca4cbbe"}, {"sha1": "3a6a668c00c9a04e94611b34d4b5f2482b556e0b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 226", "sample_type": "Image/None/PNG", "sample_size": 12056, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "756188e73429bcd78f5d6a7d14d6fba5ff636a41d715df4b5c40b29f7e3df965", "file_path": "", "md5": "1dd2a51e639e476432926c1b26c42bbd"}, {"sha1": "41cc3b4d7d8f02181cfa55384d5a53a83c76cb61", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 187", "sample_type": "Binary/None", "sample_size": 57183, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "7149f21f312737dd05fbaa26e958e70639bd0c64e81eb24b7ec01ad15cd8a285", "file_path": "", "md5": "a048a6a2d5a57ad40865354f93e99392"}, {"sha1": "28b5e16b014a40addfa0b59122301b8527c87f34", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 117", "sample_type": "Image/None/PNG", "sample_size": 3318, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "b5c35ead310d445abf5475f4f1d644000125b3e9a53b5f297531f8760dac26e8", "file_path": "", "md5": "3425122b41b55222d336992b13a00114"}, {"sha1": "ede344f8cc0c483eab92c8b7d3f557b0e5f62229", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 118", "sample_type": "Image/None/JPEG", "sample_size": 5696, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "101e16c8036307d4d224d6c29f674d5e6ba68d32f46018258403f30ae8b0b40f", "file_path": "", "md5": "3cbe65afcd9be26a9d049d5ab0d98c85"}, {"sha1": "c17d49f81185e16d7c0b5a3c1a096285b11101ed", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 129", "sample_type": "Image/None/JPEG", "sample_size": 3928, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "8f1341c8b1c3613c6008e884b83c24a267c51b6a0fd766e54207ff064a6cbad1", "file_path": "", "md5": "14e628e330b1b37afb6267fc118d2305"}, {"sha1": "5a50b8e7e227531ebecba74a8ec3f7752c038e45", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 245", "sample_type": "Image/None/JPEG", "sample_size": 6238, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1653b9d1b6fdbf987dad791297e4fcd6eb4f054c3975d97672ffd829c27795bc", "file_path": "", "md5": "5c79334ed4b28046f38de19aecbffe6b"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 139", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "bba1550dd8ebab7b55fcbd092655db0dbe968a21", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 103", "sample_type": "Image/None/JPEG", "sample_size": 5830, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a5f0bc6dfdc752dcf13030e40f14ee9ed09efc89b764933fcd315e0f74d2f3cd", "file_path": "", "md5": "1255f3b3cc93fa699309ad714badf745"}, {"sha1": "11d1b55c5de9c01228624860d7020927362aedb6", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 125", "sample_type": "Binary/None", "sample_size": 12192, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "2900cce6198b031f651a558242e97d5a8d92981116391d37adc061e8ba7ab228", "file_path": "", "md5": "c200fc263f67f99ad385c10a92becaca"}, {"sha1": "b03e31a2df43c881a1bf38723e14d0488e53bd9a", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 222", "sample_type": "Image/None/JPEG", "sample_size": 2703, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "039dc85892810b989186a889299ada5e9ddadf43a8f771041b9b5d89d92dc868", "file_path": "", "md5": "e196fe4f70544d277d99efcb4e59d959"}, {"sha1": "cdf956ab7a6d8b70aa74a71d58324774b7633848", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 146", "sample_type": "Binary/None", "sample_size": 10578, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "e4c677b7dda552036081657fa115fdd8b508d9dcb9af0b1063ddbde8efe38224", "file_path": "", "md5": "821979aeb4b562808423f1c5b35e3785"}, {"sha1": "7fa54e72d0a5c52f68d8770ffba1ed72345b95b4", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 223", "sample_type": "Image/None/JPEG", "sample_size": 47553, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "2041669ae9d8bb8f0dd31f5cbf7074b466bd29389d6afd212a913243b7b5ec9e", "file_path": "", "md5": "d0423a8eefa2dd3c312f4f5d2c442d5c"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 207", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "2578d7531085fea59a21e3a51039bdd4202e334b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 161", "sample_type": "Image/None/JPEG", "sample_size": 4455, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a9b7fe1efcd58b29cd498e3ca1ddcc840d3f0084f611ce5b0d1b84c973dcd357", "file_path": "", "md5": "9f006ab0ecb111a454dbce86c29f9f57"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 177", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 123", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "5dbdaab7213b5c606f0c8b1b153e1ea284bb737c", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 241", "sample_type": "Image/None/JPEG", "sample_size": 54660, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "05d4923449bdc5b7de702698eda368f1287ca59d7a788c70f1a662d264dc2e27", "file_path": "", "md5": "58f7fe65d7b019d7cfa4c3ba7ceb1e4c"}, {"sha1": "829c3947b4cc8f2cdc179254d163c33ed7d6c564", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 95", "sample_type": "Binary/Archive/GZIP", "sample_size": 2305, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "18ded3005ba1fece98bd20ed9fb80aab2e40b6150affa919439cd813ee9e3c1b", "file_path": "", "md5": "9ee1fcb71b2077acd5604f52976d156f"}, {"sha1": "397b288df8abf27a0cd24350593e0a3814f7ef42", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 155", "sample_type": "Image/None/JPEG", "sample_size": 5209, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "ada4871e8f92d50a977253467f4fff3fac17ec43dacc78f1713e51365459032f", "file_path": "", "md5": "139043909e518c544e6e9aa497a8ddcd"}, {"sha1": "9a5c1462d0103e306f94589c423babf681ec9a48", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 211", "sample_type": "Binary/None", "sample_size": 1139, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "d6aa867c755d1e71f2764e35da115c33ce0a02bbcc5e8edbe586d5b43b50fad5", "file_path": "", "md5": "c7345b5f13ee8306806977e8d1b68835"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 126", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 130", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "29c6b82e87f475f4f18410d45c1335392c8610a1", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 109", "sample_type": "Image/None/JPEG", "sample_size": 2762, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "24d65f2702f30720b9c00ec85d5d781dfc52025d8037f350dc1d024aa1c009f5", "file_path": "", "md5": "3b0eac80c91d00aef6fec0a60d71b63b"}, {"sha1": "c849ca7878a01012fddd8acfdba279f2422cd0c2", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 148", "sample_type": "Binary/None", "sample_size": 411685, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "67b2a17f04a8817c4b504eb749490f3150b98ecd41de11af9010d0d087e0c0e7", "file_path": "", "md5": "5dee3cd9ff301b7e6a649a50a00b0631"}, {"sha1": "6f773abdd41cc6c38455aab073f2c15b6e1b3216", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 153", "sample_type": "Image/None/JPEG", "sample_size": 3452, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "58471a81b8e03d829480b36b67563971fd34fd461cdcc2d4f10bf3a971b854d7", "file_path": "", "md5": "792dc435254bb1c8c908926c3743b2f4"}, {"sha1": "4484e3ebe71146a7c27bd706f413dec2b5a35526", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 174", "sample_type": "Image/None/JPEG", "sample_size": 2827, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "ec6c64a5fea39cc97613545bb306fd862df39c5b2eaa5c7e0963a982cbc54d05", "file_path": "", "md5": "550caec824f420c2145b75a6081c4f27"}, {"sha1": "7fa54e72d0a5c52f68d8770ffba1ed72345b95b4", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 107", "sample_type": "Image/None/JPEG", "sample_size": 47553, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "2041669ae9d8bb8f0dd31f5cbf7074b466bd29389d6afd212a913243b7b5ec9e", "file_path": "", "md5": "d0423a8eefa2dd3c312f4f5d2c442d5c"}, {"sha1": "e0ed377bd8278fbea11264788eb59a6fe59c14ea", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 186", "sample_type": "Image/None/JPEG", "sample_size": 1614, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "54503cea106dc82deb940dc049e4f01f7a03a399e07f3e3403df390d08b086fe", "file_path": "", "md5": "643bfd45a1a5af69cea2b510927832a7"}, {"sha1": "c8be5259dafa617a574c3cf8e728e1e5de439196", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 143", "sample_type": "Image/None/JPEG", "sample_size": 2168, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "54bb29488dd7451b42292474ecb3545151fcc5b4bd1cc0c682604340569a02c5", "file_path": "", "md5": "2e35ccb645015f1d4b790ce54b5a0119"}, {"sha1": "4484e3ebe71146a7c27bd706f413dec2b5a35526", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 219", "sample_type": "Image/None/JPEG", "sample_size": 2827, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "ec6c64a5fea39cc97613545bb306fd862df39c5b2eaa5c7e0963a982cbc54d05", "file_path": "", "md5": "550caec824f420c2145b75a6081c4f27"}, {"sha1": "2eb314939881eb922c1b3f4538e2cf95162a78c3", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 220", "sample_type": "Image/None/JPEG", "sample_size": 6479, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1151a44411193b4a719e736e44155b042f4e83400a89cc879ad10d767f7a1caf", "file_path": "", "md5": "9e7e991f92ad1be903e4a5b36a0bc9a4"}, {"sha1": "9767ea61066ef394d4962bde6b4e1d055001d28d", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 228", "sample_type": "Image/None/JPEG", "sample_size": 5231, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1ed1eee6fc7dcf13312a3e7e20cf9869ac0a517034e07428e33059917005093c", "file_path": "", "md5": "9a38f9f0ecd7e2d63a08676f18810cfb"}, {"sha1": "c8be5259dafa617a574c3cf8e728e1e5de439196", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 179", "sample_type": "Image/None/JPEG", "sample_size": 2168, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "54bb29488dd7451b42292474ecb3545151fcc5b4bd1cc0c682604340569a02c5", "file_path": "", "md5": "2e35ccb645015f1d4b790ce54b5a0119"}, {"sha1": "6310022f64c2b93940ff004519a5cac926be2b48", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 163", "sample_type": "Binary/None", "sample_size": 124088, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "0f75c7297d0bcdb247420e83c3e230e39140ecda41f4a09cb87a0a0176da25ef", "file_path": "", "md5": "95d0f49af179d9337f09ff3caa6cf691"}, {"sha1": "15cd0cfb5cef05c87a65822eb100a02754d5c04f", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 88", "sample_type": "Image/None/JPEG", "sample_size": 3977, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "6fbb5d59ee9b27aa7539b6487eb5c5cd4ce6431b1e20f699da42e8d08a837585", "file_path": "", "md5": "80f226c6be828bdd5d0f42ffafc8896d"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 151", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "152f312d82ea7f909efab9cfbc513922c5c68451", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 181", "sample_type": "Image/None/JPEG", "sample_size": 3484, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "5f71ef9cc75b0885c4d7a565db2dc8f2b159470b9f87f47523af73ca08b3f2fa", "file_path": "", "md5": "e58166197873c671d947f32ad004507f"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 94", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "b8612689330620c98d6295e3f7a5f6a7959f02c6", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 231", "sample_type": "Image/None/JPEG", "sample_size": 26660, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1a8799b75e2b918b470c8e04c30a1554246cfe43cb7e9d7527dc83919406addb", "file_path": "", "md5": "b0ec92057bc346ca7c83de6a41cdf367"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 106", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "01deaf1141d909139c3c179515d7cbf00198a4cb", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 234", "sample_type": "Image/None/JPEG", "sample_size": 6675, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "9279b6cd2ec09ec44ce40257b6f6c99de814cf0959f9463654428b020b417f19", "file_path": "", "md5": "bcfbd15ceca7999cd3026cdba9b94a90"}, {"sha1": "4eedb4aad798fa1c2bdb72f984c34a24c56c2476", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 96", "sample_type": "Image/None/PNG", "sample_size": 2372, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "257b2e6cbab280d2019687435863539a52473275f8132884c0538efd14899507", "file_path": "", "md5": "4505a569689e1df76eba896d26533b8f"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 218", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 108", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "0d31448b24ecf17ce885d1068089ec1b8cc7dc04", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 213", "sample_type": "Image/None/JPEG", "sample_size": 6680, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "3e33511b7b4767198e9f07467bce1a893b5ea75a535373cc906d98425d82c8af", "file_path": "", "md5": "e0ff5f849f86eae053a1207429ac7ab4"}, {"sha1": "6eb83738fbe5dd557a573a873d0ab0b50b3aab18", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 238", "sample_type": "Image/None/JPEG", "sample_size": 10576, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "802c38614a4c3afb10a73fc16e2ee06103e5b3c17aba14dce68b4fb37679863e", "file_path": "", "md5": "34cb56bf1ee13123ea28819d78ef6d3a"}, {"sha1": "29c6b82e87f475f4f18410d45c1335392c8610a1", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 203", "sample_type": "Image/None/JPEG", "sample_size": 2762, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "24d65f2702f30720b9c00ec85d5d781dfc52025d8037f350dc1d024aa1c009f5", "file_path": "", "md5": "3b0eac80c91d00aef6fec0a60d71b63b"}, {"sha1": "6f773abdd41cc6c38455aab073f2c15b6e1b3216", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 173", "sample_type": "Image/None/JPEG", "sample_size": 3452, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "58471a81b8e03d829480b36b67563971fd34fd461cdcc2d4f10bf3a971b854d7", "file_path": "", "md5": "792dc435254bb1c8c908926c3743b2f4"}, {"sha1": "7fe31344fa723425d6be0a264ab084bbfb6a0112", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 200", "sample_type": "Image/None/JPEG", "sample_size": 7015, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "42dfca7f071dd80526a7c8a8166f82f712f3813c1be59894e9c0d531ee6aac63", "file_path": "", "md5": "3bad41b67d7a8e891a6d4395ae67c277"}, {"sha1": "ede344f8cc0c483eab92c8b7d3f557b0e5f62229", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 239", "sample_type": "Image/None/JPEG", "sample_size": 5696, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "101e16c8036307d4d224d6c29f674d5e6ba68d32f46018258403f30ae8b0b40f", "file_path": "", "md5": "3cbe65afcd9be26a9d049d5ab0d98c85"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 114", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "5789e81a66958aabc7590c1ddd41058335636027", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 92", "sample_type": "Image/None/WOFF", "sample_size": 11020, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e", "file_path": "", "md5": "a59072f933169d3f2db497f44ca4cbbe"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 221", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "fd157eaf1a8b3ec97c718798dc375570e6ef9bd0", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 209", "sample_type": "Image/None/JPEG", "sample_size": 4816, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "8d4a37c150dcd3b706cb5362ca985858bf24fefe9b47caab3f62d1bc300c1820", "file_path": "", "md5": "b177ef0d6b70187a87f55a55fe699cbc"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 116", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "6ee41aacd863d1c710ed189fce9fa4b5a6fed61b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 237", "sample_type": "Image/None/JPEG", "sample_size": 46739, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "17608d551f17c933466d5b5733f28f9ad92852e4d792e415a368f69f435d1e01", "file_path": "", "md5": "e83f967c1c5f4ee79db3d53dd9af5e73"}, {"sha1": "87d84e52cf7d74617f34bd98c8ce1889e9f2102d", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 144", "sample_type": "Image/None/JPEG", "sample_size": 6337, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "06008bbdba5493b5047000104128238845b1d66d0aa631751b691b6d67747110", "file_path": "", "md5": "cd8ca137a95eec5947d1fc516a7f6aec"}, {"sha1": "7b6bf48baf2de7bf3614051f650d0de3ccfae4e7", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 145", "sample_type": "Image/None/JPEG", "sample_size": 9509, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "531e960b289db27a7b9a406779e90666e31eb0cd5c714f9d6a02b1677e82dee5", "file_path": "", "md5": "48fad77575b7ef908cbe8f2620fab43e"}, {"sha1": "ff363c7e5086f09760c9bc759e0ef2d0055bda47", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 208", "sample_type": "Binary/None", "sample_size": 2245, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a4e26b6349b555a919e510a34f83547a1b5eb596f64e4faff8a767169b3123e4", "file_path": "", "md5": "30045490bd99424ad19bc45883fc17f6"}, {"sha1": "626b9b656308bd16f13769c73c0839462f50afbf", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 242", "sample_type": "Image/None/JPEG", "sample_size": 5511, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "5612ed78d613c00f7b8ae2589cf659a3b9831060acc2a89fbf0bccb62759f5bb", "file_path": "", "md5": "74c579cc444ce7e953295ae84de5086c"}, {"sha1": "03a9d879efeb95c7c2745b2275426016e9d229ab", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 232", "sample_type": "Image/None/JPEG", "sample_size": 5415, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1c9ebc07b2c555951b26562b2c911906024a05ca72422ffc08c90c77221a44ec", "file_path": "", "md5": "190108c5c10e694fae0f0490b3357c01"}, {"sha1": "88a82523260a982a5dbfd3f4e19c3db4969a701b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 199", "sample_type": "Image/None/JPEG", "sample_size": 4214, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "26ea9b916a48c6d54fb36ad5db111bbfa13ad8922198008554c852486d805e08", "file_path": "", "md5": "a4ba5615d593e59bfcd485fcf897d050"}, {"sha1": "45a8c4980dae29b1eefafdfd94fb4970ddf3e3e3", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 170", "sample_type": "Image/None/PNG", "sample_size": 100353, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "25e630efa0f85c1310aafd02b164600a790d2a8872acad58368a558d4ee2848e", "file_path": "", "md5": "03ea3b0ffac42298b8dcc9f879bb30cd"}, {"sha1": "626b9b656308bd16f13769c73c0839462f50afbf", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 210", "sample_type": "Image/None/JPEG", "sample_size": 5511, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "5612ed78d613c00f7b8ae2589cf659a3b9831060acc2a89fbf0bccb62759f5bb", "file_path": "", "md5": "74c579cc444ce7e953295ae84de5086c"}, {"sha1": "2eb314939881eb922c1b3f4538e2cf95162a78c3", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 128", "sample_type": "Image/None/JPEG", "sample_size": 6479, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1151a44411193b4a719e736e44155b042f4e83400a89cc879ad10d767f7a1caf", "file_path": "", "md5": "9e7e991f92ad1be903e4a5b36a0bc9a4"}, {"sha1": "68e69c4cafd9511007d5ae2ef639a9c353c2fd4a", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 243", "sample_type": "Binary/Archive/GZIP", "sample_size": 91016, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "f125b2eb6875ba0bdff7dfa6b312f4bd133e35b0de3d48c72f41f9562bc288cb", "file_path": "", "md5": "7d3c549a01423770076491eb7635612f"}, {"sha1": "79a903b5bc8bafdc78651d58a098b7f8b2d7fc30", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 217", "sample_type": "Image/None/JPEG", "sample_size": 2635, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "73a03e22aee1c13064d8e30ea80fc3b8a0a4cd9c128bb01a5036daa3b8ae0979", "file_path": "", "md5": "81e626d3efd077f4b121bc12aef2a4dd"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 172", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "87d84e52cf7d74617f34bd98c8ce1889e9f2102d", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 182", "sample_type": "Image/None/JPEG", "sample_size": 6337, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "06008bbdba5493b5047000104128238845b1d66d0aa631751b691b6d67747110", "file_path": "", "md5": "cd8ca137a95eec5947d1fc516a7f6aec"}, {"sha1": "281bdbf311823c4f05510884cc4d3ed235cb4c89", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 159", "sample_type": "Text/HTML", "sample_size": 1720, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "b76de5ad72e8e664d058f8adaaeea9211c5511d25d23ccc0bad5f9d40bc8a14a", "file_path": "", "md5": "852255ce3f5bc74ad5b9053240305ab7"}, {"sha1": "2ca1a236d41b5e816fe7af3048d33e85abae1f3d", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 164", "sample_type": "Image/None/JPEG", "sample_size": 17804, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "e96090e3831f528706487bf3fa86e72565dbe157dbc9cdc9b7b48da0d190df86", "file_path": "", "md5": "07f674c8ec0980963043881158c82f65"}], "sha1": "13659fe16d68b277526d3bb25acb2731b235bdf4", "md5": "", "classification_version": 2, "platforms": ["windows10"], "url": "https://imdb.com/title/tt7740510/reviews?ref_=tt_urv", "first_analysis": "2024-01-19T12:53:59", "network": {"url": [{"url": "https://m.media-amazon.com/images/G/01/csm/showads.v2.js?category=ad&adstype=-ad-column-&ad_size=-ho", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://twitter.com/intent/tweet?text=Antlers%20(2021)%20-%20https%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/JJwdLH4ViTW-kI$.js", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/6qZFWoJmV652f6o.js", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/favicon_iPhone_retina_180x180._CB1582158", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/IMDb/cm9ib3RvQm9sZA.woff2)", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/9m6S-uNKolkzgGa.css", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://unagi.amazon.com/1/events/com.amazon.csm.csa.prod", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/M/MV5BMTQ2Nzk5NzIxMF5BMl5BanBnXkFtZTgwNTM2NTc5MjE", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/M/MV5BZGNiNDQ2OTAtZWYwOS00ZGVlLThmNmItM2NlMDU5M2QxNzUyXkEyXkFqcGde", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://www.imdb.com/title/tt7740510/", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/apple-touch-icon-web-152x152._CB47996308", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "http://www.imdb.com/title/tt7740510/", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/favicon_iPad_retina_167x167._CB158215806", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/8ZhQrGnWn9cWUVQ.png", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/CCc6Ja$8QUPPKkY.css", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/IMDb/cm9ib3RvTWVk.woff2)", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://slyb.app.link/vtz1COZnXAb", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/apple-touch-icon-mobile._CB479963088_.pn", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/pXHSPBTKPo0GIjW.css", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://unagi-na.amazon.com/1/events/com.amazon.csm.nexusclient.prod", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/M/MV5BYmZlZDZkZjYtNzE5Mi00ODFhLTk2OTgtZWVmODBiZTI4NGFiXkEyXkFqcGde", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/apple-touch-icon-mobile-76x76._CB4799621", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/eLBTsaJHl4mJCUa.css", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/M/MV5BOGY2MDAxNTEtNjJhOC00ZjNmLWIyYzAtNzQ4OGY2MDBkYTc2XkEyXkFqcGde", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "http://www.imdb.com/title/tt7740510/reviews", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/M/MV5BY2UzODAyNjktN2MwYy00M2RkLThiOTEtMjU1MTgxY2EzM2YyXkEyXkFqcGde", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://images-na.ssl-images-amazon.com/images/I/31bJewCvY-L.js", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "http://ogp.me/ns#", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/favicon_desktop_32x32._CB1582158068_.png", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://cdn.branch.io/branch-2.58.0.min.js", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/IMDb/cm9ib3Rv.woff2)", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/MzfIBMq9GBucYqW.xml", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/android-mobile-196x196._CB479962153_.png", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/LEkTDT9yTAT$m1v.js", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/apple-touch-icon-mobile-120x120._CB47996", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/M/MV5BMzdjNjI5MmYtODhiNS00NTcyLWEzZmUtYzVmODM5YzExNDE3XkEyXkFqcGde", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/li0RQGRcT$yJBXl.js", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://www.imdb.com/title/tt7740510/reviews", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/Z1lb6I-6IosG6cQ.js", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "udp": [{"destination_port": 53, "process_id": 5476, "destination_ip": "8.8.4.4", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 53, "process_id": 5476, "destination_ip": "8.8.8.8", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 1900, "process_id": 7164, "destination_ip": "239.255.255.250", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "tcp": [{"destination_port": 443, "process_id": 5476, "destination_ip": "67.220.240.31", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "65.9.86.10", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "18.239.24.188", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "54.192.87.100", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "142.250.27.84", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "52.94.225.248", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "18.239.38.222", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "13.227.211.55", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "52.204.132.63", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "142.251.36.36", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "108.156.69.18", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "142.250.179.142", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "dns": [{"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "clients1.google.com", "address": "none"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "db187550c7dkf.cloudfront.net", "address": "none"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "www.imdb.com", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "db187550c7dkf.cloudfront.net", "address": "13.227.211.55"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "clients2.google.com", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "www.imdb.com", "address": "54.192.87.100"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "api.graphql.imdb.com", "address": "65.9.86.10"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "dqpnq362acqdi.cloudfront.net", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "unagi.amazon.com", "address": "67.220.240.31"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "m.media-amazon.com", "address": "18.239.24.188"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "www.google.com", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "clients2.google.com", "address": "142.250.179.206"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "images-na.ssl-images-amazon.com", "address": "108.156.69.18"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "wpad.example.org", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "dqpnq362acqdi.cloudfront.net", "address": "18.239.38.222"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "images-na.ssl-images-amazon.com", "address": "none"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "imdb.com", "address": "none"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "m.media-amazon.com", "address": "none"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "accounts.google.com", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "imdb.com", "address": "52.94.225.248"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "fls-na.amazon.com", "address": "52.204.132.63"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "api.graphql.imdb.com", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "clients1.google.com", "address": "142.250.179.142"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "fls-na.amazon.com", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "www.google.com", "address": "142.251.36.36"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "unagi.amazon.com", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "accounts.google.com", "address": "142.250.27.84"}]}, "behavioral": [{"process_actions": [{"status": "success or wait", "path": "unknown", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "process_created"}, {"status": "process is terminating", "path": "unknown", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "process_terminated"}, {"status": "success or wait", "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "process_created"}], "registry_actions": [{"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}\\LastWasDefault", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_USERSS-1-5-19\\Software\\Microsoft\\Cryptography\\TPM\\Telemetry", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\PriorityControl", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "state", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon", "value": "2", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Common\\Rlz\\PTimes", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "user_experience_metrics.stability.exited_cleanly", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\StabilityMetrics", "value": "0", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\crypt32", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_deleted"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Control Panel\\Cursors", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "object name not found", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Chrome\\Extensions", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome\\Extensions", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_created"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_created"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Network\\Location Awareness", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Dnscache\\Parameters", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\Clients\\{8A69D345-D564-463c-AFF1-A69D9E530F96}", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}\\LastWasDefault", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_created"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Common\\Rlz\\RLZs", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "dr", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463c-AFF1-A69D9E530F96}", "value": "1", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\Extensions", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\DWM", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "StatusCodes", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty", "value": "NU LL ", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\StabilityMetrics", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "prefs.preference_reset_time", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default", "value": "877A2F052DE9AAC7FECBFA90C1B7B24BA183EC6164B65BC8486318E358CFF80E", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_created"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\Protocol_Catalog9", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip6\\Parameters", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "S-1-5-21-987036132-2528391375-4088684000-1001", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\LastWasDefault", "value": "B0 08 26 BD E9 6D 2F 00 ", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\CA", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463c-AFF1-A69D9E530F96}", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "C", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Common\\Rlz\\PTimes", "value": "ED 65 B1 95 21 4B DA 01 ", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "S-1-5-21-987036132-2528391375-4088684000-1001", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\LastWasDefault", "value": "84 57 F1 BC E9 6D 2F 00 ", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_created"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\Extensions", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "S-1-5-21-987036132-2528391375-4088684000-1001", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\FirstNotDefault", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_deleted"}, {"status": "object name not found", "value_name": "extensions.settings", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_deleted"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome\\Extensions", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_created"}, {"status": "success or wait", "value_name": "ahfgeienlihckogmohjhadlkjgocpleb", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings", "value": "69DEB46A0B78E542374AC1328780025ED39AC48FDDA2BDE04045AF87D9838F7B", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_created"}, {"status": "success or wait", "value_name": "media.cdm.origin_data", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default", "value": "81046E921B34925EF9312C9A62CC5AFFB0D63E7CA2C13AC486278B291F7C08F2", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "success or wait", "value_name": "TraceTimeLast", "key_name": "HKEY_USERSS-1-5-19\\Software\\Microsoft\\Cryptography\\TPM\\Telemetry", "value": "CA E7 AC 63 21 4B DA 01 ", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}], "file_actions": [{"status": "success or wait", "file_name": "the-real-index~RF324ee.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Code Cache\\js\\index-dir", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "AutoIt3", "file_path": "C:\\Program Files (x86)", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_US", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object path not found", "file_name": "computed_hashes.json", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\hangout_services\\_metadata", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "lv", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "3295c130-2390-4cd7-882d-02000c1f9d6d.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "gu", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "upgrade-index", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Local", "file_path": "C:\\Users\\user~1\\AppData", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Local State~RF3806c.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CMApi", "file_path": "\\Device\\DeviceApi", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Windows.UI.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIAL.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "the-real-index", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Code Cache\\js\\index-dir", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Application", "file_path": "C:\\Program Files (x86)\\Google\\Chrome", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object path not found", "file_name": "prefs.json", "file_path": "C:\\Program Files\\Google\\GoogleUpdater", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "en_GB", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "VERSION.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "km", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ntshrui.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_BITS_7164_1557435168", "file_path": "C:\\Program Files", "action_type": "file_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "lv", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "craw_window.css", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SetupMetrics", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26af5.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_BITS_7164_137727968", "file_path": "C:\\Program Files", "action_type": "file_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\uk", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "KBDUS.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object path not found", "file_name": "computed_hashes.json", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\pdf\\_metadata", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hu", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\tr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "AppData", "file_path": "C:\\Users\\user", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "zh_TW", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\da", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ko", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ja", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\zh_TW", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hi", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "verified_contents.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_metadata", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hu", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "nb", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "tzres.dll.mui", "file_path": "C:\\WINDOWS\\SYSTEM32\\en-US", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ml", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\en", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "msvcp110_win.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "page_embed_script.js", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ja", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26efc.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "computed_hashes.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_metadata", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "113.0.5672.93", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "1.66.0_0", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "id", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "af", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fr_CA", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "vi", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26690.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_BITS_7164_137727968", "file_path": "C:\\Program Files", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cversions.1.db", "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "de", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.5371781808828888906", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ca", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Tabs_13341351141015311", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sessions", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "invalid handle", "file_name": "unknown", "file_path": "", "action_type": "file_written", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "user~1", "file_path": "C:\\Users", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cscui.dll", "file_path": "C:\\WINDOWS\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object name collision", "file_name": "Caches", "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows", "action_type": "file_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cryptsp.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26816.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dwmapi.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\lt", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF277b6.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Preferences~RF28dcf.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403", "file_path": "C:\\WINDOWS\\WinSxS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Preferences", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WindowsCodecsRaw.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "topbar_floating_button_maximize.png", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.8528811922335825074", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\si", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.15990597935705186469", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ur", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\kk", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Users", "file_path": "C:", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "gpapi.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dhcpcsvc.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "verified_contents.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_metadata", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ActXPrxy.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fil", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fil", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hy", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sortdefault.nls", "file_path": "C:\\WINDOWS\\Globalization\\Sorting", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "gl", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fi", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "b154ccd1-6189-4931-953b-5db3eb52f7f2.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "RTWorkQ.DLL", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "tr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF280af.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\tr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "en", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "en-US.pak", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\locales", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "crashpad_7164_KFOIJLEXXGSBFTKR", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\id", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "zh_CN", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ne", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "es_419", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "inetcomm.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\is", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dbghelp.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "_locales", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "pa", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ar", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "twinapi.appcore.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "BitsProxy.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "bn", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "tr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.12323301711856673067", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_200_percent.pak", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dlnashext.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "iw", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26e9e.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SSPICLI.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fwbase.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\cy", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sl", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WTSAPI32.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ms", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sw", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ro", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "MountPointManager", "file_path": "", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "eu", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIALBI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "KERNEL32.DLL.mui", "file_path": "C:\\WINDOWS\\System32\\en-US", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26b91.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.938562082360760424", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Preferences~RF37957.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\it", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "en_US", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "todelete_ca366d4d2a962dcf", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "pt_BR", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\zh_CN", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pt_PT", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lt", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "topbar_floating_button_pressed.png", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mscms.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.7003376282300460611", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF28080.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "DPAPI.dll", "file_path": "C:\\WINDOWS\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\th", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "BrowserMetrics-65244C60-125C.pma", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\BrowserMetrics", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Secur32.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ml", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF280a0.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_CA", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "topbar_floating_button_hover.png", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\es", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\eu", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "bcrypt.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ca", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\lv", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "temp-index", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ka", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "kk", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "wlanapi.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "it", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "000001.dbtmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\gdaefkejpgkiemlaofpalmlakkmbjdnl", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "default_apps", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIALI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26a1a.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.5557806001879089168", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ta", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ru", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "FirewallAPI.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_CN", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINHTTP.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sRGB Color Space Profile.icm", "file_path": "C:\\WINDOWS\\system32\\spool\\drivers\\color", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.13427858274477407116", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ko", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "MSOHEVI.DLL", "file_path": "C:\\PROGRA~1\\MICROS~1\\Office12", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF28090.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "index", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Local State~RF28c48.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "IPHLPAPI.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sk", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "no", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF280a0.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "images", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sv", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINSTA.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIALBD.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\iw", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "tbs.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "srmshell.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "the-real-index~RF38ba7.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Code Cache\\js\\index-dir", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.4655848220829308044", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ka", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Windows.Media.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\mn", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sk", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dxgi.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "USERENV.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.2012181059449342459", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\te", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "manifest.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "bfc3761f-a788-4a60-8860-db27b3bf6826", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\blob_storage", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome.dll", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\bg", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hy", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fa", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "webcheck.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "craw_window.js", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "it", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fil", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Endpoint", "file_path": "\\Device\\Afd", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "usermgrcli.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26680.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TIMESBI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "te", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "manifest.json", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\MEIPreload", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WorkfoldersShell.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ja", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\nb", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "icon_16.png", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF28071.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TIMES.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dataexchange.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "_metadata", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "DWrite.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ru", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\no", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF280a0.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "kn", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "shellext.dll", "file_path": "C:\\Program Files\\Windows Defender", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\vi", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\az", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\de", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "th", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hi", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\gu", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CoreUIComponents.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.16333949910362127675", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sl", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "PCPKsp.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "4cbc0183-8308-4519-b3c4-c5d866768884.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fi", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "49ca94db-f59d-4dd8-a69b-1dbac6db58d8.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINMMBASE.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Certificates", "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_HK", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "NIRMALAS.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "MDMRegistration.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "uxtheme.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "computed_hashes.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_metadata", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db", "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ntmarta.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF280af.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "zu", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CONSOLAZ.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\km", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIBLK.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "topbar_floating_button.png", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "NLAapi.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "index~RF26c8b.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "wkssvc", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINMM.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "wshext.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ro", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "NETBT_TCPIP_{7F50E9BE-7F02-49EC-B525-546E3FB9A32B}", "file_path": "\\DEVICE", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\my", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\kn", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hu", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "colorui.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Secure Preferences~RF28d90.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.14805540783010311201", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "msoshext.dll", "file_path": "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SEGUIEMJ.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "84f07f12-8eff-4654-97d5-d9d5dc5509bc.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "manifest.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ar", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sv", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "topbar_floating_button_close.png", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.15614001605277384304", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CRYPTSP.dll", "file_path": "C:\\WINDOWS\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "en_GB", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "nl", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pt_BR", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ja", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CAMBRIA.TTC", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "da", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "da", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Module Info Cache~RF2c9af.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINDOWS", "file_path": "C:", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "lt", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\cs", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "wab32.dll", "file_path": "C:\\Program Files\\Common Files\\System", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\th", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "es", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "NIRMALA.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "_metadata", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\es_419", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "lo", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CRYPTBASE.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "128.png", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TIMESI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CTLs", "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.14909495955792438792", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object name not found", "file_name": "TPM", "file_path": "", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "MMDevApi.dll", "file_path": "C:\\WINDOWS\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Local State", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Preferences~RF2ee7d.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "uk", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "_locales", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\et", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cc3cf316-5a35-4ac7-be50-0d77a8151dfb.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sl", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ne", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "user", "file_path": "C:\\Users", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.16389839076684270433", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\et", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "html", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "pt_PT", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "cannot delete", "file_name": "BrowserMetrics-65AAEE66-1BFC.pma", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\BrowserMetrics", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "th", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\am", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "manifest.json", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\WidevineCdm", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Google", "file_path": "C:\\Users\\user\\AppData\\Local", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CONSOLAB.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cryptext.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "PROPSYS.dll.mui", "file_path": "C:\\WINDOWS\\SYSTEM32\\en-US", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lo", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dhcpcsvc6.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "VERDANAI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "XmlLite.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CoreMessaging.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26690.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "wintypes.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "pt_PT", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "trusted_vault.pb", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_BITS_7164_137727968", "file_path": "C:\\Program Files", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\gl", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "5f29766b-bbcc-4f1b-9d50-c90c4dd60da3.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "PROPSYS.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Local", "file_path": "C:\\Users\\user\\AppData", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "VERDANAZ.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "VERDANAB.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pt_PT", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Local State~RF2bf4e.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fi", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ncrypt.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "my", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "eventpage_bin_prod.js", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "el", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "netapi32.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\el", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ro", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "icon_128.png", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dasherSettingSchema.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "wlanapi.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "UIAutomationCore.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "USER32.dll.mui", "file_path": "C:\\WINDOWS\\System32\\en-US", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "bg", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.17008016908030526641", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "nmmhkkegccagdldgiimedpiccmgmieda", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "RMCLIENT.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hi", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "craw_background.js", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CONSOLAI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "et", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "en", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CONSOLA.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\id", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Secure Preferences", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CNG", "file_path": "\\Device", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "tzres.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ca", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pl", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_100_percent.pak", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "preloaded_data.pb", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\MEIPreload", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "pt_BR", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "css", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_elf.dll", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "temp-index", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Code Cache\\js\\index-dir", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sk", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CMNotify", "file_path": "\\Device\\DeviceApi", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Caches", "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.16704188171526519595", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "appresolver.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.12379925674880718928", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "wpnapps.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hosts", "file_path": "C:\\WINDOWS\\system32\\drivers\\etc", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\mr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "InputHost.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "zh_TW", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\it", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\PersistentOriginTrials", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "AppData", "file_path": "C:\\Users\\user~1", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.2328985240652827900", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "wkscli.dll", "file_path": "C:\\WINDOWS\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Module Info Cache", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "IMM32.DLL", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "7136bdf0-fc3b-43a4-b9dc-1230a379558f.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "stobject.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TextInputFramework.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "si", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF267c8.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "the-real-index", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "directmanipulation.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "el", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}", "file_path": "", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "pl", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sw", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "KsecDD", "file_path": "\\Device", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ms", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "OneCoreUAPCommonProxyStub.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "uk", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "0af34194-9402-47aa-a3ab-dc44404879ed.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "netutils.dll", "file_path": "C:\\WINDOWS\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "44301d95-d150-4100-9978-2a4ff4dd0ea5.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\bn", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "nl", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.7989042900505458173", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "DMCmnUtils.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIALN.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fi", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIALNB.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\de", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "zh_HK", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ghbmnnjooekpmoecnnnilnnbdlolhkhi", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TIMESBD.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ur", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "d3d11.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "atlthunk.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sl", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "NTASN1.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\el", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cs", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ru", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "manifest.fingerprint", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "rpcss.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\es", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\da", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.15761571646295731223", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sv", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_TW", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "de", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "resources.pak", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "external_extensions.json", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\default_apps", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "NIRMALAB.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ko", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "be", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.9448446555981269236", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sk", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\uk", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.15189293687477637717", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIALNI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.673452335551621506", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\af", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.3565400010105269535", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "R000000000013.clb", "file_path": "C:\\WINDOWS\\Registration", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "COMCTL32.dll", "file_path": "C:\\WINDOWS\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cb00e7c1-a436-4915-86a5-d625b867de06.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_shutdown_ms.txt", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "et", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "63fd997b-00e2-4c7e-a4d9-2492d22ee3c9.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "BrowserMetrics-spare.pma.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\nl", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pa", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object path not found", "file_name": "computed_hashes.json", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\network_speech_synthesis\\_metadata", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "bg", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "az", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Module Info Cache~RF380ba.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "shell32.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cy", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "en_CA", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "OLEACC.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Session_13341351140337548", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sessions", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIALNBI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SEGUISB.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.928700364805031984", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hi", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "flapper.gif", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000022600000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}", "file_path": "", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object name not found", "file_name": "NETBT_TCPIP_{C8C115D0-C73A-11E8-B003-806E6F6E6963}", "file_path": "\\DEVICE", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CRLs", "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "trusted_vault.pb~RF27b02.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Local State~RF3189a.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "explorerframe.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ta", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ru", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pt_BR", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\nl", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fr_CA", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "the-real-index~RF2c8e4.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26b33.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fa", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "aaef295e-a2d7-4554-8e60-b10c9e81e17c.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.3072040511828351109", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "1.0.0.6_0", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hu", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_GB", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "EhStorShell.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Preferences~RF3189a.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\vi", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "is", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LINKINFO.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "es_419", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mswsock.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "etc", "file_path": "C:\\WINDOWS\\system32\\drivers", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ca", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.5065171455154818050", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "am", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINSPOOL.DRV", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\en_GB", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object path not found", "file_name": "computed_hashes.json", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\web_store\\_metadata", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "C:", "file_path": "", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "zh_CN", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "DEVOBJ.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ncryptprov.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sv", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Google Chrome.lnk", "file_path": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "rsaenh.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "DSREG.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ro", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "vi", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "twinapi.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "VERDANA.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ole32.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "AppContainerUserCertRead", "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mn", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cs", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.16606832278380850568", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "es", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lv", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "desktop.ini", "file_path": "C:\\Program Files (x86)", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\cs", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ColorAdapterClient.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "lt", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fil", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zu", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\es_419", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.9086864329745810841", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "pl", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "OLEACCRC.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pl", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WindowsShell.Manifest", "file_path": "C:\\WINDOWS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Nsi", "file_path": "", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "craw_window.html", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\html", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SEGOEUI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dcomp.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\be", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\bg", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "icudtl.dat", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "id", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ko", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "process": {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "process_id": 7164, "name": "chrome.exe", "parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --start-maximized \"about:blank", "parent_process_id": 6240}, "mutex_actions": [{"status": "success or wait", "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7164:304:WilStaging_02", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "name": "unknown", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7164:120:WilError_01", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "name": "\\Sessions\\1\\BaseNamedObjects\\{A946A6A9-917E-4949-B9BC-6BADA8C7FD63}", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "modules_loaded": [{"module_name": "\\KnownDlls\\DWrite.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dpapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\USER32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\combase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\secur32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dsreg.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\rpcss.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winsta.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\Secur32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dbghelp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\rsaenh.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\arial.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\kernel.appcore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\uxtheme.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\devobj.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\twinapi.appcore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\XmlLite.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dhcpcsvc.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\msvcp110_win.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ntmarta.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\msvcp_win.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\MMDevApi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINSTA.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ncryptprov.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\ariblk.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\PCPKsp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\en-US\\tzres.dll.mui", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINHTTP.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\CRYPTBASE.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dcomp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\ARIALNB.TTF", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "unknown", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\OLEAUT32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\d3d11.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\wlanapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\usermgrcli.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\en-US\\kernel32.dll.mui", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\TextInputFramework.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ncrypt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\nlaapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\segoeui.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\MMDevAPI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\actxprxy.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ntmarta.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\SHELL32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\UIAutomationCore.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\CoreUIComponents.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\consolai.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\version.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\arialbi.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winhttp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\twinapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\explorerframe.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ActXPrxy.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\mdmregistration.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\CoreUIComponents.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\wpnapps.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\InputHost.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dwmapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\CoreMessaging.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Registration\\R000000000013.clb", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\verdana.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\RTWorkQ.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\profapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINSPOOL.DRV", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\gdi32full.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\wtsapi32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\uxtheme.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\shcore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\USERENV.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\en-US\\user32.dll.mui", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\VERSION.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\Windows\\ThemeSection", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\mscms.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\HWNDInterface:3031c", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\cryptbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dhcpcsvc6.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ucrtbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\SETUPAPI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\NLAapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\coloradapterclient.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\mswsock.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\timesbd.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\SSPICLI.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_100_percent.pak", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\msvcp110_win.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\HWNDInterface:1032a", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\seguisb.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ole32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_200_percent.pak", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\UIAutomationCore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ncrypt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\tbs.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403\\comctl32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\xmllite.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\Windows\\Theme3180608070", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dataexchange.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\verdanai.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\MSCTF.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINMM.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\usermgrcli.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\gpapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\propsys.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\arialbd.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\twinapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\AsyncKeyStateTrackerSharedMemory", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\tbs.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\oleacc.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\ariali.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\Windows.Media.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\Windows.UI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\cryptsp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\CRYPT32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\Windows\\SharedSection", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\twinapi.appcore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\consola.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources.pak", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dhcpcsvc.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\BitsProxy.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dxgi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WS2_32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\NSI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\WinTypes.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\KBDUS.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\sechost.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\cfgmgr32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winmmbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\clbcatq.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\DSREG.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\netutils.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\TextInputFramework.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Windows\\Theme2779561647", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\icudtl.dat", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\en-US\\propsys.dll.mui", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ADVAPI32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINTRUST.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\consolab.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\KERNELBASE.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WTSAPI32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winmm.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\NirmalaS.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ole32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\consolaz.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\mscms.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\Locales\\en-US.pak", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dwmapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\KBDUS.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\RMCLIENT.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dmcmnutils.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\bcrypt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\FirewallAPI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\verdanab.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\netutils.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\seguiemj.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\ARIALNBI.TTF", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dbghelp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\netapi32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\PROPSYS.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\LINKINFO.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\DWrite.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\CTF.AsmListCache.FMPDefault1", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\Nirmala.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\rmclient.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ExplorerFrame.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\FLTLIB.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\BitsProxy.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\wintypes.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\mswsock.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\cryptsp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\winmmbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\msvcrt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dcomp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\imm32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\wkscli.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\gpapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\FirewallAPI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\Windows.Media.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\MDMRegistration.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\windows.storage.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINMMBASE.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dxgi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\KERNEL32.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\MSASN1.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\PCPKsp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\powrprof.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\ARIALNI.TTF", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\CRYPTSP.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\win32u.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\bcryptPrimitives.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\DEVOBJ.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\directmanipulation.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\windows_shell_global_counters", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\IPHLPAPI.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dhcpcsvc6.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\wpnapps.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\bcrypt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\OneCoreUAPCommonProxyStub.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\atlthunk.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\RTWorkQ.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\userenv.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\SHLWAPI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\InputHost.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\Windows.UI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ColorAdapterClient.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\RPCRT4.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\d3d11.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ncryptprov.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\CoreMessaging.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\wlanapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\IMM32.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\atlthunk.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\sspicli.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winspool.drv", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\fwbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\NirmalaB.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\WindowsShell.Manifest", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\DataExchange.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\OLEACC.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\DMCmnUtils.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\fwbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\timesbi.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\IPHLPAPI.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ntasn1.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\rsaenh.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\oleaccrc.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\ARIALN.TTF", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\netapi32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\directmanipulation.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\wkscli.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\verdanaz.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\cambria.ttc", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\linkinfo.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\timesi.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\NTASN1.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\HWNDInterface:702be", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\GDI32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\DPAPI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}]}, {"process_actions": [{"status": "success or wait", "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "process_terminated"}, {"status": "success or wait", "path": "unknown", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "process_created"}], "registry_actions": [{"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "StatusCodes", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty", "value": "NU LL ", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "success or wait", "value_name": "state", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon", "value": "2", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}], "file_actions": [{"status": "success or wait", "file_name": "CMApi", "file_path": "\\Device\\DeviceApi", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "AutoIt3", "file_path": "C:\\Program Files (x86)", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sortdefault.nls", "file_path": "C:\\WINDOWS\\Globalization\\Sorting", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_elf.dll", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "113.0.5672.93", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ntmarta.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Application", "file_path": "C:\\Program Files (x86)\\Google\\Chrome", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "VERSION.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CRYPTBASE.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "IMM32.DLL", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CNG", "file_path": "\\Device", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "crashpad_6432_IWZNPBMDEDPATAVQ", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "process": {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "process_id": 6432, "name": "chrome.exe", "parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" \"https://imdb.com/title/tt7740510/reviews?ref_=tt_urv", "parent_process_id": 6240}, "mutex_actions": [{"status": "success or wait", "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6432:304:WilStaging_02", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "name": "unknown", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "modules_loaded": [{"module_name": "\\KnownDlls\\profapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\windows.storage.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\gdi32full.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\msvcp_win.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\KERNEL32.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\combase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\shcore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\VERSION.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\shlwapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\sechost.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\cfgmgr32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\RPCRT4.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\cryptbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ucrtbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ntmarta.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ADVAPI32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\USER32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\KERNELBASE.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\CRYPTBASE.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\kernel.appcore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\IMM32.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\bcryptPrimitives.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\win32u.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\FLTLIB.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ntmarta.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\SHELL32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\msvcrt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\version.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\powrprof.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\imm32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\Windows\\SharedSection", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\GDI32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}]}, {"process": {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "process_id": 5476, "name": "chrome.exe", "parameters": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1788,i,7363726825860783600,3061326717789543722,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8", "parent_process_id": 7164}, "mutex_actions": [{"status": "success or wait", "name": "unknown", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5476:304:WilStaging_02", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "modules_loaded": [{"module_name": "\\KnownDlls\\DWrite.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\USER32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\combase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\secur32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\Secur32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dbghelp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\kernel.appcore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dhcpcsvc.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ntmarta.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\msvcp_win.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\en-US\\tzres.dll.mui", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\CRYPTBASE.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "unknown", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\OLEAUT32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\rasadhlp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\userenv.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\bcrypt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\rasadhlp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winnsi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WS2_32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\nlaapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ntmarta.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\UIAutomationCore.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\version.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\profapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\NSI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\gdi32full.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\DWrite.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\USERENV.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\VERSION.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\cryptbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dhcpcsvc6.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ucrtbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winmmbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\DNSAPI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\SSPICLI.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_100_percent.pak", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ole32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_200_percent.pak", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\UIAutomationCore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINMM.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\propsys.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\CRYPT32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\Windows\\SharedSection", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources.pak", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dhcpcsvc.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINNSI.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\sechost.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\cfgmgr32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\mswsock.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\v8_context_snapshot.bin", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\icudtl.dat", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\bcrypt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ADVAPI32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINTRUST.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\KERNELBASE.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\Locales\\en-US.pak", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\bcryptPrimitives.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dbghelp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\PROPSYS.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\shcore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dnsapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\FLTLIB.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINHTTP.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\mswsock.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\winmmbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\msvcrt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\imm32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINSPOOL.DRV", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\windows.storage.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINMMBASE.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\KERNEL32.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\MSASN1.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\powrprof.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\shlwapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\win32u.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winmm.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\IPHLPAPI.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dhcpcsvc6.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winhttp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\RPCRT4.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\shell32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\IMM32.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\NLAapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\sspicli.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winspool.drv", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\IPHLPAPI.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\GDI32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "file_actions": [{"status": "success or wait", "file_name": "tzres.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome.dll", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sortdefault.nls", "file_path": "C:\\WINDOWS\\Globalization\\Sorting", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "KsecDD", "file_path": "\\Device", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TransportSecurity~RF2f293.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Endpoint", "file_path": "\\Device\\Afd", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "tzres.dll.mui", "file_path": "C:\\WINDOWS\\SYSTEM32\\en-US", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "NETBT_TCPIP_{7F50E9BE-7F02-49EC-B525-546E3FB9A32B}", "file_path": "\\DEVICE", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Users", "file_path": "C:", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_200_percent.pak", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Secur32.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_100_percent.pak", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TransportSecurity~RF2ca1c.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "PROPSYS.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SSPICLI.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Local", "file_path": "C:\\Users\\user\\AppData", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINMMBASE.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TransportSecurity~RF33421.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "user", "file_path": "C:\\Users", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dhcpcsvc.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "8b55ed6f-5ac8-4fd9-b02c-440a8d31bfa9.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Network Persistent State", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CMApi", "file_path": "\\Device\\DeviceApi", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "f34df22d-5da5-4083-b4e2-4c479c3a8e72.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "df83217c-94a0-43c3-94a1-b5828507ea8d.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_elf.dll", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "4ccbef40-1848-4de5-bc40-3a24490fc0e2.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "113.0.5672.93", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ntmarta.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TransportSecurity~RF2a27f.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "AsyncConnectHlp", "file_path": "\\Device\\Afd", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "VERSION.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Network Persistent State~RF38b0b.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object name not found", "file_name": "RasAcd", "file_path": "\\Device", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "IPHLPAPI.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "etc", "file_path": "C:\\WINDOWS\\system32\\drivers", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "AppData", "file_path": "C:\\Users\\user", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hosts", "file_path": "C:\\WINDOWS\\system32\\drivers\\etc", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "b5458bfa-f4f3-44fd-b0f2-b6b0615a319e.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SCT Auditing Pending Reports~RF276cc.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TransportSecurity", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ole32.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "UIAutomationCore.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "7fe1f6f6-cfab-4848-9d82-ea415c2f8952.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "DWrite.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "C:", "file_path": "", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "en-US.pak", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\locales", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "crashpad_7164_KFOIJLEXXGSBFTKR", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Network Persistent State~RF2a1b4.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "NLAapi.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CRYPTBASE.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "USERENV.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mswsock.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SCT Auditing Pending Reports~RF27797.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINMM.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "15dd2fb8-9828-4e21-a9ab-2b0ac20f81e9.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SCT Auditing Pending Reports", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Nsi", "file_path": "", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cd2614b7-aade-47f8-baee-d65d7ce8a1c7.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dhcpcsvc6.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Google", "file_path": "C:\\Users\\user\\AppData\\Local", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "3d373796-444e-4ac3-b4db-954a25c04431.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "DNSAPI.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "bcrypt.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINSPOOL.DRV", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "2895735c-afa5-4fb3-b7c1-4b4ee25aac06.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "icudtl.dat", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dbghelp.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object name not found", "file_name": "NETBT_TCPIP_{C8C115D0-C73A-11E8-B003-806E6F6E6963}", "file_path": "\\DEVICE", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "unknown", "file_path": "", "action_type": "file_written", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "v8_context_snapshot.bin", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Network Persistent State~RF2cac8.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINNSI.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINHTTP.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TransportSecurity~RF3c65e.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "resources.pak", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CNG", "file_path": "\\Device", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "IMM32.DLL", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TransportSecurity~RF35ad3.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "adc5a9c7-3122-4fc8-a12d-3258e6398667.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "rasadhlp.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "registry_actions": [{"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Network\\Location Awareness", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Dnscache\\Parameters", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip6\\Parameters", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\Protocol_Catalog9", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}]}]}, "requested_base64_url": "13659fe16d68b277526d3bb25acb2731b235bdf4"}}}, "HumanReadable": "## ReversingLabs URL Dynamic Analysis output for URL\n **URL**: https://imdb.com/title/tt7740510/reviews?ref_=tt_urv\n **Classification**: NO_THREATS_FOUND\n **URL SHA1**: 13659fe16d68b277526d3bb25acb2731b235bdf4\n **URL BASE64**: aHR0cHM6Ly9pbWRiLmNvbS90aXRsZS90dDc3NDA1MTAvcmV2aWV3cz9yZWZfPXR0X3Vydg\n **Risk score**: 0\n **Last analysis**: 2024-01-19T12:53:59\n\n### Network\n### url\n|analysis_ids|source|url|\n|---|---|---|\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/G/01/csm/showads.v2.js?category=ad&adstype=-ad-column-&ad_size=-ho |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://twitter.com/intent/tweet?text=Antlers%20(2021)%20-%20https%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/S/sash/JJwdLH4ViTW-kI$.js |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/S/sash/6qZFWoJmV652f6o.js |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/favicon_iPhone_retina_180x180._CB1582158 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/G/01/IMDb/cm9ib3RvQm9sZA.woff2) |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/S/sash/9m6S-uNKolkzgGa.css |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://unagi.amazon.com/1/events/com.amazon.csm.csa.prod |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/M/MV5BMTQ2Nzk5NzIxMF5BMl5BanBnXkFtZTgwNTM2NTc5MjE |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/M/MV5BZGNiNDQ2OTAtZWYwOS00ZGVlLThmNmItM2NlMDU5M2QxNzUyXkEyXkFqcGde |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://www.imdb.com/title/tt7740510/ |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/apple-touch-icon-web-152x152._CB47996308 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | http://www.imdb.com/title/tt7740510/ |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/favicon_iPad_retina_167x167._CB158215806 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/S/sash/8ZhQrGnWn9cWUVQ.png |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/S/sash/CCc6Ja$8QUPPKkY.css |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/G/01/IMDb/cm9ib3RvTWVk.woff2) |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://slyb.app.link/vtz1COZnXAb |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/apple-touch-icon-mobile._CB479963088_.pn |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/S/sash/pXHSPBTKPo0GIjW.css |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://unagi-na.amazon.com/1/events/com.amazon.csm.nexusclient.prod |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/M/MV5BYmZlZDZkZjYtNzE5Mi00ODFhLTk2OTgtZWVmODBiZTI4NGFiXkEyXkFqcGde |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/apple-touch-icon-mobile-76x76._CB4799621 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/S/sash/eLBTsaJHl4mJCUa.css |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/M/MV5BOGY2MDAxNTEtNjJhOC00ZjNmLWIyYzAtNzQ4OGY2MDBkYTc2XkEyXkFqcGde |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | http://www.imdb.com/title/tt7740510/reviews |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/M/MV5BY2UzODAyNjktN2MwYy00M2RkLThiOTEtMjU1MTgxY2EzM2YyXkEyXkFqcGde |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://images-na.ssl-images-amazon.com/images/I/31bJewCvY-L.js |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | http://ogp.me/ns# |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/favicon_desktop_32x32._CB1582158068_.png |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://cdn.branch.io/branch-2.58.0.min.js |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/G/01/IMDb/cm9ib3Rv.woff2) |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/S/sash/MzfIBMq9GBucYqW.xml |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/android-mobile-196x196._CB479962153_.png |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/S/sash/LEkTDT9yTAT$m1v.js |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/apple-touch-icon-mobile-120x120._CB47996 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/M/MV5BMzdjNjI5MmYtODhiNS00NTcyLWEzZmUtYzVmODM5YzExNDE3XkEyXkFqcGde |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/S/sash/li0RQGRcT$yJBXl.js |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://www.imdb.com/title/tt7740510/reviews |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | memory | https://m.media-amazon.com/images/S/sash/Z1lb6I-6IosG6cQ.js |\n\n### udp\n|analysis_ids|destination_ip|destination_port|process_id|\n|---|---|---|---|\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 8.8.4.4 | 53 | 5476 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 8.8.8.8 | 53 | 5476 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 239.255.255.250 | 1900 | 7164 |\n\n### tcp\n|analysis_ids|destination_ip|destination_port|process_id|\n|---|---|---|---|\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 67.220.240.31 | 443 | 5476 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 65.9.86.10 | 443 | 5476 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 18.239.24.188 | 443 | 5476 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 54.192.87.100 | 443 | 5476 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 142.250.27.84 | 443 | 5476 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 52.94.225.248 | 443 | 5476 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 18.239.38.222 | 443 | 5476 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 13.227.211.55 | 443 | 5476 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 52.204.132.63 | 443 | 5476 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 142.251.36.36 | 443 | 5476 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 108.156.69.18 | 443 | 5476 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 142.250.179.142 | 443 | 5476 |\n\n### dns\n|address|analysis_ids|process_id|type|value|\n|---|---|---|---|---|\n| none | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | 65 | clients1.google.com |\n| none | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | 65 | db187550c7dkf.cloudfront.net |\n| none | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | 65 | www.imdb.com |\n| 13.227.211.55 | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | A (IP address) | db187550c7dkf.cloudfront.net |\n| none | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | 65 | clients2.google.com |\n| 54.192.87.100 | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | A (IP address) | www.imdb.com |\n| 65.9.86.10 | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | A (IP address) | api.graphql.imdb.com |\n| none | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | 65 | dqpnq362acqdi.cloudfront.net |\n| 67.220.240.31 | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | A (IP address) | unagi.amazon.com |\n| 18.239.24.188 | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | A (IP address) | m.media-amazon.com |\n| none | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | 65 | www.google.com |\n| 142.250.179.206 | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | A (IP address) | clients2.google.com |\n| 108.156.69.18 | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | A (IP address) | images-na.ssl-images-amazon.com |\n| none | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | A (IP address) | wpad.example.org |\n| 18.239.38.222 | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | A (IP address) | dqpnq362acqdi.cloudfront.net |\n| none | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | 65 | images-na.ssl-images-amazon.com |\n| none | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | 65 | imdb.com |\n| none | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | 65 | m.media-amazon.com |\n| none | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | 65 | accounts.google.com |\n| 52.94.225.248 | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | A (IP address) | imdb.com |\n| 52.204.132.63 | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | A (IP address) | fls-na.amazon.com |\n| none | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | 65 | api.graphql.imdb.com |\n| 142.250.179.142 | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | A (IP address) | clients1.google.com |\n| none | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | 65 | fls-na.amazon.com |\n| 142.251.36.36 | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | A (IP address) | www.google.com |\n| none | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | 65 | unagi.amazon.com |\n| 142.250.27.84 | b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | 5476 | A (IP address) | accounts.google.com |\n\n ### Signatures\n|analysis_ids|description|risk_factor|sig_id|\n|---|---|---|---|\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | Uses secure TLS version | 0 | 508 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | Found graphical window changes (likely an installer) | 0 | 1649 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | URLs found in memory or binary data | 5 | 357 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | Uses HTTPS | 5 | 392 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | Classification label | 5 | 420 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | Performs DNS lookups | 5 | 353 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | Found strings which match known social media urls | 5 | 355 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | Creates a directory in C:\\Program Files | 0 | 1665 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | Uses HTTPS for network communication | 5 | 1549 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | Creates files inside the program directory | 5 | 1143 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | Performs connections to IPs without corresponding DNS lookups | 5 | 472 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | Spawns processes | 5 | 1271 |\n| b549dd89-5bc8-47ea-92a2-018e8d9c36e5 | Sends SSDP (simple service discovery protocol) broadcast queries | 5 | 447 |\n\n", "EntryContext": {"URL(val.Data && val.Data == obj.Data)": [{"Data": "https://imdb.com/title/tt7740510/reviews?ref_=tt_urv"}], "DBotScore(val.Indicator && val.Indicator == obj.Indicator && val.Vendor == obj.Vendor && val.Type == obj.Type)": [{"Indicator": "https://imdb.com/title/tt7740510/reviews?ref_=tt_urv", "Type": "url", "Vendor": "ReversingLabs TitaniumCloud v2", "Score": 1, "Reliability": "C - Fairly reliable"}], "ReversingLabs": {"url_dynamic_analysis_results": {"rl": {"report": {"mitre_attack": {"matrix_list": [{"tactics": {"tactic_list": [{"techniques": {"technique_list": [{"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "id": "T1055", "name": "Process Injection"}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "id": "T1036", "name": "Masquerading"}]}, "id": "TA0005", "name": "Defense Evasion"}, {"techniques": {"technique_list": [{"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "id": "T1046", "name": "Network Service Scanning"}]}, "id": "TA0007", "name": "Discovery"}, {"techniques": {"technique_list": [{"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "id": "T1071", "name": "Application Layer Protocol"}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "id": "T1095", "name": "Non-Application Layer Protocol"}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "id": "T1573", "name": "Encrypted Channel"}]}, "id": "TA0011", "name": "Command and Control"}]}, "name": "Enterprise"}]}, "signatures": [{"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Uses secure TLS version", "risk_factor": 0, "sig_id": 508}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Found graphical window changes (likely an installer)", "risk_factor": 0, "sig_id": 1649}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "URLs found in memory or binary data", "risk_factor": 5, "sig_id": 357}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Uses HTTPS", "risk_factor": 5, "sig_id": 392}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Classification label", "risk_factor": 5, "sig_id": 420}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Performs DNS lookups", "risk_factor": 5, "sig_id": 353}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Found strings which match known social media urls", "risk_factor": 5, "sig_id": 355}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Creates a directory in C:\\Program Files", "risk_factor": 0, "sig_id": 1665}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Uses HTTPS for network communication", "risk_factor": 5, "sig_id": 1549}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Creates files inside the program directory", "risk_factor": 5, "sig_id": 1143}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Performs connections to IPs without corresponding DNS lookups", "risk_factor": 5, "sig_id": 472}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Spawns processes", "risk_factor": 5, "sig_id": 1271}, {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "description": "Sends SSDP (simple service discovery protocol) broadcast queries", "risk_factor": 5, "sig_id": 447}], "classification": "NO_THREATS_FOUND", "history_analysis": [{"analysis_duration": 198, "classification_version": 2, "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "NO_THREATS_FOUND", "warnings": ["Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe", "Excluded IPs from analysis (whitelisted): 216.58.214.3, 34.104.35.123, 142.251.39.106, 142.250.179.131, 142.250.179.206", "Excluded domains from analysis (whitelisted): r2---sn-5hne6ns6.gvt1.com, edgedl.me.gvt1.com, redirector.gvt1.com, content-autofill.googleapis.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com", "Not all processes where analyzed, report is missing behavior information"], "risk_score": 0, "platform": "windows10", "configuration": "MS Office 2007;Java 8;Adobe Reader 2020;Firefox 62;Google Chrome 69;Microsoft Edge 42;Internet Explorer 11", "analysis_time": "2024-01-19T12:53:59"}], "url_base64": "aHR0cHM6Ly9pbWRiLmNvbS90aXRsZS90dDc3NDA1MTAvcmV2aWV3cz9yZWZfPXR0X3Vydg", "risk_score": 0, "threat_names": [{"threat_name": "Unknown", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "sha256": "", "last_analysis": "2024-01-19T12:53:59", "dropped_files": [{"sha1": "88a82523260a982a5dbfd3f4e19c3db4969a701b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 93", "sample_type": "Image/None/JPEG", "sample_size": 4214, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "26ea9b916a48c6d54fb36ad5db111bbfa13ad8922198008554c852486d805e08", "file_path": "", "md5": "a4ba5615d593e59bfcd485fcf897d050"}, {"sha1": "1d76baf7cdbd01a51ccfe7658610aa0869c68a3b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 115", "sample_type": "Binary/Archive/GZIP", "sample_size": 29339, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "4125211e25f0a2bf3c5ae18523fb3a5d979ef0e1e6f9a412a0a400e119702b47", "file_path": "", "md5": "8e3efb277e465527a5bcf32e07f7b1a2"}, {"sha1": "8302f515431afe4a30b548d820540d3ac5627667", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 113", "sample_type": "Image/None/JPEG", "sample_size": 30902, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "cd4684c0e1c41256f4ccae016e1b247238c6b8e041c54aded18e7d7af86fcd63", "file_path": "", "md5": "e2ba49b3b70491d21334041090b955bd"}, {"sha1": "01deaf1141d909139c3c179515d7cbf00198a4cb", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 212", "sample_type": "Image/None/JPEG", "sample_size": 6675, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "9279b6cd2ec09ec44ce40257b6f6c99de814cf0959f9463654428b020b417f19", "file_path": "", "md5": "bcfbd15ceca7999cd3026cdba9b94a90"}, {"sha1": "2676e16aa78ce1196e0273592617c96346a29d31", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 136", "sample_type": "Image/None/JPEG", "sample_size": 4374, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "684ad7325e8120a2a587832663f55f56f1c6f59e8924e6873bc17148a464a848", "file_path": "", "md5": "bd391154dac88cefb07abd86f4edb1da"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 102", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "2d8648a1115093dc43e8d7834ba4587e41c3f806", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 195", "sample_type": "Text/HTML", "sample_size": 371317, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "54bb56afaca0128ff3a37e184e3d2811cb8be9b25c4369a8ec4ccded55806ff9", "file_path": "", "md5": "91666c554ce4423d9d43b6dccdd481e3"}, {"sha1": "8f987f895be240334e6d617b169b824b25f8e45f", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 134", "sample_type": "Image/None/JPEG", "sample_size": 6557, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "36b032acb6b879eec36ce95da3ace57a7e537584c7a8a4f87cc187fd03b1951a", "file_path": "", "md5": "40bd9f4fb6ab4ca640887f218e939e85"}, {"sha1": "470a529e517cdb74716116e7b29552419e86babb", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 111", "sample_type": "Image/None/JPEG", "sample_size": 3597, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "18c81654266eca777b1b4c2e00b439c3ce342e6edff47bccf375197cd95edb10", "file_path": "", "md5": "f80030bc60f2cce5dedd2174b507246e"}, {"sha1": "f5cef917635c0ddf9c67bb7ef8b37b1725b53152", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 154", "sample_type": "Image/None/PNG", "sample_size": 497, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "83aed9a68ee856ae88cb99fe562493ce627010c0b05d919cd7dc311414425c10", "file_path": "", "md5": "a00f507810e886fe683c705a0582cdb2"}, {"sha1": "9c11794d0cebe579c7b0275847e2ab1bfd2114d2", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 190", "sample_type": "Image/None/JPEG", "sample_size": 5048, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "3fa7e13b8caf75b7f215149e88d62e80ea4a9ac649ee10ad3939b1d498e3030e", "file_path": "", "md5": "ad97055f043b3260fda52f90ab04930e"}, {"sha1": "682dc0a46519564a72cdc6b9d15fb4e260793123", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 202", "sample_type": "Binary/None", "sample_size": 555529, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "4293e8d2214c0fb45babcf26483e4c1d86ae28e67b05a86f93dbeb7eceec0864", "file_path": "", "md5": "64789e2fe8c581ed0d5315276eb4502d"}, {"sha1": "6ee41aacd863d1c710ed189fce9fa4b5a6fed61b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 229", "sample_type": "Image/None/JPEG", "sample_size": 46739, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "17608d551f17c933466d5b5733f28f9ad92852e4d792e415a368f69f435d1e01", "file_path": "", "md5": "e83f967c1c5f4ee79db3d53dd9af5e73"}, {"sha1": "5789e81a66958aabc7590c1ddd41058335636027", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 165", "sample_type": "Image/None/WOFF", "sample_size": 11020, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e", "file_path": "", "md5": "a59072f933169d3f2db497f44ca4cbbe"}, {"sha1": "79a903b5bc8bafdc78651d58a098b7f8b2d7fc30", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 185", "sample_type": "Image/None/JPEG", "sample_size": 2635, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "73a03e22aee1c13064d8e30ea80fc3b8a0a4cd9c128bb01a5036daa3b8ae0979", "file_path": "", "md5": "81e626d3efd077f4b121bc12aef2a4dd"}, {"sha1": "9a212137e27fe221fe21b4332776d9a8885efaae", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 150", "sample_type": "Image/None/JPEG", "sample_size": 35506, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "ad51bf609054ced1220bd8fc7c8fcf601e9633ac5333dc91e5d4f567667147e8", "file_path": "", "md5": "1e6b6ad72d35a61bf0467466ff7e2af4"}, {"sha1": "15cd0cfb5cef05c87a65822eb100a02754d5c04f", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 147", "sample_type": "Image/None/JPEG", "sample_size": 3977, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "6fbb5d59ee9b27aa7539b6487eb5c5cd4ce6431b1e20f699da42e8d08a837585", "file_path": "", "md5": "80f226c6be828bdd5d0f42ffafc8896d"}, {"sha1": "9a212137e27fe221fe21b4332776d9a8885efaae", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 133", "sample_type": "Image/None/JPEG", "sample_size": 35506, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "ad51bf609054ced1220bd8fc7c8fcf601e9633ac5333dc91e5d4f567667147e8", "file_path": "", "md5": "1e6b6ad72d35a61bf0467466ff7e2af4"}, {"sha1": "6ff06a34f68ad0324ddec1bbe4d453c959178b36", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 162", "sample_type": "Image/None/WOFF", "sample_size": 11016, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479", "file_path": "", "md5": "15fa3062f8929bd3b05fdca5259db412"}, {"sha1": "08d84905ec59ef0dd96cc94ea81fbb4c2448e009", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 204", "sample_type": "Image/None/JPEG", "sample_size": 3559, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "249c151940cfee86eea272b3e86ba9a735b6901739f9f3cf489260e8183cb20c", "file_path": "", "md5": "b9d39a4b37255a7bfa6cbfdc94219077"}, {"sha1": "397b288df8abf27a0cd24350593e0a3814f7ef42", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 137", "sample_type": "Image/None/JPEG", "sample_size": 5209, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "ada4871e8f92d50a977253467f4fff3fac17ec43dacc78f1713e51365459032f", "file_path": "", "md5": "139043909e518c544e6e9aa497a8ddcd"}, {"sha1": "5dbdaab7213b5c606f0c8b1b153e1ea284bb737c", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 215", "sample_type": "Image/None/JPEG", "sample_size": 54660, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "05d4923449bdc5b7de702698eda368f1287ca59d7a788c70f1a662d264dc2e27", "file_path": "", "md5": "58f7fe65d7b019d7cfa4c3ba7ceb1e4c"}, {"sha1": "68d5ab3244b936d1e2ec364706faffd2d5d7f21f", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 142", "sample_type": "Binary/None", "sample_size": 760, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "e38f21ffde5eea825d4e4a9b52efaa7c9f7aaf67a25347a671dfe8894c80d28a", "file_path": "", "md5": "25581c9a34165352a9c1badfd8a2aeb7"}, {"sha1": "b009ca00be40ce7d8e53d054d39be62ce790d6ab", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 98", "sample_type": "Binary/Archive/GZIP", "sample_size": 35408, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "d0db52fe774424b284a5b5e91e2732a6b774aeff28ddfa5bd7f592054a8d3c7a", "file_path": "", "md5": "84a49a20c089bc0d7ef3323e8b5952d2"}, {"sha1": "bba1550dd8ebab7b55fcbd092655db0dbe968a21", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 91", "sample_type": "Image/None/JPEG", "sample_size": 5830, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a5f0bc6dfdc752dcf13030e40f14ee9ed09efc89b764933fcd315e0f74d2f3cd", "file_path": "", "md5": "1255f3b3cc93fa699309ad714badf745"}, {"sha1": "e522e8835a88f24552d04ec1af3c1681cb7269c8", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 171", "sample_type": "Image/None/JPEG", "sample_size": 5855, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "73cbed49f585d48d88b732d0c1b6a930d556fd9ec5f0fe0577bb065ed90ce11e", "file_path": "", "md5": "0d6bed942437e0bc4c41deae53165408"}, {"sha1": "a7c9e37910ac122a97f52ebc1aa6e2fe51e54179", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 191", "sample_type": "Image/None/JPEG", "sample_size": 55245, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "c20d10dc49be9aabe754bab3e7d913aa625a6f73211d857a045f5e6e722d518b", "file_path": "", "md5": "d818205b1d270eb3251cac107fb00996"}, {"sha1": "7fa5aa4ec7865f39fc86cf50b2074b30e8fd0c58", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 90", "sample_type": "Image/None/JPEG", "sample_size": 3046, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1194c245a24572f82844885e9935f90719c52dd6577e880909e3a8cb1e6b51c3", "file_path": "", "md5": "768af40c8c0d570c7dcf81f599cdbe64"}, {"sha1": "72eb3960f3d8ae6724252fcafe86fb5eeac18f8b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 138", "sample_type": "Binary/None", "sample_size": 2887, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "bd30110622ae294a3a41f834c8f058e457b36a9916704946864df0fa4dd291f3", "file_path": "", "md5": "1ac618b0f127a0aa7de3651070fad47a"}, {"sha1": "93de4b55ad29e7406bfec901aad5c06725780c23", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 192", "sample_type": "Binary/None", "sample_size": 28367, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "f251f019b6c7f6b8fe01bb09feb95348ca4c3966964d6a9f37f8216d243cb153", "file_path": "", "md5": "0e4d86149b4f6e3e6af3bed202a54d7b"}, {"sha1": "4eedb4aad798fa1c2bdb72f984c34a24c56c2476", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 121", "sample_type": "Image/None/PNG", "sample_size": 2372, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "257b2e6cbab280d2019687435863539a52473275f8132884c0538efd14899507", "file_path": "", "md5": "4505a569689e1df76eba896d26533b8f"}, {"sha1": "b03e31a2df43c881a1bf38723e14d0488e53bd9a", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 101", "sample_type": "Image/None/JPEG", "sample_size": 2703, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "039dc85892810b989186a889299ada5e9ddadf43a8f771041b9b5d89d92dc868", "file_path": "", "md5": "e196fe4f70544d277d99efcb4e59d959"}, {"sha1": "2ca1a236d41b5e816fe7af3048d33e85abae1f3d", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 104", "sample_type": "Image/None/JPEG", "sample_size": 17804, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "e96090e3831f528706487bf3fa86e72565dbe157dbc9cdc9b7b48da0d190df86", "file_path": "", "md5": "07f674c8ec0980963043881158c82f65"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 110", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "2676e16aa78ce1196e0273592617c96346a29d31", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 194", "sample_type": "Image/None/JPEG", "sample_size": 4374, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "684ad7325e8120a2a587832663f55f56f1c6f59e8924e6873bc17148a464a848", "file_path": "", "md5": "bd391154dac88cefb07abd86f4edb1da"}, {"sha1": "0b188f7c91a79519727a25ce3cb4e997f187be43", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 105", "sample_type": "Binary/None", "sample_size": 28, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "f245f3dbd4291746d1e44363529f7cb3851a2780c01d8bcdd3c5e080a0009494", "file_path": "", "md5": "6d355197591570cee568ab636183c16e"}, {"sha1": "bf7033d18d8409478666fe9eeee6131bd8e983d5", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 168", "sample_type": "Binary/Archive/GZIP", "sample_size": 30388, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "33409bb4e77f16dd9dcc540f2047d8d2ac302cfbdeb8e3e44261961c448f9289", "file_path": "", "md5": "25e2a55b6daeb5a259ff1459515381db"}, {"sha1": "62a4d9d0d5f8c83c3a17cdc1e488a4a84f3d0460", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 188", "sample_type": "Image/None/JPEG", "sample_size": 58204, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "6138cfe70296302a26b60e53dc138305ca9450c97fb4da052b5e40567c6fe779", "file_path": "", "md5": "6fa72b7421663295b6d593d8790aa9b1"}, {"sha1": "5789e81a66958aabc7590c1ddd41058335636027", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 244", "sample_type": "Image/None/WOFF", "sample_size": 11020, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e", "file_path": "", "md5": "a59072f933169d3f2db497f44ca4cbbe"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 214", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "f153256cab6ede3bc605b639e73db9822013354c", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 119", "sample_type": "Binary/None", "sample_size": 15928, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "4786a2783bd58159839fe90f5170d78d22d33ea01806152d63936a433e169894", "file_path": "", "md5": "ec26bfd025f77c88976cbd9e74420d4d"}, {"sha1": "5bffbffabb780253d1d1cbb899c4de2b66760862", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 205", "sample_type": "Image/None/JPEG", "sample_size": 2696, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "eeb31b1cebc8babbfab219a4c52132b507047f88237055219468c27ded4b3b5f", "file_path": "", "md5": "896952a8672c231b9435927b70adbdeb"}, {"sha1": "7fe31344fa723425d6be0a264ab084bbfb6a0112", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 196", "sample_type": "Image/None/JPEG", "sample_size": 7015, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "42dfca7f071dd80526a7c8a8166f82f712f3813c1be59894e9c0d531ee6aac63", "file_path": "", "md5": "3bad41b67d7a8e891a6d4395ae67c277"}, {"sha1": "fd157eaf1a8b3ec97c718798dc375570e6ef9bd0", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 166", "sample_type": "Image/None/JPEG", "sample_size": 4816, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "8d4a37c150dcd3b706cb5362ca985858bf24fefe9b47caab3f62d1bc300c1820", "file_path": "", "md5": "b177ef0d6b70187a87f55a55fe699cbc"}, {"sha1": "b8612689330620c98d6295e3f7a5f6a7959f02c6", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 149", "sample_type": "Image/None/JPEG", "sample_size": 26660, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1a8799b75e2b918b470c8e04c30a1554246cfe43cb7e9d7527dc83919406addb", "file_path": "", "md5": "b0ec92057bc346ca7c83de6a41cdf367"}, {"sha1": "15ace8e9e042913ba263820f7be6214913676e22", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 141", "sample_type": "Binary/None", "sample_size": 1862, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "722ef3edbb5a107e1f914b1e400d8f92e0810a10f9a86d6e89220c3f9fcad7fd", "file_path": "", "md5": "2ba5b2ffebc6be6401c274544cec45b0"}, {"sha1": "4f102c807204de6449d5a2ae2aba99d249aa3f82", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 127", "sample_type": "Image/None/JPEG", "sample_size": 81139, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "cd12947a0f5da04f0581a44438efa3123d51ba80814958f423d6ae15492d80e6", "file_path": "", "md5": "534c731b854172d8115d11c88db0dc46"}, {"sha1": "930193b840dd3298e7001a4fc3d7dde80f5ae8e4", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 89", "sample_type": "Image/None/JPEG", "sample_size": 4245, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1ffa387734b3f6961ed9f443b6062601166b427415fd78faf2fde842a3ea4d1e", "file_path": "", "md5": "e37ae5f3d0786c75d5aaa9920edacc05"}, {"sha1": "8f987f895be240334e6d617b169b824b25f8e45f", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 225", "sample_type": "Image/None/JPEG", "sample_size": 6557, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "36b032acb6b879eec36ce95da3ace57a7e537584c7a8a4f87cc187fd03b1951a", "file_path": "", "md5": "40bd9f4fb6ab4ca640887f218e939e85"}, {"sha1": "e522e8835a88f24552d04ec1af3c1681cb7269c8", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 97", "sample_type": "Image/None/JPEG", "sample_size": 5855, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "73cbed49f585d48d88b732d0c1b6a930d556fd9ec5f0fe0577bb065ed90ce11e", "file_path": "", "md5": "0d6bed942437e0bc4c41deae53165408"}, {"sha1": "6b1c1235e4fb42159a8d88ddc1456935ac36236a", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 157", "sample_type": "Binary/Archive/GZIP", "sample_size": 46816, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "3503cb3b14811575b4070fbf410c4faa148b118db6b21ad9a47a582f8cef5856", "file_path": "", "md5": "a7bb71c6e0827791da0b46491a6dd388"}, {"sha1": "5a50b8e7e227531ebecba74a8ec3f7752c038e45", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 99", "sample_type": "Image/None/JPEG", "sample_size": 6238, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1653b9d1b6fdbf987dad791297e4fcd6eb4f054c3975d97672ffd829c27795bc", "file_path": "", "md5": "5c79334ed4b28046f38de19aecbffe6b"}, {"sha1": "152f312d82ea7f909efab9cfbc513922c5c68451", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 112", "sample_type": "Image/None/JPEG", "sample_size": 3484, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "5f71ef9cc75b0885c4d7a565db2dc8f2b159470b9f87f47523af73ca08b3f2fa", "file_path": "", "md5": "e58166197873c671d947f32ad004507f"}, {"sha1": "45a8c4980dae29b1eefafdfd94fb4970ddf3e3e3", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 120", "sample_type": "Image/None/PNG", "sample_size": 100353, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "25e630efa0f85c1310aafd02b164600a790d2a8872acad58368a558d4ee2848e", "file_path": "", "md5": "03ea3b0ffac42298b8dcc9f879bb30cd"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 100", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "6eb83738fbe5dd557a573a873d0ab0b50b3aab18", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 230", "sample_type": "Image/None/JPEG", "sample_size": 10576, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "802c38614a4c3afb10a73fc16e2ee06103e5b3c17aba14dce68b4fb37679863e", "file_path": "", "md5": "34cb56bf1ee13123ea28819d78ef6d3a"}, {"sha1": "4f102c807204de6449d5a2ae2aba99d249aa3f82", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 176", "sample_type": "Image/None/JPEG", "sample_size": 81139, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "cd12947a0f5da04f0581a44438efa3123d51ba80814958f423d6ae15492d80e6", "file_path": "", "md5": "534c731b854172d8115d11c88db0dc46"}, {"sha1": "e0ed377bd8278fbea11264788eb59a6fe59c14ea", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 160", "sample_type": "Image/None/JPEG", "sample_size": 1614, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "54503cea106dc82deb940dc049e4f01f7a03a399e07f3e3403df390d08b086fe", "file_path": "", "md5": "643bfd45a1a5af69cea2b510927832a7"}, {"sha1": "f5cef917635c0ddf9c67bb7ef8b37b1725b53152", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 131", "sample_type": "Image/None/PNG", "sample_size": 497, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "83aed9a68ee856ae88cb99fe562493ce627010c0b05d919cd7dc311414425c10", "file_path": "", "md5": "a00f507810e886fe683c705a0582cdb2"}, {"sha1": "62a4d9d0d5f8c83c3a17cdc1e488a4a84f3d0460", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 189", "sample_type": "Image/None/JPEG", "sample_size": 58204, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "6138cfe70296302a26b60e53dc138305ca9450c97fb4da052b5e40567c6fe779", "file_path": "", "md5": "6fa72b7421663295b6d593d8790aa9b1"}, {"sha1": "c17d49f81185e16d7c0b5a3c1a096285b11101ed", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 156", "sample_type": "Image/None/JPEG", "sample_size": 3928, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "8f1341c8b1c3613c6008e884b83c24a267c51b6a0fd766e54207ff064a6cbad1", "file_path": "", "md5": "14e628e330b1b37afb6267fc118d2305"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 235", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "08d84905ec59ef0dd96cc94ea81fbb4c2448e009", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 124", "sample_type": "Image/None/JPEG", "sample_size": 3559, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "249c151940cfee86eea272b3e86ba9a735b6901739f9f3cf489260e8183cb20c", "file_path": "", "md5": "b9d39a4b37255a7bfa6cbfdc94219077"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 233", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "2578d7531085fea59a21e3a51039bdd4202e334b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 132", "sample_type": "Image/None/JPEG", "sample_size": 4455, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a9b7fe1efcd58b29cd498e3ca1ddcc840d3f0084f611ce5b0d1b84c973dcd357", "file_path": "", "md5": "9f006ab0ecb111a454dbce86c29f9f57"}, {"sha1": "489a7c76c076e6b95e168f97a293d2c7fa880165", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 167", "sample_type": "Image/None/JPEG", "sample_size": 3741, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "01bf2af64dd7a156e5838536dde22bf0b67073192b7c05fe38bf1f67b223b905", "file_path": "", "md5": "ba1090c3728e03f6ef4a575e6d8d1a5e"}, {"sha1": "0d31448b24ecf17ce885d1068089ec1b8cc7dc04", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 197", "sample_type": "Image/None/JPEG", "sample_size": 6680, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "3e33511b7b4767198e9f07467bce1a893b5ea75a535373cc906d98425d82c8af", "file_path": "", "md5": "e0ff5f849f86eae053a1207429ac7ab4"}, {"sha1": "7fa5aa4ec7865f39fc86cf50b2074b30e8fd0c58", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 140", "sample_type": "Image/None/JPEG", "sample_size": 3046, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1194c245a24572f82844885e9935f90719c52dd6577e880909e3a8cb1e6b51c3", "file_path": "", "md5": "768af40c8c0d570c7dcf81f599cdbe64"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 216", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "03a9d879efeb95c7c2745b2275426016e9d229ab", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 175", "sample_type": "Image/None/JPEG", "sample_size": 5415, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1c9ebc07b2c555951b26562b2c911906024a05ca72422ffc08c90c77221a44ec", "file_path": "", "md5": "190108c5c10e694fae0f0490b3357c01"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 236", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "5bffbffabb780253d1d1cbb899c4de2b66760862", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 193", "sample_type": "Image/None/JPEG", "sample_size": 2696, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "eeb31b1cebc8babbfab219a4c52132b507047f88237055219468c27ded4b3b5f", "file_path": "", "md5": "896952a8672c231b9435927b70adbdeb"}, {"sha1": "3a6a668c00c9a04e94611b34d4b5f2482b556e0b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 180", "sample_type": "Image/None/PNG", "sample_size": 12056, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "756188e73429bcd78f5d6a7d14d6fba5ff636a41d715df4b5c40b29f7e3df965", "file_path": "", "md5": "1dd2a51e639e476432926c1b26c42bbd"}, {"sha1": "930193b840dd3298e7001a4fc3d7dde80f5ae8e4", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 152", "sample_type": "Image/None/JPEG", "sample_size": 4245, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1ffa387734b3f6961ed9f443b6062601166b427415fd78faf2fde842a3ea4d1e", "file_path": "", "md5": "e37ae5f3d0786c75d5aaa9920edacc05"}, {"sha1": "470a529e517cdb74716116e7b29552419e86babb", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 227", "sample_type": "Image/None/JPEG", "sample_size": 3597, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "18c81654266eca777b1b4c2e00b439c3ce342e6edff47bccf375197cd95edb10", "file_path": "", "md5": "f80030bc60f2cce5dedd2174b507246e"}, {"sha1": "28b5e16b014a40addfa0b59122301b8527c87f34", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 201", "sample_type": "Image/None/PNG", "sample_size": 3318, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "b5c35ead310d445abf5475f4f1d644000125b3e9a53b5f297531f8760dac26e8", "file_path": "", "md5": "3425122b41b55222d336992b13a00114"}, {"sha1": "a7c9e37910ac122a97f52ebc1aa6e2fe51e54179", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 122", "sample_type": "Image/None/JPEG", "sample_size": 55245, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "c20d10dc49be9aabe754bab3e7d913aa625a6f73211d857a045f5e6e722d518b", "file_path": "", "md5": "d818205b1d270eb3251cac107fb00996"}, {"sha1": "30b076e0e60bd4589052e6a51f6d2dad4b202f99", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 178", "sample_type": "Binary/None", "sample_size": 174929, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "9cc32dc9c4cb8d38afd2c97dc127563a18e585d756a44ff783829a1b3bd86aab", "file_path": "", "md5": "f25ec68306de555b2fd9de9df5fc68fa"}, {"sha1": "9c11794d0cebe579c7b0275847e2ab1bfd2114d2", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 240", "sample_type": "Image/None/JPEG", "sample_size": 5048, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "3fa7e13b8caf75b7f215149e88d62e80ea4a9ac649ee10ad3939b1d498e3030e", "file_path": "", "md5": "ad97055f043b3260fda52f90ab04930e"}, {"sha1": "8302f515431afe4a30b548d820540d3ac5627667", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 135", "sample_type": "Image/None/JPEG", "sample_size": 30902, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "cd4684c0e1c41256f4ccae016e1b247238c6b8e041c54aded18e7d7af86fcd63", "file_path": "", "md5": "e2ba49b3b70491d21334041090b955bd"}, {"sha1": "9767ea61066ef394d4962bde6b4e1d055001d28d", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 206", "sample_type": "Image/None/JPEG", "sample_size": 5231, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1ed1eee6fc7dcf13312a3e7e20cf9869ac0a517034e07428e33059917005093c", "file_path": "", "md5": "9a38f9f0ecd7e2d63a08676f18810cfb"}, {"sha1": "489a7c76c076e6b95e168f97a293d2c7fa880165", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 198", "sample_type": "Image/None/JPEG", "sample_size": 3741, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "01bf2af64dd7a156e5838536dde22bf0b67073192b7c05fe38bf1f67b223b905", "file_path": "", "md5": "ba1090c3728e03f6ef4a575e6d8d1a5e"}, {"sha1": "6ddd5099e3cde9460a9d52f26421d8018c606680", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 224", "sample_type": "Binary/Archive/GZIP", "sample_size": 4343, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "d21ada6b1008ec75f03c1acbca30a19ad2a0910f49790c79b6676e8945f0bca9", "file_path": "", "md5": "bd5ddb7c1e0e700a24870a933e19eda0"}, {"sha1": "7b6bf48baf2de7bf3614051f650d0de3ccfae4e7", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 169", "sample_type": "Image/None/JPEG", "sample_size": 9509, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "531e960b289db27a7b9a406779e90666e31eb0cd5c714f9d6a02b1677e82dee5", "file_path": "", "md5": "48fad77575b7ef908cbe8f2620fab43e"}, {"sha1": "6ff06a34f68ad0324ddec1bbe4d453c959178b36", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 184", "sample_type": "Image/None/WOFF", "sample_size": 11016, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479", "file_path": "", "md5": "15fa3062f8929bd3b05fdca5259db412"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 183", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "5789e81a66958aabc7590c1ddd41058335636027", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 158", "sample_type": "Image/None/WOFF", "sample_size": 11020, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e", "file_path": "", "md5": "a59072f933169d3f2db497f44ca4cbbe"}, {"sha1": "3a6a668c00c9a04e94611b34d4b5f2482b556e0b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 226", "sample_type": "Image/None/PNG", "sample_size": 12056, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "756188e73429bcd78f5d6a7d14d6fba5ff636a41d715df4b5c40b29f7e3df965", "file_path": "", "md5": "1dd2a51e639e476432926c1b26c42bbd"}, {"sha1": "41cc3b4d7d8f02181cfa55384d5a53a83c76cb61", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 187", "sample_type": "Binary/None", "sample_size": 57183, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "7149f21f312737dd05fbaa26e958e70639bd0c64e81eb24b7ec01ad15cd8a285", "file_path": "", "md5": "a048a6a2d5a57ad40865354f93e99392"}, {"sha1": "28b5e16b014a40addfa0b59122301b8527c87f34", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 117", "sample_type": "Image/None/PNG", "sample_size": 3318, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "b5c35ead310d445abf5475f4f1d644000125b3e9a53b5f297531f8760dac26e8", "file_path": "", "md5": "3425122b41b55222d336992b13a00114"}, {"sha1": "ede344f8cc0c483eab92c8b7d3f557b0e5f62229", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 118", "sample_type": "Image/None/JPEG", "sample_size": 5696, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "101e16c8036307d4d224d6c29f674d5e6ba68d32f46018258403f30ae8b0b40f", "file_path": "", "md5": "3cbe65afcd9be26a9d049d5ab0d98c85"}, {"sha1": "c17d49f81185e16d7c0b5a3c1a096285b11101ed", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 129", "sample_type": "Image/None/JPEG", "sample_size": 3928, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "8f1341c8b1c3613c6008e884b83c24a267c51b6a0fd766e54207ff064a6cbad1", "file_path": "", "md5": "14e628e330b1b37afb6267fc118d2305"}, {"sha1": "5a50b8e7e227531ebecba74a8ec3f7752c038e45", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 245", "sample_type": "Image/None/JPEG", "sample_size": 6238, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1653b9d1b6fdbf987dad791297e4fcd6eb4f054c3975d97672ffd829c27795bc", "file_path": "", "md5": "5c79334ed4b28046f38de19aecbffe6b"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 139", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "bba1550dd8ebab7b55fcbd092655db0dbe968a21", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 103", "sample_type": "Image/None/JPEG", "sample_size": 5830, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a5f0bc6dfdc752dcf13030e40f14ee9ed09efc89b764933fcd315e0f74d2f3cd", "file_path": "", "md5": "1255f3b3cc93fa699309ad714badf745"}, {"sha1": "11d1b55c5de9c01228624860d7020927362aedb6", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 125", "sample_type": "Binary/None", "sample_size": 12192, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "2900cce6198b031f651a558242e97d5a8d92981116391d37adc061e8ba7ab228", "file_path": "", "md5": "c200fc263f67f99ad385c10a92becaca"}, {"sha1": "b03e31a2df43c881a1bf38723e14d0488e53bd9a", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 222", "sample_type": "Image/None/JPEG", "sample_size": 2703, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "039dc85892810b989186a889299ada5e9ddadf43a8f771041b9b5d89d92dc868", "file_path": "", "md5": "e196fe4f70544d277d99efcb4e59d959"}, {"sha1": "cdf956ab7a6d8b70aa74a71d58324774b7633848", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 146", "sample_type": "Binary/None", "sample_size": 10578, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "e4c677b7dda552036081657fa115fdd8b508d9dcb9af0b1063ddbde8efe38224", "file_path": "", "md5": "821979aeb4b562808423f1c5b35e3785"}, {"sha1": "7fa54e72d0a5c52f68d8770ffba1ed72345b95b4", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 223", "sample_type": "Image/None/JPEG", "sample_size": 47553, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "2041669ae9d8bb8f0dd31f5cbf7074b466bd29389d6afd212a913243b7b5ec9e", "file_path": "", "md5": "d0423a8eefa2dd3c312f4f5d2c442d5c"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 207", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "2578d7531085fea59a21e3a51039bdd4202e334b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 161", "sample_type": "Image/None/JPEG", "sample_size": 4455, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a9b7fe1efcd58b29cd498e3ca1ddcc840d3f0084f611ce5b0d1b84c973dcd357", "file_path": "", "md5": "9f006ab0ecb111a454dbce86c29f9f57"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 177", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 123", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "5dbdaab7213b5c606f0c8b1b153e1ea284bb737c", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 241", "sample_type": "Image/None/JPEG", "sample_size": 54660, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "05d4923449bdc5b7de702698eda368f1287ca59d7a788c70f1a662d264dc2e27", "file_path": "", "md5": "58f7fe65d7b019d7cfa4c3ba7ceb1e4c"}, {"sha1": "829c3947b4cc8f2cdc179254d163c33ed7d6c564", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 95", "sample_type": "Binary/Archive/GZIP", "sample_size": 2305, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "18ded3005ba1fece98bd20ed9fb80aab2e40b6150affa919439cd813ee9e3c1b", "file_path": "", "md5": "9ee1fcb71b2077acd5604f52976d156f"}, {"sha1": "397b288df8abf27a0cd24350593e0a3814f7ef42", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 155", "sample_type": "Image/None/JPEG", "sample_size": 5209, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "ada4871e8f92d50a977253467f4fff3fac17ec43dacc78f1713e51365459032f", "file_path": "", "md5": "139043909e518c544e6e9aa497a8ddcd"}, {"sha1": "9a5c1462d0103e306f94589c423babf681ec9a48", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 211", "sample_type": "Binary/None", "sample_size": 1139, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "d6aa867c755d1e71f2764e35da115c33ce0a02bbcc5e8edbe586d5b43b50fad5", "file_path": "", "md5": "c7345b5f13ee8306806977e8d1b68835"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 126", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 130", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "29c6b82e87f475f4f18410d45c1335392c8610a1", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 109", "sample_type": "Image/None/JPEG", "sample_size": 2762, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "24d65f2702f30720b9c00ec85d5d781dfc52025d8037f350dc1d024aa1c009f5", "file_path": "", "md5": "3b0eac80c91d00aef6fec0a60d71b63b"}, {"sha1": "c849ca7878a01012fddd8acfdba279f2422cd0c2", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 148", "sample_type": "Binary/None", "sample_size": 411685, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "67b2a17f04a8817c4b504eb749490f3150b98ecd41de11af9010d0d087e0c0e7", "file_path": "", "md5": "5dee3cd9ff301b7e6a649a50a00b0631"}, {"sha1": "6f773abdd41cc6c38455aab073f2c15b6e1b3216", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 153", "sample_type": "Image/None/JPEG", "sample_size": 3452, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "58471a81b8e03d829480b36b67563971fd34fd461cdcc2d4f10bf3a971b854d7", "file_path": "", "md5": "792dc435254bb1c8c908926c3743b2f4"}, {"sha1": "4484e3ebe71146a7c27bd706f413dec2b5a35526", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 174", "sample_type": "Image/None/JPEG", "sample_size": 2827, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "ec6c64a5fea39cc97613545bb306fd862df39c5b2eaa5c7e0963a982cbc54d05", "file_path": "", "md5": "550caec824f420c2145b75a6081c4f27"}, {"sha1": "7fa54e72d0a5c52f68d8770ffba1ed72345b95b4", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 107", "sample_type": "Image/None/JPEG", "sample_size": 47553, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "2041669ae9d8bb8f0dd31f5cbf7074b466bd29389d6afd212a913243b7b5ec9e", "file_path": "", "md5": "d0423a8eefa2dd3c312f4f5d2c442d5c"}, {"sha1": "e0ed377bd8278fbea11264788eb59a6fe59c14ea", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 186", "sample_type": "Image/None/JPEG", "sample_size": 1614, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "54503cea106dc82deb940dc049e4f01f7a03a399e07f3e3403df390d08b086fe", "file_path": "", "md5": "643bfd45a1a5af69cea2b510927832a7"}, {"sha1": "c8be5259dafa617a574c3cf8e728e1e5de439196", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 143", "sample_type": "Image/None/JPEG", "sample_size": 2168, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "54bb29488dd7451b42292474ecb3545151fcc5b4bd1cc0c682604340569a02c5", "file_path": "", "md5": "2e35ccb645015f1d4b790ce54b5a0119"}, {"sha1": "4484e3ebe71146a7c27bd706f413dec2b5a35526", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 219", "sample_type": "Image/None/JPEG", "sample_size": 2827, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "ec6c64a5fea39cc97613545bb306fd862df39c5b2eaa5c7e0963a982cbc54d05", "file_path": "", "md5": "550caec824f420c2145b75a6081c4f27"}, {"sha1": "2eb314939881eb922c1b3f4538e2cf95162a78c3", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 220", "sample_type": "Image/None/JPEG", "sample_size": 6479, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1151a44411193b4a719e736e44155b042f4e83400a89cc879ad10d767f7a1caf", "file_path": "", "md5": "9e7e991f92ad1be903e4a5b36a0bc9a4"}, {"sha1": "9767ea61066ef394d4962bde6b4e1d055001d28d", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 228", "sample_type": "Image/None/JPEG", "sample_size": 5231, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1ed1eee6fc7dcf13312a3e7e20cf9869ac0a517034e07428e33059917005093c", "file_path": "", "md5": "9a38f9f0ecd7e2d63a08676f18810cfb"}, {"sha1": "c8be5259dafa617a574c3cf8e728e1e5de439196", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 179", "sample_type": "Image/None/JPEG", "sample_size": 2168, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "54bb29488dd7451b42292474ecb3545151fcc5b4bd1cc0c682604340569a02c5", "file_path": "", "md5": "2e35ccb645015f1d4b790ce54b5a0119"}, {"sha1": "6310022f64c2b93940ff004519a5cac926be2b48", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 163", "sample_type": "Binary/None", "sample_size": 124088, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "0f75c7297d0bcdb247420e83c3e230e39140ecda41f4a09cb87a0a0176da25ef", "file_path": "", "md5": "95d0f49af179d9337f09ff3caa6cf691"}, {"sha1": "15cd0cfb5cef05c87a65822eb100a02754d5c04f", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 88", "sample_type": "Image/None/JPEG", "sample_size": 3977, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "6fbb5d59ee9b27aa7539b6487eb5c5cd4ce6431b1e20f699da42e8d08a837585", "file_path": "", "md5": "80f226c6be828bdd5d0f42ffafc8896d"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 151", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "152f312d82ea7f909efab9cfbc513922c5c68451", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 181", "sample_type": "Image/None/JPEG", "sample_size": 3484, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "5f71ef9cc75b0885c4d7a565db2dc8f2b159470b9f87f47523af73ca08b3f2fa", "file_path": "", "md5": "e58166197873c671d947f32ad004507f"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 94", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "b8612689330620c98d6295e3f7a5f6a7959f02c6", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 231", "sample_type": "Image/None/JPEG", "sample_size": 26660, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1a8799b75e2b918b470c8e04c30a1554246cfe43cb7e9d7527dc83919406addb", "file_path": "", "md5": "b0ec92057bc346ca7c83de6a41cdf367"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 106", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "01deaf1141d909139c3c179515d7cbf00198a4cb", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 234", "sample_type": "Image/None/JPEG", "sample_size": 6675, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "9279b6cd2ec09ec44ce40257b6f6c99de814cf0959f9463654428b020b417f19", "file_path": "", "md5": "bcfbd15ceca7999cd3026cdba9b94a90"}, {"sha1": "4eedb4aad798fa1c2bdb72f984c34a24c56c2476", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 96", "sample_type": "Image/None/PNG", "sample_size": 2372, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "257b2e6cbab280d2019687435863539a52473275f8132884c0538efd14899507", "file_path": "", "md5": "4505a569689e1df76eba896d26533b8f"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 218", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 108", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "0d31448b24ecf17ce885d1068089ec1b8cc7dc04", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 213", "sample_type": "Image/None/JPEG", "sample_size": 6680, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "3e33511b7b4767198e9f07467bce1a893b5ea75a535373cc906d98425d82c8af", "file_path": "", "md5": "e0ff5f849f86eae053a1207429ac7ab4"}, {"sha1": "6eb83738fbe5dd557a573a873d0ab0b50b3aab18", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 238", "sample_type": "Image/None/JPEG", "sample_size": 10576, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "802c38614a4c3afb10a73fc16e2ee06103e5b3c17aba14dce68b4fb37679863e", "file_path": "", "md5": "34cb56bf1ee13123ea28819d78ef6d3a"}, {"sha1": "29c6b82e87f475f4f18410d45c1335392c8610a1", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 203", "sample_type": "Image/None/JPEG", "sample_size": 2762, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "24d65f2702f30720b9c00ec85d5d781dfc52025d8037f350dc1d024aa1c009f5", "file_path": "", "md5": "3b0eac80c91d00aef6fec0a60d71b63b"}, {"sha1": "6f773abdd41cc6c38455aab073f2c15b6e1b3216", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 173", "sample_type": "Image/None/JPEG", "sample_size": 3452, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "58471a81b8e03d829480b36b67563971fd34fd461cdcc2d4f10bf3a971b854d7", "file_path": "", "md5": "792dc435254bb1c8c908926c3743b2f4"}, {"sha1": "7fe31344fa723425d6be0a264ab084bbfb6a0112", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 200", "sample_type": "Image/None/JPEG", "sample_size": 7015, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "42dfca7f071dd80526a7c8a8166f82f712f3813c1be59894e9c0d531ee6aac63", "file_path": "", "md5": "3bad41b67d7a8e891a6d4395ae67c277"}, {"sha1": "ede344f8cc0c483eab92c8b7d3f557b0e5f62229", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 239", "sample_type": "Image/None/JPEG", "sample_size": 5696, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "101e16c8036307d4d224d6c29f674d5e6ba68d32f46018258403f30ae8b0b40f", "file_path": "", "md5": "3cbe65afcd9be26a9d049d5ab0d98c85"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 114", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "5789e81a66958aabc7590c1ddd41058335636027", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 92", "sample_type": "Image/None/WOFF", "sample_size": 11020, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e", "file_path": "", "md5": "a59072f933169d3f2db497f44ca4cbbe"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 221", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "fd157eaf1a8b3ec97c718798dc375570e6ef9bd0", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 209", "sample_type": "Image/None/JPEG", "sample_size": 4816, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "8d4a37c150dcd3b706cb5362ca985858bf24fefe9b47caab3f62d1bc300c1820", "file_path": "", "md5": "b177ef0d6b70187a87f55a55fe699cbc"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 116", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "6ee41aacd863d1c710ed189fce9fa4b5a6fed61b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 237", "sample_type": "Image/None/JPEG", "sample_size": 46739, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "17608d551f17c933466d5b5733f28f9ad92852e4d792e415a368f69f435d1e01", "file_path": "", "md5": "e83f967c1c5f4ee79db3d53dd9af5e73"}, {"sha1": "87d84e52cf7d74617f34bd98c8ce1889e9f2102d", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 144", "sample_type": "Image/None/JPEG", "sample_size": 6337, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "06008bbdba5493b5047000104128238845b1d66d0aa631751b691b6d67747110", "file_path": "", "md5": "cd8ca137a95eec5947d1fc516a7f6aec"}, {"sha1": "7b6bf48baf2de7bf3614051f650d0de3ccfae4e7", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 145", "sample_type": "Image/None/JPEG", "sample_size": 9509, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "531e960b289db27a7b9a406779e90666e31eb0cd5c714f9d6a02b1677e82dee5", "file_path": "", "md5": "48fad77575b7ef908cbe8f2620fab43e"}, {"sha1": "ff363c7e5086f09760c9bc759e0ef2d0055bda47", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 208", "sample_type": "Binary/None", "sample_size": 2245, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a4e26b6349b555a919e510a34f83547a1b5eb596f64e4faff8a767169b3123e4", "file_path": "", "md5": "30045490bd99424ad19bc45883fc17f6"}, {"sha1": "626b9b656308bd16f13769c73c0839462f50afbf", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 242", "sample_type": "Image/None/JPEG", "sample_size": 5511, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "5612ed78d613c00f7b8ae2589cf659a3b9831060acc2a89fbf0bccb62759f5bb", "file_path": "", "md5": "74c579cc444ce7e953295ae84de5086c"}, {"sha1": "03a9d879efeb95c7c2745b2275426016e9d229ab", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 232", "sample_type": "Image/None/JPEG", "sample_size": 5415, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1c9ebc07b2c555951b26562b2c911906024a05ca72422ffc08c90c77221a44ec", "file_path": "", "md5": "190108c5c10e694fae0f0490b3357c01"}, {"sha1": "88a82523260a982a5dbfd3f4e19c3db4969a701b", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 199", "sample_type": "Image/None/JPEG", "sample_size": 4214, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "26ea9b916a48c6d54fb36ad5db111bbfa13ad8922198008554c852486d805e08", "file_path": "", "md5": "a4ba5615d593e59bfcd485fcf897d050"}, {"sha1": "45a8c4980dae29b1eefafdfd94fb4970ddf3e3e3", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 170", "sample_type": "Image/None/PNG", "sample_size": 100353, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "25e630efa0f85c1310aafd02b164600a790d2a8872acad58368a558d4ee2848e", "file_path": "", "md5": "03ea3b0ffac42298b8dcc9f879bb30cd"}, {"sha1": "626b9b656308bd16f13769c73c0839462f50afbf", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 210", "sample_type": "Image/None/JPEG", "sample_size": 5511, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "5612ed78d613c00f7b8ae2589cf659a3b9831060acc2a89fbf0bccb62759f5bb", "file_path": "", "md5": "74c579cc444ce7e953295ae84de5086c"}, {"sha1": "2eb314939881eb922c1b3f4538e2cf95162a78c3", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 128", "sample_type": "Image/None/JPEG", "sample_size": 6479, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "1151a44411193b4a719e736e44155b042f4e83400a89cc879ad10d767f7a1caf", "file_path": "", "md5": "9e7e991f92ad1be903e4a5b36a0bc9a4"}, {"sha1": "68e69c4cafd9511007d5ae2ef639a9c353c2fd4a", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 243", "sample_type": "Binary/Archive/GZIP", "sample_size": 91016, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "f125b2eb6875ba0bdff7dfa6b312f4bd133e35b0de3d48c72f41f9562bc288cb", "file_path": "", "md5": "7d3c549a01423770076491eb7635612f"}, {"sha1": "79a903b5bc8bafdc78651d58a098b7f8b2d7fc30", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 217", "sample_type": "Image/None/JPEG", "sample_size": 2635, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "73a03e22aee1c13064d8e30ea80fc3b8a0a4cd9c128bb01a5036daa3b8ae0979", "file_path": "", "md5": "81e626d3efd077f4b121bc12aef2a4dd"}, {"sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 172", "sample_type": "Image/None/GIF", "sample_size": 43, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", "file_path": "", "md5": "e68cc604cab69bf03b8cd228d940f5ef"}, {"sha1": "87d84e52cf7d74617f34bd98c8ce1889e9f2102d", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 182", "sample_type": "Image/None/JPEG", "sample_size": 6337, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "06008bbdba5493b5047000104128238845b1d66d0aa631751b691b6d67747110", "file_path": "", "md5": "cd8ca137a95eec5947d1fc516a7f6aec"}, {"sha1": "281bdbf311823c4f05510884cc4d3ed235cb4c89", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 159", "sample_type": "Text/HTML", "sample_size": 1720, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "b76de5ad72e8e664d058f8adaaeea9211c5511d25d23ccc0bad5f9d40bc8a14a", "file_path": "", "md5": "852255ce3f5bc74ad5b9053240305ab7"}, {"sha1": "2ca1a236d41b5e816fe7af3048d33e85abae1f3d", "classification": "NO_THREATS_FOUND", "file_name": "Chrome Cache Entry: 164", "sample_type": "Image/None/JPEG", "sample_size": 17804, "analysis_ids": [{"analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", "classification": "UNKNOWN"}], "sha256": "e96090e3831f528706487bf3fa86e72565dbe157dbc9cdc9b7b48da0d190df86", "file_path": "", "md5": "07f674c8ec0980963043881158c82f65"}], "sha1": "13659fe16d68b277526d3bb25acb2731b235bdf4", "md5": "", "classification_version": 2, "platforms": ["windows10"], "url": "https://imdb.com/title/tt7740510/reviews?ref_=tt_urv", "first_analysis": "2024-01-19T12:53:59", "network": {"url": [{"url": "https://m.media-amazon.com/images/G/01/csm/showads.v2.js?category=ad&adstype=-ad-column-&ad_size=-ho", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://twitter.com/intent/tweet?text=Antlers%20(2021)%20-%20https%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/JJwdLH4ViTW-kI$.js", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/6qZFWoJmV652f6o.js", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/favicon_iPhone_retina_180x180._CB1582158", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/IMDb/cm9ib3RvQm9sZA.woff2)", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/9m6S-uNKolkzgGa.css", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://unagi.amazon.com/1/events/com.amazon.csm.csa.prod", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/M/MV5BMTQ2Nzk5NzIxMF5BMl5BanBnXkFtZTgwNTM2NTc5MjE", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/M/MV5BZGNiNDQ2OTAtZWYwOS00ZGVlLThmNmItM2NlMDU5M2QxNzUyXkEyXkFqcGde", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://www.imdb.com/title/tt7740510/", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/apple-touch-icon-web-152x152._CB47996308", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "http://www.imdb.com/title/tt7740510/", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/favicon_iPad_retina_167x167._CB158215806", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/8ZhQrGnWn9cWUVQ.png", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/CCc6Ja$8QUPPKkY.css", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/IMDb/cm9ib3RvTWVk.woff2)", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://slyb.app.link/vtz1COZnXAb", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/apple-touch-icon-mobile._CB479963088_.pn", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/pXHSPBTKPo0GIjW.css", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://unagi-na.amazon.com/1/events/com.amazon.csm.nexusclient.prod", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/M/MV5BYmZlZDZkZjYtNzE5Mi00ODFhLTk2OTgtZWVmODBiZTI4NGFiXkEyXkFqcGde", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/apple-touch-icon-mobile-76x76._CB4799621", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/eLBTsaJHl4mJCUa.css", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/M/MV5BOGY2MDAxNTEtNjJhOC00ZjNmLWIyYzAtNzQ4OGY2MDBkYTc2XkEyXkFqcGde", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "http://www.imdb.com/title/tt7740510/reviews", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/M/MV5BY2UzODAyNjktN2MwYy00M2RkLThiOTEtMjU1MTgxY2EzM2YyXkEyXkFqcGde", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://images-na.ssl-images-amazon.com/images/I/31bJewCvY-L.js", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "http://ogp.me/ns#", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/favicon_desktop_32x32._CB1582158068_.png", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://cdn.branch.io/branch-2.58.0.min.js", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/IMDb/cm9ib3Rv.woff2)", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/MzfIBMq9GBucYqW.xml", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/android-mobile-196x196._CB479962153_.png", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/LEkTDT9yTAT$m1v.js", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/apple-touch-icon-mobile-120x120._CB47996", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/M/MV5BMzdjNjI5MmYtODhiNS00NTcyLWEzZmUtYzVmODM5YzExNDE3XkEyXkFqcGde", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/li0RQGRcT$yJBXl.js", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://www.imdb.com/title/tt7740510/reviews", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"url": "https://m.media-amazon.com/images/S/sash/Z1lb6I-6IosG6cQ.js", "source": "memory", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "udp": [{"destination_port": 53, "process_id": 5476, "destination_ip": "8.8.4.4", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 53, "process_id": 5476, "destination_ip": "8.8.8.8", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 1900, "process_id": 7164, "destination_ip": "239.255.255.250", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "tcp": [{"destination_port": 443, "process_id": 5476, "destination_ip": "67.220.240.31", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "65.9.86.10", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "18.239.24.188", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "54.192.87.100", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "142.250.27.84", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "52.94.225.248", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "18.239.38.222", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "13.227.211.55", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "52.204.132.63", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "142.251.36.36", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "108.156.69.18", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"destination_port": 443, "process_id": 5476, "destination_ip": "142.250.179.142", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "dns": [{"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "clients1.google.com", "address": "none"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "db187550c7dkf.cloudfront.net", "address": "none"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "www.imdb.com", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "db187550c7dkf.cloudfront.net", "address": "13.227.211.55"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "clients2.google.com", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "www.imdb.com", "address": "54.192.87.100"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "api.graphql.imdb.com", "address": "65.9.86.10"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "dqpnq362acqdi.cloudfront.net", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "unagi.amazon.com", "address": "67.220.240.31"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "m.media-amazon.com", "address": "18.239.24.188"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "www.google.com", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "clients2.google.com", "address": "142.250.179.206"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "images-na.ssl-images-amazon.com", "address": "108.156.69.18"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "wpad.example.org", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "dqpnq362acqdi.cloudfront.net", "address": "18.239.38.222"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "images-na.ssl-images-amazon.com", "address": "none"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "imdb.com", "address": "none"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "m.media-amazon.com", "address": "none"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "accounts.google.com", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "imdb.com", "address": "52.94.225.248"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "fls-na.amazon.com", "address": "52.204.132.63"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "api.graphql.imdb.com", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "clients1.google.com", "address": "142.250.179.142"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "fls-na.amazon.com", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "www.google.com", "address": "142.251.36.36"}, {"process_id": 5476, "type": "65", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "unagi.amazon.com", "address": "none"}, {"process_id": 5476, "type": "A (IP address)", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "value": "accounts.google.com", "address": "142.250.27.84"}]}, "behavioral": [{"process_actions": [{"status": "success or wait", "path": "unknown", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "process_created"}, {"status": "process is terminating", "path": "unknown", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "process_terminated"}, {"status": "success or wait", "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "process_created"}], "registry_actions": [{"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}\\LastWasDefault", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_USERSS-1-5-19\\Software\\Microsoft\\Cryptography\\TPM\\Telemetry", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\PriorityControl", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "state", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon", "value": "2", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Common\\Rlz\\PTimes", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "user_experience_metrics.stability.exited_cleanly", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\StabilityMetrics", "value": "0", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\crypt32", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_deleted"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Control Panel\\Cursors", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "object name not found", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Chrome\\Extensions", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome\\Extensions", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_created"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_created"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Network\\Location Awareness", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Dnscache\\Parameters", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\Clients\\{8A69D345-D564-463c-AFF1-A69D9E530F96}", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}\\LastWasDefault", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_created"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Common\\Rlz\\RLZs", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "dr", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463c-AFF1-A69D9E530F96}", "value": "1", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\Extensions", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\DWM", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "StatusCodes", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty", "value": "NU LL ", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\StabilityMetrics", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "prefs.preference_reset_time", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default", "value": "877A2F052DE9AAC7FECBFA90C1B7B24BA183EC6164B65BC8486318E358CFF80E", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_created"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\Protocol_Catalog9", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip6\\Parameters", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "S-1-5-21-987036132-2528391375-4088684000-1001", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\LastWasDefault", "value": "B0 08 26 BD E9 6D 2F 00 ", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\CA", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463c-AFF1-A69D9E530F96}", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "C", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Common\\Rlz\\PTimes", "value": "ED 65 B1 95 21 4B DA 01 ", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "S-1-5-21-987036132-2528391375-4088684000-1001", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\LastWasDefault", "value": "84 57 F1 BC E9 6D 2F 00 ", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_created"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\Extensions", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "S-1-5-21-987036132-2528391375-4088684000-1001", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\FirstNotDefault", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_deleted"}, {"status": "object name not found", "value_name": "extensions.settings", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_deleted"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome\\Extensions", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_created"}, {"status": "success or wait", "value_name": "ahfgeienlihckogmohjhadlkjgocpleb", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings", "value": "69DEB46A0B78E542374AC1328780025ED39AC48FDDA2BDE04045AF87D9838F7B", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_created"}, {"status": "success or wait", "value_name": "media.cdm.origin_data", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default", "value": "81046E921B34925EF9312C9A62CC5AFFB0D63E7CA2C13AC486278B291F7C08F2", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "success or wait", "value_name": "TraceTimeLast", "key_name": "HKEY_USERSS-1-5-19\\Software\\Microsoft\\Cryptography\\TPM\\Telemetry", "value": "CA E7 AC 63 21 4B DA 01 ", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}], "file_actions": [{"status": "success or wait", "file_name": "the-real-index~RF324ee.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Code Cache\\js\\index-dir", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "AutoIt3", "file_path": "C:\\Program Files (x86)", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_US", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object path not found", "file_name": "computed_hashes.json", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\hangout_services\\_metadata", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "lv", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "3295c130-2390-4cd7-882d-02000c1f9d6d.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "gu", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "upgrade-index", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Local", "file_path": "C:\\Users\\user~1\\AppData", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Local State~RF3806c.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CMApi", "file_path": "\\Device\\DeviceApi", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Windows.UI.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIAL.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "the-real-index", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Code Cache\\js\\index-dir", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Application", "file_path": "C:\\Program Files (x86)\\Google\\Chrome", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object path not found", "file_name": "prefs.json", "file_path": "C:\\Program Files\\Google\\GoogleUpdater", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "en_GB", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "VERSION.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "km", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ntshrui.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_BITS_7164_1557435168", "file_path": "C:\\Program Files", "action_type": "file_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "lv", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "craw_window.css", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SetupMetrics", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26af5.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_BITS_7164_137727968", "file_path": "C:\\Program Files", "action_type": "file_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\uk", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "KBDUS.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object path not found", "file_name": "computed_hashes.json", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\pdf\\_metadata", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hu", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\tr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "AppData", "file_path": "C:\\Users\\user", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "zh_TW", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\da", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ko", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ja", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\zh_TW", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hi", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "verified_contents.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_metadata", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hu", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "nb", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "tzres.dll.mui", "file_path": "C:\\WINDOWS\\SYSTEM32\\en-US", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ml", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\en", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "msvcp110_win.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "page_embed_script.js", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ja", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26efc.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "computed_hashes.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_metadata", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "113.0.5672.93", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "1.66.0_0", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "id", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "af", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fr_CA", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "vi", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26690.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_BITS_7164_137727968", "file_path": "C:\\Program Files", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cversions.1.db", "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "de", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.5371781808828888906", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ca", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Tabs_13341351141015311", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sessions", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "invalid handle", "file_name": "unknown", "file_path": "", "action_type": "file_written", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "user~1", "file_path": "C:\\Users", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cscui.dll", "file_path": "C:\\WINDOWS\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object name collision", "file_name": "Caches", "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows", "action_type": "file_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cryptsp.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26816.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dwmapi.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\lt", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF277b6.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Preferences~RF28dcf.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403", "file_path": "C:\\WINDOWS\\WinSxS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Preferences", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WindowsCodecsRaw.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "topbar_floating_button_maximize.png", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.8528811922335825074", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\si", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.15990597935705186469", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ur", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\kk", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Users", "file_path": "C:", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "gpapi.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dhcpcsvc.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "verified_contents.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_metadata", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ActXPrxy.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fil", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fil", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hy", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sortdefault.nls", "file_path": "C:\\WINDOWS\\Globalization\\Sorting", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "gl", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fi", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "b154ccd1-6189-4931-953b-5db3eb52f7f2.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "RTWorkQ.DLL", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "tr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF280af.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\tr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "en", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "en-US.pak", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\locales", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "crashpad_7164_KFOIJLEXXGSBFTKR", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\id", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "zh_CN", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ne", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "es_419", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "inetcomm.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\is", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dbghelp.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "_locales", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "pa", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ar", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "twinapi.appcore.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "BitsProxy.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "bn", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "tr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.12323301711856673067", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_200_percent.pak", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dlnashext.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "iw", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26e9e.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SSPICLI.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fwbase.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\cy", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sl", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WTSAPI32.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ms", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sw", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ro", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "MountPointManager", "file_path": "", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "eu", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIALBI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "KERNEL32.DLL.mui", "file_path": "C:\\WINDOWS\\System32\\en-US", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26b91.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.938562082360760424", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Preferences~RF37957.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\it", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "en_US", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "todelete_ca366d4d2a962dcf", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "pt_BR", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\zh_CN", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pt_PT", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lt", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "topbar_floating_button_pressed.png", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mscms.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.7003376282300460611", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF28080.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "DPAPI.dll", "file_path": "C:\\WINDOWS\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\th", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "BrowserMetrics-65244C60-125C.pma", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\BrowserMetrics", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Secur32.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ml", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF280a0.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_CA", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "topbar_floating_button_hover.png", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\es", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\eu", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "bcrypt.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ca", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\lv", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "temp-index", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ka", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "kk", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "wlanapi.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "it", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "000001.dbtmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\gdaefkejpgkiemlaofpalmlakkmbjdnl", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "default_apps", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIALI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26a1a.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.5557806001879089168", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ta", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ru", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "FirewallAPI.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_CN", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINHTTP.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sRGB Color Space Profile.icm", "file_path": "C:\\WINDOWS\\system32\\spool\\drivers\\color", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.13427858274477407116", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ko", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "MSOHEVI.DLL", "file_path": "C:\\PROGRA~1\\MICROS~1\\Office12", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF28090.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "index", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Local State~RF28c48.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "IPHLPAPI.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sk", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "no", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF280a0.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "images", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sv", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINSTA.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIALBD.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\iw", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "tbs.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "srmshell.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "the-real-index~RF38ba7.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Code Cache\\js\\index-dir", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.4655848220829308044", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ka", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Windows.Media.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\mn", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sk", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dxgi.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "USERENV.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.2012181059449342459", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\te", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "manifest.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "bfc3761f-a788-4a60-8860-db27b3bf6826", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\blob_storage", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome.dll", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\bg", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hy", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fa", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "webcheck.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "craw_window.js", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "it", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fil", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Endpoint", "file_path": "\\Device\\Afd", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "usermgrcli.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26680.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TIMESBI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "te", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "manifest.json", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\MEIPreload", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WorkfoldersShell.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ja", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\nb", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "icon_16.png", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF28071.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TIMES.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dataexchange.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "_metadata", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "DWrite.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ru", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\no", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF280a0.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "kn", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "shellext.dll", "file_path": "C:\\Program Files\\Windows Defender", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\vi", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\az", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\de", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "th", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hi", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\gu", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CoreUIComponents.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.16333949910362127675", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sl", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "PCPKsp.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "4cbc0183-8308-4519-b3c4-c5d866768884.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fi", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "49ca94db-f59d-4dd8-a69b-1dbac6db58d8.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINMMBASE.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Certificates", "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_HK", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "NIRMALAS.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "MDMRegistration.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "uxtheme.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "computed_hashes.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_metadata", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db", "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ntmarta.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF280af.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "zu", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CONSOLAZ.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\km", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIBLK.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "topbar_floating_button.png", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "NLAapi.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "index~RF26c8b.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "wkssvc", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINMM.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "wshext.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ro", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "NETBT_TCPIP_{7F50E9BE-7F02-49EC-B525-546E3FB9A32B}", "file_path": "\\DEVICE", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\my", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\kn", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hu", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "colorui.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Secure Preferences~RF28d90.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.14805540783010311201", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "msoshext.dll", "file_path": "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SEGUIEMJ.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "84f07f12-8eff-4654-97d5-d9d5dc5509bc.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "manifest.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ar", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sv", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "topbar_floating_button_close.png", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.15614001605277384304", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CRYPTSP.dll", "file_path": "C:\\WINDOWS\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "en_GB", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "nl", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pt_BR", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ja", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CAMBRIA.TTC", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "da", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "da", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Module Info Cache~RF2c9af.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINDOWS", "file_path": "C:", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "lt", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\cs", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "wab32.dll", "file_path": "C:\\Program Files\\Common Files\\System", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\th", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "es", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "NIRMALA.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "_metadata", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\es_419", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "lo", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CRYPTBASE.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "128.png", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TIMESI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CTLs", "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.14909495955792438792", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object name not found", "file_name": "TPM", "file_path": "", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "MMDevApi.dll", "file_path": "C:\\WINDOWS\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Local State", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Preferences~RF2ee7d.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "uk", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "_locales", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\et", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cc3cf316-5a35-4ac7-be50-0d77a8151dfb.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sl", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ne", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "user", "file_path": "C:\\Users", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.16389839076684270433", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\et", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "html", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "pt_PT", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "cannot delete", "file_name": "BrowserMetrics-65AAEE66-1BFC.pma", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\BrowserMetrics", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "th", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\am", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "manifest.json", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\WidevineCdm", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Google", "file_path": "C:\\Users\\user\\AppData\\Local", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CONSOLAB.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cryptext.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "PROPSYS.dll.mui", "file_path": "C:\\WINDOWS\\SYSTEM32\\en-US", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lo", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dhcpcsvc6.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "VERDANAI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "XmlLite.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CoreMessaging.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26690.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "wintypes.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "pt_PT", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "trusted_vault.pb", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_BITS_7164_137727968", "file_path": "C:\\Program Files", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\gl", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "5f29766b-bbcc-4f1b-9d50-c90c4dd60da3.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "PROPSYS.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Local", "file_path": "C:\\Users\\user\\AppData", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "VERDANAZ.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "VERDANAB.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pt_PT", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Local State~RF2bf4e.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fi", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ncrypt.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "my", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "eventpage_bin_prod.js", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "el", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "netapi32.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\el", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ro", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "icon_128.png", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dasherSettingSchema.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "wlanapi.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "UIAutomationCore.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "USER32.dll.mui", "file_path": "C:\\WINDOWS\\System32\\en-US", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "bg", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.17008016908030526641", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "nmmhkkegccagdldgiimedpiccmgmieda", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "RMCLIENT.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hi", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "craw_background.js", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CONSOLAI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "et", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "en", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CONSOLA.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\id", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Secure Preferences", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CNG", "file_path": "\\Device", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "tzres.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ca", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pl", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_100_percent.pak", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "preloaded_data.pb", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\MEIPreload", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "pt_BR", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "css", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_elf.dll", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "temp-index", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Code Cache\\js\\index-dir", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sk", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CMNotify", "file_path": "\\Device\\DeviceApi", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Caches", "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.16704188171526519595", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "appresolver.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.12379925674880718928", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "wpnapps.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hosts", "file_path": "C:\\WINDOWS\\system32\\drivers\\etc", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\mr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "InputHost.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "zh_TW", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\it", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\PersistentOriginTrials", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "AppData", "file_path": "C:\\Users\\user~1", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.2328985240652827900", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "wkscli.dll", "file_path": "C:\\WINDOWS\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Module Info Cache", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "IMM32.DLL", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "7136bdf0-fc3b-43a4-b9dc-1230a379558f.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "stobject.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TextInputFramework.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "si", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF267c8.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "the-real-index", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "directmanipulation.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "el", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}", "file_path": "", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "pl", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sw", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "KsecDD", "file_path": "\\Device", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ms", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "OneCoreUAPCommonProxyStub.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "uk", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "0af34194-9402-47aa-a3ab-dc44404879ed.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "netutils.dll", "file_path": "C:\\WINDOWS\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "44301d95-d150-4100-9978-2a4ff4dd0ea5.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\bn", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "nl", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.7989042900505458173", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "DMCmnUtils.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIALN.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fi", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIALNB.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\de", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "zh_HK", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ghbmnnjooekpmoecnnnilnnbdlolhkhi", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TIMESBD.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ur", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "d3d11.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "atlthunk.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sl", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "NTASN1.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\el", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cs", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ru", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "manifest.fingerprint", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "rpcss.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\es", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\da", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.15761571646295731223", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hr", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sv", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_TW", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "de", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "resources.pak", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "external_extensions.json", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\default_apps", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "NIRMALAB.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ko", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "be", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.9448446555981269236", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sk", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\uk", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.15189293687477637717", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIALNI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.673452335551621506", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\af", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.3565400010105269535", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "R000000000013.clb", "file_path": "C:\\WINDOWS\\Registration", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "COMCTL32.dll", "file_path": "C:\\WINDOWS\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cb00e7c1-a436-4915-86a5-d625b867de06.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_shutdown_ms.txt", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "et", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "63fd997b-00e2-4c7e-a4d9-2492d22ee3c9.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "BrowserMetrics-spare.pma.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\nl", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pa", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object path not found", "file_name": "computed_hashes.json", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\network_speech_synthesis\\_metadata", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "bg", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "az", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Module Info Cache~RF380ba.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "shell32.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cy", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "en_CA", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "OLEACC.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Session_13341351140337548", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sessions", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ARIALNBI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SEGUISB.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.928700364805031984", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hi", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "flapper.gif", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000022600000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}", "file_path": "", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object name not found", "file_name": "NETBT_TCPIP_{C8C115D0-C73A-11E8-B003-806E6F6E6963}", "file_path": "\\DEVICE", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CRLs", "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "trusted_vault.pb~RF27b02.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Local State~RF3189a.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "explorerframe.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ta", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ru", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pt_BR", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\nl", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fr_CA", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "the-real-index~RF2c8e4.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old~RF26b33.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "fa", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "aaef295e-a2d7-4554-8e60-b10c9e81e17c.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.3072040511828351109", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "1.0.0.6_0", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hu", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_GB", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "EhStorShell.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Preferences~RF3189a.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\vi", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "is", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LINKINFO.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "es_419", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mswsock.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "etc", "file_path": "C:\\WINDOWS\\system32\\drivers", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ca", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.5065171455154818050", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "am", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINSPOOL.DRV", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\en_GB", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object path not found", "file_name": "computed_hashes.json", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\web_store\\_metadata", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "C:", "file_path": "", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "zh_CN", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "DEVOBJ.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ncryptprov.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sv", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Google Chrome.lnk", "file_path": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "rsaenh.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "DSREG.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ro", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "vi", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "twinapi.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "VERDANA.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ole32.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "AppContainerUserCertRead", "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mn", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cs", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.6564.16606832278380850568", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "es", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lv", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "desktop.ini", "file_path": "C:\\Program Files (x86)", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\cs", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ColorAdapterClient.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "lt", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fil", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zu", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\es_419", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hr", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mojo.7164.4660.9086864329745810841", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "pl", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "OLEACCRC.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pl", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WindowsShell.Manifest", "file_path": "C:\\WINDOWS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Nsi", "file_path": "", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "craw_window.html", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\html", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SEGOEUI.TTF", "file_path": "C:\\WINDOWS\\FONTS", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "LOG.old", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dcomp.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\be", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "messages.json", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\bg", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "icudtl.dat", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "id", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ko", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "process": {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "process_id": 7164, "name": "chrome.exe", "parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --start-maximized \"about:blank", "parent_process_id": 6240}, "mutex_actions": [{"status": "success or wait", "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7164:304:WilStaging_02", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "name": "unknown", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7164:120:WilError_01", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "name": "\\Sessions\\1\\BaseNamedObjects\\{A946A6A9-917E-4949-B9BC-6BADA8C7FD63}", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "modules_loaded": [{"module_name": "\\KnownDlls\\DWrite.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dpapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\USER32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\combase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\secur32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dsreg.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\rpcss.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winsta.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\Secur32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dbghelp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\rsaenh.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\arial.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\kernel.appcore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\uxtheme.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\devobj.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\twinapi.appcore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\XmlLite.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dhcpcsvc.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\msvcp110_win.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ntmarta.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\msvcp_win.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\MMDevApi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINSTA.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ncryptprov.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\ariblk.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\PCPKsp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\en-US\\tzres.dll.mui", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINHTTP.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\CRYPTBASE.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dcomp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\ARIALNB.TTF", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "unknown", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\OLEAUT32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\d3d11.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\wlanapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\usermgrcli.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\en-US\\kernel32.dll.mui", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\TextInputFramework.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ncrypt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\nlaapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\segoeui.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\MMDevAPI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\actxprxy.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ntmarta.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\SHELL32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\UIAutomationCore.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\CoreUIComponents.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\consolai.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\version.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\arialbi.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winhttp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\twinapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\explorerframe.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ActXPrxy.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\mdmregistration.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\CoreUIComponents.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\wpnapps.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\InputHost.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dwmapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\CoreMessaging.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Registration\\R000000000013.clb", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\verdana.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\RTWorkQ.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\profapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINSPOOL.DRV", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\gdi32full.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\wtsapi32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\uxtheme.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\shcore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\USERENV.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\en-US\\user32.dll.mui", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\VERSION.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\Windows\\ThemeSection", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\mscms.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\HWNDInterface:3031c", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\cryptbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dhcpcsvc6.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ucrtbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\SETUPAPI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\NLAapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\coloradapterclient.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\mswsock.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\timesbd.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\SSPICLI.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_100_percent.pak", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\msvcp110_win.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\HWNDInterface:1032a", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\seguisb.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ole32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_200_percent.pak", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\UIAutomationCore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ncrypt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\tbs.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403\\comctl32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\xmllite.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\Windows\\Theme3180608070", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dataexchange.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\verdanai.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\MSCTF.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINMM.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\usermgrcli.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\gpapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\propsys.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\arialbd.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\twinapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\AsyncKeyStateTrackerSharedMemory", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\tbs.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\oleacc.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\ariali.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\Windows.Media.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\Windows.UI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\cryptsp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\CRYPT32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\Windows\\SharedSection", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\twinapi.appcore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\consola.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources.pak", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dhcpcsvc.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\BitsProxy.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dxgi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WS2_32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\NSI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\WinTypes.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\KBDUS.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\sechost.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\cfgmgr32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winmmbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\clbcatq.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\DSREG.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\netutils.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\TextInputFramework.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Windows\\Theme2779561647", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\icudtl.dat", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\en-US\\propsys.dll.mui", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ADVAPI32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINTRUST.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\consolab.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\KERNELBASE.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WTSAPI32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winmm.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\NirmalaS.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ole32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\consolaz.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\mscms.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\Locales\\en-US.pak", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dwmapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\KBDUS.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\RMCLIENT.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dmcmnutils.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\bcrypt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\FirewallAPI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\verdanab.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\netutils.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\seguiemj.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\ARIALNBI.TTF", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dbghelp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\netapi32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\PROPSYS.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\LINKINFO.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\DWrite.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\CTF.AsmListCache.FMPDefault1", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\Nirmala.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\rmclient.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ExplorerFrame.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\FLTLIB.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\BitsProxy.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\wintypes.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\mswsock.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\cryptsp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\winmmbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\msvcrt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dcomp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\imm32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\wkscli.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\gpapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\FirewallAPI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\Windows.Media.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\MDMRegistration.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\windows.storage.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINMMBASE.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dxgi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\KERNEL32.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\MSASN1.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\PCPKsp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\powrprof.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\ARIALNI.TTF", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\CRYPTSP.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\win32u.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\bcryptPrimitives.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\DEVOBJ.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\directmanipulation.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\windows_shell_global_counters", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\IPHLPAPI.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dhcpcsvc6.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\wpnapps.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\bcrypt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\OneCoreUAPCommonProxyStub.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\atlthunk.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\RTWorkQ.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\userenv.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\SHLWAPI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\InputHost.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\Windows.UI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ColorAdapterClient.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\RPCRT4.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\d3d11.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ncryptprov.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\CoreMessaging.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\wlanapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\IMM32.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\atlthunk.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\sspicli.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winspool.drv", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\fwbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\NirmalaB.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\WindowsShell.Manifest", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\DataExchange.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\OLEACC.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\DMCmnUtils.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\fwbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\timesbi.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\IPHLPAPI.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ntasn1.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\rsaenh.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\oleaccrc.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\ARIALN.TTF", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\netapi32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\directmanipulation.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\wkscli.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\verdanaz.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\cambria.ttc", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\linkinfo.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Fonts\\timesi.ttf", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\NTASN1.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\HWNDInterface:702be", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\GDI32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\DPAPI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}]}, {"process_actions": [{"status": "success or wait", "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "process_terminated"}, {"status": "success or wait", "path": "unknown", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "process_created"}], "registry_actions": [{"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "StatusCodes", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty", "value": "NU LL ", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}, {"status": "success or wait", "value_name": "state", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon", "value": "2", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_value_modified"}], "file_actions": [{"status": "success or wait", "file_name": "CMApi", "file_path": "\\Device\\DeviceApi", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "AutoIt3", "file_path": "C:\\Program Files (x86)", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sortdefault.nls", "file_path": "C:\\WINDOWS\\Globalization\\Sorting", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_elf.dll", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "113.0.5672.93", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ntmarta.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Application", "file_path": "C:\\Program Files (x86)\\Google\\Chrome", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "VERSION.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CRYPTBASE.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "IMM32.DLL", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CNG", "file_path": "\\Device", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "crashpad_6432_IWZNPBMDEDPATAVQ", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "process": {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "process_id": 6432, "name": "chrome.exe", "parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" \"https://imdb.com/title/tt7740510/reviews?ref_=tt_urv", "parent_process_id": 6240}, "mutex_actions": [{"status": "success or wait", "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6432:304:WilStaging_02", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "name": "unknown", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "modules_loaded": [{"module_name": "\\KnownDlls\\profapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\windows.storage.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\gdi32full.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\msvcp_win.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\KERNEL32.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\combase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\shcore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\VERSION.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\shlwapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\sechost.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\cfgmgr32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\RPCRT4.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\cryptbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ucrtbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ntmarta.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ADVAPI32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\USER32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\KERNELBASE.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\CRYPTBASE.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\kernel.appcore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\IMM32.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\bcryptPrimitives.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\win32u.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\FLTLIB.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ntmarta.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\SHELL32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\msvcrt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\version.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\powrprof.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\imm32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\Windows\\SharedSection", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\GDI32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}]}, {"process": {"analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "process_id": 5476, "name": "chrome.exe", "parameters": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1788,i,7363726825860783600,3061326717789543722,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8", "parent_process_id": 7164}, "mutex_actions": [{"status": "success or wait", "name": "unknown", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5476:304:WilStaging_02", "action_type": "mutex_created", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "modules_loaded": [{"module_name": "\\KnownDlls\\DWrite.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\USER32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\combase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\secur32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\Secur32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dbghelp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\kernel.appcore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dhcpcsvc.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ntmarta.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\msvcp_win.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\en-US\\tzres.dll.mui", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\CRYPTBASE.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "unknown", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\OLEAUT32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\rasadhlp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\userenv.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\bcrypt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\rasadhlp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winnsi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WS2_32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\nlaapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ntmarta.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\UIAutomationCore.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\version.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\profapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\NSI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\gdi32full.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\DWrite.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\USERENV.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\VERSION.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\cryptbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dhcpcsvc6.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ucrtbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winmmbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\DNSAPI.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\SSPICLI.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_100_percent.pak", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\ole32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_200_percent.pak", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\UIAutomationCore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINMM.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\propsys.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\CRYPT32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\Sessions\\1\\Windows\\SharedSection", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources.pak", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dhcpcsvc.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINNSI.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\sechost.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\cfgmgr32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\mswsock.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\v8_context_snapshot.bin", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\icudtl.dat", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\bcrypt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\ADVAPI32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINTRUST.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\KERNELBASE.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\Locales\\en-US.pak", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\bcryptPrimitives.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dbghelp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\PROPSYS.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\shcore.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\dnsapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\FLTLIB.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINHTTP.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\mswsock.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\winmmbase.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\msvcrt.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\imm32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINSPOOL.DRV", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\windows.storage.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\WINMMBASE.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\KERNEL32.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\MSASN1.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\powrprof.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\shlwapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\win32u.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winmm.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\IPHLPAPI.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\dhcpcsvc6.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winhttp.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\RPCRT4.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\shell32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\IMM32.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\NLAapi.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\sspicli.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Windows\\System32\\winspool.drv", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\IPHLPAPI.DLL", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"module_name": "\\KnownDlls\\GDI32.dll", "module_tag": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "file_actions": [{"status": "success or wait", "file_name": "tzres.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome.dll", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "sortdefault.nls", "file_path": "C:\\WINDOWS\\Globalization\\Sorting", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "KsecDD", "file_path": "\\Device", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TransportSecurity~RF2f293.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Endpoint", "file_path": "\\Device\\Afd", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "tzres.dll.mui", "file_path": "C:\\WINDOWS\\SYSTEM32\\en-US", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "NETBT_TCPIP_{7F50E9BE-7F02-49EC-B525-546E3FB9A32B}", "file_path": "\\DEVICE", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Users", "file_path": "C:", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_200_percent.pak", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Secur32.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_100_percent.pak", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TransportSecurity~RF2ca1c.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "PROPSYS.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SSPICLI.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Local", "file_path": "C:\\Users\\user\\AppData", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINMMBASE.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TransportSecurity~RF33421.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "user", "file_path": "C:\\Users", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dhcpcsvc.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "8b55ed6f-5ac8-4fd9-b02c-440a8d31bfa9.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Network Persistent State", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CMApi", "file_path": "\\Device\\DeviceApi", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "f34df22d-5da5-4083-b4e2-4c479c3a8e72.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "df83217c-94a0-43c3-94a1-b5828507ea8d.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "chrome_elf.dll", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "4ccbef40-1848-4de5-bc40-3a24490fc0e2.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "113.0.5672.93", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ntmarta.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TransportSecurity~RF2a27f.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "AsyncConnectHlp", "file_path": "\\Device\\Afd", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "VERSION.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Network Persistent State~RF38b0b.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object name not found", "file_name": "RasAcd", "file_path": "\\Device", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "IPHLPAPI.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "etc", "file_path": "C:\\WINDOWS\\system32\\drivers", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "AppData", "file_path": "C:\\Users\\user", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "hosts", "file_path": "C:\\WINDOWS\\system32\\drivers\\etc", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "b5458bfa-f4f3-44fd-b0f2-b6b0615a319e.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SCT Auditing Pending Reports~RF276cc.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TransportSecurity", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "ole32.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "UIAutomationCore.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "7fe1f6f6-cfab-4848-9d82-ea415c2f8952.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "DWrite.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "C:", "file_path": "", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "en-US.pak", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\locales", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "crashpad_7164_KFOIJLEXXGSBFTKR", "file_path": "\\pipe", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Network Persistent State~RF2a1b4.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "NLAapi.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CRYPTBASE.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "USERENV.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "mswsock.dll", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SCT Auditing Pending Reports~RF27797.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINMM.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "15dd2fb8-9828-4e21-a9ab-2b0ac20f81e9.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "SCT Auditing Pending Reports", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Nsi", "file_path": "", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "cd2614b7-aade-47f8-baee-d65d7ce8a1c7.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dhcpcsvc6.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Google", "file_path": "C:\\Users\\user\\AppData\\Local", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "3d373796-444e-4ac3-b4db-954a25c04431.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "DNSAPI.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "bcrypt.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINSPOOL.DRV", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "2895735c-afa5-4fb3-b7c1-4b4ee25aac06.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "icudtl.dat", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "dbghelp.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "object name not found", "file_name": "NETBT_TCPIP_{C8C115D0-C73A-11E8-B003-806E6F6E6963}", "file_path": "\\DEVICE", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "unknown", "file_path": "", "action_type": "file_written", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "v8_context_snapshot.bin", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "Network Persistent State~RF2cac8.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINNSI.DLL", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "WINHTTP.dll", "file_path": "C:\\WINDOWS\\SYSTEM32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TransportSecurity~RF3c65e.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "resources.pak", "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "CNG", "file_path": "\\Device", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "IMM32.DLL", "file_path": "C:\\WINDOWS\\system32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "TransportSecurity~RF35ad3.TMP", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_deleted", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "adc5a9c7-3122-4fc8-a12d-3258e6398667.tmp", "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", "action_type": "file_moved", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}, {"status": "success or wait", "file_name": "rasadhlp.dll", "file_path": "C:\\Windows\\System32", "action_type": "file_opened", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"]}], "registry_actions": [{"status": "success or wait", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "success or wait", "value_name": "", "key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Network\\Location Awareness", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_opened"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Dnscache\\Parameters", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip6\\Parameters", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}, {"status": "pending", "value_name": "", "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\Protocol_Catalog9", "value": "", "analysis_ids": ["b549dd89-5bc8-47ea-92a2-018e8d9c36e5"], "action_type": "key_monitored"}]}]}, "requested_base64_url": "13659fe16d68b277526d3bb25acb2731b235bdf4"}}}}, "IndicatorTimeline": [], "IgnoreAutoExtract": false, "Note": false, "Relationships": []} \ No newline at end of file diff --git a/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/url_dynamic_response.json b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/url_dynamic_response.json new file mode 100644 index 000000000000..f8eafc57066c --- /dev/null +++ b/Packs/ReversingLabs_Titanium_Cloud/Integrations/ReversingLabsTitaniumCloudv2/test_data/url_dynamic_response.json @@ -0,0 +1,13484 @@ +{ + "rl": { + "report": { + "mitre_attack": { + "matrix_list": [ + { + "tactics": { + "tactic_list": [ + { + "techniques": { + "technique_list": [ + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "id": "T1055", + "name": "Process Injection" + }, + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "id": "T1036", + "name": "Masquerading" + } + ] + }, + "id": "TA0005", + "name": "Defense Evasion" + }, + { + "techniques": { + "technique_list": [ + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "id": "T1046", + "name": "Network Service Scanning" + } + ] + }, + "id": "TA0007", + "name": "Discovery" + }, + { + "techniques": { + "technique_list": [ + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "id": "T1071", + "name": "Application Layer Protocol" + }, + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "id": "T1095", + "name": "Non-Application Layer Protocol" + }, + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "id": "T1573", + "name": "Encrypted Channel" + } + ] + }, + "id": "TA0011", + "name": "Command and Control" + } + ] + }, + "name": "Enterprise" + } + ] + }, + "signatures": [ + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "description": "Uses secure TLS version", + "risk_factor": 0, + "sig_id": 508 + }, + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "description": "Found graphical window changes (likely an installer)", + "risk_factor": 0, + "sig_id": 1649 + }, + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "description": "URLs found in memory or binary data", + "risk_factor": 5, + "sig_id": 357 + }, + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "description": "Uses HTTPS", + "risk_factor": 5, + "sig_id": 392 + }, + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "description": "Classification label", + "risk_factor": 5, + "sig_id": 420 + }, + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "description": "Performs DNS lookups", + "risk_factor": 5, + "sig_id": 353 + }, + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "description": "Found strings which match known social media urls", + "risk_factor": 5, + "sig_id": 355 + }, + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "description": "Creates a directory in C:\\Program Files", + "risk_factor": 0, + "sig_id": 1665 + }, + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "description": "Uses HTTPS for network communication", + "risk_factor": 5, + "sig_id": 1549 + }, + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "description": "Creates files inside the program directory", + "risk_factor": 5, + "sig_id": 1143 + }, + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "description": "Performs connections to IPs without corresponding DNS lookups", + "risk_factor": 5, + "sig_id": 472 + }, + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "description": "Spawns processes", + "risk_factor": 5, + "sig_id": 1271 + }, + { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "description": "Sends SSDP (simple service discovery protocol) broadcast queries", + "risk_factor": 5, + "sig_id": 447 + } + ], + "classification": "NO_THREATS_FOUND", + "history_analysis": [ + { + "analysis_duration": 198, + "classification_version": 2, + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "NO_THREATS_FOUND", + "warnings": [ + "Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe", + "Excluded IPs from analysis (whitelisted): 216.58.214.3, 34.104.35.123, 142.251.39.106, 142.250.179.131, 142.250.179.206", + "Excluded domains from analysis (whitelisted): r2---sn-5hne6ns6.gvt1.com, edgedl.me.gvt1.com, redirector.gvt1.com, content-autofill.googleapis.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com", + "Not all processes where analyzed, report is missing behavior information" + ], + "risk_score": 0, + "platform": "windows10", + "configuration": "MS Office 2007;Java 8;Adobe Reader 2020;Firefox 62;Google Chrome 69;Microsoft Edge 42;Internet Explorer 11", + "analysis_time": "2024-01-19T12:53:59" + } + ], + "url_base64": "aHR0cHM6Ly9pbWRiLmNvbS90aXRsZS90dDc3NDA1MTAvcmV2aWV3cz9yZWZfPXR0X3Vydg", + "risk_score": 0, + "threat_names": [ + { + "threat_name": "Unknown", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + } + ], + "sha256": "", + "last_analysis": "2024-01-19T12:53:59", + "dropped_files": [ + { + "sha1": "88a82523260a982a5dbfd3f4e19c3db4969a701b", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 93", + "sample_type": "Image/None/JPEG", + "sample_size": 4214, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "26ea9b916a48c6d54fb36ad5db111bbfa13ad8922198008554c852486d805e08", + "file_path": "", + "md5": "a4ba5615d593e59bfcd485fcf897d050" + }, + { + "sha1": "1d76baf7cdbd01a51ccfe7658610aa0869c68a3b", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 115", + "sample_type": "Binary/Archive/GZIP", + "sample_size": 29339, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "4125211e25f0a2bf3c5ae18523fb3a5d979ef0e1e6f9a412a0a400e119702b47", + "file_path": "", + "md5": "8e3efb277e465527a5bcf32e07f7b1a2" + }, + { + "sha1": "8302f515431afe4a30b548d820540d3ac5627667", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 113", + "sample_type": "Image/None/JPEG", + "sample_size": 30902, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "cd4684c0e1c41256f4ccae016e1b247238c6b8e041c54aded18e7d7af86fcd63", + "file_path": "", + "md5": "e2ba49b3b70491d21334041090b955bd" + }, + { + "sha1": "01deaf1141d909139c3c179515d7cbf00198a4cb", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 212", + "sample_type": "Image/None/JPEG", + "sample_size": 6675, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "9279b6cd2ec09ec44ce40257b6f6c99de814cf0959f9463654428b020b417f19", + "file_path": "", + "md5": "bcfbd15ceca7999cd3026cdba9b94a90" + }, + { + "sha1": "2676e16aa78ce1196e0273592617c96346a29d31", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 136", + "sample_type": "Image/None/JPEG", + "sample_size": 4374, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "684ad7325e8120a2a587832663f55f56f1c6f59e8924e6873bc17148a464a848", + "file_path": "", + "md5": "bd391154dac88cefb07abd86f4edb1da" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 102", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "2d8648a1115093dc43e8d7834ba4587e41c3f806", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 195", + "sample_type": "Text/HTML", + "sample_size": 371317, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "54bb56afaca0128ff3a37e184e3d2811cb8be9b25c4369a8ec4ccded55806ff9", + "file_path": "", + "md5": "91666c554ce4423d9d43b6dccdd481e3" + }, + { + "sha1": "8f987f895be240334e6d617b169b824b25f8e45f", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 134", + "sample_type": "Image/None/JPEG", + "sample_size": 6557, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "36b032acb6b879eec36ce95da3ace57a7e537584c7a8a4f87cc187fd03b1951a", + "file_path": "", + "md5": "40bd9f4fb6ab4ca640887f218e939e85" + }, + { + "sha1": "470a529e517cdb74716116e7b29552419e86babb", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 111", + "sample_type": "Image/None/JPEG", + "sample_size": 3597, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "18c81654266eca777b1b4c2e00b439c3ce342e6edff47bccf375197cd95edb10", + "file_path": "", + "md5": "f80030bc60f2cce5dedd2174b507246e" + }, + { + "sha1": "f5cef917635c0ddf9c67bb7ef8b37b1725b53152", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 154", + "sample_type": "Image/None/PNG", + "sample_size": 497, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "83aed9a68ee856ae88cb99fe562493ce627010c0b05d919cd7dc311414425c10", + "file_path": "", + "md5": "a00f507810e886fe683c705a0582cdb2" + }, + { + "sha1": "9c11794d0cebe579c7b0275847e2ab1bfd2114d2", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 190", + "sample_type": "Image/None/JPEG", + "sample_size": 5048, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "3fa7e13b8caf75b7f215149e88d62e80ea4a9ac649ee10ad3939b1d498e3030e", + "file_path": "", + "md5": "ad97055f043b3260fda52f90ab04930e" + }, + { + "sha1": "682dc0a46519564a72cdc6b9d15fb4e260793123", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 202", + "sample_type": "Binary/None", + "sample_size": 555529, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "4293e8d2214c0fb45babcf26483e4c1d86ae28e67b05a86f93dbeb7eceec0864", + "file_path": "", + "md5": "64789e2fe8c581ed0d5315276eb4502d" + }, + { + "sha1": "6ee41aacd863d1c710ed189fce9fa4b5a6fed61b", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 229", + "sample_type": "Image/None/JPEG", + "sample_size": 46739, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "17608d551f17c933466d5b5733f28f9ad92852e4d792e415a368f69f435d1e01", + "file_path": "", + "md5": "e83f967c1c5f4ee79db3d53dd9af5e73" + }, + { + "sha1": "5789e81a66958aabc7590c1ddd41058335636027", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 165", + "sample_type": "Image/None/WOFF", + "sample_size": 11020, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e", + "file_path": "", + "md5": "a59072f933169d3f2db497f44ca4cbbe" + }, + { + "sha1": "79a903b5bc8bafdc78651d58a098b7f8b2d7fc30", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 185", + "sample_type": "Image/None/JPEG", + "sample_size": 2635, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "73a03e22aee1c13064d8e30ea80fc3b8a0a4cd9c128bb01a5036daa3b8ae0979", + "file_path": "", + "md5": "81e626d3efd077f4b121bc12aef2a4dd" + }, + { + "sha1": "9a212137e27fe221fe21b4332776d9a8885efaae", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 150", + "sample_type": "Image/None/JPEG", + "sample_size": 35506, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "ad51bf609054ced1220bd8fc7c8fcf601e9633ac5333dc91e5d4f567667147e8", + "file_path": "", + "md5": "1e6b6ad72d35a61bf0467466ff7e2af4" + }, + { + "sha1": "15cd0cfb5cef05c87a65822eb100a02754d5c04f", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 147", + "sample_type": "Image/None/JPEG", + "sample_size": 3977, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "6fbb5d59ee9b27aa7539b6487eb5c5cd4ce6431b1e20f699da42e8d08a837585", + "file_path": "", + "md5": "80f226c6be828bdd5d0f42ffafc8896d" + }, + { + "sha1": "9a212137e27fe221fe21b4332776d9a8885efaae", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 133", + "sample_type": "Image/None/JPEG", + "sample_size": 35506, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "ad51bf609054ced1220bd8fc7c8fcf601e9633ac5333dc91e5d4f567667147e8", + "file_path": "", + "md5": "1e6b6ad72d35a61bf0467466ff7e2af4" + }, + { + "sha1": "6ff06a34f68ad0324ddec1bbe4d453c959178b36", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 162", + "sample_type": "Image/None/WOFF", + "sample_size": 11016, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479", + "file_path": "", + "md5": "15fa3062f8929bd3b05fdca5259db412" + }, + { + "sha1": "08d84905ec59ef0dd96cc94ea81fbb4c2448e009", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 204", + "sample_type": "Image/None/JPEG", + "sample_size": 3559, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "249c151940cfee86eea272b3e86ba9a735b6901739f9f3cf489260e8183cb20c", + "file_path": "", + "md5": "b9d39a4b37255a7bfa6cbfdc94219077" + }, + { + "sha1": "397b288df8abf27a0cd24350593e0a3814f7ef42", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 137", + "sample_type": "Image/None/JPEG", + "sample_size": 5209, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "ada4871e8f92d50a977253467f4fff3fac17ec43dacc78f1713e51365459032f", + "file_path": "", + "md5": "139043909e518c544e6e9aa497a8ddcd" + }, + { + "sha1": "5dbdaab7213b5c606f0c8b1b153e1ea284bb737c", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 215", + "sample_type": "Image/None/JPEG", + "sample_size": 54660, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "05d4923449bdc5b7de702698eda368f1287ca59d7a788c70f1a662d264dc2e27", + "file_path": "", + "md5": "58f7fe65d7b019d7cfa4c3ba7ceb1e4c" + }, + { + "sha1": "68d5ab3244b936d1e2ec364706faffd2d5d7f21f", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 142", + "sample_type": "Binary/None", + "sample_size": 760, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "e38f21ffde5eea825d4e4a9b52efaa7c9f7aaf67a25347a671dfe8894c80d28a", + "file_path": "", + "md5": "25581c9a34165352a9c1badfd8a2aeb7" + }, + { + "sha1": "b009ca00be40ce7d8e53d054d39be62ce790d6ab", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 98", + "sample_type": "Binary/Archive/GZIP", + "sample_size": 35408, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "d0db52fe774424b284a5b5e91e2732a6b774aeff28ddfa5bd7f592054a8d3c7a", + "file_path": "", + "md5": "84a49a20c089bc0d7ef3323e8b5952d2" + }, + { + "sha1": "bba1550dd8ebab7b55fcbd092655db0dbe968a21", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 91", + "sample_type": "Image/None/JPEG", + "sample_size": 5830, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a5f0bc6dfdc752dcf13030e40f14ee9ed09efc89b764933fcd315e0f74d2f3cd", + "file_path": "", + "md5": "1255f3b3cc93fa699309ad714badf745" + }, + { + "sha1": "e522e8835a88f24552d04ec1af3c1681cb7269c8", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 171", + "sample_type": "Image/None/JPEG", + "sample_size": 5855, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "73cbed49f585d48d88b732d0c1b6a930d556fd9ec5f0fe0577bb065ed90ce11e", + "file_path": "", + "md5": "0d6bed942437e0bc4c41deae53165408" + }, + { + "sha1": "a7c9e37910ac122a97f52ebc1aa6e2fe51e54179", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 191", + "sample_type": "Image/None/JPEG", + "sample_size": 55245, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "c20d10dc49be9aabe754bab3e7d913aa625a6f73211d857a045f5e6e722d518b", + "file_path": "", + "md5": "d818205b1d270eb3251cac107fb00996" + }, + { + "sha1": "7fa5aa4ec7865f39fc86cf50b2074b30e8fd0c58", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 90", + "sample_type": "Image/None/JPEG", + "sample_size": 3046, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "1194c245a24572f82844885e9935f90719c52dd6577e880909e3a8cb1e6b51c3", + "file_path": "", + "md5": "768af40c8c0d570c7dcf81f599cdbe64" + }, + { + "sha1": "72eb3960f3d8ae6724252fcafe86fb5eeac18f8b", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 138", + "sample_type": "Binary/None", + "sample_size": 2887, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "bd30110622ae294a3a41f834c8f058e457b36a9916704946864df0fa4dd291f3", + "file_path": "", + "md5": "1ac618b0f127a0aa7de3651070fad47a" + }, + { + "sha1": "93de4b55ad29e7406bfec901aad5c06725780c23", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 192", + "sample_type": "Binary/None", + "sample_size": 28367, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "f251f019b6c7f6b8fe01bb09feb95348ca4c3966964d6a9f37f8216d243cb153", + "file_path": "", + "md5": "0e4d86149b4f6e3e6af3bed202a54d7b" + }, + { + "sha1": "4eedb4aad798fa1c2bdb72f984c34a24c56c2476", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 121", + "sample_type": "Image/None/PNG", + "sample_size": 2372, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "257b2e6cbab280d2019687435863539a52473275f8132884c0538efd14899507", + "file_path": "", + "md5": "4505a569689e1df76eba896d26533b8f" + }, + { + "sha1": "b03e31a2df43c881a1bf38723e14d0488e53bd9a", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 101", + "sample_type": "Image/None/JPEG", + "sample_size": 2703, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "039dc85892810b989186a889299ada5e9ddadf43a8f771041b9b5d89d92dc868", + "file_path": "", + "md5": "e196fe4f70544d277d99efcb4e59d959" + }, + { + "sha1": "2ca1a236d41b5e816fe7af3048d33e85abae1f3d", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 104", + "sample_type": "Image/None/JPEG", + "sample_size": 17804, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "e96090e3831f528706487bf3fa86e72565dbe157dbc9cdc9b7b48da0d190df86", + "file_path": "", + "md5": "07f674c8ec0980963043881158c82f65" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 110", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "2676e16aa78ce1196e0273592617c96346a29d31", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 194", + "sample_type": "Image/None/JPEG", + "sample_size": 4374, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "684ad7325e8120a2a587832663f55f56f1c6f59e8924e6873bc17148a464a848", + "file_path": "", + "md5": "bd391154dac88cefb07abd86f4edb1da" + }, + { + "sha1": "0b188f7c91a79519727a25ce3cb4e997f187be43", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 105", + "sample_type": "Binary/None", + "sample_size": 28, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "f245f3dbd4291746d1e44363529f7cb3851a2780c01d8bcdd3c5e080a0009494", + "file_path": "", + "md5": "6d355197591570cee568ab636183c16e" + }, + { + "sha1": "bf7033d18d8409478666fe9eeee6131bd8e983d5", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 168", + "sample_type": "Binary/Archive/GZIP", + "sample_size": 30388, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "33409bb4e77f16dd9dcc540f2047d8d2ac302cfbdeb8e3e44261961c448f9289", + "file_path": "", + "md5": "25e2a55b6daeb5a259ff1459515381db" + }, + { + "sha1": "62a4d9d0d5f8c83c3a17cdc1e488a4a84f3d0460", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 188", + "sample_type": "Image/None/JPEG", + "sample_size": 58204, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "6138cfe70296302a26b60e53dc138305ca9450c97fb4da052b5e40567c6fe779", + "file_path": "", + "md5": "6fa72b7421663295b6d593d8790aa9b1" + }, + { + "sha1": "5789e81a66958aabc7590c1ddd41058335636027", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 244", + "sample_type": "Image/None/WOFF", + "sample_size": 11020, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e", + "file_path": "", + "md5": "a59072f933169d3f2db497f44ca4cbbe" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 214", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "f153256cab6ede3bc605b639e73db9822013354c", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 119", + "sample_type": "Binary/None", + "sample_size": 15928, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "4786a2783bd58159839fe90f5170d78d22d33ea01806152d63936a433e169894", + "file_path": "", + "md5": "ec26bfd025f77c88976cbd9e74420d4d" + }, + { + "sha1": "5bffbffabb780253d1d1cbb899c4de2b66760862", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 205", + "sample_type": "Image/None/JPEG", + "sample_size": 2696, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "eeb31b1cebc8babbfab219a4c52132b507047f88237055219468c27ded4b3b5f", + "file_path": "", + "md5": "896952a8672c231b9435927b70adbdeb" + }, + { + "sha1": "7fe31344fa723425d6be0a264ab084bbfb6a0112", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 196", + "sample_type": "Image/None/JPEG", + "sample_size": 7015, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "42dfca7f071dd80526a7c8a8166f82f712f3813c1be59894e9c0d531ee6aac63", + "file_path": "", + "md5": "3bad41b67d7a8e891a6d4395ae67c277" + }, + { + "sha1": "fd157eaf1a8b3ec97c718798dc375570e6ef9bd0", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 166", + "sample_type": "Image/None/JPEG", + "sample_size": 4816, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "8d4a37c150dcd3b706cb5362ca985858bf24fefe9b47caab3f62d1bc300c1820", + "file_path": "", + "md5": "b177ef0d6b70187a87f55a55fe699cbc" + }, + { + "sha1": "b8612689330620c98d6295e3f7a5f6a7959f02c6", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 149", + "sample_type": "Image/None/JPEG", + "sample_size": 26660, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "1a8799b75e2b918b470c8e04c30a1554246cfe43cb7e9d7527dc83919406addb", + "file_path": "", + "md5": "b0ec92057bc346ca7c83de6a41cdf367" + }, + { + "sha1": "15ace8e9e042913ba263820f7be6214913676e22", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 141", + "sample_type": "Binary/None", + "sample_size": 1862, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "722ef3edbb5a107e1f914b1e400d8f92e0810a10f9a86d6e89220c3f9fcad7fd", + "file_path": "", + "md5": "2ba5b2ffebc6be6401c274544cec45b0" + }, + { + "sha1": "4f102c807204de6449d5a2ae2aba99d249aa3f82", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 127", + "sample_type": "Image/None/JPEG", + "sample_size": 81139, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "cd12947a0f5da04f0581a44438efa3123d51ba80814958f423d6ae15492d80e6", + "file_path": "", + "md5": "534c731b854172d8115d11c88db0dc46" + }, + { + "sha1": "930193b840dd3298e7001a4fc3d7dde80f5ae8e4", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 89", + "sample_type": "Image/None/JPEG", + "sample_size": 4245, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "1ffa387734b3f6961ed9f443b6062601166b427415fd78faf2fde842a3ea4d1e", + "file_path": "", + "md5": "e37ae5f3d0786c75d5aaa9920edacc05" + }, + { + "sha1": "8f987f895be240334e6d617b169b824b25f8e45f", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 225", + "sample_type": "Image/None/JPEG", + "sample_size": 6557, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "36b032acb6b879eec36ce95da3ace57a7e537584c7a8a4f87cc187fd03b1951a", + "file_path": "", + "md5": "40bd9f4fb6ab4ca640887f218e939e85" + }, + { + "sha1": "e522e8835a88f24552d04ec1af3c1681cb7269c8", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 97", + "sample_type": "Image/None/JPEG", + "sample_size": 5855, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "73cbed49f585d48d88b732d0c1b6a930d556fd9ec5f0fe0577bb065ed90ce11e", + "file_path": "", + "md5": "0d6bed942437e0bc4c41deae53165408" + }, + { + "sha1": "6b1c1235e4fb42159a8d88ddc1456935ac36236a", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 157", + "sample_type": "Binary/Archive/GZIP", + "sample_size": 46816, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "3503cb3b14811575b4070fbf410c4faa148b118db6b21ad9a47a582f8cef5856", + "file_path": "", + "md5": "a7bb71c6e0827791da0b46491a6dd388" + }, + { + "sha1": "5a50b8e7e227531ebecba74a8ec3f7752c038e45", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 99", + "sample_type": "Image/None/JPEG", + "sample_size": 6238, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "1653b9d1b6fdbf987dad791297e4fcd6eb4f054c3975d97672ffd829c27795bc", + "file_path": "", + "md5": "5c79334ed4b28046f38de19aecbffe6b" + }, + { + "sha1": "152f312d82ea7f909efab9cfbc513922c5c68451", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 112", + "sample_type": "Image/None/JPEG", + "sample_size": 3484, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "5f71ef9cc75b0885c4d7a565db2dc8f2b159470b9f87f47523af73ca08b3f2fa", + "file_path": "", + "md5": "e58166197873c671d947f32ad004507f" + }, + { + "sha1": "45a8c4980dae29b1eefafdfd94fb4970ddf3e3e3", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 120", + "sample_type": "Image/None/PNG", + "sample_size": 100353, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "25e630efa0f85c1310aafd02b164600a790d2a8872acad58368a558d4ee2848e", + "file_path": "", + "md5": "03ea3b0ffac42298b8dcc9f879bb30cd" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 100", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "6eb83738fbe5dd557a573a873d0ab0b50b3aab18", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 230", + "sample_type": "Image/None/JPEG", + "sample_size": 10576, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "802c38614a4c3afb10a73fc16e2ee06103e5b3c17aba14dce68b4fb37679863e", + "file_path": "", + "md5": "34cb56bf1ee13123ea28819d78ef6d3a" + }, + { + "sha1": "4f102c807204de6449d5a2ae2aba99d249aa3f82", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 176", + "sample_type": "Image/None/JPEG", + "sample_size": 81139, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "cd12947a0f5da04f0581a44438efa3123d51ba80814958f423d6ae15492d80e6", + "file_path": "", + "md5": "534c731b854172d8115d11c88db0dc46" + }, + { + "sha1": "e0ed377bd8278fbea11264788eb59a6fe59c14ea", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 160", + "sample_type": "Image/None/JPEG", + "sample_size": 1614, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "54503cea106dc82deb940dc049e4f01f7a03a399e07f3e3403df390d08b086fe", + "file_path": "", + "md5": "643bfd45a1a5af69cea2b510927832a7" + }, + { + "sha1": "f5cef917635c0ddf9c67bb7ef8b37b1725b53152", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 131", + "sample_type": "Image/None/PNG", + "sample_size": 497, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "83aed9a68ee856ae88cb99fe562493ce627010c0b05d919cd7dc311414425c10", + "file_path": "", + "md5": "a00f507810e886fe683c705a0582cdb2" + }, + { + "sha1": "62a4d9d0d5f8c83c3a17cdc1e488a4a84f3d0460", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 189", + "sample_type": "Image/None/JPEG", + "sample_size": 58204, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "6138cfe70296302a26b60e53dc138305ca9450c97fb4da052b5e40567c6fe779", + "file_path": "", + "md5": "6fa72b7421663295b6d593d8790aa9b1" + }, + { + "sha1": "c17d49f81185e16d7c0b5a3c1a096285b11101ed", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 156", + "sample_type": "Image/None/JPEG", + "sample_size": 3928, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "8f1341c8b1c3613c6008e884b83c24a267c51b6a0fd766e54207ff064a6cbad1", + "file_path": "", + "md5": "14e628e330b1b37afb6267fc118d2305" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 235", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "08d84905ec59ef0dd96cc94ea81fbb4c2448e009", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 124", + "sample_type": "Image/None/JPEG", + "sample_size": 3559, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "249c151940cfee86eea272b3e86ba9a735b6901739f9f3cf489260e8183cb20c", + "file_path": "", + "md5": "b9d39a4b37255a7bfa6cbfdc94219077" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 233", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "2578d7531085fea59a21e3a51039bdd4202e334b", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 132", + "sample_type": "Image/None/JPEG", + "sample_size": 4455, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a9b7fe1efcd58b29cd498e3ca1ddcc840d3f0084f611ce5b0d1b84c973dcd357", + "file_path": "", + "md5": "9f006ab0ecb111a454dbce86c29f9f57" + }, + { + "sha1": "489a7c76c076e6b95e168f97a293d2c7fa880165", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 167", + "sample_type": "Image/None/JPEG", + "sample_size": 3741, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "01bf2af64dd7a156e5838536dde22bf0b67073192b7c05fe38bf1f67b223b905", + "file_path": "", + "md5": "ba1090c3728e03f6ef4a575e6d8d1a5e" + }, + { + "sha1": "0d31448b24ecf17ce885d1068089ec1b8cc7dc04", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 197", + "sample_type": "Image/None/JPEG", + "sample_size": 6680, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "3e33511b7b4767198e9f07467bce1a893b5ea75a535373cc906d98425d82c8af", + "file_path": "", + "md5": "e0ff5f849f86eae053a1207429ac7ab4" + }, + { + "sha1": "7fa5aa4ec7865f39fc86cf50b2074b30e8fd0c58", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 140", + "sample_type": "Image/None/JPEG", + "sample_size": 3046, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "1194c245a24572f82844885e9935f90719c52dd6577e880909e3a8cb1e6b51c3", + "file_path": "", + "md5": "768af40c8c0d570c7dcf81f599cdbe64" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 216", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "03a9d879efeb95c7c2745b2275426016e9d229ab", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 175", + "sample_type": "Image/None/JPEG", + "sample_size": 5415, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "1c9ebc07b2c555951b26562b2c911906024a05ca72422ffc08c90c77221a44ec", + "file_path": "", + "md5": "190108c5c10e694fae0f0490b3357c01" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 236", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "5bffbffabb780253d1d1cbb899c4de2b66760862", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 193", + "sample_type": "Image/None/JPEG", + "sample_size": 2696, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "eeb31b1cebc8babbfab219a4c52132b507047f88237055219468c27ded4b3b5f", + "file_path": "", + "md5": "896952a8672c231b9435927b70adbdeb" + }, + { + "sha1": "3a6a668c00c9a04e94611b34d4b5f2482b556e0b", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 180", + "sample_type": "Image/None/PNG", + "sample_size": 12056, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "756188e73429bcd78f5d6a7d14d6fba5ff636a41d715df4b5c40b29f7e3df965", + "file_path": "", + "md5": "1dd2a51e639e476432926c1b26c42bbd" + }, + { + "sha1": "930193b840dd3298e7001a4fc3d7dde80f5ae8e4", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 152", + "sample_type": "Image/None/JPEG", + "sample_size": 4245, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "1ffa387734b3f6961ed9f443b6062601166b427415fd78faf2fde842a3ea4d1e", + "file_path": "", + "md5": "e37ae5f3d0786c75d5aaa9920edacc05" + }, + { + "sha1": "470a529e517cdb74716116e7b29552419e86babb", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 227", + "sample_type": "Image/None/JPEG", + "sample_size": 3597, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "18c81654266eca777b1b4c2e00b439c3ce342e6edff47bccf375197cd95edb10", + "file_path": "", + "md5": "f80030bc60f2cce5dedd2174b507246e" + }, + { + "sha1": "28b5e16b014a40addfa0b59122301b8527c87f34", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 201", + "sample_type": "Image/None/PNG", + "sample_size": 3318, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "b5c35ead310d445abf5475f4f1d644000125b3e9a53b5f297531f8760dac26e8", + "file_path": "", + "md5": "3425122b41b55222d336992b13a00114" + }, + { + "sha1": "a7c9e37910ac122a97f52ebc1aa6e2fe51e54179", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 122", + "sample_type": "Image/None/JPEG", + "sample_size": 55245, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "c20d10dc49be9aabe754bab3e7d913aa625a6f73211d857a045f5e6e722d518b", + "file_path": "", + "md5": "d818205b1d270eb3251cac107fb00996" + }, + { + "sha1": "30b076e0e60bd4589052e6a51f6d2dad4b202f99", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 178", + "sample_type": "Binary/None", + "sample_size": 174929, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "9cc32dc9c4cb8d38afd2c97dc127563a18e585d756a44ff783829a1b3bd86aab", + "file_path": "", + "md5": "f25ec68306de555b2fd9de9df5fc68fa" + }, + { + "sha1": "9c11794d0cebe579c7b0275847e2ab1bfd2114d2", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 240", + "sample_type": "Image/None/JPEG", + "sample_size": 5048, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "3fa7e13b8caf75b7f215149e88d62e80ea4a9ac649ee10ad3939b1d498e3030e", + "file_path": "", + "md5": "ad97055f043b3260fda52f90ab04930e" + }, + { + "sha1": "8302f515431afe4a30b548d820540d3ac5627667", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 135", + "sample_type": "Image/None/JPEG", + "sample_size": 30902, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "cd4684c0e1c41256f4ccae016e1b247238c6b8e041c54aded18e7d7af86fcd63", + "file_path": "", + "md5": "e2ba49b3b70491d21334041090b955bd" + }, + { + "sha1": "9767ea61066ef394d4962bde6b4e1d055001d28d", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 206", + "sample_type": "Image/None/JPEG", + "sample_size": 5231, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "1ed1eee6fc7dcf13312a3e7e20cf9869ac0a517034e07428e33059917005093c", + "file_path": "", + "md5": "9a38f9f0ecd7e2d63a08676f18810cfb" + }, + { + "sha1": "489a7c76c076e6b95e168f97a293d2c7fa880165", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 198", + "sample_type": "Image/None/JPEG", + "sample_size": 3741, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "01bf2af64dd7a156e5838536dde22bf0b67073192b7c05fe38bf1f67b223b905", + "file_path": "", + "md5": "ba1090c3728e03f6ef4a575e6d8d1a5e" + }, + { + "sha1": "6ddd5099e3cde9460a9d52f26421d8018c606680", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 224", + "sample_type": "Binary/Archive/GZIP", + "sample_size": 4343, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "d21ada6b1008ec75f03c1acbca30a19ad2a0910f49790c79b6676e8945f0bca9", + "file_path": "", + "md5": "bd5ddb7c1e0e700a24870a933e19eda0" + }, + { + "sha1": "7b6bf48baf2de7bf3614051f650d0de3ccfae4e7", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 169", + "sample_type": "Image/None/JPEG", + "sample_size": 9509, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "531e960b289db27a7b9a406779e90666e31eb0cd5c714f9d6a02b1677e82dee5", + "file_path": "", + "md5": "48fad77575b7ef908cbe8f2620fab43e" + }, + { + "sha1": "6ff06a34f68ad0324ddec1bbe4d453c959178b36", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 184", + "sample_type": "Image/None/WOFF", + "sample_size": 11016, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479", + "file_path": "", + "md5": "15fa3062f8929bd3b05fdca5259db412" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 183", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "5789e81a66958aabc7590c1ddd41058335636027", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 158", + "sample_type": "Image/None/WOFF", + "sample_size": 11020, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e", + "file_path": "", + "md5": "a59072f933169d3f2db497f44ca4cbbe" + }, + { + "sha1": "3a6a668c00c9a04e94611b34d4b5f2482b556e0b", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 226", + "sample_type": "Image/None/PNG", + "sample_size": 12056, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "756188e73429bcd78f5d6a7d14d6fba5ff636a41d715df4b5c40b29f7e3df965", + "file_path": "", + "md5": "1dd2a51e639e476432926c1b26c42bbd" + }, + { + "sha1": "41cc3b4d7d8f02181cfa55384d5a53a83c76cb61", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 187", + "sample_type": "Binary/None", + "sample_size": 57183, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "7149f21f312737dd05fbaa26e958e70639bd0c64e81eb24b7ec01ad15cd8a285", + "file_path": "", + "md5": "a048a6a2d5a57ad40865354f93e99392" + }, + { + "sha1": "28b5e16b014a40addfa0b59122301b8527c87f34", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 117", + "sample_type": "Image/None/PNG", + "sample_size": 3318, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "b5c35ead310d445abf5475f4f1d644000125b3e9a53b5f297531f8760dac26e8", + "file_path": "", + "md5": "3425122b41b55222d336992b13a00114" + }, + { + "sha1": "ede344f8cc0c483eab92c8b7d3f557b0e5f62229", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 118", + "sample_type": "Image/None/JPEG", + "sample_size": 5696, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "101e16c8036307d4d224d6c29f674d5e6ba68d32f46018258403f30ae8b0b40f", + "file_path": "", + "md5": "3cbe65afcd9be26a9d049d5ab0d98c85" + }, + { + "sha1": "c17d49f81185e16d7c0b5a3c1a096285b11101ed", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 129", + "sample_type": "Image/None/JPEG", + "sample_size": 3928, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "8f1341c8b1c3613c6008e884b83c24a267c51b6a0fd766e54207ff064a6cbad1", + "file_path": "", + "md5": "14e628e330b1b37afb6267fc118d2305" + }, + { + "sha1": "5a50b8e7e227531ebecba74a8ec3f7752c038e45", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 245", + "sample_type": "Image/None/JPEG", + "sample_size": 6238, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "1653b9d1b6fdbf987dad791297e4fcd6eb4f054c3975d97672ffd829c27795bc", + "file_path": "", + "md5": "5c79334ed4b28046f38de19aecbffe6b" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 139", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "bba1550dd8ebab7b55fcbd092655db0dbe968a21", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 103", + "sample_type": "Image/None/JPEG", + "sample_size": 5830, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a5f0bc6dfdc752dcf13030e40f14ee9ed09efc89b764933fcd315e0f74d2f3cd", + "file_path": "", + "md5": "1255f3b3cc93fa699309ad714badf745" + }, + { + "sha1": "11d1b55c5de9c01228624860d7020927362aedb6", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 125", + "sample_type": "Binary/None", + "sample_size": 12192, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "2900cce6198b031f651a558242e97d5a8d92981116391d37adc061e8ba7ab228", + "file_path": "", + "md5": "c200fc263f67f99ad385c10a92becaca" + }, + { + "sha1": "b03e31a2df43c881a1bf38723e14d0488e53bd9a", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 222", + "sample_type": "Image/None/JPEG", + "sample_size": 2703, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "039dc85892810b989186a889299ada5e9ddadf43a8f771041b9b5d89d92dc868", + "file_path": "", + "md5": "e196fe4f70544d277d99efcb4e59d959" + }, + { + "sha1": "cdf956ab7a6d8b70aa74a71d58324774b7633848", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 146", + "sample_type": "Binary/None", + "sample_size": 10578, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "e4c677b7dda552036081657fa115fdd8b508d9dcb9af0b1063ddbde8efe38224", + "file_path": "", + "md5": "821979aeb4b562808423f1c5b35e3785" + }, + { + "sha1": "7fa54e72d0a5c52f68d8770ffba1ed72345b95b4", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 223", + "sample_type": "Image/None/JPEG", + "sample_size": 47553, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "2041669ae9d8bb8f0dd31f5cbf7074b466bd29389d6afd212a913243b7b5ec9e", + "file_path": "", + "md5": "d0423a8eefa2dd3c312f4f5d2c442d5c" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 207", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "2578d7531085fea59a21e3a51039bdd4202e334b", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 161", + "sample_type": "Image/None/JPEG", + "sample_size": 4455, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a9b7fe1efcd58b29cd498e3ca1ddcc840d3f0084f611ce5b0d1b84c973dcd357", + "file_path": "", + "md5": "9f006ab0ecb111a454dbce86c29f9f57" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 177", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 123", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "5dbdaab7213b5c606f0c8b1b153e1ea284bb737c", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 241", + "sample_type": "Image/None/JPEG", + "sample_size": 54660, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "05d4923449bdc5b7de702698eda368f1287ca59d7a788c70f1a662d264dc2e27", + "file_path": "", + "md5": "58f7fe65d7b019d7cfa4c3ba7ceb1e4c" + }, + { + "sha1": "829c3947b4cc8f2cdc179254d163c33ed7d6c564", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 95", + "sample_type": "Binary/Archive/GZIP", + "sample_size": 2305, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "18ded3005ba1fece98bd20ed9fb80aab2e40b6150affa919439cd813ee9e3c1b", + "file_path": "", + "md5": "9ee1fcb71b2077acd5604f52976d156f" + }, + { + "sha1": "397b288df8abf27a0cd24350593e0a3814f7ef42", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 155", + "sample_type": "Image/None/JPEG", + "sample_size": 5209, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "ada4871e8f92d50a977253467f4fff3fac17ec43dacc78f1713e51365459032f", + "file_path": "", + "md5": "139043909e518c544e6e9aa497a8ddcd" + }, + { + "sha1": "9a5c1462d0103e306f94589c423babf681ec9a48", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 211", + "sample_type": "Binary/None", + "sample_size": 1139, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "d6aa867c755d1e71f2764e35da115c33ce0a02bbcc5e8edbe586d5b43b50fad5", + "file_path": "", + "md5": "c7345b5f13ee8306806977e8d1b68835" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 126", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 130", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "29c6b82e87f475f4f18410d45c1335392c8610a1", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 109", + "sample_type": "Image/None/JPEG", + "sample_size": 2762, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "24d65f2702f30720b9c00ec85d5d781dfc52025d8037f350dc1d024aa1c009f5", + "file_path": "", + "md5": "3b0eac80c91d00aef6fec0a60d71b63b" + }, + { + "sha1": "c849ca7878a01012fddd8acfdba279f2422cd0c2", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 148", + "sample_type": "Binary/None", + "sample_size": 411685, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "67b2a17f04a8817c4b504eb749490f3150b98ecd41de11af9010d0d087e0c0e7", + "file_path": "", + "md5": "5dee3cd9ff301b7e6a649a50a00b0631" + }, + { + "sha1": "6f773abdd41cc6c38455aab073f2c15b6e1b3216", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 153", + "sample_type": "Image/None/JPEG", + "sample_size": 3452, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "58471a81b8e03d829480b36b67563971fd34fd461cdcc2d4f10bf3a971b854d7", + "file_path": "", + "md5": "792dc435254bb1c8c908926c3743b2f4" + }, + { + "sha1": "4484e3ebe71146a7c27bd706f413dec2b5a35526", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 174", + "sample_type": "Image/None/JPEG", + "sample_size": 2827, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "ec6c64a5fea39cc97613545bb306fd862df39c5b2eaa5c7e0963a982cbc54d05", + "file_path": "", + "md5": "550caec824f420c2145b75a6081c4f27" + }, + { + "sha1": "7fa54e72d0a5c52f68d8770ffba1ed72345b95b4", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 107", + "sample_type": "Image/None/JPEG", + "sample_size": 47553, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "2041669ae9d8bb8f0dd31f5cbf7074b466bd29389d6afd212a913243b7b5ec9e", + "file_path": "", + "md5": "d0423a8eefa2dd3c312f4f5d2c442d5c" + }, + { + "sha1": "e0ed377bd8278fbea11264788eb59a6fe59c14ea", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 186", + "sample_type": "Image/None/JPEG", + "sample_size": 1614, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "54503cea106dc82deb940dc049e4f01f7a03a399e07f3e3403df390d08b086fe", + "file_path": "", + "md5": "643bfd45a1a5af69cea2b510927832a7" + }, + { + "sha1": "c8be5259dafa617a574c3cf8e728e1e5de439196", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 143", + "sample_type": "Image/None/JPEG", + "sample_size": 2168, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "54bb29488dd7451b42292474ecb3545151fcc5b4bd1cc0c682604340569a02c5", + "file_path": "", + "md5": "2e35ccb645015f1d4b790ce54b5a0119" + }, + { + "sha1": "4484e3ebe71146a7c27bd706f413dec2b5a35526", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 219", + "sample_type": "Image/None/JPEG", + "sample_size": 2827, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "ec6c64a5fea39cc97613545bb306fd862df39c5b2eaa5c7e0963a982cbc54d05", + "file_path": "", + "md5": "550caec824f420c2145b75a6081c4f27" + }, + { + "sha1": "2eb314939881eb922c1b3f4538e2cf95162a78c3", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 220", + "sample_type": "Image/None/JPEG", + "sample_size": 6479, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "1151a44411193b4a719e736e44155b042f4e83400a89cc879ad10d767f7a1caf", + "file_path": "", + "md5": "9e7e991f92ad1be903e4a5b36a0bc9a4" + }, + { + "sha1": "9767ea61066ef394d4962bde6b4e1d055001d28d", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 228", + "sample_type": "Image/None/JPEG", + "sample_size": 5231, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "1ed1eee6fc7dcf13312a3e7e20cf9869ac0a517034e07428e33059917005093c", + "file_path": "", + "md5": "9a38f9f0ecd7e2d63a08676f18810cfb" + }, + { + "sha1": "c8be5259dafa617a574c3cf8e728e1e5de439196", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 179", + "sample_type": "Image/None/JPEG", + "sample_size": 2168, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "54bb29488dd7451b42292474ecb3545151fcc5b4bd1cc0c682604340569a02c5", + "file_path": "", + "md5": "2e35ccb645015f1d4b790ce54b5a0119" + }, + { + "sha1": "6310022f64c2b93940ff004519a5cac926be2b48", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 163", + "sample_type": "Binary/None", + "sample_size": 124088, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "0f75c7297d0bcdb247420e83c3e230e39140ecda41f4a09cb87a0a0176da25ef", + "file_path": "", + "md5": "95d0f49af179d9337f09ff3caa6cf691" + }, + { + "sha1": "15cd0cfb5cef05c87a65822eb100a02754d5c04f", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 88", + "sample_type": "Image/None/JPEG", + "sample_size": 3977, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "6fbb5d59ee9b27aa7539b6487eb5c5cd4ce6431b1e20f699da42e8d08a837585", + "file_path": "", + "md5": "80f226c6be828bdd5d0f42ffafc8896d" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 151", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "152f312d82ea7f909efab9cfbc513922c5c68451", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 181", + "sample_type": "Image/None/JPEG", + "sample_size": 3484, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "5f71ef9cc75b0885c4d7a565db2dc8f2b159470b9f87f47523af73ca08b3f2fa", + "file_path": "", + "md5": "e58166197873c671d947f32ad004507f" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 94", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "b8612689330620c98d6295e3f7a5f6a7959f02c6", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 231", + "sample_type": "Image/None/JPEG", + "sample_size": 26660, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "1a8799b75e2b918b470c8e04c30a1554246cfe43cb7e9d7527dc83919406addb", + "file_path": "", + "md5": "b0ec92057bc346ca7c83de6a41cdf367" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 106", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "01deaf1141d909139c3c179515d7cbf00198a4cb", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 234", + "sample_type": "Image/None/JPEG", + "sample_size": 6675, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "9279b6cd2ec09ec44ce40257b6f6c99de814cf0959f9463654428b020b417f19", + "file_path": "", + "md5": "bcfbd15ceca7999cd3026cdba9b94a90" + }, + { + "sha1": "4eedb4aad798fa1c2bdb72f984c34a24c56c2476", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 96", + "sample_type": "Image/None/PNG", + "sample_size": 2372, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "257b2e6cbab280d2019687435863539a52473275f8132884c0538efd14899507", + "file_path": "", + "md5": "4505a569689e1df76eba896d26533b8f" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 218", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 108", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "0d31448b24ecf17ce885d1068089ec1b8cc7dc04", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 213", + "sample_type": "Image/None/JPEG", + "sample_size": 6680, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "3e33511b7b4767198e9f07467bce1a893b5ea75a535373cc906d98425d82c8af", + "file_path": "", + "md5": "e0ff5f849f86eae053a1207429ac7ab4" + }, + { + "sha1": "6eb83738fbe5dd557a573a873d0ab0b50b3aab18", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 238", + "sample_type": "Image/None/JPEG", + "sample_size": 10576, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "802c38614a4c3afb10a73fc16e2ee06103e5b3c17aba14dce68b4fb37679863e", + "file_path": "", + "md5": "34cb56bf1ee13123ea28819d78ef6d3a" + }, + { + "sha1": "29c6b82e87f475f4f18410d45c1335392c8610a1", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 203", + "sample_type": "Image/None/JPEG", + "sample_size": 2762, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "24d65f2702f30720b9c00ec85d5d781dfc52025d8037f350dc1d024aa1c009f5", + "file_path": "", + "md5": "3b0eac80c91d00aef6fec0a60d71b63b" + }, + { + "sha1": "6f773abdd41cc6c38455aab073f2c15b6e1b3216", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 173", + "sample_type": "Image/None/JPEG", + "sample_size": 3452, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "58471a81b8e03d829480b36b67563971fd34fd461cdcc2d4f10bf3a971b854d7", + "file_path": "", + "md5": "792dc435254bb1c8c908926c3743b2f4" + }, + { + "sha1": "7fe31344fa723425d6be0a264ab084bbfb6a0112", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 200", + "sample_type": "Image/None/JPEG", + "sample_size": 7015, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "42dfca7f071dd80526a7c8a8166f82f712f3813c1be59894e9c0d531ee6aac63", + "file_path": "", + "md5": "3bad41b67d7a8e891a6d4395ae67c277" + }, + { + "sha1": "ede344f8cc0c483eab92c8b7d3f557b0e5f62229", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 239", + "sample_type": "Image/None/JPEG", + "sample_size": 5696, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "101e16c8036307d4d224d6c29f674d5e6ba68d32f46018258403f30ae8b0b40f", + "file_path": "", + "md5": "3cbe65afcd9be26a9d049d5ab0d98c85" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 114", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "5789e81a66958aabc7590c1ddd41058335636027", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 92", + "sample_type": "Image/None/WOFF", + "sample_size": 11020, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e", + "file_path": "", + "md5": "a59072f933169d3f2db497f44ca4cbbe" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 221", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "fd157eaf1a8b3ec97c718798dc375570e6ef9bd0", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 209", + "sample_type": "Image/None/JPEG", + "sample_size": 4816, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "8d4a37c150dcd3b706cb5362ca985858bf24fefe9b47caab3f62d1bc300c1820", + "file_path": "", + "md5": "b177ef0d6b70187a87f55a55fe699cbc" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 116", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "6ee41aacd863d1c710ed189fce9fa4b5a6fed61b", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 237", + "sample_type": "Image/None/JPEG", + "sample_size": 46739, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "17608d551f17c933466d5b5733f28f9ad92852e4d792e415a368f69f435d1e01", + "file_path": "", + "md5": "e83f967c1c5f4ee79db3d53dd9af5e73" + }, + { + "sha1": "87d84e52cf7d74617f34bd98c8ce1889e9f2102d", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 144", + "sample_type": "Image/None/JPEG", + "sample_size": 6337, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "06008bbdba5493b5047000104128238845b1d66d0aa631751b691b6d67747110", + "file_path": "", + "md5": "cd8ca137a95eec5947d1fc516a7f6aec" + }, + { + "sha1": "7b6bf48baf2de7bf3614051f650d0de3ccfae4e7", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 145", + "sample_type": "Image/None/JPEG", + "sample_size": 9509, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "531e960b289db27a7b9a406779e90666e31eb0cd5c714f9d6a02b1677e82dee5", + "file_path": "", + "md5": "48fad77575b7ef908cbe8f2620fab43e" + }, + { + "sha1": "ff363c7e5086f09760c9bc759e0ef2d0055bda47", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 208", + "sample_type": "Binary/None", + "sample_size": 2245, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a4e26b6349b555a919e510a34f83547a1b5eb596f64e4faff8a767169b3123e4", + "file_path": "", + "md5": "30045490bd99424ad19bc45883fc17f6" + }, + { + "sha1": "626b9b656308bd16f13769c73c0839462f50afbf", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 242", + "sample_type": "Image/None/JPEG", + "sample_size": 5511, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "5612ed78d613c00f7b8ae2589cf659a3b9831060acc2a89fbf0bccb62759f5bb", + "file_path": "", + "md5": "74c579cc444ce7e953295ae84de5086c" + }, + { + "sha1": "03a9d879efeb95c7c2745b2275426016e9d229ab", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 232", + "sample_type": "Image/None/JPEG", + "sample_size": 5415, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "1c9ebc07b2c555951b26562b2c911906024a05ca72422ffc08c90c77221a44ec", + "file_path": "", + "md5": "190108c5c10e694fae0f0490b3357c01" + }, + { + "sha1": "88a82523260a982a5dbfd3f4e19c3db4969a701b", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 199", + "sample_type": "Image/None/JPEG", + "sample_size": 4214, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "26ea9b916a48c6d54fb36ad5db111bbfa13ad8922198008554c852486d805e08", + "file_path": "", + "md5": "a4ba5615d593e59bfcd485fcf897d050" + }, + { + "sha1": "45a8c4980dae29b1eefafdfd94fb4970ddf3e3e3", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 170", + "sample_type": "Image/None/PNG", + "sample_size": 100353, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "25e630efa0f85c1310aafd02b164600a790d2a8872acad58368a558d4ee2848e", + "file_path": "", + "md5": "03ea3b0ffac42298b8dcc9f879bb30cd" + }, + { + "sha1": "626b9b656308bd16f13769c73c0839462f50afbf", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 210", + "sample_type": "Image/None/JPEG", + "sample_size": 5511, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "5612ed78d613c00f7b8ae2589cf659a3b9831060acc2a89fbf0bccb62759f5bb", + "file_path": "", + "md5": "74c579cc444ce7e953295ae84de5086c" + }, + { + "sha1": "2eb314939881eb922c1b3f4538e2cf95162a78c3", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 128", + "sample_type": "Image/None/JPEG", + "sample_size": 6479, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "1151a44411193b4a719e736e44155b042f4e83400a89cc879ad10d767f7a1caf", + "file_path": "", + "md5": "9e7e991f92ad1be903e4a5b36a0bc9a4" + }, + { + "sha1": "68e69c4cafd9511007d5ae2ef639a9c353c2fd4a", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 243", + "sample_type": "Binary/Archive/GZIP", + "sample_size": 91016, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "f125b2eb6875ba0bdff7dfa6b312f4bd133e35b0de3d48c72f41f9562bc288cb", + "file_path": "", + "md5": "7d3c549a01423770076491eb7635612f" + }, + { + "sha1": "79a903b5bc8bafdc78651d58a098b7f8b2d7fc30", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 217", + "sample_type": "Image/None/JPEG", + "sample_size": 2635, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "73a03e22aee1c13064d8e30ea80fc3b8a0a4cd9c128bb01a5036daa3b8ae0979", + "file_path": "", + "md5": "81e626d3efd077f4b121bc12aef2a4dd" + }, + { + "sha1": "15c0c62c4c7c917b5dd82a8e1e439211a44b9e98", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 172", + "sample_type": "Image/None/GIF", + "sample_size": 43, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "a3a64aea2e96ec58a163ddb8d4cf86cf236178ed2d225b8f44154bc1b010ddce", + "file_path": "", + "md5": "e68cc604cab69bf03b8cd228d940f5ef" + }, + { + "sha1": "87d84e52cf7d74617f34bd98c8ce1889e9f2102d", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 182", + "sample_type": "Image/None/JPEG", + "sample_size": 6337, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "06008bbdba5493b5047000104128238845b1d66d0aa631751b691b6d67747110", + "file_path": "", + "md5": "cd8ca137a95eec5947d1fc516a7f6aec" + }, + { + "sha1": "281bdbf311823c4f05510884cc4d3ed235cb4c89", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 159", + "sample_type": "Text/HTML", + "sample_size": 1720, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "b76de5ad72e8e664d058f8adaaeea9211c5511d25d23ccc0bad5f9d40bc8a14a", + "file_path": "", + "md5": "852255ce3f5bc74ad5b9053240305ab7" + }, + { + "sha1": "2ca1a236d41b5e816fe7af3048d33e85abae1f3d", + "classification": "NO_THREATS_FOUND", + "file_name": "Chrome Cache Entry: 164", + "sample_type": "Image/None/JPEG", + "sample_size": 17804, + "analysis_ids": [ + { + "analysis_id": "b549dd89-5bc8-47ea-92a2-018e8d9c36e5", + "classification": "UNKNOWN" + } + ], + "sha256": "e96090e3831f528706487bf3fa86e72565dbe157dbc9cdc9b7b48da0d190df86", + "file_path": "", + "md5": "07f674c8ec0980963043881158c82f65" + } + ], + "sha1": "13659fe16d68b277526d3bb25acb2731b235bdf4", + "md5": "", + "classification_version": 2, + "platforms": [ + "windows10" + ], + "url": "https://imdb.com/title/tt7740510/reviews?ref_=tt_urv", + "first_analysis": "2024-01-19T12:53:59", + "network": { + "url": [ + { + "url": "https://m.media-amazon.com/images/G/01/csm/showads.v2.js?category=ad&adstype=-ad-column-&ad_size=-ho", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://twitter.com/intent/tweet?text=Antlers%20(2021)%20-%20https%3A%2F%2Fwww.imdb.com%2Ftitle%2Ftt", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/S/sash/JJwdLH4ViTW-kI$.js", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/S/sash/6qZFWoJmV652f6o.js", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/favicon_iPhone_retina_180x180._CB1582158", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/G/01/IMDb/cm9ib3RvQm9sZA.woff2)", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/S/sash/9m6S-uNKolkzgGa.css", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://unagi.amazon.com/1/events/com.amazon.csm.csa.prod", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/M/MV5BMTQ2Nzk5NzIxMF5BMl5BanBnXkFtZTgwNTM2NTc5MjE", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/M/MV5BZGNiNDQ2OTAtZWYwOS00ZGVlLThmNmItM2NlMDU5M2QxNzUyXkEyXkFqcGde", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://www.imdb.com/title/tt7740510/", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/apple-touch-icon-web-152x152._CB47996308", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "http://www.imdb.com/title/tt7740510/", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/favicon_iPad_retina_167x167._CB158215806", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/S/sash/8ZhQrGnWn9cWUVQ.png", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/S/sash/CCc6Ja$8QUPPKkY.css", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/G/01/IMDb/cm9ib3RvTWVk.woff2)", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://slyb.app.link/vtz1COZnXAb", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/apple-touch-icon-mobile._CB479963088_.pn", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/S/sash/pXHSPBTKPo0GIjW.css", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://unagi-na.amazon.com/1/events/com.amazon.csm.nexusclient.prod", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/M/MV5BYmZlZDZkZjYtNzE5Mi00ODFhLTk2OTgtZWVmODBiZTI4NGFiXkEyXkFqcGde", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/apple-touch-icon-mobile-76x76._CB4799621", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/S/sash/eLBTsaJHl4mJCUa.css", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/M/MV5BOGY2MDAxNTEtNjJhOC00ZjNmLWIyYzAtNzQ4OGY2MDBkYTc2XkEyXkFqcGde", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "http://www.imdb.com/title/tt7740510/reviews", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/M/MV5BY2UzODAyNjktN2MwYy00M2RkLThiOTEtMjU1MTgxY2EzM2YyXkEyXkFqcGde", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://images-na.ssl-images-amazon.com/images/I/31bJewCvY-L.js", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "http://ogp.me/ns#", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/favicon_desktop_32x32._CB1582158068_.png", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://cdn.branch.io/branch-2.58.0.min.js", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/G/01/IMDb/cm9ib3Rv.woff2)", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/S/sash/MzfIBMq9GBucYqW.xml", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/android-mobile-196x196._CB479962153_.png", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/S/sash/LEkTDT9yTAT$m1v.js", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/G/01/imdb/images-ANDW73HA/apple-touch-icon-mobile-120x120._CB47996", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/M/MV5BMzdjNjI5MmYtODhiNS00NTcyLWEzZmUtYzVmODM5YzExNDE3XkEyXkFqcGde", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/S/sash/li0RQGRcT$yJBXl.js", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://www.imdb.com/title/tt7740510/reviews", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "url": "https://m.media-amazon.com/images/S/sash/Z1lb6I-6IosG6cQ.js", + "source": "memory", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + } + ], + "udp": [ + { + "destination_port": 53, + "process_id": 5476, + "destination_ip": "8.8.4.4", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "destination_port": 53, + "process_id": 5476, + "destination_ip": "8.8.8.8", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "destination_port": 1900, + "process_id": 7164, + "destination_ip": "239.255.255.250", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + } + ], + "tcp": [ + { + "destination_port": 443, + "process_id": 5476, + "destination_ip": "67.220.240.31", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "destination_port": 443, + "process_id": 5476, + "destination_ip": "65.9.86.10", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "destination_port": 443, + "process_id": 5476, + "destination_ip": "18.239.24.188", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "destination_port": 443, + "process_id": 5476, + "destination_ip": "54.192.87.100", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "destination_port": 443, + "process_id": 5476, + "destination_ip": "142.250.27.84", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "destination_port": 443, + "process_id": 5476, + "destination_ip": "52.94.225.248", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "destination_port": 443, + "process_id": 5476, + "destination_ip": "18.239.38.222", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "destination_port": 443, + "process_id": 5476, + "destination_ip": "13.227.211.55", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "destination_port": 443, + "process_id": 5476, + "destination_ip": "52.204.132.63", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "destination_port": 443, + "process_id": 5476, + "destination_ip": "142.251.36.36", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "destination_port": 443, + "process_id": 5476, + "destination_ip": "108.156.69.18", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "destination_port": 443, + "process_id": 5476, + "destination_ip": "142.250.179.142", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + } + ], + "dns": [ + { + "process_id": 5476, + "type": "65", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "clients1.google.com", + "address": "none" + }, + { + "process_id": 5476, + "type": "65", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "db187550c7dkf.cloudfront.net", + "address": "none" + }, + { + "process_id": 5476, + "type": "65", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "www.imdb.com", + "address": "none" + }, + { + "process_id": 5476, + "type": "A (IP address)", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "db187550c7dkf.cloudfront.net", + "address": "13.227.211.55" + }, + { + "process_id": 5476, + "type": "65", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "clients2.google.com", + "address": "none" + }, + { + "process_id": 5476, + "type": "A (IP address)", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "www.imdb.com", + "address": "54.192.87.100" + }, + { + "process_id": 5476, + "type": "A (IP address)", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "api.graphql.imdb.com", + "address": "65.9.86.10" + }, + { + "process_id": 5476, + "type": "65", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "dqpnq362acqdi.cloudfront.net", + "address": "none" + }, + { + "process_id": 5476, + "type": "A (IP address)", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "unagi.amazon.com", + "address": "67.220.240.31" + }, + { + "process_id": 5476, + "type": "A (IP address)", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "m.media-amazon.com", + "address": "18.239.24.188" + }, + { + "process_id": 5476, + "type": "65", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "www.google.com", + "address": "none" + }, + { + "process_id": 5476, + "type": "A (IP address)", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "clients2.google.com", + "address": "142.250.179.206" + }, + { + "process_id": 5476, + "type": "A (IP address)", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "images-na.ssl-images-amazon.com", + "address": "108.156.69.18" + }, + { + "process_id": 5476, + "type": "A (IP address)", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "wpad.example.org", + "address": "none" + }, + { + "process_id": 5476, + "type": "A (IP address)", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "dqpnq362acqdi.cloudfront.net", + "address": "18.239.38.222" + }, + { + "process_id": 5476, + "type": "65", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "images-na.ssl-images-amazon.com", + "address": "none" + }, + { + "process_id": 5476, + "type": "65", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "imdb.com", + "address": "none" + }, + { + "process_id": 5476, + "type": "65", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "m.media-amazon.com", + "address": "none" + }, + { + "process_id": 5476, + "type": "65", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "accounts.google.com", + "address": "none" + }, + { + "process_id": 5476, + "type": "A (IP address)", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "imdb.com", + "address": "52.94.225.248" + }, + { + "process_id": 5476, + "type": "A (IP address)", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "fls-na.amazon.com", + "address": "52.204.132.63" + }, + { + "process_id": 5476, + "type": "65", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "api.graphql.imdb.com", + "address": "none" + }, + { + "process_id": 5476, + "type": "A (IP address)", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "clients1.google.com", + "address": "142.250.179.142" + }, + { + "process_id": 5476, + "type": "65", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "fls-na.amazon.com", + "address": "none" + }, + { + "process_id": 5476, + "type": "A (IP address)", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "www.google.com", + "address": "142.251.36.36" + }, + { + "process_id": 5476, + "type": "65", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "unagi.amazon.com", + "address": "none" + }, + { + "process_id": 5476, + "type": "A (IP address)", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "value": "accounts.google.com", + "address": "142.250.27.84" + } + ] + }, + "behavioral": [ + { + "process_actions": [ + { + "status": "success or wait", + "path": "unknown", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "process_created" + }, + { + "status": "process is terminating", + "path": "unknown", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "process_terminated" + }, + { + "status": "success or wait", + "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "process_created" + } + ], + "registry_actions": [ + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}\\LastWasDefault", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_USERSS-1-5-19\\Software\\Microsoft\\Cryptography\\TPM\\Telemetry", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\PriorityControl", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "state", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon", + "value": "2", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_value_modified" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Common\\Rlz\\PTimes", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "user_experience_metrics.stability.exited_cleanly", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\StabilityMetrics", + "value": "0", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_value_modified" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\crypt32", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_deleted" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\TrustedPeople", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Control Panel\\Cursors", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "object name not found", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Chrome\\Extensions", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome\\Extensions", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_created" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_created" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Network\\Location Awareness", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Dnscache\\Parameters", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\Clients\\{8A69D345-D564-463c-AFF1-A69D9E530F96}", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}\\LastWasDefault", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_created" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Common\\Rlz\\RLZs", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Themes\\Personalize", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "dr", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463c-AFF1-A69D9E530F96}", + "value": "1", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_value_modified" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\Extensions", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\SystemCertificates", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\DWM", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "StatusCodes", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty", + "value": "NU LL ", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_value_modified" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\StabilityMetrics", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "prefs.preference_reset_time", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default", + "value": "877A2F052DE9AAC7FECBFA90C1B7B24BA183EC6164B65BC8486318E358CFF80E", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_value_created" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\Protocol_Catalog9", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip6\\Parameters", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "S-1-5-21-987036132-2528391375-4088684000-1001", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\LastWasDefault", + "value": "B0 08 26 BD E9 6D 2F 00 ", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_value_modified" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\CA", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Update\\ClientState\\{8A69D345-D564-463c-AFF1-A69D9E530F96}", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "C", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Common\\Rlz\\PTimes", + "value": "ED 65 B1 95 21 4B DA 01 ", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_value_modified" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Disallowed", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\Root", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "S-1-5-21-987036132-2528391375-4088684000-1001", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\LastWasDefault", + "value": "84 57 F1 BC E9 6D 2F 00 ", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_value_created" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463c-AFF1-A69D9E530F96}", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\Extensions", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\EnterpriseCertificates\\CA", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "S-1-5-21-987036132-2528391375-4088684000-1001", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Update\\ClientStateMedium\\{8A69D345-D564-463C-AFF1-A69D9E530F96}\\FirstNotDefault", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_value_deleted" + }, + { + "status": "object name not found", + "value_name": "extensions.settings", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_value_deleted" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\TrustedPeople", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Google\\Chrome\\Extensions", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_created" + }, + { + "status": "success or wait", + "value_name": "ahfgeienlihckogmohjhadlkjgocpleb", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings", + "value": "69DEB46A0B78E542374AC1328780025ED39AC48FDDA2BDE04045AF87D9838F7B", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_value_created" + }, + { + "status": "success or wait", + "value_name": "media.cdm.origin_data", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default", + "value": "81046E921B34925EF9312C9A62CC5AFFB0D63E7CA2C13AC486278B291F7C08F2", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_value_modified" + }, + { + "status": "success or wait", + "value_name": "TraceTimeLast", + "key_name": "HKEY_USERSS-1-5-19\\Software\\Microsoft\\Cryptography\\TPM\\Telemetry", + "value": "CA E7 AC 63 21 4B DA 01 ", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_value_modified" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\PreferenceMACs\\Default\\extensions.settings", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + } + ], + "file_actions": [ + { + "status": "success or wait", + "file_name": "the-real-index~RF324ee.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Code Cache\\js\\index-dir", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "AutoIt3", + "file_path": "C:\\Program Files (x86)", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_US", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "object path not found", + "file_name": "computed_hashes.json", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\hangout_services\\_metadata", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "lv", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "3295c130-2390-4cd7-882d-02000c1f9d6d.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "gu", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "upgrade-index", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Local", + "file_path": "C:\\Users\\user~1\\AppData", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Local State~RF3806c.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CMApi", + "file_path": "\\Device\\DeviceApi", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Windows.UI.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ARIAL.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "the-real-index", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Code Cache\\js\\index-dir", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Application", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "object path not found", + "file_name": "prefs.json", + "file_path": "C:\\Program Files\\Google\\GoogleUpdater", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "en_GB", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "VERSION.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "km", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ntshrui.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "chrome_BITS_7164_1557435168", + "file_path": "C:\\Program Files", + "action_type": "file_created", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "lv", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "craw_window.css", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\css", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "SetupMetrics", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF26af5.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "chrome_BITS_7164_137727968", + "file_path": "C:\\Program Files", + "action_type": "file_created", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\uk", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "KBDUS.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "object path not found", + "file_name": "computed_hashes.json", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\pdf\\_metadata", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "hu", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\tr", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "AppData", + "file_path": "C:\\Users\\user", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "zh_TW", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\da", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ko", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ja", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\zh_TW", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hi", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "verified_contents.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_metadata", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hu", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "nb", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "tzres.dll.mui", + "file_path": "C:\\WINDOWS\\SYSTEM32\\en-US", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ml", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\en", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "msvcp110_win.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "page_embed_script.js", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ja", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF26efc.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "computed_hashes.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_metadata", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "113.0.5672.93", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "1.66.0_0", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "id", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "af", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fr_CA", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "vi", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF26690.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "chrome_BITS_7164_137727968", + "file_path": "C:\\Program Files", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "cversions.1.db", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "de", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.4660.5371781808828888906", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ca", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Tabs_13341351141015311", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sessions", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "invalid handle", + "file_name": "unknown", + "file_path": "", + "action_type": "file_written", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "user~1", + "file_path": "C:\\Users", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "cscui.dll", + "file_path": "C:\\WINDOWS\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "object name collision", + "file_name": "Caches", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows", + "action_type": "file_created", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "cryptsp.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF26816.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "dwmapi.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\lt", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF277b6.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Preferences~RF28dcf.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403", + "file_path": "C:\\WINDOWS\\WinSxS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Preferences", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "WindowsCodecsRaw.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "topbar_floating_button_maximize.png", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.4660.8528811922335825074", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\si", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.4660.15990597935705186469", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ur", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\kk", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Users", + "file_path": "C:", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "gpapi.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "dhcpcsvc.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "verified_contents.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_metadata", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ActXPrxy.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "fil", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fil", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "hy", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "sortdefault.nls", + "file_path": "C:\\WINDOWS\\Globalization\\Sorting", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "gl", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "fi", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "b154ccd1-6189-4931-953b-5db3eb52f7f2.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "RTWorkQ.DLL", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "tr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF280af.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\tr", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "en", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "en-US.pak", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\locales", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "crashpad_7164_KFOIJLEXXGSBFTKR", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\id", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "zh_CN", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ne", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "es_419", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "inetcomm.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\is", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "dbghelp.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "_locales", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "pa", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ar", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "twinapi.appcore.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "BitsProxy.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "bn", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "tr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.4660.12323301711856673067", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "chrome_200_percent.pak", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "dlnashext.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "iw", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF26e9e.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "SSPICLI.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "fwbase.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\cy", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "sl", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "WTSAPI32.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ms", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sw", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ro", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "MountPointManager", + "file_path": "", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "eu", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ARIALBI.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "KERNEL32.DLL.mui", + "file_path": "C:\\WINDOWS\\System32\\en-US", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF26b91.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.6564.938562082360760424", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Preferences~RF37957.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\it", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "en_US", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "todelete_ca366d4d2a962dcf", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "pt_BR", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\zh_CN", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pt_PT", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lt", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "topbar_floating_button_pressed.png", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mscms.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.6564.7003376282300460611", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF28080.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "DPAPI.dll", + "file_path": "C:\\WINDOWS\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\th", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "BrowserMetrics-65244C60-125C.pma", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\BrowserMetrics", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Secur32.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ml", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF280a0.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_CA", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "topbar_floating_button_hover.png", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\es", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\eu", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "bcrypt.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ca", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\lv", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "temp-index", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ka", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "kk", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "wlanapi.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "it", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fr", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "000001.dbtmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\gdaefkejpgkiemlaofpalmlakkmbjdnl", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "default_apps", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ARIALI.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF26a1a.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.4660.5557806001879089168", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "sr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ta", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ru", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "FirewallAPI.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_CN", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "WINHTTP.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "sRGB Color Space Profile.icm", + "file_path": "C:\\WINDOWS\\system32\\spool\\drivers\\color", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.6564.13427858274477407116", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ko", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "MSOHEVI.DLL", + "file_path": "C:\\PROGRA~1\\MICROS~1\\Office12", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF28090.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "index", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Local State~RF28c48.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "IPHLPAPI.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sr", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sk", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "no", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF280a0.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "images", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sv", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "WINSTA.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ARIALBD.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\iw", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "hr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "tbs.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "srmshell.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "the-real-index~RF38ba7.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Code Cache\\js\\index-dir", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.6564.4655848220829308044", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ka", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Windows.Media.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\mn", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "sk", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "dxgi.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "USERENV.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.6564.2012181059449342459", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "sr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\te", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "manifest.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "bfc3761f-a788-4a60-8860-db27b3bf6826", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\blob_storage", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "chrome.dll", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\bg", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hy", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fa", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "webcheck.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "craw_window.js", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "it", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "fil", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Endpoint", + "file_path": "\\Device\\Afd", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "usermgrcli.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF26680.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "TIMESBI.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "te", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "manifest.json", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\MEIPreload", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "WorkfoldersShell.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ja", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\nb", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "icon_16.png", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF28071.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "TIMES.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "dataexchange.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "_metadata", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "DWrite.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ru", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\no", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF280a0.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalStorageConfigDB", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "kn", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "shellext.dll", + "file_path": "C:\\Program Files\\Windows Defender", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\vi", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\az", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\de", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "th", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "hi", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\gu", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CoreUIComponents.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.6564.16333949910362127675", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "sl", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "PCPKsp.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "4cbc0183-8308-4519-b3c4-c5d866768884.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fi", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "49ca94db-f59d-4dd8-a69b-1dbac6db58d8.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "WINMMBASE.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Certificates", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_HK", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "NIRMALAS.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "MDMRegistration.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "uxtheme.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "computed_hashes.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_metadata", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Caches", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ntmarta.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF280af.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "zu", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CONSOLAZ.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\km", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ARIBLK.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "topbar_floating_button.png", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "NLAapi.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "index~RF26c8b.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "wkssvc", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "WINMM.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "wshext.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ro", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "NETBT_TCPIP_{7F50E9BE-7F02-49EC-B525-546E3FB9A32B}", + "file_path": "\\DEVICE", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sr", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\my", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\kn", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hu", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "colorui.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Secure Preferences~RF28d90.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.6564.14805540783010311201", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "msoshext.dll", + "file_path": "C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "SEGUIEMJ.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "84f07f12-8eff-4654-97d5-d9d5dc5509bc.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "manifest.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ar", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sv", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "topbar_floating_button_close.png", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.4660.15614001605277384304", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CRYPTSP.dll", + "file_path": "C:\\WINDOWS\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "en_GB", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "nl", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pt_BR", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ja", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CAMBRIA.TTC", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "da", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "da", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Module Info Cache~RF2c9af.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "WINDOWS", + "file_path": "C:", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "lt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\cs", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "wab32.dll", + "file_path": "C:\\Program Files\\Common Files\\System", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\th", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "es", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "NIRMALA.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "_metadata", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\es_419", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "lo", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CRYPTBASE.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "128.png", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "TIMESI.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CTLs", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.4660.14909495955792438792", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "object name not found", + "file_name": "TPM", + "file_path": "", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "MMDevApi.dll", + "file_path": "C:\\WINDOWS\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Local State", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Preferences~RF2ee7d.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "uk", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\BudgetDatabase", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "_locales", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\AvailabilityDB", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\et", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "cc3cf316-5a35-4ac7-be50-0d77a8151dfb.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sl", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ne", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "user", + "file_path": "C:\\Users", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.6564.16389839076684270433", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\GCM Store\\Encryption", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\et", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "html", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "pt_PT", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "cannot delete", + "file_name": "BrowserMetrics-65AAEE66-1BFC.pma", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\BrowserMetrics", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "th", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\am", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "manifest.json", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\WidevineCdm", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Google", + "file_path": "C:\\Users\\user\\AppData\\Local", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "fr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CONSOLAB.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "cryptext.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "PROPSYS.dll.mui", + "file_path": "C:\\WINDOWS\\SYSTEM32\\en-US", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lo", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "dhcpcsvc6.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "VERDANAI.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "XmlLite.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CoreMessaging.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF26690.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "wintypes.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Session Storage", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "pt_PT", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "trusted_vault.pb", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "chrome_BITS_7164_137727968", + "file_path": "C:\\Program Files", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\gl", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Scripts", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "5f29766b-bbcc-4f1b-9d50-c90c4dd60da3.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "PROPSYS.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Local", + "file_path": "C:\\Users\\user\\AppData", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "VERDANAZ.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "VERDANAB.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pt_PT", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Local State~RF2bf4e.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "fi", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ncrypt.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "my", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "eventpage_bin_prod.js", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "el", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "netapi32.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\el", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ro", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "icon_128.png", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "dasherSettingSchema.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "wlanapi.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "UIAutomationCore.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "USER32.dll.mui", + "file_path": "C:\\WINDOWS\\System32\\en-US", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "bg", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.6564.17008016908030526641", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "nmmhkkegccagdldgiimedpiccmgmieda", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "RMCLIENT.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hi", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "craw_background.js", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CONSOLAI.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "et", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "en", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CONSOLA.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\id", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Secure Preferences", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\hr", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CNG", + "file_path": "\\Device", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "tzres.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ca", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pl", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "chrome_100_percent.pak", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "preloaded_data.pb", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\MEIPreload", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "pt_BR", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "css", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "chrome_elf.dll", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "temp-index", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Code Cache\\js\\index-dir", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\sk", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CMNotify", + "file_path": "\\Device\\DeviceApi", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Caches", + "file_path": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.4660.16704188171526519595", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "appresolver.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.6564.12379925674880718928", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "wpnapps.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "hosts", + "file_path": "C:\\WINDOWS\\system32\\drivers\\etc", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\mr", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "InputHost.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "zh_TW", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\it", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\PersistentOriginTrials", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "AppData", + "file_path": "C:\\Users\\user~1", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.6564.2328985240652827900", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "wkscli.dll", + "file_path": "C:\\WINDOWS\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Module Info Cache", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "IMM32.DLL", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "7136bdf0-fc3b-43a4-b9dc-1230a379558f.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "stobject.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "TextInputFramework.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "si", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF267c8.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Site Characteristics Database", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "the-real-index", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Local Storage\\leveldb", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "directmanipulation.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fr", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "el", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}", + "file_path": "", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "pl", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "sw", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "fr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "KsecDD", + "file_path": "\\Device", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ms", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "OneCoreUAPCommonProxyStub.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "uk", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "0af34194-9402-47aa-a3ab-dc44404879ed.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "netutils.dll", + "file_path": "C:\\WINDOWS\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "44301d95-d150-4100-9978-2a4ff4dd0ea5.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\bn", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "nl", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.4660.7989042900505458173", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "DMCmnUtils.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ARIALN.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\fi", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ARIALNB.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\de", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "zh_HK", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ghbmnnjooekpmoecnnnilnnbdlolhkhi", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "TIMESBD.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ur", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "d3d11.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "atlthunk.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\sl", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "NTASN1.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\el", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "cs", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ru", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "manifest.fingerprint", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "rpcss.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\es", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\da", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.4660.15761571646295731223", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\hr", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "sv", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zh_TW", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "de", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "resources.pak", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "external_extensions.json", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\default_apps", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "NIRMALAB.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\ko", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "be", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.6564.9448446555981269236", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "sk", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\uk", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.6564.15189293687477637717", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ARIALNI.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.4660.673452335551621506", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\af", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.4660.3565400010105269535", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "R000000000013.clb", + "file_path": "C:\\WINDOWS\\Registration", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "COMCTL32.dll", + "file_path": "C:\\WINDOWS\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "cb00e7c1-a436-4915-86a5-d625b867de06.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "chrome_shutdown_ms.txt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "et", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "63fd997b-00e2-4c7e-a4d9-2492d22ee3c9.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "BrowserMetrics-spare.pma.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\nl", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\pa", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "object path not found", + "file_name": "computed_hashes.json", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\network_speech_synthesis\\_metadata", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "bg", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\coupon_db", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db\\metadata", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "az", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Module Info Cache~RF380ba.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "shell32.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "cy", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "en_CA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "OLEACC.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Session_13341351140337548", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sessions", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ARIALNBI.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "SEGUISB.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.4660.928700364805031984", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "hi", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\commerce_subscription_db", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "flapper.gif", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\images", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "STORAGE#Volume#{45fd10d4-cc21-11e8-b00f-806e6f6e6963}#0000000022600000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}", + "file_path": "", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "object name not found", + "file_name": "NETBT_TCPIP_{C8C115D0-C73A-11E8-B003-806E6F6E6963}", + "file_path": "\\DEVICE", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CRLs", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "trusted_vault.pb~RF27b02.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Local State~RF3189a.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "explorerframe.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ta", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ru", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pt_BR", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\nl", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "fr_CA", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "the-real-index~RF2c8e4.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Service Worker\\ScriptCache\\index-dir", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old~RF26b33.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\shared_proto_db", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Feature Engagement Tracker\\EventDB", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "fa", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "aaef295e-a2d7-4554-8e60-b10c9e81e17c.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.6564.3072040511828351109", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "1.0.0.6_0", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "hu", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\en_GB", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "EhStorShell.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Preferences~RF3189a.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\vi", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\AutofillStrikeDatabase", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "is", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LINKINFO.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "es_419", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mswsock.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "etc", + "file_path": "C:\\WINDOWS\\system32\\drivers", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SignalDB", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\ca", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.4660.5065171455154818050", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "am", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "WINSPOOL.DRV", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\en_GB", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "object path not found", + "file_name": "computed_hashes.json", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources\\web_store\\_metadata", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "C:", + "file_path": "", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "zh_CN", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "DEVOBJ.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ncryptprov.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "sv", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Google Chrome.lnk", + "file_path": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "rsaenh.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "DSREG.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ro", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "vi", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "twinapi.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "VERDANA.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ole32.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "AppContainerUserCertRead", + "file_path": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mn", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "cs", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.6564.16606832278380850568", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "es", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\lv", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "desktop.ini", + "file_path": "C:\\Program Files (x86)", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Segmentation Platform\\SegmentInfoDB", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\cs", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ColorAdapterClient.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "lt", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\fil", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\zu", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\es_419", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "hr", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mojo.7164.4660.9086864329745810841", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "pl", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "OLEACCRC.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\_locales\\pl", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "WindowsShell.Manifest", + "file_path": "C:\\WINDOWS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Nsi", + "file_path": "", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "craw_window.html", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.6_0\\html", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "SEGOEUI.TTF", + "file_path": "C:\\WINDOWS\\FONTS", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "LOG.old", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Data\\LevelDB", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "dcomp.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\be", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "messages.json", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales\\bg", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "icudtl.dat", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "id", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ko", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.66.0_0\\_locales", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + } + ], + "process": { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "process_id": 7164, + "name": "chrome.exe", + "parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --start-maximized \"about:blank", + "parent_process_id": 6240 + }, + "mutex_actions": [ + { + "status": "success or wait", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7164:304:WilStaging_02", + "action_type": "mutex_created", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "name": "unknown", + "action_type": "mutex_created", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:7164:120:WilError_01", + "action_type": "mutex_created", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\ChromeProcessSingletonStartup!", + "action_type": "mutex_created", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "name": "\\Sessions\\1\\BaseNamedObjects\\{A946A6A9-917E-4949-B9BC-6BADA8C7FD63}", + "action_type": "mutex_created", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + } + ], + "modules_loaded": [ + { + "module_name": "\\KnownDlls\\DWrite.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\dpapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\USER32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\combase.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\secur32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\dsreg.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\rpcss.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\winsta.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\Secur32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\dbghelp.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\rsaenh.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\arial.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\kernel.appcore.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\uxtheme.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\devobj.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\twinapi.appcore.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\XmlLite.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\dhcpcsvc.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\msvcp110_win.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\ntmarta.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\msvcp_win.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\MMDevApi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\WINSTA.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\ncryptprov.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\ariblk.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\PCPKsp.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\en-US\\tzres.dll.mui", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\WINHTTP.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\CRYPTBASE.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\dcomp.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\ARIALNB.TTF", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "unknown", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\OLEAUT32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1.ro", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\d3d11.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\wlanapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\usermgrcli.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\en-US\\kernel32.dll.mui", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\TextInputFramework.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\ncrypt.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\nlaapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\segoeui.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\MMDevAPI.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\actxprxy.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\ntmarta.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\SHELL32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\UIAutomationCore.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\CoreUIComponents.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\consolai.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\version.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\arialbi.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\winhttp.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\twinapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\explorerframe.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\ActXPrxy.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\mdmregistration.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\CoreUIComponents.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\wpnapps.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\InputHost.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\dwmapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\CoreMessaging.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Registration\\R000000000013.clb", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\verdana.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\RTWorkQ.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\profapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\WINSPOOL.DRV", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\gdi32full.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\wtsapi32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\uxtheme.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\shcore.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\USERENV.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\en-US\\user32.dll.mui", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\VERSION.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\Windows\\ThemeSection", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000001.db", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\mscms.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\HWNDInterface:3031c", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\cryptbase.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\dhcpcsvc6.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\ucrtbase.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\SETUPAPI.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\NLAapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\coloradapterclient.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\mswsock.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\timesbd.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\SSPICLI.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_100_percent.pak", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\msvcp110_win.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\HWNDInterface:1032a", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\seguisb.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\ole32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_200_percent.pak", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\UIAutomationCore.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\ncrypt.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\tbs.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.320_none_fb3d992f3069e403\\comctl32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\xmllite.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\Windows\\Theme3180608070", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\dataexchange.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\verdanai.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\MSCTF.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\WINMM.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\usermgrcli.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\gpapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\propsys.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\arialbd.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\twinapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\AsyncKeyStateTrackerSharedMemory", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\tbs.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\oleacc.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\ariali.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\Windows.Media.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\Windows.UI.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\cryptsp.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\CRYPT32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\Windows\\SharedSection", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\twinapi.appcore.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\consola.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources.pak", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\dhcpcsvc.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\BitsProxy.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\dxgi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\WS2_32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\NSI.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\WinTypes.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\KBDUS.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\sechost.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\cfgmgr32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\winmmbase.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\clbcatq.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\DSREG.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\netutils.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\TextInputFramework.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Windows\\Theme2779561647", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\icudtl.dat", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\en-US\\propsys.dll.mui", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\ADVAPI32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\WINTRUST.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\consolab.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\KERNELBASE.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\WTSAPI32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\winmm.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\NirmalaS.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\ole32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\consolaz.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\mscms.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\Locales\\en-US.pak", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\dwmapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\KBDUS.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\RMCLIENT.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\dmcmnutils.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\bcrypt.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\FirewallAPI.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\verdanab.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\netutils.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\seguiemj.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\ARIALNBI.TTF", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\dbghelp.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\netapi32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\PROPSYS.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\LINKINFO.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\DWrite.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\CTF.AsmListCache.FMPDefault1", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\Nirmala.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\rmclient.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\ExplorerFrame.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\FLTLIB.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\BitsProxy.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\wintypes.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\mswsock.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\cryptsp.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\winmmbase.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\msvcrt.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\dcomp.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\imm32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\wkscli.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\gpapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\__ComCatalogCache__", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\FirewallAPI.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\Windows.Media.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\MDMRegistration.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\windows.storage.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\WINMMBASE.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\dxgi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\KERNEL32.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\MSASN1.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\PCPKsp.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\powrprof.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\ARIALNI.TTF", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\CRYPTSP.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\win32u.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\bcryptPrimitives.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\DEVOBJ.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\directmanipulation.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\windows_shell_global_counters", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\IPHLPAPI.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\dhcpcsvc6.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\wpnapps.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*cversions.1", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Local\\C:*Users*user*AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\bcrypt.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\OneCoreUAPCommonProxyStub.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\atlthunk.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\RTWorkQ.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\userenv.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\SHLWAPI.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\InputHost.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\Windows.UI.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\ColorAdapterClient.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\RPCRT4.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\d3d11.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\ncryptprov.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\CoreMessaging.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\wlanapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\IMM32.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\atlthunk.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\sspicli.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\winspool.drv", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\fwbase.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\NirmalaB.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\WindowsShell.Manifest", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\DataExchange.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\OLEACC.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\DMCmnUtils.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\fwbase.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\timesbi.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\IPHLPAPI.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\ntasn1.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\rsaenh.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\oleaccrc.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\ARIALN.TTF", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\netapi32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\directmanipulation.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\wkscli.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\Global\\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\verdanaz.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\OneCoreUAPCommonProxyStub.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\cambria.ttc", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\linkinfo.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Fonts\\timesi.ttf", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\NTASN1.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\HWNDInterface:702be", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\GDI32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\DPAPI.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + } + ] + }, + { + "process_actions": [ + { + "status": "success or wait", + "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "process_terminated" + }, + { + "status": "success or wait", + "path": "unknown", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "process_created" + } + ], + "registry_actions": [ + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "StatusCodes", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\ThirdParty", + "value": "NU LL ", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_value_modified" + }, + { + "status": "success or wait", + "value_name": "state", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon", + "value": "2", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_value_modified" + } + ], + "file_actions": [ + { + "status": "success or wait", + "file_name": "CMApi", + "file_path": "\\Device\\DeviceApi", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "AutoIt3", + "file_path": "C:\\Program Files (x86)", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "sortdefault.nls", + "file_path": "C:\\WINDOWS\\Globalization\\Sorting", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "chrome_elf.dll", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "113.0.5672.93", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ntmarta.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Application", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "VERSION.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CRYPTBASE.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "IMM32.DLL", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CNG", + "file_path": "\\Device", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "crashpad_6432_IWZNPBMDEDPATAVQ", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + } + ], + "process": { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "process_id": 6432, + "name": "chrome.exe", + "parameters": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" \"https://imdb.com/title/tt7740510/reviews?ref_=tt_urv", + "parent_process_id": 6240 + }, + "mutex_actions": [ + { + "status": "success or wait", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:6432:304:WilStaging_02", + "action_type": "mutex_created", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "name": "unknown", + "action_type": "mutex_created", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + } + ], + "modules_loaded": [ + { + "module_name": "\\KnownDlls\\profapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\windows.storage.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\gdi32full.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\msvcp_win.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\KERNEL32.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\combase.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\shcore.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\VERSION.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\shlwapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\sechost.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\cfgmgr32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\RPCRT4.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\cryptbase.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\ucrtbase.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\ntmarta.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\ADVAPI32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\USER32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\KERNELBASE.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\CRYPTBASE.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\kernel.appcore.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\IMM32.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\bcryptPrimitives.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\win32u.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\FLTLIB.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\ntmarta.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\SHELL32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\msvcrt.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\version.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\powrprof.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\imm32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\BaseNamedObjects\\windows_shell_global_counters", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\Windows\\SharedSection", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\GDI32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + } + ] + }, + { + "process": { + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "process_id": 5476, + "name": "chrome.exe", + "parameters": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 --field-trial-handle=1788,i,7363726825860783600,3061326717789543722,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8", + "parent_process_id": 7164 + }, + "mutex_actions": [ + { + "status": "success or wait", + "name": "unknown", + "action_type": "mutex_created", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "name": "\\Sessions\\1\\BaseNamedObjects\\Local\\SM0:5476:304:WilStaging_02", + "action_type": "mutex_created", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + } + ], + "modules_loaded": [ + { + "module_name": "\\KnownDlls\\DWrite.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\USER32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\combase.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\secur32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\Secur32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\dbghelp.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\kernel.appcore.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\dhcpcsvc.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\ntmarta.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\msvcp_win.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\en-US\\tzres.dll.mui", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\CRYPTBASE.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "unknown", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\OLEAUT32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\rasadhlp.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\userenv.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\bcrypt.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\rasadhlp.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\winnsi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\WS2_32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\nlaapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\ntmarta.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\UIAutomationCore.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\version.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\profapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\NSI.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\gdi32full.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\DWrite.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\USERENV.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\VERSION.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\cryptbase.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\dhcpcsvc6.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\ucrtbase.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\winmmbase.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\DNSAPI.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\SSPICLI.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_100_percent.pak", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\ole32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_200_percent.pak", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\UIAutomationCore.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\WINMM.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\propsys.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\CRYPT32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\Sessions\\1\\Windows\\SharedSection", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\resources.pak", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\dhcpcsvc.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\WINNSI.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\sechost.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\cfgmgr32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\mswsock.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\v8_context_snapshot.bin", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\icudtl.dat", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\bcrypt.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\ADVAPI32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\WINTRUST.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\KERNELBASE.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\Locales\\en-US.pak", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\bcryptPrimitives.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\dbghelp.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\PROPSYS.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\shcore.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\dnsapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\FLTLIB.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\WINHTTP.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\mswsock.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\winmmbase.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\msvcrt.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\imm32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\WINSPOOL.DRV", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\windows.storage.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\WINMMBASE.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\KERNEL32.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\MSASN1.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\powrprof.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\shlwapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\win32u.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\winmm.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\IPHLPAPI.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\dhcpcsvc6.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\winhttp.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\RPCRT4.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\shell32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\IMM32.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\Globalization\\Sorting\\SortDefault.nls", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\NLAapi.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\sspicli.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Windows\\System32\\winspool.drv", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\chrome_elf.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\IPHLPAPI.DLL", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "module_name": "\\KnownDlls\\GDI32.dll", + "module_tag": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + } + ], + "file_actions": [ + { + "status": "success or wait", + "file_name": "tzres.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "chrome.dll", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "sortdefault.nls", + "file_path": "C:\\WINDOWS\\Globalization\\Sorting", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "KsecDD", + "file_path": "\\Device", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "TransportSecurity~RF2f293.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Endpoint", + "file_path": "\\Device\\Afd", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "tzres.dll.mui", + "file_path": "C:\\WINDOWS\\SYSTEM32\\en-US", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "NETBT_TCPIP_{7F50E9BE-7F02-49EC-B525-546E3FB9A32B}", + "file_path": "\\DEVICE", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Users", + "file_path": "C:", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "chrome_200_percent.pak", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Secur32.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "chrome_100_percent.pak", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "TransportSecurity~RF2ca1c.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "PROPSYS.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "SSPICLI.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Local", + "file_path": "C:\\Users\\user\\AppData", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "WINMMBASE.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "TransportSecurity~RF33421.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "user", + "file_path": "C:\\Users", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "dhcpcsvc.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "8b55ed6f-5ac8-4fd9-b02c-440a8d31bfa9.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Network Persistent State", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CMApi", + "file_path": "\\Device\\DeviceApi", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "f34df22d-5da5-4083-b4e2-4c479c3a8e72.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "df83217c-94a0-43c3-94a1-b5828507ea8d.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "chrome_elf.dll", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "4ccbef40-1848-4de5-bc40-3a24490fc0e2.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "113.0.5672.93", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ntmarta.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "TransportSecurity~RF2a27f.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "AsyncConnectHlp", + "file_path": "\\Device\\Afd", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "VERSION.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Network Persistent State~RF38b0b.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "object name not found", + "file_name": "RasAcd", + "file_path": "\\Device", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "IPHLPAPI.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "etc", + "file_path": "C:\\WINDOWS\\system32\\drivers", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "AppData", + "file_path": "C:\\Users\\user", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "hosts", + "file_path": "C:\\WINDOWS\\system32\\drivers\\etc", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "b5458bfa-f4f3-44fd-b0f2-b6b0615a319e.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "SCT Auditing Pending Reports~RF276cc.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "TransportSecurity", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "ole32.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "UIAutomationCore.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "7fe1f6f6-cfab-4848-9d82-ea415c2f8952.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "DWrite.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "C:", + "file_path": "", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "en-US.pak", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93\\locales", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "crashpad_7164_KFOIJLEXXGSBFTKR", + "file_path": "\\pipe", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Network Persistent State~RF2a1b4.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "NLAapi.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CRYPTBASE.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "USERENV.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "mswsock.dll", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "SCT Auditing Pending Reports~RF27797.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "WINMM.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "15dd2fb8-9828-4e21-a9ab-2b0ac20f81e9.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "SCT Auditing Pending Reports", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Nsi", + "file_path": "", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "cd2614b7-aade-47f8-baee-d65d7ce8a1c7.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "dhcpcsvc6.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Google", + "file_path": "C:\\Users\\user\\AppData\\Local", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "3d373796-444e-4ac3-b4db-954a25c04431.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "DNSAPI.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "bcrypt.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "WINSPOOL.DRV", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "2895735c-afa5-4fb3-b7c1-4b4ee25aac06.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "icudtl.dat", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "dbghelp.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "object name not found", + "file_name": "NETBT_TCPIP_{C8C115D0-C73A-11E8-B003-806E6F6E6963}", + "file_path": "\\DEVICE", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "unknown", + "file_path": "", + "action_type": "file_written", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "v8_context_snapshot.bin", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "Network Persistent State~RF2cac8.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "WINNSI.DLL", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "WINHTTP.dll", + "file_path": "C:\\WINDOWS\\SYSTEM32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "TransportSecurity~RF3c65e.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "resources.pak", + "file_path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\113.0.5672.93", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "CNG", + "file_path": "\\Device", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "IMM32.DLL", + "file_path": "C:\\WINDOWS\\system32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "TransportSecurity~RF35ad3.TMP", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_deleted", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "adc5a9c7-3122-4fc8-a12d-3258e6398667.tmp", + "file_path": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network", + "action_type": "file_moved", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + }, + { + "status": "success or wait", + "file_name": "rasadhlp.dll", + "file_path": "C:\\Windows\\System32", + "action_type": "file_opened", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ] + } + ], + "registry_actions": [ + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\BLBeacon\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Ole", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\Software\\Google\\Chrome\\", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "success or wait", + "value_name": "", + "key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Network\\Location Awareness", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_opened" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Dnscache\\Parameters", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip\\Parameters", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\Tcpip6\\Parameters", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + }, + { + "status": "pending", + "value_name": "", + "key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\WinSock2\\Parameters\\Protocol_Catalog9", + "value": "", + "analysis_ids": [ + "b549dd89-5bc8-47ea-92a2-018e8d9c36e5" + ], + "action_type": "key_monitored" + } + ] + } + ] + }, + "requested_base64_url": "13659fe16d68b277526d3bb25acb2731b235bdf4" + } +} \ No newline at end of file diff --git a/Packs/ReversingLabs_Titanium_Cloud/Playbooks/Malware_Triage_-_ReversingLabs_TitaniumCloud.yml b/Packs/ReversingLabs_Titanium_Cloud/Playbooks/Malware_Triage_-_ReversingLabs_TitaniumCloud.yml index 5204fc5a5e80..81b62213d4b4 100644 --- a/Packs/ReversingLabs_Titanium_Cloud/Playbooks/Malware_Triage_-_ReversingLabs_TitaniumCloud.yml +++ b/Packs/ReversingLabs_Titanium_Cloud/Playbooks/Malware_Triage_-_ReversingLabs_TitaniumCloud.yml @@ -7,10 +7,10 @@ starttaskid: "0" tasks: "0": id: "0" - taskid: 01bb6b67-07d0-457f-84c9-4ffeabc2c6c4 + taskid: 02062e9f-0a5f-4059-859a-57c0c5d9719d type: start task: - id: 01bb6b67-07d0-457f-84c9-4ffeabc2c6c4 + id: 02062e9f-0a5f-4059-859a-57c0c5d9719d version: -1 name: "" iscommand: false @@ -37,10 +37,10 @@ tasks: isautoswitchedtoquietmode: false "1": id: "1" - taskid: 07c255c5-0665-4cfd-8428-72df1211000a + taskid: 85a1f9a1-6ca0-4803-8df1-4f57efc0de40 type: condition task: - id: 07c255c5-0665-4cfd-8428-72df1211000a + id: 85a1f9a1-6ca0-4803-8df1-4f57efc0de40 version: -1 name: Is ReversingLabs TitaniumCloud v2 enabled? type: condition @@ -98,10 +98,10 @@ tasks: isautoswitchedtoquietmode: false "3": id: "3" - taskid: bca91921-a4f3-4b2a-8b90-a519ec676464 + taskid: e20cfbc9-74e5-45a3-8cf6-e1f13bb45809 type: title task: - id: bca91921-a4f3-4b2a-8b90-a519ec676464 + id: e20cfbc9-74e5-45a3-8cf6-e1f13bb45809 version: -1 name: done type: title @@ -126,10 +126,10 @@ tasks: isautoswitchedtoquietmode: false "4": id: "4" - taskid: 90a93e32-8589-470a-8399-7ce1cf8a0683 + taskid: f2d96fa4-72d7-43e7-8d36-8adf648f27ea type: condition task: - id: 90a93e32-8589-470a-8399-7ce1cf8a0683 + id: f2d96fa4-72d7-43e7-8d36-8adf648f27ea version: -1 name: Is there a file hash to analyze? type: condition @@ -168,10 +168,10 @@ tasks: isautoswitchedtoquietmode: false "5": id: "5" - taskid: 556cb7ef-3d6c-4319-87aa-3e733cbfc3ca + taskid: 7db41591-379a-4e27-8e48-4a8ad0bebfe2 type: regular task: - id: 556cb7ef-3d6c-4319-87aa-3e733cbfc3ca + id: 7db41591-379a-4e27-8e48-4a8ad0bebfe2 version: -1 name: ReversingLabs - Get file reputation description: Retrieve File Reputation data from TitaniumCloud. @@ -203,10 +203,10 @@ tasks: isautoswitchedtoquietmode: false "6": id: "6" - taskid: 203ee9ee-e755-43b2-84b1-cd2256ca066b + taskid: 7e943e0f-ed92-4387-8309-9584efad3b61 type: condition task: - id: 203ee9ee-e755-43b2-84b1-cd2256ca066b + id: 7e943e0f-ed92-4387-8309-9584efad3b61 version: -1 name: What is the sample's classification? type: condition @@ -281,10 +281,10 @@ tasks: isautoswitchedtoquietmode: false "17": id: "17" - taskid: d87238d4-4447-45d9-8aab-18de009a0b50 + taskid: 492798eb-33eb-41bd-8c1a-9b144268eb75 type: regular task: - id: d87238d4-4447-45d9-8aab-18de009a0b50 + id: 492798eb-33eb-41bd-8c1a-9b144268eb75 version: -1 name: Label for manual inspection by "Analyst" description: This indicator needs to be manually inspected by a SOC engineer. @@ -320,10 +320,10 @@ tasks: isautoswitchedtoquietmode: false "18": id: "18" - taskid: 80429df7-3328-4e13-88f6-bc64844b7198 + taskid: 49d989b1-bd69-49e6-817e-db35be60cf3f type: regular task: - id: 80429df7-3328-4e13-88f6-bc64844b7198 + id: 49d989b1-bd69-49e6-817e-db35be60cf3f version: -1 name: Increase incident severity to CRITICAL description: Optionally increases the incident severity to the new value if @@ -356,10 +356,10 @@ tasks: isautoswitchedtoquietmode: false "19": id: "19" - taskid: 14d042c4-75c0-448f-819a-17361979b5c6 + taskid: 8cb507a1-9b5e-473f-8356-45b3f7946e4c type: playbook task: - id: 14d042c4-75c0-448f-819a-17361979b5c6 + id: 8cb507a1-9b5e-473f-8356-45b3f7946e4c version: -1 name: Isolate Endpoint description: |- @@ -398,10 +398,10 @@ tasks: isautoswitchedtoquietmode: false "21": id: "21" - taskid: 49f3c414-236d-4f25-89be-2378f37694ce + taskid: ed92a9e5-ce56-43b6-85ae-e5bc5e90f81d type: regular task: - id: 49f3c414-236d-4f25-89be-2378f37694ce + id: ed92a9e5-ce56-43b6-85ae-e5bc5e90f81d version: -1 name: ReversingLabs - Upload file to TitaniumCloud description: Upload a file using a byte stream with a SHA1 hash of the file @@ -434,14 +434,14 @@ tasks: isautoswitchedtoquietmode: false "22": id: "22" - taskid: 5121fba3-af32-42c8-863f-aa3398aa65f0 + taskid: 28fa023d-3bb0-400c-89b0-c270c8199c52 type: regular task: - id: 5121fba3-af32-42c8-863f-aa3398aa65f0 + id: 28fa023d-3bb0-400c-89b0-c270c8199c52 version: -1 name: ReversingLabs - Submit file for dynamic analysis description: Submit an existing sample for dynamic analysis. - script: '|||reversinglabs-titaniumcloud-submit-for-dynamic-analysis' + script: '|||reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis' type: regular iscommand: true brand: "" @@ -476,14 +476,14 @@ tasks: isautoswitchedtoquietmode: false "23": id: "23" - taskid: aeb6a5b0-2666-4b68-86ce-700bc60dab47 + taskid: c707914f-51c0-4676-8f33-14a7ab92f41d type: regular task: - id: aeb6a5b0-2666-4b68-86ce-700bc60dab47 + id: c707914f-51c0-4676-8f33-14a7ab92f41d version: -1 name: ReversingLabs - Get dynamic analysis results - description: Retrieve dynamic analysis results. - script: '|||reversinglabs-titaniumcloud-get-dynamic-analysis-results' + description: Retrieve dynamic analysis results for a sample. + script: '|||reversinglabs-titaniumcloud-get-sample-dynamic-analysis-results' type: regular iscommand: true brand: "" @@ -515,10 +515,10 @@ tasks: isautoswitchedtoquietmode: false "24": id: "24" - taskid: fd982bbe-7f87-4f06-8562-d0ff2d2d07fb + taskid: 499f8647-f601-4032-8eda-312f4540628b type: condition task: - id: fd982bbe-7f87-4f06-8562-d0ff2d2d07fb + id: 499f8647-f601-4032-8eda-312f4540628b version: -1 name: Is there a classification for the sample? type: condition @@ -559,10 +559,10 @@ tasks: isautoswitchedtoquietmode: false "25": id: "25" - taskid: b9470efe-bf5d-47c2-8880-91b801ec1dc7 + taskid: 76c133ce-7f90-49bb-8413-fcbc8e5e8dae type: regular task: - id: b9470efe-bf5d-47c2-8880-91b801ec1dc7 + id: 76c133ce-7f90-49bb-8413-fcbc8e5e8dae version: -1 name: Indicator - Set FalsePositive tag and Benign verdict description: Change the properties of an indicator @@ -598,10 +598,10 @@ tasks: isautoswitchedtoquietmode: false "26": id: "26" - taskid: 000fb11c-802d-4128-817e-1c59d888590f + taskid: 6d657e14-d591-4d66-860a-75d8d180e318 type: regular task: - id: 000fb11c-802d-4128-817e-1c59d888590f + id: 6d657e14-d591-4d66-860a-75d8d180e318 version: -1 name: Set incident severity to LOW description: Change the properties of an incident @@ -633,10 +633,10 @@ tasks: isautoswitchedtoquietmode: false "28": id: "28" - taskid: 44fd457e-aa10-4784-866a-f0990735838c + taskid: 7e0e387a-52bb-4a51-835b-c5c0ddcdaeb1 type: regular task: - id: 44fd457e-aa10-4784-866a-f0990735838c + id: 7e0e387a-52bb-4a51-835b-c5c0ddcdaeb1 version: -1 name: Indicator - Set verdict to Suspicious description: Change the properties of an indicator @@ -670,10 +670,10 @@ tasks: isautoswitchedtoquietmode: false "29": id: "29" - taskid: 8c4810a3-cd46-42c9-8f3f-87dc1177c0e5 + taskid: 51dd286b-c5eb-49b1-8292-b0f143228a9e type: regular task: - id: 8c4810a3-cd46-42c9-8f3f-87dc1177c0e5 + id: 51dd286b-c5eb-49b1-8292-b0f143228a9e version: -1 name: Indicator - Set verdict to Malicious description: Change the properties of an indicator @@ -707,10 +707,10 @@ tasks: isautoswitchedtoquietmode: false "30": id: "30" - taskid: 3a8706b9-3b8d-4188-81b2-88aeebe07393 + taskid: d882a045-2dc7-42f0-87d2-e6c831828a0c type: regular task: - id: 3a8706b9-3b8d-4188-81b2-88aeebe07393 + id: d882a045-2dc7-42f0-87d2-e6c831828a0c version: -1 name: Label for manual inspection by "Analyst" description: This indicator needs to be manually inspected by a SOC engineer. diff --git a/Packs/ReversingLabs_Titanium_Cloud/Playbooks/Malware_Triage_-_ReversingLabs_TitaniumCloud_README.md b/Packs/ReversingLabs_Titanium_Cloud/Playbooks/Malware_Triage_-_ReversingLabs_TitaniumCloud_README.md index 2388e030f0af..f87715aee435 100644 --- a/Packs/ReversingLabs_Titanium_Cloud/Playbooks/Malware_Triage_-_ReversingLabs_TitaniumCloud_README.md +++ b/Packs/ReversingLabs_Titanium_Cloud/Playbooks/Malware_Triage_-_ReversingLabs_TitaniumCloud_README.md @@ -18,12 +18,12 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Commands -* reversinglabs-titaniumcloud-file-reputation -* reversinglabs-titaniumcloud-get-dynamic-analysis-results * setIndicator -* reversinglabs-titaniumcloud-file-upload * setIncident -* reversinglabs-titaniumcloud-submit-for-dynamic-analysis +* reversinglabs-titaniumcloud-file-upload +* reversinglabs-titaniumcloud-get-sample-dynamic-analysis-results +* reversinglabs-titaniumcloud-submit-sample-for-dynamic-analysis +* reversinglabs-titaniumcloud-file-reputation ## Playbook Inputs diff --git a/Packs/ReversingLabs_Titanium_Cloud/ReleaseNotes/2_5_0.md b/Packs/ReversingLabs_Titanium_Cloud/ReleaseNotes/2_5_0.md index 6736053139c9..4a75da5f958b 100644 --- a/Packs/ReversingLabs_Titanium_Cloud/ReleaseNotes/2_5_0.md +++ b/Packs/ReversingLabs_Titanium_Cloud/ReleaseNotes/2_5_0.md @@ -16,3 +16,6 @@ Added new commands: - ***reversinglabs-titaniumcloud-get-url-dynamic-analysis-results*** +#### Playbooks +##### Malware Triage - ReversingLabs TitaniumCloud +- Updated the ***ReversingLabs - Submit file for dynamic analysis*** and ***ReversingLabs - Get dynamic analysis results*** tasks with refactored commands. \ No newline at end of file diff --git a/Packs/RiskIQDigitalFootprint/Integrations/RiskIQDigitalFootprint/RiskIQDigitalFootprint.yml b/Packs/RiskIQDigitalFootprint/Integrations/RiskIQDigitalFootprint/RiskIQDigitalFootprint.yml index 04087df9c03e..a8d4c64bdb04 100644 --- a/Packs/RiskIQDigitalFootprint/Integrations/RiskIQDigitalFootprint/RiskIQDigitalFootprint.yml +++ b/Packs/RiskIQDigitalFootprint/Integrations/RiskIQDigitalFootprint/RiskIQDigitalFootprint.yml @@ -3233,7 +3233,7 @@ script: - contextPath: RiskIQDigitalFootprint.Task.totalUpdates description: Number of total asset(s) that have been updated. type: Number - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/RiskIQDigitalFootprint/ReleaseNotes/1_1_18.md b/Packs/RiskIQDigitalFootprint/ReleaseNotes/1_1_18.md new file mode 100644 index 000000000000..15d30c5ecb99 --- /dev/null +++ b/Packs/RiskIQDigitalFootprint/ReleaseNotes/1_1_18.md @@ -0,0 +1,3 @@ +#### Integrations +##### RiskIQ Digital Footprint +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/RiskIQDigitalFootprint/pack_metadata.json b/Packs/RiskIQDigitalFootprint/pack_metadata.json index 4e66c783e3fa..d24f1c3bc5a6 100644 --- a/Packs/RiskIQDigitalFootprint/pack_metadata.json +++ b/Packs/RiskIQDigitalFootprint/pack_metadata.json @@ -2,7 +2,7 @@ "name": "RiskIQ Digital Footprint", "description": "RiskIQ Digital Footprint integration enables your security team to manage assets outside your firewall and provides you with the ability to add or update assets and analyze your digital footprint from the view of the global adversary.", "support": "community", - "currentVersion": "1.1.17", + "currentVersion": "1.1.18", "author": "RiskIQ", "url": "https://www.riskiq.com/resources/support/", "email": "paloaltonetworks@riskiq.net", diff --git a/Packs/RunZero/Integrations/RunZero/RunZero.yml b/Packs/RunZero/Integrations/RunZero/RunZero.yml index 7cdcef425a60..0ee6fa579a6f 100644 --- a/Packs/RunZero/Integrations/RunZero/RunZero.yml +++ b/Packs/RunZero/Integrations/RunZero/RunZero.yml @@ -424,7 +424,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 marketplaces: - xsoar fromversion: 6.5.0 diff --git a/Packs/RunZero/ReleaseNotes/1_0_15.md b/Packs/RunZero/ReleaseNotes/1_0_15.md new file mode 100644 index 000000000000..fc56bbf0eada --- /dev/null +++ b/Packs/RunZero/ReleaseNotes/1_0_15.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### RunZero +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + diff --git a/Packs/RunZero/pack_metadata.json b/Packs/RunZero/pack_metadata.json index 2eda1ce5a5ca..e639ad391d40 100644 --- a/Packs/RunZero/pack_metadata.json +++ b/Packs/RunZero/pack_metadata.json @@ -2,7 +2,7 @@ "name": "RunZero", "description": "RunZero a network discovery and asset inventory solution.", "support": "xsoar", - "currentVersion": "1.0.14", + "currentVersion": "1.0.15", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Rundeck/Integrations/Rundeck/Rundeck.yml b/Packs/Rundeck/Integrations/Rundeck/Rundeck.yml index 94794502b820..c1ff89d69ab4 100644 --- a/Packs/Rundeck/Integrations/Rundeck/Rundeck.yml +++ b/Packs/Rundeck/Integrations/Rundeck/Rundeck.yml @@ -750,7 +750,7 @@ script: - contextPath: Rundeck.WebhookEvent.executionId description: The ID of the execution. type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/Rundeck/ReleaseNotes/1_0_17.md b/Packs/Rundeck/ReleaseNotes/1_0_17.md new file mode 100644 index 000000000000..721e3044cdd3 --- /dev/null +++ b/Packs/Rundeck/ReleaseNotes/1_0_17.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Rundeck + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Rundeck/pack_metadata.json b/Packs/Rundeck/pack_metadata.json index f7e617bb425f..bf676daee870 100644 --- a/Packs/Rundeck/pack_metadata.json +++ b/Packs/Rundeck/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Rundeck", "description": "Rundeck is runbook automation for incident management, business continuity, and self-service operations", "support": "xsoar", - "currentVersion": "1.0.16", + "currentVersion": "1.0.17", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/SAP_IAM/Integrations/SAPIAM/SAPIAM.yml b/Packs/SAP_IAM/Integrations/SAPIAM/SAPIAM.yml index 883772b35036..e48a491270dd 100644 --- a/Packs/SAP_IAM/Integrations/SAPIAM/SAPIAM.yml +++ b/Packs/SAP_IAM/Integrations/SAPIAM/SAPIAM.yml @@ -120,7 +120,7 @@ script: type: String - description: Retrieves a User Profile schema, which holds all of the user fields within the application. Used for outgoing-mapping through the Get Schema option. name: get-mapping-fields - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/SAP_IAM/ReleaseNotes/1_0_7.md b/Packs/SAP_IAM/ReleaseNotes/1_0_7.md new file mode 100644 index 000000000000..50109cf7ed78 --- /dev/null +++ b/Packs/SAP_IAM/ReleaseNotes/1_0_7.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### SAP - IAM + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/SAP_IAM/pack_metadata.json b/Packs/SAP_IAM/pack_metadata.json index dce866dbbf2c..3d1b4edf7a4c 100644 --- a/Packs/SAP_IAM/pack_metadata.json +++ b/Packs/SAP_IAM/pack_metadata.json @@ -2,7 +2,7 @@ "name": "SAP-IAM", "description": "IAM Integration for SAP. This handles user account auto-provisioning", "support": "xsoar", - "currentVersion": "1.0.6", + "currentVersion": "1.0.7", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/SEKOIAIntelligenceCenter/Integrations/SEKOIAIntelligenceCenter/SEKOIAIntelligenceCenter.yml b/Packs/SEKOIAIntelligenceCenter/Integrations/SEKOIAIntelligenceCenter/SEKOIAIntelligenceCenter.yml index 33dd3861d721..cb120e4ad31d 100644 --- a/Packs/SEKOIAIntelligenceCenter/Integrations/SEKOIAIntelligenceCenter/SEKOIAIntelligenceCenter.yml +++ b/Packs/SEKOIAIntelligenceCenter/Integrations/SEKOIAIntelligenceCenter/SEKOIAIntelligenceCenter.yml @@ -1256,7 +1256,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/py3-tools:1.0.0.84811 + dockerimage: demisto/py3-tools:1.0.0.86612 fromversion: 6.2.0 tests: - No tests (auto formatted) diff --git a/Packs/SEKOIAIntelligenceCenter/ReleaseNotes/1_2_29.md b/Packs/SEKOIAIntelligenceCenter/ReleaseNotes/1_2_29.md new file mode 100644 index 000000000000..24146419ba8a --- /dev/null +++ b/Packs/SEKOIAIntelligenceCenter/ReleaseNotes/1_2_29.md @@ -0,0 +1,3 @@ +#### Integrations +##### SEKOIAIntelligenceCenter +- Updated the Docker image to: *demisto/py3-tools:1.0.0.86612*. diff --git a/Packs/SEKOIAIntelligenceCenter/pack_metadata.json b/Packs/SEKOIAIntelligenceCenter/pack_metadata.json index 58761d9b890e..53c92f1301e9 100644 --- a/Packs/SEKOIAIntelligenceCenter/pack_metadata.json +++ b/Packs/SEKOIAIntelligenceCenter/pack_metadata.json @@ -2,7 +2,7 @@ "name": "SEKOIAIntelligenceCenter", "description": "Request SEKOIA.IO Intelligence Center from Cortex XSOAR", "support": "partner", - "currentVersion": "1.2.28", + "currentVersion": "1.2.29", "author": "SEKOIA.IO", "url": "https://www.sekoia.io/en/contact/", "email": "contact@sekoia.io", diff --git a/Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccessEventCollector/SafeNetTrustedAccessEventCollector.yml b/Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccessEventCollector/SafeNetTrustedAccessEventCollector.yml index e4d5409c3a87..12198775c1c0 100644 --- a/Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccessEventCollector/SafeNetTrustedAccessEventCollector.yml +++ b/Packs/SafeNet_Trusted_Access/Integrations/SafeNetTrustedAccessEventCollector/SafeNetTrustedAccessEventCollector.yml @@ -75,7 +75,7 @@ script: type: python subtype: python3 isfetchevents: true - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 marketplaces: - marketplacev2 fromversion: 6.8.0 diff --git a/Packs/SafeNet_Trusted_Access/ReleaseNotes/2_0_35.md b/Packs/SafeNet_Trusted_Access/ReleaseNotes/2_0_35.md new file mode 100644 index 000000000000..8682b3cc9467 --- /dev/null +++ b/Packs/SafeNet_Trusted_Access/ReleaseNotes/2_0_35.md @@ -0,0 +1,3 @@ +#### Integrations +##### Thales SafeNet Trusted Access Event Collector +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/SafeNet_Trusted_Access/pack_metadata.json b/Packs/SafeNet_Trusted_Access/pack_metadata.json index ca0bfab5ef61..ff6c52da23e8 100644 --- a/Packs/SafeNet_Trusted_Access/pack_metadata.json +++ b/Packs/SafeNet_Trusted_Access/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Thales SafeNet Trusted Access", "description": "SafeNet Trusted Access by Thales is an access management solution that allows organizations to centrally manage and secure access to business applications.", "support": "partner", - "currentVersion": "2.0.34", + "currentVersion": "2.0.35", "author": "Thales", "url": "https://supportportal.gemalto.com/csm/?id=portal_home_page", "email": "", diff --git a/Packs/Salesforce/Integrations/Salesforce_IAM/Salesforce_IAM.yml b/Packs/Salesforce/Integrations/Salesforce_IAM/Salesforce_IAM.yml index 8a276ff873a9..90fc6d74b3d9 100644 --- a/Packs/Salesforce/Integrations/Salesforce_IAM/Salesforce_IAM.yml +++ b/Packs/Salesforce/Integrations/Salesforce_IAM/Salesforce_IAM.yml @@ -260,7 +260,7 @@ script: type: String - description: Retrieves a User Profile schema which holds all of the user fields within the application. Used for outgoing-mapping through the Get Schema option. name: get-mapping-fields - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/Salesforce/ReleaseNotes/2_0_22.md b/Packs/Salesforce/ReleaseNotes/2_0_22.md new file mode 100644 index 000000000000..dc751912b903 --- /dev/null +++ b/Packs/Salesforce/ReleaseNotes/2_0_22.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Salesforce IAM + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Salesforce/pack_metadata.json b/Packs/Salesforce/pack_metadata.json index 2ccedae98214..e4f039d5904a 100644 --- a/Packs/Salesforce/pack_metadata.json +++ b/Packs/Salesforce/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Salesforce", "description": "CRM Services", "support": "xsoar", - "currentVersion": "2.0.21", + "currentVersion": "2.0.22", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/SalesforceFusion/Integrations/SalesforceFusionIAM/SalesforceFusionIAM.yml b/Packs/SalesforceFusion/Integrations/SalesforceFusionIAM/SalesforceFusionIAM.yml index 3edb9be2fa41..4af880ffefa8 100644 --- a/Packs/SalesforceFusion/Integrations/SalesforceFusionIAM/SalesforceFusionIAM.yml +++ b/Packs/SalesforceFusion/Integrations/SalesforceFusionIAM/SalesforceFusionIAM.yml @@ -251,7 +251,7 @@ script: type: String - description: Retrieves a User Profile schema, which holds all of the user fields within the application. Used for outgoing-mapping through the Get Schema option. name: get-mapping-fields - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/SalesforceFusion/ReleaseNotes/1_0_20.md b/Packs/SalesforceFusion/ReleaseNotes/1_0_20.md new file mode 100644 index 000000000000..207d7c85be6f --- /dev/null +++ b/Packs/SalesforceFusion/ReleaseNotes/1_0_20.md @@ -0,0 +1,3 @@ +#### Integrations +##### Salesforce Fusion IAM +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/SalesforceFusion/pack_metadata.json b/Packs/SalesforceFusion/pack_metadata.json index faa9d712483c..77f87602acb1 100644 --- a/Packs/SalesforceFusion/pack_metadata.json +++ b/Packs/SalesforceFusion/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Salesforce Fusion", "description": "CRM Services", "support": "xsoar", - "currentVersion": "1.0.19", + "currentVersion": "1.0.20", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml b/Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml index b5e9963052c3..0f2e90191b0f 100644 --- a/Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml +++ b/Packs/SecurityIntelligenceServicesFeed/Integrations/SecurityIntelligenceServicesFeed/SecurityIntelligenceServicesFeed.yml @@ -128,7 +128,7 @@ script: name: search description: Gets indicators from Security Intelligence Services feed. Note- Indicators will fetch from the latest found object. name: sis-get-indicators - dockerimage: demisto/boto3py3:1.0.0.85072 + dockerimage: demisto/boto3py3:1.0.0.86592 feed: true runonce: false script: '-' diff --git a/Packs/SecurityIntelligenceServicesFeed/ReleaseNotes/1_0_34.md b/Packs/SecurityIntelligenceServicesFeed/ReleaseNotes/1_0_34.md new file mode 100644 index 000000000000..f9552a2b78c3 --- /dev/null +++ b/Packs/SecurityIntelligenceServicesFeed/ReleaseNotes/1_0_34.md @@ -0,0 +1,3 @@ +#### Integrations +##### Security Intelligence Services Feed +- Updated the Docker image to: *demisto/boto3py3:1.0.0.86592*. diff --git a/Packs/SecurityIntelligenceServicesFeed/pack_metadata.json b/Packs/SecurityIntelligenceServicesFeed/pack_metadata.json index 16eeedf6ee91..2bb27f47f2e3 100644 --- a/Packs/SecurityIntelligenceServicesFeed/pack_metadata.json +++ b/Packs/SecurityIntelligenceServicesFeed/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Security Intelligence Services Feed", "description": "A PassiveTotal with Security Intelligence Services Feed can provide you newly observed Domain, Malware, Phishing, Content and Scam Blacklist.", "support": "community", - "currentVersion": "1.0.33", + "currentVersion": "1.0.34", "author": "RiskIQ", "url": "https://www.riskiq.com/resources/support/", "email": "paloaltonetworks@riskiq.net", diff --git a/Packs/Securonix/Integrations/Securonix/Securonix.yml b/Packs/Securonix/Integrations/Securonix/Securonix.yml index 75e8634799ca..1da626cbdb21 100644 --- a/Packs/Securonix/Integrations/Securonix/Securonix.yml +++ b/Packs/Securonix/Integrations/Securonix/Securonix.yml @@ -1546,7 +1546,7 @@ script: required: true description: Deletes the entries from the lookup table. name: securonix-lookup-table-entries-delete - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/Securonix/ReleaseNotes/2_0_18.md b/Packs/Securonix/ReleaseNotes/2_0_18.md new file mode 100644 index 000000000000..dd7e71e0f9e7 --- /dev/null +++ b/Packs/Securonix/ReleaseNotes/2_0_18.md @@ -0,0 +1,3 @@ +#### Integrations +##### Securonix +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Securonix/pack_metadata.json b/Packs/Securonix/pack_metadata.json index a725473e1c46..16707e559048 100644 --- a/Packs/Securonix/pack_metadata.json +++ b/Packs/Securonix/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Securonix", "description": "Use the Securonix integration to manage incidents, threats, lookup tables, whitelists and watchlists.", "support": "partner", - "currentVersion": "2.0.17", + "currentVersion": "2.0.18", "author": "Securonix", "url": "https://www.securonix.com", "email": "support@securonix.com", diff --git a/Packs/SentinelOne/Integrations/SentinelOneEventCollector/SentinelOneEventCollector.yml b/Packs/SentinelOne/Integrations/SentinelOneEventCollector/SentinelOneEventCollector.yml index 3086536b0934..44565878a681 100644 --- a/Packs/SentinelOne/Integrations/SentinelOneEventCollector/SentinelOneEventCollector.yml +++ b/Packs/SentinelOne/Integrations/SentinelOneEventCollector/SentinelOneEventCollector.yml @@ -72,7 +72,7 @@ script: name: limit description: Gets events from SentinelOne. name: sentinelone-get-events - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetchevents: true script: '-' subtype: python3 diff --git a/Packs/SentinelOne/ReleaseNotes/3_2_20.md b/Packs/SentinelOne/ReleaseNotes/3_2_20.md new file mode 100644 index 000000000000..fb2fef7543c8 --- /dev/null +++ b/Packs/SentinelOne/ReleaseNotes/3_2_20.md @@ -0,0 +1,3 @@ +#### Integrations +##### SentinelOne Event Collector +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/SentinelOne/pack_metadata.json b/Packs/SentinelOne/pack_metadata.json index b78e5d55e769..c289eeee9799 100644 --- a/Packs/SentinelOne/pack_metadata.json +++ b/Packs/SentinelOne/pack_metadata.json @@ -2,7 +2,7 @@ "name": "SentinelOne", "description": "Endpoint protection", "support": "partner", - "currentVersion": "3.2.19", + "currentVersion": "3.2.20", "author": "SentinelOne", "url": "https://www.sentinelone.com/support/", "email": "support@sentinelone.com", diff --git a/Packs/ServiceDeskPlus/Integrations/ServiceDeskPlus/ServiceDeskPlus.yml b/Packs/ServiceDeskPlus/Integrations/ServiceDeskPlus/ServiceDeskPlus.yml index 4c567958fa20..ee4a8d4d4329 100644 --- a/Packs/ServiceDeskPlus/Integrations/ServiceDeskPlus/ServiceDeskPlus.yml +++ b/Packs/ServiceDeskPlus/Integrations/ServiceDeskPlus/ServiceDeskPlus.yml @@ -542,7 +542,7 @@ script: required: true description: Closes the specified request. name: service-desk-plus-request-close - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/ServiceDeskPlus/ReleaseNotes/2_0_28.md b/Packs/ServiceDeskPlus/ReleaseNotes/2_0_28.md new file mode 100644 index 000000000000..4c6db41cb006 --- /dev/null +++ b/Packs/ServiceDeskPlus/ReleaseNotes/2_0_28.md @@ -0,0 +1,3 @@ +#### Integrations +##### Service Desk Plus +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/ServiceDeskPlus/pack_metadata.json b/Packs/ServiceDeskPlus/pack_metadata.json index 511d88fef6ee..ef6b9edc661f 100644 --- a/Packs/ServiceDeskPlus/pack_metadata.json +++ b/Packs/ServiceDeskPlus/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Manage Engine Service Desk Plus", "description": "IT service management.", "support": "xsoar", - "currentVersion": "2.0.27", + "currentVersion": "2.0.28", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Silverfort/Integrations/Silverfort/Silverfort.yml b/Packs/Silverfort/Integrations/Silverfort/Silverfort.yml index 4fb6ad8b9839..94bfc2b365b5 100755 --- a/Packs/Silverfort/Integrations/Silverfort/Silverfort.yml +++ b/Packs/Silverfort/Integrations/Silverfort/Silverfort.yml @@ -117,7 +117,7 @@ script: required: true description: Update the resource entity risk. name: silverfort-update-resource-risk - dockerimage: demisto/auth-utils:1.0.0.84760 + dockerimage: demisto/auth-utils:1.0.0.86556 runonce: false script: '-' subtype: python3 diff --git a/Packs/Silverfort/ReleaseNotes/2_0_23.md b/Packs/Silverfort/ReleaseNotes/2_0_23.md new file mode 100644 index 000000000000..0dd961f4eaa1 --- /dev/null +++ b/Packs/Silverfort/ReleaseNotes/2_0_23.md @@ -0,0 +1,3 @@ +#### Integrations +##### Silverfort +- Updated the Docker image to: *demisto/auth-utils:1.0.0.86556*. diff --git a/Packs/Silverfort/pack_metadata.json b/Packs/Silverfort/pack_metadata.json index 84b15beb2779..589a0a59ab37 100644 --- a/Packs/Silverfort/pack_metadata.json +++ b/Packs/Silverfort/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Silverfort", "description": "Silverfort protects organizations from data breaches by delivering strong authentication across entire corporate networks and cloud environments, without requiring any modifications to endpoints or servers. Using patent-pending technology, Silverfort's agentless approach enables multi-factor authentication and AI-driven adaptive authentication even for systems that don’t support it today, including proprietary systems, critical infrastructure, shared folders, IoT devices, and more. Use Silverfort integration to get & update Silverfort risk severity. This integration was integrated and tested with Silverfort version 2.12.", "support": "partner", - "currentVersion": "2.0.22", + "currentVersion": "2.0.23", "author": "Silverfort", "url": "https://support.silverfort.com/", "email": "support@silverfort.com", diff --git a/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.yml b/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.yml index 02695a9ee418..8145d94fb670 100644 --- a/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.yml +++ b/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed/Sixgill_Darkfeed.yml @@ -125,7 +125,7 @@ script: description: Fetching Sixgill DarkFeed indicators execution: true name: sixgill-get-indicators - dockerimage: demisto/sixgill:1.0.0.84784 + dockerimage: demisto/sixgill:1.0.0.86489 feed: true runonce: false subtype: python3 diff --git a/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed_Enrichment/Sixgill_Darkfeed_Enrichment.yml b/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed_Enrichment/Sixgill_Darkfeed_Enrichment.yml index 0a67d031fa47..88bfc46cd155 100644 --- a/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed_Enrichment/Sixgill_Darkfeed_Enrichment.yml +++ b/Packs/Sixgill-Darkfeed/Integrations/Sixgill_Darkfeed_Enrichment/Sixgill_Darkfeed_Enrichment.yml @@ -550,7 +550,7 @@ script: - contextPath: SixgillDarkfeed.Postid.external_reference description: Link to the IOC on Virustotal and an abstraction of the number of detections; MITRE ATT&CK tactics and techniques. type: Unknown - dockerimage: demisto/sixgill:1.0.0.84784 + dockerimage: demisto/sixgill:1.0.0.86489 runonce: false script: '-' subtype: python3 diff --git a/Packs/Sixgill-Darkfeed/ReleaseNotes/2_2_16.md b/Packs/Sixgill-Darkfeed/ReleaseNotes/2_2_16.md new file mode 100644 index 000000000000..ddfa8937c6ac --- /dev/null +++ b/Packs/Sixgill-Darkfeed/ReleaseNotes/2_2_16.md @@ -0,0 +1,5 @@ +#### Integrations +##### Sixgill DarkFeed Enrichment +- Updated the Docker image to: *demisto/sixgill:1.0.0.86489*. +##### Sixgill DarkFeed Threat Intelligence +- Updated the Docker image to: *demisto/sixgill:1.0.0.86489*. diff --git a/Packs/Sixgill-Darkfeed/pack_metadata.json b/Packs/Sixgill-Darkfeed/pack_metadata.json index 80dbb9d8bd62..b9064d05c608 100644 --- a/Packs/Sixgill-Darkfeed/pack_metadata.json +++ b/Packs/Sixgill-Darkfeed/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Sixgill Darkfeed - Annual Subscription", "description": "This edition of Sixgill Darkfeed is intended for customers who have a direct annual subscription to Sixgill Darkfeed.\n\nGet contextual and actionable insights to proactively block underground threats in real-time with the most comprehensive, automated stream of IOCs \n\nFor organizations who are currently Darkfeed customers.", "support": "partner", - "currentVersion": "2.2.15", + "currentVersion": "2.2.16", "author": "Cybersixgill", "url": "", "email": "sales@cybersixgill.com", diff --git a/Packs/Slack/Integrations/SlackV3/README.md b/Packs/Slack/Integrations/SlackV3/README.md index 658e076789a4..c35bf51b0820 100644 --- a/Packs/Slack/Integrations/SlackV3/README.md +++ b/Packs/Slack/Integrations/SlackV3/README.md @@ -607,23 +607,6 @@ There is no context output for this command. > The message was successfully pinned. -### Known Limitations - -- All commands which use `channel` as a parameter, it is now advised to use `channel-id` using the channel ID found in - the incident's context under the `Slack.Channels.ID` value. Using `channel-id` as opposed to `channel` will improve - the performance of the integration. -- SlackV3 mirrors incidents by listening to messages being sent in channels the bot has been added to. - Because of this, you may have some users in Slack who are not users in Cortex XSOAR. This will occasionally cause the - module - health to indicate that an error has occurred because a user was unable to be found. In this circumstance, the error - is expected and is purely cosmetic in nature. -- In some cases when mirroring an investigation, kicking the admin will cause no further actions to be able to be - performed by the bot. Any subsequent actions taken on the channel (such as mirror out) will result in a "not in - channel" error. -- Note: If a dedicated channel is configured, however there are no notifications being sent, verify that the *Types of - Notifications* to send parameter is populated. -- ***mirror-investigation*** will only mirror chat messages between XSOAR and Slack. Images, threads, and files are not - supported at this tme. ### slack-get-integration-context @@ -728,10 +711,28 @@ Retrieves replies to specific messages, regardless of whether it's from a public #### Context Output There is no context output for this command. -``` + +## Known Limitations + +- All commands which use `channel` as a parameter, it is now advised to use `channel-id` using the channel ID found in + the incident's context under the `Slack.Channels.ID` value. Using `channel-id` as opposed to `channel` will improve + the performance of the integration. +- SlackV3 mirrors incidents by listening to messages being sent in channels the bot has been added to. + Because of this, you may have some users in Slack who are not users in Cortex XSOAR. This will occasionally cause the + module + health to indicate that an error has occurred because a user was unable to be found. In this circumstance, the error + is expected and is purely cosmetic in nature. +- In some cases when mirroring an investigation, kicking the admin will cause no further actions to be able to be + performed by the bot. Any subsequent actions taken on the channel (such as mirror out) will result in a "not in + channel" error. +- Note: If a dedicated channel is configured, however there are no notifications being sent, verify that the *Types of + Notifications* to send parameter is populated. +- ***mirror-investigation*** will only mirror chat messages between Cortex XSOAR and Slack. Images, threads, and files are not supported at this tme. ## Troubleshooting ---- + **Issue**: The survey sent from SlackBlockBuilder is sent to Slack and submitted successfully, but the response does not show up in context data in Cortex XSOAR. -**Resolution**: The most likely cause is that there is no API key entered into the Slack v3 integration instance settings, or the API key was not created by the default admin user. Ensure that an API key created by a default admin user is entered into the Slack v3 integration instance settings. Also, make sure to mark the **Trust any certificate (not secure)** integration parameter. \ No newline at end of file +**Resolution**: The most likely cause is that there is no API key entered into the Slack v3 integration instance settings, or the API key was not created by the default admin user. Ensure that an API key created by a default admin user is entered into the Slack v3 integration instance settings. Also, make sure to mark the **Trust any certificate (not secure)** integration parameter. + + diff --git a/Packs/SophosXGFirewall/Integrations/SophosXGFirewall/SophosXGFirewall.yml b/Packs/SophosXGFirewall/Integrations/SophosXGFirewall/SophosXGFirewall.yml index e4b7b64e7be9..8ac3b2543b70 100644 --- a/Packs/SophosXGFirewall/Integrations/SophosXGFirewall/SophosXGFirewall.yml +++ b/Packs/SophosXGFirewall/Integrations/SophosXGFirewall/SophosXGFirewall.yml @@ -2913,7 +2913,7 @@ script: - contextPath: SophosFirewall.WebFilterPolicy.IsDeleted description: Whether the policy is deleted. type: Bool - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/SophosXGFirewall/ReleaseNotes/1_1_5.md b/Packs/SophosXGFirewall/ReleaseNotes/1_1_5.md new file mode 100644 index 000000000000..5231aedc6d17 --- /dev/null +++ b/Packs/SophosXGFirewall/ReleaseNotes/1_1_5.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Sophos Firewall + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/SophosXGFirewall/pack_metadata.json b/Packs/SophosXGFirewall/pack_metadata.json index 4d8089073ca1..76bdc9b1703a 100644 --- a/Packs/SophosXGFirewall/pack_metadata.json +++ b/Packs/SophosXGFirewall/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Sophos XG Firewall", "description": "Use the Sophos XG Firewall to manage your firewall, detect and respond to threats on your network.", "support": "xsoar", - "currentVersion": "1.1.4", + "currentVersion": "1.1.5", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", @@ -11,8 +11,7 @@ "Network Security" ], "tags": [], - "useCases": [ - ], + "useCases": [], "keywords": [], "marketplaces": [ "xsoar", diff --git a/Packs/Stealthwatch_Cloud/Integrations/Stealthwatch_Cloud/Stealthwatch_Cloud.yml b/Packs/Stealthwatch_Cloud/Integrations/Stealthwatch_Cloud/Stealthwatch_Cloud.yml index dee45ddd7a1b..3a736f35d44e 100644 --- a/Packs/Stealthwatch_Cloud/Integrations/Stealthwatch_Cloud/Stealthwatch_Cloud.yml +++ b/Packs/Stealthwatch_Cloud/Integrations/Stealthwatch_Cloud/Stealthwatch_Cloud.yml @@ -322,7 +322,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 tests: - No test fromversion: 5.0.0 diff --git a/Packs/Stealthwatch_Cloud/ReleaseNotes/1_0_13.md b/Packs/Stealthwatch_Cloud/ReleaseNotes/1_0_13.md new file mode 100644 index 000000000000..a275ef16d755 --- /dev/null +++ b/Packs/Stealthwatch_Cloud/ReleaseNotes/1_0_13.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Cisco Secure Cloud Analytics (Stealthwatch Cloud) + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Stealthwatch_Cloud/pack_metadata.json b/Packs/Stealthwatch_Cloud/pack_metadata.json index c30274ab8e11..f0b54d3e877e 100644 --- a/Packs/Stealthwatch_Cloud/pack_metadata.json +++ b/Packs/Stealthwatch_Cloud/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cisco Secure Cloud Analytics (Stealthwatch Cloud)", "description": "Protect your cloud assets and private network", "support": "xsoar", - "currentVersion": "1.0.12", + "currentVersion": "1.0.13", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/SymantecCloudSecureWebGateway/Integrations/SymantecCloudSecureWebGatewayEventCollector/SymantecCloudSecureWebGatewayEventCollector.yml b/Packs/SymantecCloudSecureWebGateway/Integrations/SymantecCloudSecureWebGatewayEventCollector/SymantecCloudSecureWebGatewayEventCollector.yml index 2a2d0c2f9d98..bc50c1b9cebf 100644 --- a/Packs/SymantecCloudSecureWebGateway/Integrations/SymantecCloudSecureWebGatewayEventCollector/SymantecCloudSecureWebGatewayEventCollector.yml +++ b/Packs/SymantecCloudSecureWebGateway/Integrations/SymantecCloudSecureWebGatewayEventCollector/SymantecCloudSecureWebGatewayEventCollector.yml @@ -41,7 +41,7 @@ configuration: section: Collect script: commands: [] - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 longRunning: true script: "" subtype: python3 diff --git a/Packs/SymantecCloudSecureWebGateway/ReleaseNotes/1_0_3.md b/Packs/SymantecCloudSecureWebGateway/ReleaseNotes/1_0_3.md new file mode 100644 index 000000000000..7c65d7365453 --- /dev/null +++ b/Packs/SymantecCloudSecureWebGateway/ReleaseNotes/1_0_3.md @@ -0,0 +1,3 @@ +#### Integrations +##### Symantec Cloud Secure Web Gateway Event Collector +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/SymantecCloudSecureWebGateway/pack_metadata.json b/Packs/SymantecCloudSecureWebGateway/pack_metadata.json index c919e337d99f..1e4e076eb5e2 100644 --- a/Packs/SymantecCloudSecureWebGateway/pack_metadata.json +++ b/Packs/SymantecCloudSecureWebGateway/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Symantec Cloud Secure Web Gateway", "description": "Symantec Cloud Secure Web Gateway (SWG) is a cutting-edge cybersecurity solution designed to provide robust protection and control over internet traffic within organizations. Leveraging advanced threat intelligence, real-time content analysis, and secure web access policies, Symantec Cloud SWG ensures a secure and compliant online environment for users.", "support": "xsoar", - "currentVersion": "1.0.2", + "currentVersion": "1.0.3", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Tanium/Integrations/Tanium_v2/Tanium_v2.yml b/Packs/Tanium/Integrations/Tanium_v2/Tanium_v2.yml index e6d4f9d9d165..85f3d6a3b138 100644 --- a/Packs/Tanium/Integrations/Tanium_v2/Tanium_v2.yml +++ b/Packs/Tanium/Integrations/Tanium_v2/Tanium_v2.yml @@ -1353,7 +1353,7 @@ script: - contextPath: Tanium.ActionResult.ID description: The action results ID. type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 script: '' subtype: python3 type: python diff --git a/Packs/Tanium/ReleaseNotes/1_0_29.md b/Packs/Tanium/ReleaseNotes/1_0_29.md new file mode 100644 index 000000000000..0e7d58eeabfd --- /dev/null +++ b/Packs/Tanium/ReleaseNotes/1_0_29.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Tanium v2 + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Tanium/pack_metadata.json b/Packs/Tanium/pack_metadata.json index 7ef5a5909e38..3be1e6797a6e 100644 --- a/Packs/Tanium/pack_metadata.json +++ b/Packs/Tanium/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Tanium", "description": "Tanium endpoint security and systems management", "support": "xsoar", - "currentVersion": "1.0.28", + "currentVersion": "1.0.29", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/ThreatConnect/Integrations/ThreatConnectV3/ThreatConnectV3.yml b/Packs/ThreatConnect/Integrations/ThreatConnectV3/ThreatConnectV3.yml index fe7307c7fc1c..79626dac6adf 100644 --- a/Packs/ThreatConnect/Integrations/ThreatConnectV3/ThreatConnectV3.yml +++ b/Packs/ThreatConnect/Integrations/ThreatConnectV3/ThreatConnectV3.yml @@ -2959,7 +2959,7 @@ script: - contextPath: TC.AttributeType.TC.AttributeType.validationRule.version description: The attribute type validation rule version. type: string - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true script: '' subtype: python3 diff --git a/Packs/ThreatConnect/ReleaseNotes/3_1_1.md b/Packs/ThreatConnect/ReleaseNotes/3_1_1.md new file mode 100644 index 000000000000..4fa84737c218 --- /dev/null +++ b/Packs/ThreatConnect/ReleaseNotes/3_1_1.md @@ -0,0 +1,3 @@ +#### Integrations +##### ThreatConnect v3 +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/ThreatConnect/pack_metadata.json b/Packs/ThreatConnect/pack_metadata.json index 74afbbc39495..48907450eeef 100644 --- a/Packs/ThreatConnect/pack_metadata.json +++ b/Packs/ThreatConnect/pack_metadata.json @@ -2,7 +2,7 @@ "name": "ThreatConnect", "description": "Threat intelligence platform.", "support": "xsoar", - "currentVersion": "3.1.0", + "currentVersion": "3.1.1", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/ThreatIntelligenceManagement/ReleaseNotes/1_1_9.md b/Packs/ThreatIntelligenceManagement/ReleaseNotes/1_1_9.md new file mode 100644 index 000000000000..6ca6a86d2fe1 --- /dev/null +++ b/Packs/ThreatIntelligenceManagement/ReleaseNotes/1_1_9.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### ThreatIntelManagementGetIncidentsPerFeed + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/ThreatIntelligenceManagement/Scripts/ThreatIntelligenceManagementGetIncidentsPerFeed/ThreatIntelligenceManagementGetIncidentsPerFeed.yml b/Packs/ThreatIntelligenceManagement/Scripts/ThreatIntelligenceManagementGetIncidentsPerFeed/ThreatIntelligenceManagementGetIncidentsPerFeed.yml index f4d34df3a6e0..36eeb71aea6d 100644 --- a/Packs/ThreatIntelligenceManagement/Scripts/ThreatIntelligenceManagementGetIncidentsPerFeed/ThreatIntelligenceManagementGetIncidentsPerFeed.yml +++ b/Packs/ThreatIntelligenceManagement/Scripts/ThreatIntelligenceManagementGetIncidentsPerFeed/ThreatIntelligenceManagementGetIncidentsPerFeed.yml @@ -14,7 +14,7 @@ tags: subtype: python3 timeout: '0' type: python -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.5.0 tests: - No tests (auto formatted) diff --git a/Packs/ThreatIntelligenceManagement/pack_metadata.json b/Packs/ThreatIntelligenceManagement/pack_metadata.json index 5e431ec1b165..d46659669b2e 100644 --- a/Packs/ThreatIntelligenceManagement/pack_metadata.json +++ b/Packs/ThreatIntelligenceManagement/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Threat Intelligence Management", "description": "Threat Intelligence Management Pack", "support": "xsoar", - "currentVersion": "1.1.8", + "currentVersion": "1.1.9", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/ThreatQ/Integrations/ThreatQ_v2/ThreatQ_v2.yml b/Packs/ThreatQ/Integrations/ThreatQ_v2/ThreatQ_v2.yml index 53bf47a9a857..dfe3372394bb 100644 --- a/Packs/ThreatQ/Integrations/ThreatQ_v2/ThreatQ_v2.yml +++ b/Packs/ThreatQ/Integrations/ThreatQ_v2/ThreatQ_v2.yml @@ -1888,7 +1888,7 @@ script: deprecated: true description: Runs an advanced indicator search. name: threatq-advanced-search - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 script: '' subtype: python3 type: python diff --git a/Packs/ThreatQ/ReleaseNotes/1_0_26.md b/Packs/ThreatQ/ReleaseNotes/1_0_26.md new file mode 100644 index 000000000000..fbdc31e889ac --- /dev/null +++ b/Packs/ThreatQ/ReleaseNotes/1_0_26.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### ThreatQ v2 + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/ThreatQ/pack_metadata.json b/Packs/ThreatQ/pack_metadata.json index dd7e74f61368..420cf55f9e59 100644 --- a/Packs/ThreatQ/pack_metadata.json +++ b/Packs/ThreatQ/pack_metadata.json @@ -2,7 +2,7 @@ "name": "ThreatQ", "description": "Platform for collecting and interpreting intelligence data from open sources and managing indicator scores, types, and attributes.", "support": "xsoar", - "currentVersion": "1.0.25", + "currentVersion": "1.0.26", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/ThreatX/Integrations/ThreatX/ThreatX.yml b/Packs/ThreatX/Integrations/ThreatX/ThreatX.yml index bf158318dd1f..33fe97f51c45 100644 --- a/Packs/ThreatX/Integrations/ThreatX/ThreatX.yml +++ b/Packs/ThreatX/Integrations/ThreatX/ThreatX.yml @@ -189,7 +189,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 fromversion: 5.0.0 tests: - No tests (auto formatted) diff --git a/Packs/ThreatX/ReleaseNotes/1_0_10.md b/Packs/ThreatX/ReleaseNotes/1_0_10.md new file mode 100644 index 000000000000..a54ad6d81e97 --- /dev/null +++ b/Packs/ThreatX/ReleaseNotes/1_0_10.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### ThreatX + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/ThreatX/pack_metadata.json b/Packs/ThreatX/pack_metadata.json index ff589a6a0109..c30e34816f16 100644 --- a/Packs/ThreatX/pack_metadata.json +++ b/Packs/ThreatX/pack_metadata.json @@ -2,7 +2,7 @@ "name": "ThreatX", "description": "The ThreatX integration allows automated enforcement and intel gathering actions.", "support": "xsoar", - "currentVersion": "1.0.9", + "currentVersion": "1.0.10", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/TrendMicroCAS/Integrations/TrendMicroCAS/TrendMicroCAS.yml b/Packs/TrendMicroCAS/Integrations/TrendMicroCAS/TrendMicroCAS.yml index b094dc8f91d1..e93f9919ba4c 100644 --- a/Packs/TrendMicroCAS/Integrations/TrendMicroCAS/TrendMicroCAS.yml +++ b/Packs/TrendMicroCAS/Integrations/TrendMicroCAS/TrendMicroCAS.yml @@ -578,7 +578,7 @@ script: - contextPath: TrendMicroCAS.BlockedList.urls description: A list of blocked URLs. type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/TrendMicroCAS/ReleaseNotes/1_1_6.md b/Packs/TrendMicroCAS/ReleaseNotes/1_1_6.md new file mode 100644 index 000000000000..4a26dc9cad39 --- /dev/null +++ b/Packs/TrendMicroCAS/ReleaseNotes/1_1_6.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Trend Micro Cloud App Security + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/TrendMicroCAS/pack_metadata.json b/Packs/TrendMicroCAS/pack_metadata.json index 7a3bcfc57c22..86cefaaf7c87 100644 --- a/Packs/TrendMicroCAS/pack_metadata.json +++ b/Packs/TrendMicroCAS/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Trend Micro Cloud App Security", "description": "Use Trend Micro - Cloud App Security to: Log retrieval - Threat investigation: - Threat mitigation - Threat remediation - Intelligent investigation.", "support": "xsoar", - "currentVersion": "1.1.5", + "currentVersion": "1.1.6", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/TrendMicroDDA/Integrations/TrendMicroDDA/TrendMicroDDA.yml b/Packs/TrendMicroDDA/Integrations/TrendMicroDDA/TrendMicroDDA.yml index 70086777633d..1585679860a1 100644 --- a/Packs/TrendMicroDDA/Integrations/TrendMicroDDA/TrendMicroDDA.yml +++ b/Packs/TrendMicroDDA/Integrations/TrendMicroDDA/TrendMicroDDA.yml @@ -279,7 +279,7 @@ script: defaultValue: "1" description: Retrieves a brief XML report of a given submission runonce: false - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 beta: true tests: - No Test - run "Test Playbook TrendMicroDDA" manually diff --git a/Packs/TrendMicroDDA/ReleaseNotes/1_0_16.md b/Packs/TrendMicroDDA/ReleaseNotes/1_0_16.md new file mode 100644 index 000000000000..6b5b3274d9ea --- /dev/null +++ b/Packs/TrendMicroDDA/ReleaseNotes/1_0_16.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Trend Micro Deep Discovery Analyzer (Beta) + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/TrendMicroDDA/pack_metadata.json b/Packs/TrendMicroDDA/pack_metadata.json index d7f7d4db0b00..156e35576db6 100644 --- a/Packs/TrendMicroDDA/pack_metadata.json +++ b/Packs/TrendMicroDDA/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Trend Micro Deep Discovery Analyzer", "description": "Deep Discovery Analyzer is a turnkey appliance that uses virtual images of endpoint configurations to analyze and detect targeted attacks.", "support": "xsoar", - "currentVersion": "1.0.15", + "currentVersion": "1.0.16", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Troubleshoot/ReleaseNotes/2_0_16.md b/Packs/Troubleshoot/ReleaseNotes/2_0_16.md new file mode 100644 index 000000000000..925c342ab164 --- /dev/null +++ b/Packs/Troubleshoot/ReleaseNotes/2_0_16.md @@ -0,0 +1,4 @@ + +#### Scripts +##### CertificatesTroubleshoot +- Updated the Docker image to: *demisto/auth-utils:1.0.0.86556*. \ No newline at end of file diff --git a/Packs/Troubleshoot/Scripts/CertificatesTroubleshoot/CertificatesTroubleshoot.yml b/Packs/Troubleshoot/Scripts/CertificatesTroubleshoot/CertificatesTroubleshoot.yml index 60176fddad6f..b32d17e1080b 100644 --- a/Packs/Troubleshoot/Scripts/CertificatesTroubleshoot/CertificatesTroubleshoot.yml +++ b/Packs/Troubleshoot/Scripts/CertificatesTroubleshoot/CertificatesTroubleshoot.yml @@ -337,7 +337,7 @@ tags: - Utility timeout: '0' type: python -dockerimage: demisto/auth-utils:1.0.0.84760 +dockerimage: demisto/auth-utils:1.0.0.86556 runas: DBotWeakRole tests: - No tests (auto formatted) diff --git a/Packs/Troubleshoot/pack_metadata.json b/Packs/Troubleshoot/pack_metadata.json index e406f9749f85..ec30e57ef6d6 100644 --- a/Packs/Troubleshoot/pack_metadata.json +++ b/Packs/Troubleshoot/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Troubleshoot", "description": "Use this pack to troubleshoot your environment.", "support": "xsoar", - "currentVersion": "2.0.15", + "currentVersion": "2.0.16", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/TrustwaveSEG/Integrations/TrustwaveSEG/TrustwaveSEG.yml b/Packs/TrustwaveSEG/Integrations/TrustwaveSEG/TrustwaveSEG.yml index 3b59538d4333..164f7b68a2c0 100644 --- a/Packs/TrustwaveSEG/Integrations/TrustwaveSEG/TrustwaveSEG.yml +++ b/Packs/TrustwaveSEG/Integrations/TrustwaveSEG/TrustwaveSEG.yml @@ -644,7 +644,7 @@ script: required: true description: Forwards a message to Spiderlabs as spam. name: trustwave-seg-spiderlabs-forward-quarantine-message-as-spam - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/TrustwaveSEG/ReleaseNotes/1_0_8.md b/Packs/TrustwaveSEG/ReleaseNotes/1_0_8.md new file mode 100644 index 000000000000..2f0360495b66 --- /dev/null +++ b/Packs/TrustwaveSEG/ReleaseNotes/1_0_8.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Trustwave Secure Email Gateway + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/TrustwaveSEG/pack_metadata.json b/Packs/TrustwaveSEG/pack_metadata.json index 7a9413b20cb2..58ee03c39958 100644 --- a/Packs/TrustwaveSEG/pack_metadata.json +++ b/Packs/TrustwaveSEG/pack_metadata.json @@ -2,7 +2,7 @@ "name": "TrustwaveSEG", "description": "Trustwave SEG is a secure messaging solution that protects businesses and users from email-borne threats, including phishing, blended threats, and spam. Trustwave Secure Email Gateway also delivers improved policy enforcement and data leakage prevention.", "support": "xsoar", - "currentVersion": "1.0.7", + "currentVersion": "1.0.8", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Unit42Intel/Integrations/FeedUnit42IntelObjects/FeedUnit42IntelObjects.yml b/Packs/Unit42Intel/Integrations/FeedUnit42IntelObjects/FeedUnit42IntelObjects.yml index 8234db03080d..d34b3bb0b3dd 100644 --- a/Packs/Unit42Intel/Integrations/FeedUnit42IntelObjects/FeedUnit42IntelObjects.yml +++ b/Packs/Unit42Intel/Integrations/FeedUnit42IntelObjects/FeedUnit42IntelObjects.yml @@ -113,7 +113,7 @@ script: name: limit description: Gets indicators from the feed. name: unit42intel-objects-feed-get-indicators - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 feed: true runonce: false script: '-' diff --git a/Packs/Unit42Intel/ReleaseNotes/1_0_20.md b/Packs/Unit42Intel/ReleaseNotes/1_0_20.md new file mode 100644 index 000000000000..e9fc12fe2508 --- /dev/null +++ b/Packs/Unit42Intel/ReleaseNotes/1_0_20.md @@ -0,0 +1,3 @@ +#### Integrations +##### Unit 42 Intel Objects Feed +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Unit42Intel/pack_metadata.json b/Packs/Unit42Intel/pack_metadata.json index 5a44c83895bf..c3def818b6f0 100644 --- a/Packs/Unit42Intel/pack_metadata.json +++ b/Packs/Unit42Intel/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Unit 42 Intel", "description": "Use the Unit 42 Intel pack to enrich your Threat Intel Library with Palo Alto Networks threat intelligence.", "support": "xsoar", - "currentVersion": "1.0.19", + "currentVersion": "1.0.20", "author": "Cortex XSOAR", "serverMinVersion": "6.5.0", "url": "https://www.paloaltonetworks.com/cortex", diff --git a/Packs/VMwareWorkspaceONEUEM/Integrations/VMwareWorkspaceONEUEM/VMwareWorkspaceONEUEM.yml b/Packs/VMwareWorkspaceONEUEM/Integrations/VMwareWorkspaceONEUEM/VMwareWorkspaceONEUEM.yml index 58af7e43d23d..225192e7e7a0 100644 --- a/Packs/VMwareWorkspaceONEUEM/Integrations/VMwareWorkspaceONEUEM/VMwareWorkspaceONEUEM.yml +++ b/Packs/VMwareWorkspaceONEUEM/Integrations/VMwareWorkspaceONEUEM/VMwareWorkspaceONEUEM.yml @@ -576,7 +576,7 @@ script: - contextPath: VMwareWorkspaceONEUEM.OSUpdate.OSUpdateList.Uuid description: The universally unique identifier of the OS update. type: String - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/VMwareWorkspaceONEUEM/ReleaseNotes/1_0_17.md b/Packs/VMwareWorkspaceONEUEM/ReleaseNotes/1_0_17.md new file mode 100644 index 000000000000..efa373625881 --- /dev/null +++ b/Packs/VMwareWorkspaceONEUEM/ReleaseNotes/1_0_17.md @@ -0,0 +1,3 @@ +#### Integrations +##### VMware Workspace ONE UEM (AirWatch MDM) +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/VMwareWorkspaceONEUEM/pack_metadata.json b/Packs/VMwareWorkspaceONEUEM/pack_metadata.json index c71b321042b6..9fd036c682b0 100644 --- a/Packs/VMwareWorkspaceONEUEM/pack_metadata.json +++ b/Packs/VMwareWorkspaceONEUEM/pack_metadata.json @@ -2,7 +2,7 @@ "name": "VMware Workspace ONE UEM", "description": "VMware workspace ONE UEM allows users to search enrolled corporate or employee-owned devices, provides detailed information about each device such as its serial number, installed OS's, pending OS updates, network details, and much more leveraging Workspace ONE UEM's (formerly AirWatch MDM) API.", "support": "xsoar", - "currentVersion": "1.0.16", + "currentVersion": "1.0.17", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/VaronisSaaS/Integrations/VaronisSaaS/VaronisSaaS.yml b/Packs/VaronisSaaS/Integrations/VaronisSaaS/VaronisSaaS.yml index dde9dcf892da..82ace5b418a8 100644 --- a/Packs/VaronisSaaS/Integrations/VaronisSaaS/VaronisSaaS.yml +++ b/Packs/VaronisSaaS/Integrations/VaronisSaaS/VaronisSaaS.yml @@ -565,7 +565,7 @@ script: description: Predefined/User-defined. type: String name: varonis-get-threat-models - dockerimage: demisto/python3:3.10.13.85667 + dockerimage: demisto/python3:3.10.13.86272 feed: false isfetch: true longRunning: false diff --git a/Packs/VaronisSaaS/ReleaseNotes/1_0_1.md b/Packs/VaronisSaaS/ReleaseNotes/1_0_1.md new file mode 100644 index 000000000000..4ad9ce83cf47 --- /dev/null +++ b/Packs/VaronisSaaS/ReleaseNotes/1_0_1.md @@ -0,0 +1,3 @@ +#### Integrations +##### Varonis SaaS +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/VaronisSaaS/pack_metadata.json b/Packs/VaronisSaaS/pack_metadata.json index 72b34b3a8118..1ec55dee7afb 100644 --- a/Packs/VaronisSaaS/pack_metadata.json +++ b/Packs/VaronisSaaS/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Varonis SaaS", "description": "Streamline alerts, events and related forensic information from Varonis SaaS", "support": "partner", - "currentVersion": "1.0.0", + "currentVersion": "1.0.1", "author": "Varonis", "url": "https://www.varonis.com/support", "email": "", diff --git a/Packs/WebFileRepository/Integrations/WebFileRepository/README.md b/Packs/WebFileRepository/Integrations/WebFileRepository/README.md index b7e28556921b..978b95207450 100644 --- a/Packs/WebFileRepository/Integrations/WebFileRepository/README.md +++ b/Packs/WebFileRepository/Integrations/WebFileRepository/README.md @@ -103,6 +103,33 @@ Remove all the files from the repository There is no context output for this command. + +### wfr-upload-as-file + +*** +Upload a file from data to the repository. + + +#### Base Command + +`wfr-upload-as-file` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| file_name | The name of the file. | Required | +| data | Input data to create the file. | Optional | +| encoding | Encoding type of the input data. Default is utf-8. | Optional | +| extract_archive | Set to true to extract files to archive files, otherwise false. Possible values are: true, false. Default is false. | Optional | +| upload_directory | The directory path where to upload. Default is /. | Optional | + + +#### Context Output + +There is no context output for this command. + + ### wfr-upload-file *** diff --git a/Packs/WebFileRepository/Integrations/WebFileRepository/WebFileRepository.py b/Packs/WebFileRepository/Integrations/WebFileRepository/WebFileRepository.py index c538d4cc5771..6aaf7771b0b2 100644 --- a/Packs/WebFileRepository/Integrations/WebFileRepository/WebFileRepository.py +++ b/Packs/WebFileRepository/Integrations/WebFileRepository/WebFileRepository.py @@ -19,8 +19,8 @@ from email import parser as email_parser from enum import Enum from tempfile import NamedTemporaryFile -from typing import (IO, Any, Callable, Dict, Generator, List, Optional, Set, - Tuple, Union) +from typing import (IO, Any) +from collections.abc import Callable, Generator import bottle from bottle import BaseRequest, HTTPResponse @@ -1603,7 +1603,7 @@ dFVwwzDRxgIAAMYCAAAOACQAAAAAAAAAIAAAACBDAQBmaV91bmtub3duLnBuZwoAIAAAAAAA AQAYAPbxqWe5/NgB/RpAo7n82AElXftTrfzYAVBLBQYAAAAABgAGAEICAAASRgEAAAA= ''' -RESOURCES_ZIP: Optional[zipfile.ZipFile] = None +RESOURCES_ZIP: zipfile.ZipFile | None = None DEFAULT_MIME_TYPES = ''' { @@ -2917,17 +2917,17 @@ class Settings: @staticmethod - def parse_attachment_exts(text: str) -> Set[str]: + def parse_attachment_exts(text: str) -> set[str]: """ Parse a text to build a attachment extentions. :param text: A attachment extentions configuration :return: A set of extentions. """ - return set(ext if ext == '*' or ext.startswith('.') else f'.{ext}' - for ext in text.replace(',', ' ').split()) + return {ext if ext == '*' or ext.startswith('.') else f'.{ext}' + for ext in text.replace(',', ' ').split()} @staticmethod - def parse_mime_types(text: str) -> Dict[str, str]: + def parse_mime_types(text: str) -> dict[str, str]: """ Parse a text to build a mime type mapping to extensions :param text: A mapping configuration @@ -2948,7 +2948,7 @@ def parse_mime_types(text: str) -> Dict[str, str]: return mapping @staticmethod - def parse_human_size(size: str) -> Optional[int]: + def parse_human_size(size: str) -> int | None: """ Parse a human readable size string :return: Size in bytes @@ -2960,7 +2960,7 @@ def parse_human_size(size: str) -> Optional[int]: UNITS = {None: 1, 'B': 1, 'KB': 2**10, 'MB': 2**20, 'GB': 2**30, 'TB': 2**40} return int(float(num) * UNITS[unit]) - def __init__(self, params: Dict[str, Any]): + def __init__(self, params: dict[str, Any]): max_storage_size_str = params.get('maxStorageSize') or '100 MB' if (max_storage_size := Settings.parse_human_size(max_storage_size_str)) is None: raise DemistoException('Invalid max storage size') @@ -3001,7 +3001,7 @@ def __init__(self, params: Dict[str, Any]): self.__ro_username = creds.get('identifier') or '' self.__ro_password = creds.get('password') or '' - def get_user_password(self, username: Optional[str]) -> Optional[str]: + def get_user_password(self, username: str | None) -> str | None: if username == self.__rw_username: return self.__rw_password elif username == self.__ro_username: @@ -3009,7 +3009,7 @@ def get_user_password(self, username: Optional[str]) -> Optional[str]: else: return None - def get_user_permissions(self, username: Optional[str]) -> Set[PERMISSION]: + def get_user_permissions(self, username: str | None) -> set[PERMISSION]: if username == self.__rw_username: return set({PERMISSION.READ, PERMISSION.WRITE}) elif username == self.__ro_username: @@ -3039,11 +3039,11 @@ def docker_port(self) -> int: return self.__docker_port @property - def attachment_exts(self) -> Set[str]: + def attachment_exts(self) -> set[str]: return self.__attachment_exts @property - def ext_to_mimetype(self) -> Dict[str, str]: + def ext_to_mimetype(self) -> dict[str, str]: return self.__ext_to_mimetype @property @@ -3063,22 +3063,22 @@ def storage_protection(self) -> STORAGE_PROTECTION: return self.__storage_protection # type: ignore @property - def auth_method(self) -> Optional[str]: + def auth_method(self) -> str | None: return self.__auth_method @property - def rw_user_credentials(self) -> Tuple[str, str]: + def rw_user_credentials(self) -> tuple[str, str]: return self.__rw_username, self.__rw_password @property - def ro_user_credentials(self) -> Tuple[str, str]: + def ro_user_credentials(self) -> tuple[str, str]: return self.__ro_username, self.__ro_password SETTINGS = Settings(demisto.params()) -def get_default_gateway() -> Optional[str]: +def get_default_gateway() -> str | None: """ Get a default gateway address. :return: A default gateway address found. @@ -3109,7 +3109,7 @@ def get_local_ip() -> str: return ip -def detect_service_ip_port(settings: Settings) -> Tuple[str, int]: +def detect_service_ip_port(settings: Settings) -> tuple[str, int]: """ Detect the IP:port of the local server :param settings: The instance settings. @@ -3129,7 +3129,7 @@ def detect_service_ip_port(settings: Settings) -> Tuple[str, int]: return server_addr, server_port -def new_client(host_port: Tuple[str, int], settings: Settings) -> BaseClient: +def new_client(host_port: tuple[str, int], settings: Settings) -> BaseClient: """ Create a new BasicClient :param host_port: The IP and port number @@ -3137,7 +3137,7 @@ def new_client(host_port: Tuple[str, int], settings: Settings) -> BaseClient: :return: A new BasicClient created. """ server_addr, server_port = host_port - auth: Optional[Union[HTTPBasicAuth, HTTPDigestAuth]] = None + auth: HTTPBasicAuth | HTTPDigestAuth | None = None username, password = settings.rw_user_credentials if settings.auth_method in ('', None): @@ -3164,12 +3164,12 @@ def pretty_size(size: int) -> str: class NonceManager: def __init__(self): - self.__cache: Dict[str, Dict[str, Any]] = {} + self.__cache: dict[str, dict[str, Any]] = {} self.__expires = 10 self.__max_replays = 20 self.__max_nonce = 4096 - def __remove_expired_oldest(self, now: Optional[int] = None) -> bool: + def __remove_expired_oldest(self, now: int | None = None) -> bool: """ Remove the expired oldest nonce from the cache :param now: The current timestamp @@ -3192,7 +3192,7 @@ def __remove_expired_oldest(self, now: Optional[int] = None) -> bool: else: return False - def __new_nonce(self) -> Tuple[int, str]: + def __new_nonce(self) -> tuple[int, str]: """ Create a new nonce :return: The current timestamp and a new nonce. @@ -3249,7 +3249,7 @@ def __init__(self, storage_protection: STORAGE_PROTECTION): :param storage_protection: The storage protection mode """ - self.__repo: Optional[Dict[str, str]] = None + self.__repo: dict[str, str] | None = None self.__storage_protection = storage_protection self.__total_data_usage = None @@ -3264,7 +3264,7 @@ def reset(self) -> None: if self.storage_protection == STORAGE_PROTECTION.READ_WRITE: set_integration_context({}) - def get_full_repository(self) -> Dict[str, str]: + def get_full_repository(self) -> dict[str, str]: """ Get the full context data from the integration context :return: The integration context. @@ -3280,7 +3280,7 @@ def get_full_repository(self) -> Dict[str, str]: return ctx - def get_attrs_repository(self) -> Dict[str, str]: + def get_attrs_repository(self) -> dict[str, str]: """ Get the file entries without payloads from the integration context. :return: The integration context without file payloads. @@ -3291,7 +3291,7 @@ def get_attrs_repository(self) -> Dict[str, str]: else: return self.get_full_repository() - def set_full_repository(self, repo: Dict[str, str]) -> None: + def set_full_repository(self, repo: dict[str, str]) -> None: """ Set the full context data to the integration context. :param repo: The integration context. @@ -3302,7 +3302,7 @@ def set_full_repository(self, repo: Dict[str, str]) -> None: self.__repo = {k: v for k, v in repo.items() if k.startswith(os.sep)} set_integration_context(repo) - def total_data_usage(self) -> Tuple[int, int]: + def total_data_usage(self) -> tuple[int, int]: """ Get the data usage :return: The sum of all the saved sizes in the DB / on the file system. @@ -3334,11 +3334,11 @@ def total_data_usage(self) -> Tuple[int, int]: class AttrsRepository: - def __init__(self, repo: Dict[str, str]): + def __init__(self, repo: dict[str, str]): self.repo = repo @staticmethod - def __split_path_components(abs_path: str) -> List[str]: + def __split_path_components(abs_path: str) -> list[str]: comps = [] path = os.path.normpath(to_abs_path(abs_path)) while path: @@ -3349,12 +3349,12 @@ def __split_path_components(abs_path: str) -> List[str]: path = parent return list(reversed(comps[:-1])) - def is_file_type(self, data_type: Optional[str]) -> bool: + def is_file_type(self, data_type: str | None) -> bool: return data_type == 'gzip-file' def list_file_entries(self, abs_dir: str, - recursive: bool = False) -> Dict[str, Dict[str, Any]]: + recursive: bool = False) -> dict[str, dict[str, Any]]: """ List the file entries on a directory :param abs_dir: The directory path in absolute path on which to list file entries @@ -3405,7 +3405,7 @@ def list_file_entries(self, class FullRepository(AttrsRepository): @staticmethod - def new_decoder(data_type: Optional[str], data: str) -> Generator[bytes, None, None]: + def new_decoder(data_type: str | None, data: str) -> Generator[bytes, None, None]: """ Decode a file content in chunks :param data_type: The encoding mode of the payload. @@ -3423,7 +3423,7 @@ def new_decoder(data_type: Optional[str], data: str) -> Generator[bytes, None, N raise DemistoException(f'Unknown data type: {data_type}') @staticmethod - def new_reader(data_type: Optional[str], path: str) -> Generator[bytes, None, None]: + def new_reader(data_type: str | None, path: str) -> Generator[bytes, None, None]: """ Read a file content in chunks :param data_type: The file type. @@ -3476,15 +3476,14 @@ def remove_entry(self, abs_path: str) -> None: # Remove file entries under the directory repo = self.repo - for path in [path for path in repo.keys() if path.startswith(sub_path)]: + for path in [path for path in repo if path.startswith(sub_path)]: attrs = json.loads(repo.pop(path, '{}')) if not self.is_file_type(attrs.get('data-type')): data = repo.pop((attrs.get('data-id') or ''), None) self.__total_data_usage -= len(data or '') else: - if path := attrs.get('data-id'): - if os.path.isfile(path): - os.unlink(path) + if (path := attrs.get('data-id')) and os.path.isfile(path): + os.unlink(path) self.__total_file_usage -= attrs.get('saved-size') or 0 # Remove the file entry @@ -3493,12 +3492,11 @@ def remove_entry(self, abs_path: str) -> None: data = repo.pop((attrs.get('data-id') or ''), None) self.__total_data_usage -= len(data or '') else: - if path := attrs.get('data-id'): - if os.path.isfile(path): - os.unlink(path) + if (path := attrs.get('data-id')) and os.path.isfile(path): + os.unlink(path) self.__total_file_usage -= attrs.get('saved-size') or 0 - def save_file(self, abs_dir: str, name: str, data: IO[bytes]) -> Dict[str, Any]: + def save_file(self, abs_dir: str, name: str, data: IO[bytes]) -> dict[str, Any]: """ Save a file :param abs_dir: The directory path in absolute path @@ -3578,7 +3576,7 @@ def save_file(self, abs_dir: str, name: str, data: IO[bytes]) -> Dict[str, Any]: os.unlink(gtmp.name) raise - def save_files(self, abs_dir: str, files: Dict[str, IO[bytes]], extract: bool) -> None: + def save_files(self, abs_dir: str, files: dict[str, IO[bytes]], extract: bool) -> None: """ Save files :param abs_dir: The directory path in absolute path @@ -3594,10 +3592,7 @@ def save_files(self, abs_dir: str, files: Dict[str, IO[bytes]], extract: bool) - with z.open(filename) as zd: self.save_file(abs_dir, filename, zd) - elif lowername.endswith('.tar') or \ - lowername.endswith('.tar.gz') or\ - lowername.endswith('.tar.bz2') or \ - lowername.endswith('.tar.xz'): + elif lowername.endswith(('.tar', '.tar.gz', '.tar.bz2', '.tar.xz')): with tarfile.open(mode='r:*', fileobj=file) as t: for tinfo in t: if tinfo.isfile() and ((td := t.extractfile(tinfo)) is not None): @@ -3607,8 +3602,8 @@ def save_files(self, abs_dir: str, files: Dict[str, IO[bytes]], extract: bool) - else: self.save_file(abs_dir, name, file) - def read_file(self, abs_path: str) -> Tuple[Dict[str, Any], - Optional[Generator[bytes, None, None]]]: + def read_file(self, abs_path: str) -> tuple[dict[str, Any], + Generator[bytes, None, None] | None]: """ Read a file content with its attributes :param abs_path: The file path @@ -3616,7 +3611,7 @@ def read_file(self, abs_path: str) -> Tuple[Dict[str, Any], """ repo = self.repo if eattrs := repo.get(os.path.normpath(abs_path)): - attrs: Dict[str, Any] = json.loads(eattrs) + attrs: dict[str, Any] = json.loads(eattrs) if data_id := attrs.get('data-id'): attrs['name'] = os.path.basename(abs_path) attrs['path'] = abs_path @@ -3688,7 +3683,7 @@ def __init__(self, settings: Settings, master: Master): self.__settings = settings self.__master = master - def __validate_basic_auth(self, auth_value) -> Set[PERMISSION]: + def __validate_basic_auth(self, auth_value) -> set[PERMISSION]: """ Checks whether the authentication is valid :param auth_value: Credentials given to the Authentication header @@ -3703,7 +3698,7 @@ def __validate_digest_auth(self, auth_value: str, request_method: str, realm: str, - hash_name: Tuple[str, str]) -> Tuple[VALIDATION, Set[PERMISSION]]: + hash_name: tuple[str, str]) -> tuple[VALIDATION, set[PERMISSION]]: """ Checks whether the authentication is valid :param auth_value: Credentials given to the Authentication header @@ -3738,7 +3733,7 @@ def __validate_digest_auth(self, else: return VALIDATION.FAILURE, set() - def authenticate(self, request: BaseRequest, permission: PERMISSION) -> Optional[HTTPResponse]: + def authenticate(self, request: BaseRequest, permission: PERMISSION) -> HTTPResponse | None: """ Authenticate user to the required permission :param request: The request data @@ -3877,7 +3872,7 @@ def __handle_get_archive_all(self) -> HTTPResponse: response.body = FullRepository(self.__master).archive_zip() return response - def __handle_post_health(self, request: BaseRequest) -> Optional[HTTPResponse]: + def __handle_post_health(self, request: BaseRequest) -> HTTPResponse | None: if permission := request.json.get('permission'): return self.authenticate( request, @@ -4027,7 +4022,7 @@ def run_long_running(settings: Settings, is_test: bool = False): bottle.run(host='0.0.0.0', port=settings.docker_port, debug=True) -def test_module(args: Dict[str, str], settings: Settings) -> str: +def test_module(args: dict[str, str], settings: Settings) -> str: """ Validates: """ @@ -4035,7 +4030,7 @@ def test_module(args: Dict[str, str], settings: Settings) -> str: return 'ok' -def command_status(args: Dict[str, str], settings: Settings) -> CommandResults: +def command_status(args: dict[str, str], settings: Settings) -> CommandResults: """ Get the service status :param args: The parameters which were given to the command. @@ -4077,7 +4072,7 @@ def command_status(args: Dict[str, str], settings: Settings) -> CommandResults: raw_response=outputs) -def command_cleanup(args: Dict[str, str], settings: Settings) -> str: +def command_cleanup(args: dict[str, str], settings: Settings) -> str: """ Remove all the files from the repository :param args: The parameters which were given to the command. @@ -4092,7 +4087,7 @@ def command_cleanup(args: Dict[str, str], settings: Settings) -> str: return 'Done.' -def command_reset(args: Dict[str, str], settings: Settings) -> str: +def command_reset(args: dict[str, str], settings: Settings) -> str: """ Reset the repostiory data :param args: The parameters which were given to the command. @@ -4107,7 +4102,40 @@ def command_reset(args: Dict[str, str], settings: Settings) -> str: return 'Done.' -def command_upload_file(args: Dict[str, str], settings: Settings) -> str: +def command_upload_as_file(args: dict[str, str], settings: Settings) -> str: + """ Upload data as a file + + :param args: The parameters which were given to the command. + :param settings: The instance settings. + """ + client = new_client(detect_service_ip_port(settings), settings) + + input_data = args.get('data', '') + encoding = args.get('encoding', 'utf-8') + match encoding: + case 'utf-8': + file_data = input_data.encode(encoding) + + case 'base64': + file_data = base64.b64decode(input_data) + + case _: + raise ValueError(f'Invalid encoding name: {encoding}') + + files = [('file', [args.get('file_name'), file_data])] + + data = assign_params( + q='upload', + dir=args.get('upload_directory', '/'), + extract=args.get('extract_archive', 'false'), + ) + resp = client._http_request('POST', data=data, files=files, raise_on_status=True) + if not resp.get('success'): + raise ValueError(f'Failed to upload a file: {resp.get("message")}') + return 'Done.' + + +def command_upload_file(args: dict[str, str], settings: Settings) -> str: """ Upload a file :param args: The parameters which were given to the command. @@ -4135,7 +4163,7 @@ def command_upload_file(args: Dict[str, str], settings: Settings) -> str: return 'Done.' -def command_upload_files(args: Dict[str, str], settings: Settings) -> str: +def command_upload_files(args: dict[str, str], settings: Settings) -> str: """ Upload files :param args: The parameters which were given to the command. @@ -4162,7 +4190,7 @@ def command_upload_files(args: Dict[str, str], settings: Settings) -> str: return 'Done.' -def command_list_files(args: Dict[str, str], settings: Settings) -> CommandResults: +def command_list_files(args: dict[str, str], settings: Settings) -> CommandResults: """ List file entries in the repository :param args: The parameters which were given to the command. @@ -4211,7 +4239,7 @@ def __init__(self, raw_response=file_ents) -def command_remove_files(args: Dict[str, str], settings: Settings) -> str: +def command_remove_files(args: dict[str, str], settings: Settings) -> str: """ Remove files from the repository :param args: The parameters which were given to the command. @@ -4229,7 +4257,7 @@ def command_remove_files(args: Dict[str, str], settings: Settings) -> str: return 'Done.' -def command_download_file(args: Dict[str, str], settings: Settings) -> Dict[str, Any]: +def command_download_file(args: dict[str, str], settings: Settings) -> dict[str, Any]: """ Download a file from the repository :param args: The parameters which were given to the command. @@ -4247,15 +4275,14 @@ def command_download_file(args: Dict[str, str], settings: Settings) -> Dict[str, raise_on_status=True, resp_type='response') - if not (filename := args.get('save_as')): - if content_disposition := resp.headers.get('Content-Disposition'): - cdp = email_parser.Parser().parsestr(f'Content-Disposition: {content_disposition}', headersonly=True) - filename = cdp.get_filename() + if not (filename := args.get('save_as')) and (content_disposition := resp.headers.get('Content-Disposition')): + cdp = email_parser.Parser().parsestr(f'Content-Disposition: {content_disposition}', headersonly=True) + filename = cdp.get_filename() return fileResult(filename or str(uuid.uuid4()), resp.content) -def command_archive_zip(args: Dict[str, str], settings: Settings) -> Dict[str, Any]: +def command_archive_zip(args: dict[str, str], settings: Settings) -> dict[str, Any]: """ Archive all the files into a zip file :param args: The parameters which were given to the command. @@ -4267,10 +4294,9 @@ def command_archive_zip(args: Dict[str, str], settings: Settings) -> Dict[str, A raise_on_status=True, resp_type='response') - if not (filename := args.get('save_as')): - if content_disposition := resp.headers.get('Content-Disposition'): - cdp = email_parser.Parser().parsestr(f'Content-Disposition: {content_disposition}', headersonly=True) - filename = cdp.get_filename() + if not (filename := args.get('save_as')) and (content_disposition := resp.headers.get('Content-Disposition')): + cdp = email_parser.Parser().parsestr(f'Content-Disposition: {content_disposition}', headersonly=True) + filename = cdp.get_filename() return fileResult(filename or str(uuid.uuid4()), resp.content) @@ -4288,6 +4314,7 @@ def main() -> None: 'wfr-cleanup': command_cleanup, 'wfr-reset': command_reset, 'wfr-upload-file': command_upload_file, + 'wfr-upload-as-file': command_upload_as_file, 'wfr-upload-files': command_upload_files, 'wfr-list-files': command_list_files, 'wfr-remove-files': command_remove_files, diff --git a/Packs/WebFileRepository/Integrations/WebFileRepository/WebFileRepository.yml b/Packs/WebFileRepository/Integrations/WebFileRepository/WebFileRepository.yml index a8eb1fa42c3a..6d41133e3416 100644 --- a/Packs/WebFileRepository/Integrations/WebFileRepository/WebFileRepository.yml +++ b/Packs/WebFileRepository/Integrations/WebFileRepository/WebFileRepository.yml @@ -134,6 +134,31 @@ script: name: upload_directory description: Upload files to the repository. name: wfr-upload-file + - arguments: + - name: file_name + required: true + description: The name of the file. + - name: data + description: Input data to create the file. + - name: encoding + auto: PREDEFINED + predefined: + - utf-8 + - base64 + description: Encoding type of the input data. Default is utf-8. + defaultValue: utf-8 + - name: extract_archive + auto: PREDEFINED + predefined: + - "true" + - "false" + description: Set to true to extract files to archive files, otherwise false. + defaultValue: "false" + - name: upload_directory + description: The directory path where to upload. + defaultValue: / + description: Upload a file from data to the repository. + name: wfr-upload-as-file - arguments: - description: The entry ID list of files. isArray: true @@ -200,7 +225,7 @@ script: - arguments: [] description: Reset the repository data. name: wfr-reset - dockerimage: demisto/bottle:1.0.0.83335 + dockerimage: demisto/bottle:1.0.0.86350 longRunning: true longRunningPort: true resetContext: true diff --git a/Packs/WebFileRepository/Integrations/WebFileRepository/WebFileRepository_test.py b/Packs/WebFileRepository/Integrations/WebFileRepository/WebFileRepository_test.py index 7b05e9738a8a..e3025632ef96 100644 --- a/Packs/WebFileRepository/Integrations/WebFileRepository/WebFileRepository_test.py +++ b/Packs/WebFileRepository/Integrations/WebFileRepository/WebFileRepository_test.py @@ -15,7 +15,7 @@ import urllib.parse import WebFileRepository import freezegun -from typing import Dict, Any, Tuple +from typing import Any def equals_object(obj1, obj2) -> bool: @@ -31,7 +31,7 @@ def equals_object(obj1, obj2) -> bool: elif isinstance(obj1, list): # Compare lists (ignore order) list2 = list(obj2) - for i1, v1 in enumerate(obj1): + for _i1, v1 in enumerate(obj1): for i2, v2 in enumerate(list2): if equals_object(v1, v2): list2.pop(i2) @@ -45,20 +45,21 @@ def equals_object(obj1, obj2) -> bool: class MockIntegrationContext: @staticmethod - def encode_values(ctx: Dict[str, Any]) -> Dict[str, str]: + def encode_values(ctx: dict[str, Any]) -> dict[str, str]: return { k: json.dumps(v) if k.startswith(os.sep) and not isinstance(v, str) else v for k, v in ctx.items() } - def decode_values(ctx: Dict[str, Any]) -> Dict[str, Any]: + @staticmethod + def decode_values(ctx: dict[str, Any]) -> dict[str, Any]: return { k: json.loads(v) if k.startswith(os.sep) and isinstance(v, str) else v for k, v in ctx.items() } def __init__(self, - ctx: Dict[str, Any], + ctx: dict[str, Any], mocker: Optional[pytest_mock.plugin.MockerFixture] = None): self.__ctx = MockIntegrationContext.encode_values(ctx) if mocker: @@ -67,13 +68,13 @@ def __init__(self, mocker.patch('WebFileRepository.set_integration_context', side_effect=self.set_integration_context) - def get_integration_context(self) -> Dict[str, str]: + def get_integration_context(self) -> dict[str, str]: return copy.deepcopy(self.__ctx) - def set_integration_context(self, ctx: Dict[str, str]): + def set_integration_context(self, ctx: dict[str, str]): self.__ctx = copy.deepcopy(ctx) - def equals(self, ctx: Dict[str, Any]) -> bool: + def equals(self, ctx: dict[str, Any]) -> bool: return equals_object(MockIntegrationContext.decode_values(self.__ctx), MockIntegrationContext.decode_values(ctx)) @@ -96,7 +97,7 @@ def uuid4(self) -> uuid.UUID: class MockBaseClient: def __init__(self, mocker: pytest_mock.plugin.MockerFixture, - headers: Dict[str, str], + headers: dict[str, str], content: bytes = None, json_data: Any = None): self.__headers = headers @@ -110,7 +111,7 @@ def _http_request(self, method, url_suffix='', full_url=None, headers=None, auth error_handler=None, empty_valid_codes=None, **kwargs): class MockRequestsResponse: - def __init__(self, headers: Dict[str, str], content: bytes): + def __init__(self, headers: dict[str, str], content: bytes): self.headers = headers self.content = content @@ -225,7 +226,7 @@ def test_process_root_get_status(mocker, }) importlib.reload(WebFileRepository) - with open(integration_context_filename, 'r') as f: + with open(integration_context_filename) as f: MockIntegrationContext(json.load(f), mocker) bottle.request = bottle.LocalRequest() @@ -275,10 +276,10 @@ def test_process_root_get_ls(mocker, integration_context_filename, dir_name, rec }) importlib.reload(WebFileRepository) - with open(integration_context_filename, 'r') as f: + with open(integration_context_filename) as f: MockIntegrationContext(json.load(f), mocker) - with open(output_filename, 'r') as f: + with open(output_filename) as f: expected = json.load(f) bottle.request = bottle.LocalRequest() @@ -330,7 +331,7 @@ def test_process_root_get_download(mocker, integration_context_filename, path, o }) importlib.reload(WebFileRepository) - with open(integration_context_filename, 'r') as f: + with open(integration_context_filename) as f: MockIntegrationContext(json.load(f), mocker) bottle.request = bottle.LocalRequest() @@ -372,7 +373,7 @@ def test_process_root_get_download_not_found(mocker, integration_context_filenam }) importlib.reload(WebFileRepository) - with open(integration_context_filename, 'r') as f: + with open(integration_context_filename) as f: MockIntegrationContext(json.load(f), mocker) bottle.request = bottle.LocalRequest() @@ -424,7 +425,7 @@ def test_process_root_get_archive_zip(mocker, integration_context_filename, file }) importlib.reload(WebFileRepository) - with open(integration_context_filename, 'r') as f: + with open(integration_context_filename) as f: integration_context = MockIntegrationContext(json.load(f), mocker) ctx = integration_context.get_integration_context() @@ -554,7 +555,7 @@ def test_process_root_post_health(mocker, rw_auth_header = f"Basic {base64.b64encode(b'RWuser:password').decode()}" ro_auth_header = f"Basic {base64.b64encode(b'ROuser:password').decode()}" - with open(integration_context_filename, 'r') as f: + with open(integration_context_filename) as f: MockIntegrationContext(json.load(f), mocker) post_data = json.dumps({ @@ -622,7 +623,7 @@ def test_process_root_post_cleanup(mocker, }) importlib.reload(WebFileRepository) - with open(integration_context_filename, 'r') as f: + with open(integration_context_filename) as f: integration_context = MockIntegrationContext(json.load(f), mocker) post_data = json.dumps({ @@ -698,7 +699,7 @@ def test_process_root_post_reset(mocker, }) importlib.reload(WebFileRepository) - with open(integration_context_filename_before, 'r') as f: + with open(integration_context_filename_before) as f: integration_context = MockIntegrationContext(json.load(f), mocker) # Modify the repository @@ -737,7 +738,7 @@ def test_process_root_post_reset(mocker, response = WebFileRepository.process_root_post() assert response.status_code == 200 assert response.body.get('success') is True - with open(integration_context_filename_after, 'r') as f: + with open(integration_context_filename_after) as f: assert integration_context.equals(json.load(f)) @@ -766,7 +767,7 @@ def test_process_root_post_reset_in_read_only(mocker): }) importlib.reload(WebFileRepository) - with open('./test_data/integration_ctx_common.json', 'r') as f: + with open('./test_data/integration_ctx_common.json') as f: MockIntegrationContext(json.load(f), mocker) # Reset the repository @@ -834,7 +835,7 @@ def test_process_root_post_delete(mocker, }) importlib.reload(WebFileRepository) - with open(integration_context_filename_before, 'r') as f: + with open(integration_context_filename_before) as f: integration_context = MockIntegrationContext(json.load(f), mocker) post_data = json.dumps({ @@ -854,7 +855,7 @@ def test_process_root_post_delete(mocker, response = WebFileRepository.process_root_post() assert response.status_code == 200 assert response.body.get('success') is True - with open(integration_context_filename_after, 'r') as f: + with open(integration_context_filename_after) as f: assert integration_context.equals(json.load(f)) @@ -883,7 +884,7 @@ def test_process_root_post_delete_in_read_only(mocker): }) importlib.reload(WebFileRepository) - with open('./test_data/integration_ctx_common.json', 'r') as f: + with open('./test_data/integration_ctx_common.json') as f: MockIntegrationContext(json.load(f), mocker) post_data = json.dumps({ @@ -976,7 +977,7 @@ def test_process_root_post_upload(mocker, importlib.reload(WebFileRepository) - with open(integration_context_filename_before, 'r') as f: + with open(integration_context_filename_before) as f: integration_context = MockIntegrationContext(json.load(f), mocker) boundary = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' @@ -1032,7 +1033,7 @@ def test_process_root_post_upload(mocker, response = WebFileRepository.process_root_post() assert response.status_code == 200 assert response.body.get('success') is True - with open(integration_context_filename_after, 'r') as f: + with open(integration_context_filename_after) as f: assert integration_context.equals(json.load(f)) @@ -1323,6 +1324,115 @@ def test_command_reset(mocker): assert 'Done' in res +@pytest.mark.parametrize(argnames='file_name, ' + 'input_data, ' + 'encoding, ' + 'file_data', + argvalues=[ + ('test.txt', 'aaaa', 'utf-8', b'aaaa'), + ('test.txt', None, 'utf-8', b''), + ('test.bin', 'aaaa', 'base64', b'\x69\xA6\x9A'), + ('test.bin', None, 'base64', b''), + ]) +def test_command_upload_as_file(mocker, file_name, input_data, encoding, file_data): + """ + Given: + Some data patterns for command_upload_as_file + + When: + Running script to send a request. + + Then: + Validate the right response returns. + """ + params = { + 'longRunningPort': '8000', + 'rwCredentials': {}, + 'authenticationMethod': None, + 'publicReadAccess': True, + 'mimeTypes': None, + 'mergeMimeTypes': True, + 'attachmentExtensions': None, + 'storageProtection': 'read/write', + 'maxStorageSize': None, + 'maxSandboxSize': None, + } + mocker.patch.object(demisto, 'params', return_value=params) + + class _MockBaseClient: + def __init__( + self, + mocker: pytest_mock.plugin.MockerFixture, + headers: dict[str, str], + file_name: str, + file_data: bytes, + json_data: Any + ): + self.__headers = headers + self.__file_name = file_name + self.__file_data = file_data + self.__content = json.dumps(json_data).encode() + mocker.patch('CommonServerPython.BaseClient._http_request', side_effect=self._http_request) + + def _http_request( + self, method, url_suffix='', full_url=None, headers=None, auth=None, json_data=None, + params=None, data=None, files=None, timeout=None, resp_type='json', ok_codes=None, + return_empty_response=False, retries=0, status_list_to_retry=None, + backoff_factor=5, raise_on_redirect=False, raise_on_status=False, + error_handler=None, empty_valid_codes=None, **kwargs + ): + class MockRequestsResponse: + def __init__(self, headers: dict[str, str], content: bytes): + self.headers = headers + self.content = content + + def json(self): + return json.loads(self.content.decode()) + + if len(files) != 1: + raise ValueError(f'Invalid number of files - {len(files)}') + + key, (name, data) = files[0] + if key != 'file': + raise ValueError('file is not given.') + + if name != self.__file_name: + raise ValueError(f'file name is invalid - {name}') + + if data != self.__file_data: + raise ValueError(f'file data is invalid - {data}') + + if resp_type == 'json': + return json.loads(self.__content.decode()) + elif resp_type == 'json': + return self.__content + else: + return MockRequestsResponse(headers=self.__headers, + content=self.__content) + + client = _MockBaseClient(mocker, + headers={}, + file_name=file_name, + file_data=file_data, + json_data={ + 'success': True, + 'message': '' + } + ) + mocker.patch.object(WebFileRepository, 'new_client', return_value=client) + + importlib.reload(WebFileRepository) + + args = assign_params( + file_name=file_name, + data=input_data, + encoding=encoding + ) + settings = WebFileRepository.Settings(params) + res = WebFileRepository.command_upload_as_file(args, settings) + assert 'Done' in res + + @pytest.mark.parametrize(argnames='entry_id, ' 'name', argvalues=[ @@ -1469,7 +1579,7 @@ def test_command_list_files(mocker, } mocker.patch.object(demisto, 'params', return_value=params) - with open(response_filename, 'r') as f: + with open(response_filename) as f: server_resp = json.load(f) client = MockBaseClient(mocker, headers={}, json_data=server_resp) @@ -1486,7 +1596,7 @@ def test_command_list_files(mocker, res = WebFileRepository.command_list_files(args, settings).to_context() res = {k: v for k, v in res.items() if k in keys} - with open(results_filename, 'r') as f: + with open(results_filename) as f: expected = {k: v for k, v in json.load(f).items() if k in keys} assert equals_object(res, expected) @@ -1713,7 +1823,7 @@ def test_parse_mime_types(mocker, Then: Validate the right response returns. """ - with open(mimetypes_input_filename, 'r') as f: + with open(mimetypes_input_filename) as f: input_mime_types = f.read() mocker.patch.object(demisto, 'params', return_value={ @@ -1729,7 +1839,7 @@ def test_parse_mime_types(mocker, }) importlib.reload(WebFileRepository) - with open(mimetypes_output_filename, 'r') as f: + with open(mimetypes_output_filename) as f: assert equals_object(WebFileRepository.SETTINGS.ext_to_mimetype, json.loads(f.read())) @@ -2203,7 +2313,7 @@ def test_handle_auth(mocker, auth_method, _, auth_value = auth_header.partition(' ') if auth_method == 'Digest': - def __new_nonce(nonce) -> Tuple[int, str]: + def __new_nonce(nonce) -> tuple[int, str]: gen_time, _, _ = nonce.partition(':') return int(gen_time), nonce diff --git a/Packs/WebFileRepository/ReleaseNotes/1_0_23.md b/Packs/WebFileRepository/ReleaseNotes/1_0_23.md new file mode 100644 index 000000000000..efe3e4c1ca59 --- /dev/null +++ b/Packs/WebFileRepository/ReleaseNotes/1_0_23.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Web File Repository + +- Added the ***wfr-upload-as-file*** command. +- Updated the Docker image to: demisto/bottle:1.0.0.86350. diff --git a/Packs/WebFileRepository/pack_metadata.json b/Packs/WebFileRepository/pack_metadata.json index 40bc3ab15a0f..27a7c8a7dba1 100644 --- a/Packs/WebFileRepository/pack_metadata.json +++ b/Packs/WebFileRepository/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Web File Repository", "description": "Simple web server with a file uploading console to store small files.\n", "support": "community", - "currentVersion": "1.0.22", + "currentVersion": "1.0.23", "author": "Masahiko Inoue", "url": "", "email": "", diff --git a/Packs/WithSecure/Integrations/WithSecureEventCollector/WithSecureEventCollector.yml b/Packs/WithSecure/Integrations/WithSecureEventCollector/WithSecureEventCollector.yml index 7758bda45e32..4a3e28a18817 100644 --- a/Packs/WithSecure/Integrations/WithSecureEventCollector/WithSecureEventCollector.yml +++ b/Packs/WithSecure/Integrations/WithSecureEventCollector/WithSecureEventCollector.yml @@ -56,7 +56,7 @@ script: script: '-' type: python subtype: python3 - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 fromversion: 6.8.0 marketplaces: - marketplacev2 diff --git a/Packs/WithSecure/ReleaseNotes/1_0_4.md b/Packs/WithSecure/ReleaseNotes/1_0_4.md new file mode 100644 index 000000000000..933fd7c58ad7 --- /dev/null +++ b/Packs/WithSecure/ReleaseNotes/1_0_4.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### WithSecure Event Collector +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + diff --git a/Packs/WithSecure/pack_metadata.json b/Packs/WithSecure/pack_metadata.json index b5bd29d4ec5e..8a1de1f480fe 100644 --- a/Packs/WithSecure/pack_metadata.json +++ b/Packs/WithSecure/pack_metadata.json @@ -2,7 +2,7 @@ "name": "WithSecure", "description": "connect to SIEM with WithSecure", "support": "xsoar", - "currentVersion": "1.0.3", + "currentVersion": "1.0.4", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Wiz/Integrations/Wiz/Wiz.yml b/Packs/Wiz/Integrations/Wiz/Wiz.yml index c66791ea68bb..2e06ad96d22c 100644 --- a/Packs/Wiz/Integrations/Wiz/Wiz.yml +++ b/Packs/Wiz/Integrations/Wiz/Wiz.yml @@ -279,7 +279,7 @@ script: - name: vm_id description: vm cloud provider id. required: true - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/Wiz/ReleaseNotes/1_2_17.md b/Packs/Wiz/ReleaseNotes/1_2_17.md new file mode 100644 index 000000000000..0fc5c127453d --- /dev/null +++ b/Packs/Wiz/ReleaseNotes/1_2_17.md @@ -0,0 +1,3 @@ +#### Integrations +##### Wiz +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Wiz/pack_metadata.json b/Packs/Wiz/pack_metadata.json index c56d45d93052..3a3e82f9d64b 100644 --- a/Packs/Wiz/pack_metadata.json +++ b/Packs/Wiz/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Wiz", "description": "Integrate with Wiz for bidirectional Issue management and fetching of resource information. \n", "support": "partner", - "currentVersion": "1.2.16", + "currentVersion": "1.2.17", "author": "Wiz Inc.", "url": "https://wiz.io/", "email": "support@wiz.io", diff --git a/Packs/Workday/Integrations/WorkdaySignOnEventCollector/WorkdaySignOnEventCollector.py b/Packs/Workday/Integrations/WorkdaySignOnEventCollector/WorkdaySignOnEventCollector.py index ed7b00b7f19c..e34174ca2c3d 100644 --- a/Packs/Workday/Integrations/WorkdaySignOnEventCollector/WorkdaySignOnEventCollector.py +++ b/Packs/Workday/Integrations/WorkdaySignOnEventCollector/WorkdaySignOnEventCollector.py @@ -1,6 +1,7 @@ import demistomock as demisto from CommonServerPython import * # noqa # pylint: disable=unused-wildcard-import +from xml.sax.saxutils import escape import urllib3 @@ -97,9 +98,10 @@ def __init__( super().__init__( base_url=base_url, verify=verify_certificate, proxy=proxy, headers=headers ) + self.tenant_name = tenant_name - self.username = username - self.password = password + self.username = escape(username) + self.password = escape(password) def generate_workday_account_signons_body( self, diff --git a/Packs/Workday/Integrations/WorkdaySignOnEventCollector/WorkdaySignOnEventCollector.yml b/Packs/Workday/Integrations/WorkdaySignOnEventCollector/WorkdaySignOnEventCollector.yml index 8595e1139470..ede01b4acf3b 100644 --- a/Packs/Workday/Integrations/WorkdaySignOnEventCollector/WorkdaySignOnEventCollector.yml +++ b/Packs/Workday/Integrations/WorkdaySignOnEventCollector/WorkdaySignOnEventCollector.yml @@ -101,7 +101,7 @@ script: type: python subtype: python3 isfetchevents: true - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 feed: false fromversion: 8.2.0 tests: diff --git a/Packs/Workday/Integrations/WorkdaySignOnEventCollector/WorkdaySignOnEventCollector_test.py b/Packs/Workday/Integrations/WorkdaySignOnEventCollector/WorkdaySignOnEventCollector_test.py index 95821d56184d..a0d6d0e30437 100644 --- a/Packs/Workday/Integrations/WorkdaySignOnEventCollector/WorkdaySignOnEventCollector_test.py +++ b/Packs/Workday/Integrations/WorkdaySignOnEventCollector/WorkdaySignOnEventCollector_test.py @@ -2,6 +2,8 @@ import unittest from typing import Any from unittest.mock import patch + +import pytest from freezegun import freeze_time from CommonServerPython import DemistoException @@ -627,3 +629,35 @@ def test_main_fetch_events() -> None: mock_events, vendor=VENDOR, product=PRODUCT ) mock_set_last_run.assert_called_with(mock_new_last_run) + + +@pytest.mark.parametrize( + "username, escaped_username, password, escaped_password", + [ + ("username&", "username&", "pass&", "pass&"), + ("username>", "username>", "pass>", "pass>"), + ("username<", "username<", "pass<", "pass<"), + ("username", "username", "pass", "pass") + ] +) +def test_escaping_user_name(username, escaped_username, password, escaped_password): + """ + Given: + A Client object initialized with a base URL, verification settings, a tenant name, and login credentials. + In the first 3 cases the credentials contains a special character that needs to be escaped, and the last case checks + that in a case of a credentials without special characters, they don't change. + When: + Creating a new Workday Sign Ons client. + Then: + Check that the credentials are escaped correctly. + """ + client = Client( + "mock_url", + False, + False, + "mock_tenant", + username, + password, + ) + assert client.username == escaped_username + assert client.password == escaped_password diff --git a/Packs/Workday/Integrations/Workday_IAM/Workday_IAM.yml b/Packs/Workday/Integrations/Workday_IAM/Workday_IAM.yml index 27f2045d6b34..fd966dce7faa 100644 --- a/Packs/Workday/Integrations/Workday_IAM/Workday_IAM.yml +++ b/Packs/Workday/Integrations/Workday_IAM/Workday_IAM.yml @@ -101,7 +101,7 @@ script: - contextPath: WorkdayIAM.ReportEntry.locationregion description: Location of the employee in Workday. type: String - dockerimage: demisto/python3:3.10.12.63474 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true runonce: false script: '-' diff --git a/Packs/Workday/ReleaseNotes/1_4_8.md b/Packs/Workday/ReleaseNotes/1_4_8.md new file mode 100644 index 000000000000..085a535ce1e5 --- /dev/null +++ b/Packs/Workday/ReleaseNotes/1_4_8.md @@ -0,0 +1,4 @@ +#### Integrations +##### Workday Sign On Event Collector +- Added escaping to the username and password. +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Workday/ReleaseNotes/1_4_9.md b/Packs/Workday/ReleaseNotes/1_4_9.md new file mode 100644 index 000000000000..0aa464fbb036 --- /dev/null +++ b/Packs/Workday/ReleaseNotes/1_4_9.md @@ -0,0 +1,6 @@ + +#### Integrations + +##### Workday IAM + +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/Workday/pack_metadata.json b/Packs/Workday/pack_metadata.json index 0278910b7769..8339484db11c 100644 --- a/Packs/Workday/pack_metadata.json +++ b/Packs/Workday/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Workday", "description": "Workday offers enterprise-level software solutions for financial management, human resources, and planning.", "support": "xsoar", - "currentVersion": "1.4.7", + "currentVersion": "1.4.9", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/X509Certificate/ReleaseNotes/1_0_37.md b/Packs/X509Certificate/ReleaseNotes/1_0_37.md new file mode 100644 index 000000000000..48f74b125aeb --- /dev/null +++ b/Packs/X509Certificate/ReleaseNotes/1_0_37.md @@ -0,0 +1,4 @@ + +#### Scripts +##### CertificateExtract +- Updated the Docker image to: *demisto/crypto:1.0.0.86361*. \ No newline at end of file diff --git a/Packs/X509Certificate/Scripts/CertificateExtract/CertificateExtract.yml b/Packs/X509Certificate/Scripts/CertificateExtract/CertificateExtract.yml index eff6fd1ce329..b848fb42976a 100644 --- a/Packs/X509Certificate/Scripts/CertificateExtract/CertificateExtract.yml +++ b/Packs/X509Certificate/Scripts/CertificateExtract/CertificateExtract.yml @@ -126,7 +126,7 @@ tags: [] timeout: '0' type: python subtype: python3 -dockerimage: demisto/crypto:1.0.0.84658 +dockerimage: demisto/crypto:1.0.0.86361 fromversion: 6.0.0 tests: - X509Certificate Test Playbook diff --git a/Packs/X509Certificate/pack_metadata.json b/Packs/X509Certificate/pack_metadata.json index f9a9fce65ce8..0bda77816668 100644 --- a/Packs/X509Certificate/pack_metadata.json +++ b/Packs/X509Certificate/pack_metadata.json @@ -2,7 +2,7 @@ "name": "X509Certificate", "description": "The X509 Certificate Content Packs provides additional capabilities for handling, parsing and validating X509 Certificates in Cortex XSOAR.", "support": "xsoar", - "currentVersion": "1.0.36", + "currentVersion": "1.0.37", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/Zabbix/Integrations/Zabbix/Zabbix.yml b/Packs/Zabbix/Integrations/Zabbix/Zabbix.yml index 81ae98a2da81..e6fff446052b 100644 --- a/Packs/Zabbix/Integrations/Zabbix/Zabbix.yml +++ b/Packs/Zabbix/Integrations/Zabbix/Zabbix.yml @@ -455,7 +455,7 @@ script: description: Whether the event is suppressed. type: number description: Get events. - dockerimage: demisto/py3-tools:1.0.0.84811 + dockerimage: demisto/py3-tools:1.0.0.86612 runonce: false script: '-' type: python diff --git a/Packs/Zabbix/ReleaseNotes/1_0_33.md b/Packs/Zabbix/ReleaseNotes/1_0_33.md new file mode 100644 index 000000000000..8dd25e2d2ca7 --- /dev/null +++ b/Packs/Zabbix/ReleaseNotes/1_0_33.md @@ -0,0 +1,3 @@ +#### Integrations +##### Zabbix +- Updated the Docker image to: *demisto/py3-tools:1.0.0.86612*. diff --git a/Packs/Zabbix/pack_metadata.json b/Packs/Zabbix/pack_metadata.json index 88d6c18f6f51..bdd767955103 100644 --- a/Packs/Zabbix/pack_metadata.json +++ b/Packs/Zabbix/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Zabbix", "description": "Allow integration with Zabbix api.", "support": "developer", - "currentVersion": "1.0.32", + "currentVersion": "1.0.33", "author": "Henrique Caires", "url": "https://support.zabbix.com/secure/Dashboard.jspa", "email": "henrique@caires.net.br", diff --git a/Packs/ZeroFox/Integrations/ZeroFox/ZeroFox.yml b/Packs/ZeroFox/Integrations/ZeroFox/ZeroFox.yml index 8faccffa98d6..07769b174a9b 100644 --- a/Packs/ZeroFox/Integrations/ZeroFox/ZeroFox.yml +++ b/Packs/ZeroFox/Integrations/ZeroFox/ZeroFox.yml @@ -888,7 +888,7 @@ script: - contextPath: ZeroFox.Exploits.URLs description: URLs associated to the threat separated by commas. type: string - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 isfetch: true longRunning: false longRunningPort: false diff --git a/Packs/ZeroFox/ReleaseNotes/1_2_6.md b/Packs/ZeroFox/ReleaseNotes/1_2_6.md new file mode 100644 index 000000000000..0c4166b2b379 --- /dev/null +++ b/Packs/ZeroFox/ReleaseNotes/1_2_6.md @@ -0,0 +1,3 @@ +#### Integrations +##### ZeroFox +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/ZeroFox/pack_metadata.json b/Packs/ZeroFox/pack_metadata.json index 13c398b9f83c..a2fba764ad40 100644 --- a/Packs/ZeroFox/pack_metadata.json +++ b/Packs/ZeroFox/pack_metadata.json @@ -2,7 +2,7 @@ "name": "ZeroFox", "description": "Cloud-based SaaS to detect risks found on social media and digital channels.", "support": "partner", - "currentVersion": "1.2.5", + "currentVersion": "1.2.6", "author": "ZeroFox", "url": "https://www.zerofox.com/contact-us/", "email": "integration-support@zerofox.com", diff --git a/Packs/Zoom/Integrations/ZoomEventCollector/ZoomEventCollector.yml b/Packs/Zoom/Integrations/ZoomEventCollector/ZoomEventCollector.yml index 0bb749d2936b..0ef2481d5360 100644 --- a/Packs/Zoom/Integrations/ZoomEventCollector/ZoomEventCollector.yml +++ b/Packs/Zoom/Integrations/ZoomEventCollector/ZoomEventCollector.yml @@ -60,7 +60,7 @@ script: defaultValue: 300 description: Gets events from Zoom. name: zoom-get-events - dockerimage: demisto/auth-utils:1.0.0.84760 + dockerimage: demisto/auth-utils:1.0.0.86556 isfetchevents: true script: '-' subtype: python3 diff --git a/Packs/Zoom/ReleaseNotes/1_6_7.md b/Packs/Zoom/ReleaseNotes/1_6_7.md new file mode 100644 index 000000000000..b50b7a02a43f --- /dev/null +++ b/Packs/Zoom/ReleaseNotes/1_6_7.md @@ -0,0 +1,3 @@ +#### Integrations +##### Zoom Event Collector +- Updated the Docker image to: *demisto/auth-utils:1.0.0.86556*. diff --git a/Packs/Zoom/pack_metadata.json b/Packs/Zoom/pack_metadata.json index 9b8434c77f11..8cc838001fd9 100644 --- a/Packs/Zoom/pack_metadata.json +++ b/Packs/Zoom/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Zoom", "description": "Use the Zoom integration manage your Zoom users and meetings", "support": "xsoar", - "currentVersion": "1.6.6", + "currentVersion": "1.6.7", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/epo/Integrations/epoV2/epoV2.yml b/Packs/epo/Integrations/epoV2/epoV2.yml index 8c4adf2e3aa1..a1694c6e3af5 100644 --- a/Packs/epo/Integrations/epoV2/epoV2.yml +++ b/Packs/epo/Integrations/epoV2/epoV2.yml @@ -815,7 +815,7 @@ script: - name: properties description: Properties of the issue. description: Update an issue. - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 runonce: false script: '-' subtype: python3 diff --git a/Packs/epo/ReleaseNotes/2_0_32.md b/Packs/epo/ReleaseNotes/2_0_32.md new file mode 100644 index 000000000000..0ba64e16bc69 --- /dev/null +++ b/Packs/epo/ReleaseNotes/2_0_32.md @@ -0,0 +1,3 @@ +#### Integrations +##### McAfee ePO v2 +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/epo/pack_metadata.json b/Packs/epo/pack_metadata.json index 51b06ec36c9b..fb495491c9a9 100644 --- a/Packs/epo/pack_metadata.json +++ b/Packs/epo/pack_metadata.json @@ -2,7 +2,7 @@ "name": "McAfee ePO", "description": "McAfee ePolicy Orchestrator", "support": "xsoar", - "currentVersion": "2.0.31", + "currentVersion": "2.0.32", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/illuminate/Integrations/Analyst1/Analyst1.yml b/Packs/illuminate/Integrations/Analyst1/Analyst1.yml index a041c76fe8ed..fcea93a36d0a 100644 --- a/Packs/illuminate/Integrations/Analyst1/Analyst1.yml +++ b/Packs/illuminate/Integrations/Analyst1/Analyst1.yml @@ -746,7 +746,7 @@ script: - contextPath: Analyst1.EvidenceStatus.processingComplete description: True or false to indicate if processing of the Evidence upload is done. Determined by evaluating the id or message are present and populated. If an id is returned but blank, this is false, indicating the upload is still in progress. description: Check on the status of the analyst1-evidence-submit action by using its output UUID. - dockerimage: demisto/python3:3.10.13.84405 + dockerimage: demisto/python3:3.10.13.86272 subtype: python3 runonce: false fromversion: 5.0.0 diff --git a/Packs/illuminate/ReleaseNotes/1_1_7.md b/Packs/illuminate/ReleaseNotes/1_1_7.md new file mode 100644 index 000000000000..5b778ea903a1 --- /dev/null +++ b/Packs/illuminate/ReleaseNotes/1_1_7.md @@ -0,0 +1,3 @@ +#### Integrations +##### Analyst1 +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. diff --git a/Packs/illuminate/pack_metadata.json b/Packs/illuminate/pack_metadata.json index d6224ced7a39..c1f94dda5dde 100644 --- a/Packs/illuminate/pack_metadata.json +++ b/Packs/illuminate/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Analyst1", "description": "This integration utilizes Analyst1's system to support multiple operations to assist the cyber analyst. These include intelligence collection from any source, deployment of configured indicator or signature sets for improved boundary/host defense, and enriching XSOAR indicators with data provided by the Analyst1 REST API, such as actor and malware information, activity and reported dates, evidence and hit counts, and more. For assistance with this app and any use cases please contact support@analyst1.com.", "support": "partner", - "currentVersion": "1.1.6", + "currentVersion": "1.1.7", "author": "Analyst1", "url": "", "email": "support@analyst1.com", diff --git a/Packs/qualys/ReleaseNotes/2_0_10.md b/Packs/qualys/ReleaseNotes/2_0_10.md new file mode 100644 index 000000000000..619956e4109f --- /dev/null +++ b/Packs/qualys/ReleaseNotes/2_0_10.md @@ -0,0 +1,7 @@ + +#### Scripts + +##### QualysCreateIncidentFromReport +- Updated the Docker image to: *demisto/python3:3.10.13.86272*. + + diff --git a/Packs/qualys/Scripts/QualysCreateIncidentFromReport/QualysCreateIncidentFromReport.yml b/Packs/qualys/Scripts/QualysCreateIncidentFromReport/QualysCreateIncidentFromReport.yml index 1777a3295ef9..ad0267b29b87 100644 --- a/Packs/qualys/Scripts/QualysCreateIncidentFromReport/QualysCreateIncidentFromReport.yml +++ b/Packs/qualys/Scripts/QualysCreateIncidentFromReport/QualysCreateIncidentFromReport.yml @@ -36,4 +36,4 @@ dependson: tests: - No test fromversion: 5.0.0 -dockerimage: demisto/python3:3.10.12.63474 +dockerimage: demisto/python3:3.10.13.86272 diff --git a/Packs/qualys/pack_metadata.json b/Packs/qualys/pack_metadata.json index 152b5a84c230..8c48c5abf04f 100644 --- a/Packs/qualys/pack_metadata.json +++ b/Packs/qualys/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Qualys", "description": "Qualys Vulnerability Management let's you create, run, fetch and manage reports, launch and manage vulnerability and compliance scans, and manage the host assets you want to scan for vulnerabilities and compliance", "support": "xsoar", - "currentVersion": "2.0.9", + "currentVersion": "2.0.10", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/rasterize/Integrations/rasterize/rasterize.py b/Packs/rasterize/Integrations/rasterize/rasterize.py index 3f06fa545fdf..98995b0656e6 100644 --- a/Packs/rasterize/Integrations/rasterize/rasterize.py +++ b/Packs/rasterize/Integrations/rasterize/rasterize.py @@ -1,6 +1,6 @@ import demistomock as demisto # noqa: F401 from CommonServerPython import * # noqa: F401 - +import logging import base64 import os import re @@ -23,6 +23,9 @@ NoSuchElementException, TimeoutException) +pypdf_logger = logging.getLogger("PyPDF2") +pypdf_logger.setLevel(logging.ERROR) # Supress warnings, which would come out as XSOAR errors while not being errors + # Chrome respects proxy env params handle_proxy() # Make sure our python code doesn't go through a proxy when communicating with chrome webdriver diff --git a/Packs/rasterize/Integrations/rasterize/rasterize.yml b/Packs/rasterize/Integrations/rasterize/rasterize.yml index 734803107b13..ff8a12bc2411 100644 --- a/Packs/rasterize/Integrations/rasterize/rasterize.yml +++ b/Packs/rasterize/Integrations/rasterize/rasterize.yml @@ -311,7 +311,7 @@ script: - contextPath: InfoFile.Type description: The type of the image/pdf file. type: string - dockerimage: demisto/chromium:118.0.5993.78770 + dockerimage: demisto/chromium:120.0.6099.84996 runonce: false script: '-' subtype: python3 diff --git a/Packs/rasterize/Integrations/rasterize/rasterize_test.py b/Packs/rasterize/Integrations/rasterize/rasterize_test.py index ee0d4abfaff6..65d16c2afd8d 100644 --- a/Packs/rasterize/Integrations/rasterize/rasterize_test.py +++ b/Packs/rasterize/Integrations/rasterize/rasterize_test.py @@ -359,3 +359,14 @@ def test_rasterize_html_no_internet_access(mocker): rasterize_html_command() assert mocker_output.call_args.args[0]['File'] == 'email.png' assert not mock.called + + +def test_log_warning(): + """ + Given pypdf's logger instance + When checking the logger's leve. + Then make sure the level is ERROR + """ + import logging + from rasterize import pypdf_logger + assert pypdf_logger.level == logging.ERROR diff --git a/Packs/rasterize/ReleaseNotes/1_2_30.md b/Packs/rasterize/ReleaseNotes/1_2_30.md new file mode 100644 index 000000000000..0fba2ddff437 --- /dev/null +++ b/Packs/rasterize/ReleaseNotes/1_2_30.md @@ -0,0 +1,7 @@ + +#### Integrations + +##### Rasterize + +- Fixed an issue where `PyPDF2` warning log messages would show as errors. +- Updated the Docker image to: *demisto/chromium:120.0.6099.84996*. \ No newline at end of file diff --git a/Packs/rasterize/pack_metadata.json b/Packs/rasterize/pack_metadata.json index d9ab1e361a4d..f1b4390a5123 100644 --- a/Packs/rasterize/pack_metadata.json +++ b/Packs/rasterize/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Rasterize", "description": "Converts URLs, PDF files, and emails to an image file or PDF file.", "support": "xsoar", - "currentVersion": "1.2.29", + "currentVersion": "1.2.30", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Tests/Marketplace/Tests/search_and_install_packs_test.py b/Tests/Marketplace/Tests/search_and_install_packs_test.py index 3c5bd7ea8ee6..fab26cd127e6 100755 --- a/Tests/Marketplace/Tests/search_and_install_packs_test.py +++ b/Tests/Marketplace/Tests/search_and_install_packs_test.py @@ -612,6 +612,7 @@ def test_get_all_content_packs_dependencies(mocker: MockFixture): client = mocker.Mock() mock_request = [ { + "total": 3, "packs": [ { "id": "Pack1", @@ -628,6 +629,7 @@ def test_get_all_content_packs_dependencies(mocker: MockFixture): ] }, { + "total": 3, "packs": [ { "id": "Pack3", @@ -661,7 +663,7 @@ def test_get_all_content_packs_dependencies_empty(mocker: MockFixture): """ client = mocker.Mock() mocker.patch.object( - script, "get_one_page_of_packs_dependencies", return_value={"packs": []} + script, "get_one_page_of_packs_dependencies", return_value={"total": 3, "packs": []} ) result = script.get_all_content_packs_dependencies(client) diff --git a/Tests/Marketplace/mandatory_premium_packs.json b/Tests/Marketplace/mandatory_premium_packs.json deleted file mode 100644 index 75b0f6d7a678..000000000000 --- a/Tests/Marketplace/mandatory_premium_packs.json +++ /dev/null @@ -1,4 +0,0 @@ -{ "packs": ["HelloWorldPremium", - "IAM", - "IdentityLifecycleManagement-Enterprise", - "IdentityLifecycleManagement-LargeEnterprise"] } diff --git a/Tests/Marketplace/search_and_install_packs.py b/Tests/Marketplace/search_and_install_packs.py index 3af1c27f2849..e8f8ad508d2d 100644 --- a/Tests/Marketplace/search_and_install_packs.py +++ b/Tests/Marketplace/search_and_install_packs.py @@ -652,6 +652,7 @@ def get_all_content_packs_dependencies(client: DemistoClient) -> dict[str, dict] for i in itertools.count(): response = get_one_page_of_packs_dependencies(client, i) packs = response["packs"] + logging.debug(f"Fetched dependencies of page {i} with {len(packs)} packs") for pack in packs: all_packs_dependencies[pack["id"]] = { "currentVersion": pack["currentVersion"], @@ -659,6 +660,12 @@ def get_all_content_packs_dependencies(client: DemistoClient) -> dict[str, dict] "deprecated": pack["deprecated"], } if len(packs) < PAGE_SIZE_DEFAULT: + all_packs_len = len(all_packs_dependencies) + total = response["total"] + if total > all_packs_len: + logging.critical( + f"Marketplace API returned less than the total packs. Collected: {all_packs_len}, Total: {total}" + ) break return all_packs_dependencies diff --git a/Tests/conf.json b/Tests/conf.json index 63ab6c529a8d..d82824e85b79 100644 --- a/Tests/conf.json +++ b/Tests/conf.json @@ -2734,7 +2734,8 @@ "Active Directory Query v2" ], "instance_names": "active_directory_ninja", - "fromversion": "4.5.0" + "fromversion": "4.5.0", + "memory_threshold": 80 }, { "integrations": "Freshdesk", @@ -3620,6 +3621,9 @@ "timeout": 300, "is_mockable": false }, + { + "playbookID": "GetIndicatorsByQuery - Test" + }, { "playbookID": "DBotCreatePhishingClassifierV2FromFile-Test", "timeout": 60000, diff --git a/Tests/scripts/validate_index.py b/Tests/scripts/validate_index.py index 533b4564240f..2a3383965590 100644 --- a/Tests/scripts/validate_index.py +++ b/Tests/scripts/validate_index.py @@ -16,8 +16,6 @@ from Tests.scripts.utils import logging_wrapper as logging from pprint import pformat -MANDATORY_PREMIUM_PACKS_PATH = "Tests/Marketplace/mandatory_premium_packs.json" - def options_handler(): parser = argparse.ArgumentParser(description='Run validation on the index.json file.') @@ -70,22 +68,13 @@ def check_index_data(index_data: dict) -> bool: if not packs_list_exists: return False - mandatory_pack_ids = load_json(MANDATORY_PREMIUM_PACKS_PATH).get("packs", []) - packs_are_valid = True for pack in index_data["packs"]: pack_is_good = verify_pack(pack) if not pack_is_good: packs_are_valid = False - if pack["id"] in mandatory_pack_ids: - mandatory_pack_ids.remove(pack["id"]) - - all_mandatory_packs_are_found = log_message_if_statement(statement=(mandatory_pack_ids == []), - error_message=f"index json is missing some mandatory" - f" pack ids: {pformat(mandatory_pack_ids)}", - success_message="All premium mandatory pack ids were" - " found in the index.json file.") - return all([packs_are_valid, all_mandatory_packs_are_found]) + + return packs_are_valid def verify_pack(pack: dict) -> bool: diff --git a/poetry.lock b/poetry.lock index b644ac73603b..91797038d3a2 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1354,13 +1354,13 @@ urllib3 = ">=1.26.7" [[package]] name = "demisto-sdk" -version = "1.25.3" +version = "1.26.0" description = "\"A Python library for the Demisto SDK\"" optional = false python-versions = ">=3.8,<3.11" files = [ - {file = "demisto_sdk-1.25.3-py3-none-any.whl", hash = "sha256:9621f904886b4f6b00df76f68735e8a185902dc5001dde0263a6b0adff6124fd"}, - {file = "demisto_sdk-1.25.3.tar.gz", hash = "sha256:e82053becfaec528ee03e4869c9f6ce1b73c4f2f115c2465b1f516152e8279b9"}, + {file = "demisto_sdk-1.26.0-py3-none-any.whl", hash = "sha256:a65d453cc4339cf2e8c41eb6f73d37f317878ce82d83e1f19ca5a30c8d74360c"}, + {file = "demisto_sdk-1.26.0.tar.gz", hash = "sha256:bd8c7a609822550ce882efeffff5f62d44923fc157ec99a6c93232ac84d4bc4d"}, ] [package.dependencies] @@ -4973,6 +4973,7 @@ files = [ {file = "PyYAML-6.0.1-cp311-cp311-win_amd64.whl", hash = "sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34"}, {file = "PyYAML-6.0.1-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28"}, {file = "PyYAML-6.0.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9"}, + {file = "PyYAML-6.0.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a08c6f0fe150303c1c6b71ebcd7213c2858041a7e01975da3a99aed1e7a378ef"}, {file = "PyYAML-6.0.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0"}, {file = "PyYAML-6.0.1-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4"}, {file = "PyYAML-6.0.1-cp312-cp312-win32.whl", hash = "sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54"}, @@ -7126,4 +7127,4 @@ testing = ["coverage (>=5.0.3)", "zope.event", "zope.testing"] [metadata] lock-version = "2.0" python-versions = "^3.8,<3.11" -content-hash = "7b453eb1d137cc3ed5c7fe9e1ca289af5e44824a0d40f62cfbc56cbdd9c6911d" +content-hash = "1ff0d1d56292b46cb020db60116ef90ee5cfde73582540e7bf7c1c26dc5a1fb3" diff --git a/pyproject.toml b/pyproject.toml index 7f28ebfec509..788a2566f0dc 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,7 +10,7 @@ python = "^3.8,<3.11" defusedxml = "^0.7.1" [tool.poetry.group.dev.dependencies] -demisto-sdk = "1.25.3" +demisto-sdk = "1.26.0" requests = "^2.22.0" pre-commit = "^3.5.0" google-cloud-compute = "^1.8.0"